Technical Articles
Register Minikube Kubernetes Cluster with SCP Service Manager
To consume SAP Cloud Platform services in your Minikube, your cluster must be registered at the Service Manager in the context of a subaccount. For this, you need a Global account and a subaccount, and must be administrator of this subaccount. For your production Kubernetes cluster has to be configured the same way with SAP Cloud Platform to establish the connection.
Prerequisites
Kubernetes Cluster
Kubectl – v1.7 or higher
Helm 3 – install helm in Mac OS using brew (currently it will install v3.1.1). You can also download the desired version of helm from release site and install manually.
brew install helm
Service Manger CLI v1.7.3 or higher – Link
Tiller (Helm Server Side Component) – As we are using Helm 3, we don’t need to run init.
Configuration In SAP Cloud Platform
Get a sub account or create a new sub account under your global account. Make sure you are the security administrator to see the security tab in the left navigation. I have created a sub account SCP-K8 for my usage.
Access to Service Manager API
The Kubernetes cluster must be registered at the Service Manager to access services from SAP Cloud Platform in Kubernetes. For this, you first need to obtain the credentials for the Service Manager.
Navigate to the sub account in SAP Cloud Platform Cockpit → Subscriptions → Service Manager and subscribe.
Assign your IDP users to the sub account service administrator collection
In the SAP Cloud Platform cockpit, navigate to your subaccount and choose Security → Trust Configuration → SAP ID Service.
Assign Subaccount Service Administrator role collection to your email address.
Repeat the same for other users to have access to Service Manager API
Login to Service Manager
Login to Service Manger using Service Manager CLI.
smctl login -a https://service-manager.cfapps.<landscape domain> --param subdomain=<subdomain>
User: <user name with service manager role>
Password: *****
For me following are the details
smctl login -a https://service-manager.cfapps.sap.hana.ondemand.com --param subdomain=scpk8
Register Sub Account Scoped Cluster
$ smctl register-platform minikube kubernetes
ID Name Type Description Created Updated Labels Username Password
------------------------------------ -------- ---------- ----------- --------------------------- --------------------------- -------------------------------------------------- -------------------------------------------- --------------------------------------------
4f7c0ef1-2e84-4124-b55f-7a36f2d79843 minikube kubernetes 2020-02-25T04:30:28.971113Z 2020-02-25T04:30:28.971113Z subaccount_id=55d8129b-1e6b-4231-9c80-000ae080f9dd xxxxxxxxxxxxxxusernamexxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxpasswordxxxxxxxxxxxxxxxxxxxxx
Save the credential some where safe. We will be needing this while configuring service manager broker.
Install Service Catalog in Minikube
If all prerequisites like minikube, kubectl, helm are installed you can start your minikube cluster using the following command.
minikube start --vm-driver=hyperkit --hyperkit-vpnkit-sock=/Users/xxx/Library/Containers/com.docker.docker/Data/vpnkit.eth.sock --kubernetes-version=1.17.3
Now when your helm is connected to tiller at minikube, we are ready to install service-catalog using helm. Let’s first add the service-catalog repository to helm.
helm repo add svc-cat https://svc-catalog-charts.storage.googleapis.com
Let’s see if we have the service-catalog available for install. Use the following command to search in the repository.
helm search repo service-catalog//in helm 3
helm search service-catalog// in helm 2
//As I am using helm 3
$ helm search repo service-catalog
NAME CHART VERSION APP VERSION DESCRIPTION
svc-cat/catalog 0.2.1 service-catalog API server and controller-manag...
svc-cat/catalog-v0.2 0.2.2 service-catalog API server and controller-manag...
Now let’s install service-catalog using the following command.
kubectl create namespace catalog
helm install catalog svc-cat/catalog --namespace catalog --version 0.3.0-beta.2
Install Service Manger Broker Proxy in Minikube
Add the service manager broker proxy repository to helm.
helm repo add peripli 'https://peripli.github.io'
Install the service manager agent using the following command.
kubectl create namespace service-broker-proxy
helm install service-broker-proxy peripli/service-broker-proxy-k8s \
--namespace service-broker-proxy \
--set image.tag=v0.3.2 \
--set config.sm.url=https://service-manager.cfapps.sap.hana.ondemand.com \
--set sm.user=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
--set sm.password=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sm.user and sm.password, we have already got while registering our cluster using service manager cli. sm.url is the service manager url.
Install Service Catalog CLI
Use following to install service catalog cli in Mac OS. This is required to work with service catalog installed in minikube.
curl -sLO https://download.svcat.sh/cli/latest/darwin/amd64/svcat
chmod +x ./svcat
mv ./svcat /usr/local/bin/
svcat version --client
Configure svcat to use your local kubeconfig
export kubeconfig="/Users/xxx/.kube/config"
Test The Connectivity To SAP Cloud Platform
$ svcat marketplace
CLASS PLANS DESCRIPTION
+-----------------------------+-------------+---------------------------------+
feature-flags lite Feature Flags service for
controlling feature rollout
sdm standard Document management for
Business Applications
auditlog-management default Retrieve logs and change
retention
malware-scanner external Scan single files for threats,
via HTTP
transport standard Provides programmatic access
to Transport Management.
transport-ci standard Provides programmatic access
to Transport Management.
hana-cloud hana Leverage the in-memory data
processing capabilities of
SAP HANA in the cloud as one
simple gateway to all data.
metering-service development Metering-as a Service on
SAP Cloud platform enables
services to meter their usage
information, so it can be used
later for commercial purposes
like billing or license
compliance.
default
sap-onpremise-extensibility api-access Connects extension
applications running in an SAP
Cloud Platform subaccount to
an On-Premise system.
xsuaa broker Manage application
authorizations and trust to
identity providers.
application
You may have to modify your entitlement in SAP Cloud Platform Cockpit. For doing so navigate to SAP Cloud Platform Cockpit → Entitlements → Configure Entitlements → Add Service Plans and save once done.
