Trial Landscape - SAP/xsk Wiki

Overview

The shared XSK Trial instance is available at: https://trial.apps.xsk.io

Provision Landscape

To create new landscape (dedicated instance) go through the following steps:

  1. Create new SAP HANA Database User, as described here.

  2. Obtain access to the XSK Trial Kubernetes cluster (kubeconfig).

  3. Create separate Kubernetes namespace for the new landscape:

    kubectl create namespace <namespace-name>
    kubectl label namespace <namespace-name> istio-injection=enabled
    
  4. Create hana-cloud-database secret as described in the Create HANA Cloud secret step.

    Note: Add -n <namespace-name> to the original command, so that the secret would be created in the dedicated namespace:

     kubectl -n <namespace-name> create secret generic hana-cloud-database \
     --from-literal=DIRIGIBLE_DATABASE_PROVIDER=custom \
     ...
    
  5. Deploy XSK in the target namespace/landscape as described in the Deploy XSK step.

    Note: Use the Deployment (Only) option and replace all occurrences of the default namespace with the <namespace-name> as shown:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: xsk
      namespace: <namespace-name>
    ...
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        app: xsk
      name: xsk
      namespace: <namespace-name>
    ...
    apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      name: xsk-claim
      namespace: <namespace-name>
    

    Note: Replace the DIRIGIBLE_HOST environment variable as follows:

    ...
    - name: DIRIGIBLE_HOST
      value: https://<landscape-domain>.apps.xsk.io
    ...
    
  6. Create XSUAA Service Instance as described in the Create an XSUAA service instance step:

    Note: For better isolation create a separate Subaccount, to host the XSUAA service instance.

    Note: Update the redirect-uris section with the following pattern to match the xsk.io domain:

    "redirect-uris":[
        "https://<landscape-domain>.apps.xsk.io"
    ]
    
  7. Create xsuaa-credentials secret with the following command:

    Note: Create Service Key/Service Binding to obtain the XSUAA credentials:

    kubectl -n <namespace-name> create secret generic xsuaa-credentials \
    --from-literal=url='<xsuaa-url>' \
    --from-literal=clientid='<xsuaa-clientid>' \
    --from-literal=clientsecret='<xsuaa-clientsecret>' \
    --from-literal=verificationkey='<xsuaa-verificationkey>' \
    --from-literal=xsappname='<xsuaa-xsappname>'
    
  8. Bind the xsuaa-credentials to the XSK deployment by executing the following command:

    kubectl -n <namespace-name> set env --from=secret/xsuaa-credentials deployment/xsk
    
  9. Create Gateway, VirtualService and DNSEntry with the following descriptor:

    apiVersion: networking.istio.io/v1beta1
    kind: VirtualService
    metadata:
      name: xsk
      namespace: <namespace-name>
    spec:
      gateways:
      - xsk-gateway
      hosts:
      - <landscape-domain>.apps.xsk.io
      http:
      - match:
        - uri:
            regex: /.*
        route:
        - destination:
            host: xsk.<namespace-name>.svc.cluster.local
            port:
              number: 8080
    ---
    apiVersion: networking.istio.io/v1beta1
    kind: Gateway
    metadata:
      name: xsk-gateway
      namespace: <namespace-name>
    spec:
      selector:
        istio: ingressgateway
      servers:
      - hosts:
        - <landscape-domain>.apps.xsk.io
        port:
          name: http
          number: 80
          protocol: HTTP
        tls:
          httpsRedirect: true
      - hosts:
        - <landscape-domain>.apps.xsk.io
        port:
          name: https
          number: 443
          protocol: HTTPS
        tls:
          credentialName: wildcard-tls
          mode: SIMPLE
    ---
    apiVersion: dns.gardener.cloud/v1alpha1
    kind: DNSEntry
    metadata:
      annotations:
        dns.gardener.cloud/class: garden
      name: dns-xsk
      namespace: default
    spec:
      dnsName: "<landscape-name>.apps.xsk.io"
      ttl: 600
      targets:
      - <dns-entry-target>
    

    Note: Replace all occurrences of the following placeholders:

    • <namespace-name> with the name of the created namespace

    • <landscape-doman> with the landscape domain name

    • <dns-entry-target> with the DNS Entry Target, the value could be obtain by executing the following command:

      kubectl get service -n istio-system istio-ingressgateway -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"
      
  10. Assign the necessary roles as described in the Assign the Developer and Operator roles step.

  11. Login by going to https://<landscape-domain>.apps.xsk.io

Tips & Tricks

Scale Deployment to zero:

kubectl -n <namespace-name> scale --replicas=0 deployment/xsk