Add the doc on Secret customization #933
Conversation
IwonaLanger
added
documentation
kyma-bot
added
do-not-merge/work-in-progress
|
Add one of following labels |
kyma-bot
added
the
size/M
kyma-bot
removed
the
do-not-merge/work-in-progress
|
|
||
| Your customized `sap-btp-manager` Secret is now the default Secret of the SAP BTP Operator module. It generates the SAP BTP service operator's resources, as shown in the following diagram: | ||
|
|
||
|  |
There was a problem hiding this comment.
Could we revert the direction of arrows between sap-btp-service-operator and sap-btp-manager secrets? Now it looks like sap-btp-manager points to values set in sap-btp-service-operator.
There was a problem hiding this comment.
I think that is correct as "It generates the SAP BTP service operator's resources."
There was a problem hiding this comment.
Values from sap-btp-manager are the source during reconciliation and sap-btp-service-operator is the target.
|
|
||
| The following parameters manage cluster access: | ||
|
|
||
| | Parameter | Description | | ||
| |-------------------------------|-----------------------------------------------------------------------------------------------| | ||
| | **CLUSTER_ID** | Generated when Kyma runtime is created. | | ||
| | **MANAGEMENT_NAMESPACE** | Always set to `kyma-system`. | | ||
| | **MANAGEMENT_NAMESPACE** | By default, set to `kyma-system`. | |
There was a problem hiding this comment.
I am not sure that this config does and I cannot find it in out documentation. Maybe we could clarify it at least as a followup?
There was a problem hiding this comment.
I'm not sure what to clarify here. Can you please clarify? This section is based on this source and modified according to PK's input.
There was a problem hiding this comment.
More info has been added.
docs/user/03-11-customize_secret.md
Outdated
| * Label the Secret with `kyma-project.io/skip-reconciliation: 'true'`. | ||
| * Provide the following credentials from your SAP Service Manager instance: **clientid**, **clientsecret**, **sm_url**, and **tokenurl**. | ||
| * Optionally, provide your **cluster_id**. Otherwise, it is generated automatically. | ||
| * Optionally, add the **credentials_namespace** parameter and provide the name of your custom namespace for Secrets with credentials to communicate with the SAP Service Manager. |
There was a problem hiding this comment.
After reading this sentence I understood that the custom namespace should already contain credentials to use. Is that correct understanding? If not, could you change to something like "...the name of your custom namespace where sap-btp-operator-service Secret will be generated."?
There was a problem hiding this comment.
That's correct, we assume the namespace already exists and it could contain anything user wants there. sap-btp-service-operator Secret also exists at this point, we just move it to the other namespace selected by user, it should remain the default Secret for communication with SAP Service Manager.
There was a problem hiding this comment.
This is a rule. Using "will" is against the content guidelines.
There was a problem hiding this comment.
So the credentials_namespace is the namespace where to move the secret to or from? In my previous, comment by "custom namespace" I meant credentials_namespace.
There was a problem hiding this comment.
The credentials_namespace is the namespace for secrets, it does not concern only the sap-btp-service-operator secret. The sentence ...the name of your custom namespace where sap-btp-operator-service Secret will be generated." does not hold the true meaning of the namespace. User can create sap-btp-manager secret with the setting already provided and there won't be any movement of the secrets.
|
|
||
| The following parameters manage cluster access: | ||
|
|
||
| | Parameter | Description | | ||
| |-------------------------------|-----------------------------------------------------------------------------------------------| | ||
| | **CLUSTER_ID** | Generated when Kyma runtime is created. | | ||
| | **MANAGEMENT_NAMESPACE** | Always set to `kyma-system`. | | ||
| | **MANAGEMENT_NAMESPACE** | By default, set to `kyma-system`. | | ||
| | **ALLOW_CLUSTER_ACCESS** | You can use every namespace for your operations. The parameter is always set to `true`.<br>If you change it to `false`, the setting is automatically reverted. | |
There was a problem hiding this comment.
@IwonaLanger please add here RELEASE_NAMESPACE too. Value: "By default, set to kyma-system."
szwedm
force-pushed
the
add_customization_doc
branch
from
65570ec to
f529f8d
Compare
…r/btp-manager into add_customization_doc
kyma-bot
added
size/L
| You can't delete your Kyma cluster if any non-deleted service instances in it use the credentials from the SAP Service Manager resources created automatically, as described in [Preconfigured Credentials and Access](03-10-preconfigured-secret.md#credentials). In this case, the existing service instances block the cluster's deletion. Delete your service instances and bindings in Kyma dashboard before you attempt to delete the cluster from the SAP BTP cockpit. | ||
|
|
||
| You can delete your Kyma cluster even if your service instances still exist, provided they all use credentials of SAP Service Manager service instances other than the one created automatically, as described in [Preconfigured Credentials and Access](03-10-preconfigured-secret.md#credentials). In this case, the non-deleted service instances do not block the cluster's deletion. |
There was a problem hiding this comment.
| You can delete your Kyma cluster even if your service instances still exist, provided they all use credentials of SAP Service Manager service instances other than the one created automatically, as described in [Preconfigured Credentials and Access](03-10-preconfigured-secret.md#credentials). In this case, the non-deleted service instances do not block the cluster's deletion. | |
| However, if the service instances use credentials of SAP Service Manager service instances other than the one created automatically, you can delete your Kyma cluster even if your service instances still exist (see [Preconfigured Credentials and Access](03-10-preconfigured-secret.md#credentials)). In this case, the non-deleted service instances do not block the cluster's deletion. |
There was a problem hiding this comment.
Skipping "all" and moving the link changes the message.
Description
Changes proposed in this pull request:
sap-btp-managerSecret03-10-preconfigured-secret.md03-70-delete-bindings-and-instances.mdRelated issue(s)
See #901