Now let’s create a service instance of xsuaa using the following command.
$ svcat provision mdcs-hana --class hana-cloud --plan hana
Name: xsuaa-example
Namespace: default
Status:
Class: xsuaa
Plan: z48zz57zz45zgt9z2fzjz4azz47zz4-fd5fd60de69db525c44c9608067cb61a
Parameters:
No parameters defined
Let’s now get all the instances that were provisioned.
$ svcat get instance
NAME NAMESPACE CLASS PLAN STATUS
+----------------+-----------+-------+-----------------------------------------------------------------+--------+
xsuaa-example default xsuaa z48zz57zz45zgt9z2fzjz4azz47zz4-fd5fd60de69db525c44c9608067cb61a Ready
Let’s try deprovisioning the service instance.
svcat deprovision xsuaa-example
Multi Cloud Architecture gives you the provision to support platforms across multiple cloud provides. Like SAP Cloud Platform, you can have service manger broker set up for Google Cloud Platform and Amazon Web Services too.
Hi Satish,
Thank you for informative and helpful article.
I am trying these steps with SAP Cloud Platform and Minikube on Windows
All the steps was working fine but the svcat marketplace showing blank. How can I troubleshoot or what may be wrong/missing ?
command output of Test The Connectivity To SAP Cloud Platform steps,
C:\WINDOWS\system32> svcat marketplace
CLASS PLANS DESCRIPTION
+-------+-------+-------------+
verbose logs
C:\WINDOWS\system32>svcat marketplace -v=7
I0724 12:12:12.217974 31876 loader.go:375] Config loaded from file: C:\Users\rbhadana\.kube\config
I0724 12:12:12.219974 31876 cert_rotation.go:137] Starting client certificate rotation controller
I0724 12:12:12.229980 31876 round_trippers.go:420] GET https://xxx.xx.xx.xx:8443/apis/servicecatalog.k8s.io/v1beta1/clusterserviceclasses
I0724 12:12:12.229980 31876 round_trippers.go:427] Request Headers:
I0724 12:12:12.230937 31876 round_trippers.go:431] Accept: application/json, */*
I0724 12:12:12.231937 31876 round_trippers.go:431] User-Agent: svcat/v0.0.0 (windows/amd64) kubernetes/$Format
I0724 12:12:12.241963 31876 round_trippers.go:446] Response Status: 200 OK in 10 milliseconds
I0724 12:12:12.242941 31876 round_trippers.go:420] GET https://xxx.xx.xx.xx:8443/apis/servicecatalog.k8s.io/v1beta1/namespaces/default/serviceclasses
I0724 12:12:12.242941 31876 round_trippers.go:427] Request Headers:
I0724 12:12:12.245091 31876 round_trippers.go:431] Accept: application/json, */*
I0724 12:12:12.245091 31876 round_trippers.go:431] User-Agent: svcat/v0.0.0 (windows/amd64) kubernetes/$Format
I0724 12:12:12.247974 31876 round_trippers.go:446] Response Status: 200 OK in 2 milliseconds
I0724 12:12:12.248947 31876 round_trippers.go:420] GET https://xxx.xx.xx.xx:8443/apis/servicecatalog.k8s.io/v1beta1/clusterserviceplans
I0724 12:12:12.248947 31876 round_trippers.go:427] Request Headers:
I0724 12:12:12.250946 31876 round_trippers.go:431] Accept: application/json, */*
I0724 12:12:12.251948 31876 round_trippers.go:431] User-Agent: svcat/v0.0.0 (windows/amd64) kubernetes/$Format
I0724 12:12:12.254941 31876 round_trippers.go:446] Response Status: 200 OK in 2 milliseconds
I0724 12:12:12.254941 31876 round_trippers.go:420] GET https://xxx.xx.xx.xx:8443/apis/servicecatalog.k8s.io/v1beta1/namespaces/default/serviceplans
I0724 12:12:12.254941 31876 round_trippers.go:427] Request Headers:
I0724 12:12:12.256940 31876 round_trippers.go:431] Accept: application/json, */*
I0724 12:12:12.257977 31876 round_trippers.go:431] User-Agent: svcat/v0.0.0 (windows/amd64) kubernetes/$Format
I0724 12:12:12.262976 31876 round_trippers.go:446] Response Status: 200 OK in 2 milliseconds
CLASS PLANS DESCRIPTION
+-------+-------+-------------+
I have one additional question, Is it possible to consume SAP cloud services in Open Source CF platform running on Azure platform ?
please try the following command and see if you are getting the result.
If you getting result for the above, then it's a problem with catalog manger. Please try the below version instead of the version listed in the blog.
If you are not able to list marketplace from smctl then there would be some problem in the access and authorisation.
I think you can not at least using Open Service Broker implementation.
Hi Satish,
Good article !
I have a trial account and don't see Service Manager under subscriptions. Has the name changed recently ?
Thanks,
Sundar