Skip to Content
Technical Articles
Author's profile photo Limor Wainstein

Deploying SAP on Kubernetes: A Practical Guide

What is Kubernetes Gardener?

Kubernetes Gardener is SAP’s open source managed Kubernetes service. It abstracts environment specifics to deliver a Kubernetes-native experience and enables you to easily create and manage several Kubernetes clusters. 

Gardener provides a fully-validated extensibility framework that you can adjust to various programmatic cloud and infrastructure providers. It works by implementing Kubernetes’s automated management and operation for clusters as a service. 

Gardener exposes its Cluster API to create homogeneous clusters on the supported infrastructure. While the SIG Cluster Lifecycle’s Cluster API only harmonizes how to get to clusters, Gardener’s Cluster API also harmonizes the make-up of the clusters. Gardener’s API achieves homogeneous clusters with the same configuration, behavior, and bill of material on all supported infrastructure.

Setting up Gardener 

It is important to note that garden-setup can only work with kubeconfigs using standard authentication methods like basic and token-based authentication. Other methods aren’t supported. Take this into account when planning your Kubernetes security strategy. Before proceeding, make sure you are familiar with the basics of Kubernetes deployments.

To setup Gardener:

  1. Use the following command to clone the command line tool sow’s repository and add the path to a wrapper script to the PATH variable:


git clone ""

cd sow

export PATH=$PATH:$PWD/docker/bin


2. Use the following commands to create appropriate directories and clone the repository in the subdirectories:


cd ..

mkdir landscape

cd landscape

git clone “” crop


3. Use the following command to download kubeconfig for GKE, in case it isn’t already present locally:


gcloud container clusters get-credentials demoCluster –zone demoZone –project demoProject


Save the kubeconfig in the landscape directory.


4.  Create a file name acre.yaml in the landscape directory and create a configuration that follows the structure specified here.


5. In another terminal window, navigate to the landscape directory and use the following commands to set the KUBECONFIG environment variable and watch the progress of the installation:


export KUBECONFIG=./kubeconfig

watch -d kubectl -n garden get pods,ingress,sts,svc


6. In the first window, use the following command and check the order in which components will get installed:


sow order -A


7. If there are no error messages, use the following command to deploy Gardener on the base cluster:


sow deploy -A


The second terminal window shows all the Kubernetes resources created during installation. Wait until the deployment completes and all Kubernetes resources show their status as Running.


8. Once deployed, use the following command to get the URL of the Gardener dashboard, similar to the Kubernetes dashboard:


sow url


Accessing the dashboard in a browser shows the following:


Image Source: Gardener

Develop your App for Kubernetes with SAP Gardener

The following procedure requires a cluster managed by SAP Gardener and that SAP BTP Service Operator be installed in the cluster. It also requires Docker, a Docker repository with public access, and a Spring Boot application that uses the SAP Cloud SDK. Code examples are adapted from the official Gardener documentation.

Containerize Your Application

To ship the application in a container with Docker:


  1. Create a Dockerfile in the project’s root folder with the following contents:


FROM openjdk:8-jdk-alpine

ARG JAR_FILE=application/demo-target/demo-*.jar

COPY ${JAR_FILE} demoApp.jar

ENTRYPOINT [“java”,”-jar”,”/demoApp.jar”]



If required, make the JAR_FILE point to the .jar file.


2. Use the following commands to compile and push the image:

docker build -t demo-repo/demo-image-name .

docker push demo-repo/demo-image-name

Create a Dedicated Kubernetes Deployment

To create the required Kubernetes deployment for the application:


  1. Make a new YAML file and put the following configuration inside it:


apiVersion: apps/v1

kind: Deployment


  name: demo-deployment


  replicas: 1



      app: demo-app




        app: demo-app



        – image: demo-repo/demo-image-name

          name: demo-app

          imagePullPolicy: Always



              memory: ‘1Gi’

              cpu: ‘500m’


              memory: ‘1.5Gi’

              cpu: ‘750m’



        – name: <docker-login-secret>

apiVersion: v1

kind: Service



    app: demo-app

  name: demo-app

  namespace: default


  type: NodePort


    – port: 9000


    app: demo-app


2. Use the following command to install the configuration:


kubectl apply -f demo-deployment.yml


3. Use the following command to monitor the deployment’s status:


kubectl get deployment demo-app

Create the Required Ingress and Test Application Access

To create an Ingress that makes the application available from outside the cluster:


  1. Create a new YAML file and put the following Ingress configuration inside:



kind: Ingress


  name: demo-ingress

  namespace: default




    – hosts:

      # – “<demo-cluster-host>”

      # – “*.ingress.<demo-cluster-host>”

    # secretName: secret-tls


    – host: ‘demo-app.ingress.<demo-cluster-host>’



          – path: /

            pathType: Prefix



                name: demo-app


                  number: 9000


2. Use the following commands to install the configuration and verify Ingress is functional:


kubectl apply -f ingress.yml

kubectl describe ingress demo-ingress


3. Visit the host provided in the Ingress specification through a browser or a tool like Postman to check its access.

Attach SAP BTP Services

This tutorial will add access to the application for the Destination Service.

To attach SAP BTP services to the application:


  1. Create a new YAML file and put in the following configuration:



kind: ServiceInstance


  name: demo-destination-service


  serviceOfferingName: destination

  servicePlanName: lite

  externalName: default-destination-service


kind: ServiceBinding


  name: demo-destination-service-binding


  serviceInstanceName: demo-destination-service

  secretName: demo-destination-service-secret

  secretRootKey: demo-destination-service-key


2. Use the following command to install the configuration:


kubectl apply -f destination-service.yml


3. Use the following command to monitor the installation status:


kubectl describe ServiceInstance destination-service


4. Add the following at the end of the deployment.yml file:


– name: demo-destination-service-binding-volume


    secretName: demo-destination-service-secret


5. In the container section of deployment.yml, add the following in the empty lists of volumeMounts:


– name: demo-destination-service-binding-volume

  mountPath: ‘/etc/secrets/sapcp/destination/demo-destination-service’

  readOnly: true


6. Use the following command to update the configuration:


kubectl apply -f deployment.yml

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.