Trial Landscape - SAP-archive/xsk GitHub Wiki

The shared XSK Trial instance is available at: https://trial.apps.xsk.io

NOTE: You can Provision Landscape with helm

To create new landscape (dedicated instance) go through the following steps:

1. Create new SAP HANA Database User, as described here.

2. Obtain access to the XSK Trial Kubernetes cluster (kubeconfig).

3. Create separate Kubernetes namespace for the new landscape:

   kubectl create namespace <namespace-name>
   kubectl label namespace <namespace-name> istio-injection=enabled
   

4. Create hana-cloud-database secret as described in the Create an SAP HANA Cloud secret step.

   Note: Add -n <namespace-name> to the original command, so that the secret would be created in the dedicated namespace:

    kubectl -n <namespace-name> create secret generic hana-cloud-database \
    --from-literal=DIRIGIBLE_DATABASE_PROVIDER=custom \
    ...
   

5. Deploy XSK in the target namespace/landscape as described in the Deploy XSK step.

   Note: Use the Deployment (Only) option and replace all occurrences of the default namespace with the <namespace-name> as shown:

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: xsk
     namespace: <namespace-name>
   ...
   apiVersion: v1
   kind: Service
   metadata:
     labels:
       app: xsk
     name: xsk
     namespace: <namespace-name>
   ...
   apiVersion: v1
   kind: PersistentVolumeClaim
   metadata:
     name: xsk-claim
     namespace: <namespace-name>

   Note: Replace the DIRIGIBLE_HOST environment variable as follows:

   ...
   - name: DIRIGIBLE_HOST
     value: https://<landscape-domain>.apps.xsk.io
   ...

6. Create XSUAA Service Instance as described in the Create an XSUAA service instance step:

   Note: For better isolation create a separate Subaccount, and create there the XSUAA service instance, by using the JSON definition.

   Note: Update the redirect-uris section with the following pattern to match the xsk.io domain:

   "redirect-uris":[
       "https://<landscape-domain>.apps.xsk.io"
   ]

7. Create xsuaa-credentials secret with the following command:

   Note: Create Service Key/Service Binding to obtain the XSUAA credentials:

   kubectl -n <namespace-name> create secret generic xsuaa-credentials \
   --from-literal=url='<xsuaa-url>' \
   --from-literal=clientid='<xsuaa-clientid>' \
   --from-literal=clientsecret='<xsuaa-clientsecret>' \
   --from-literal=verificationkey='<xsuaa-verificationkey>' \
   --from-literal=xsappname='<xsuaa-xsappname>'
   

8. Bind the xsuaa-credentials to the XSK deployment by executing the following command:

   Note: Due to an issue related to the case sensitivity of the secret keys, first the deployment should be scaled to zero, then the secret should be set and finally the deployment should be edited and scaled up again.

   kubectl -n <namespace-name> scale --replicas=0 deployment/xsk
   

   kubectl -n <namespace-name> set env --from=secret/xsuaa-credentials deployment/xsk
   

   Note: Set XSUAA related secrets to lowercase -> URL, CLIENTID, CLIENTSECRET, VERIFICATIONKEY, XSAPPNAME

   kubectl -n <namespace-name> edit deployment xsk
   

        - name: CLIENTSECRET
          valueFrom:
            secretKeyRef:
              key: clientsecret
              name: xsuaa-credentials

   ->

        - name: clientsecret
          valueFrom:
            secretKeyRef:
              key: clientsecret
              name: xsuaa-credentials

   kubectl -n <namespace-name> scale --replicas=1 deployment/xsk
   

9. Create Gateway, VirtualService and DNSEntry with the following descriptor:

   apiVersion: networking.istio.io/v1beta1
   kind: VirtualService
   metadata:
     name: xsk
     namespace: <namespace-name>
   spec:
     gateways:
     - xsk-gateway
     hosts:
     - <landscape-domain>.apps.xsk.io
     http:
     - match:
       - uri:
           regex: /.*
       route:
       - destination:
           host: xsk.<namespace-name>.svc.cluster.local
           port:
             number: 8080
   ---
   apiVersion: networking.istio.io/v1beta1
   kind: Gateway
   metadata:
     name: xsk-gateway
     namespace: <namespace-name>
   spec:
     selector:
       istio: ingressgateway
     servers:
     - hosts:
       - <landscape-domain>.apps.xsk.io
       port:
         name: http
         number: 80
         protocol: HTTP
       tls:
         httpsRedirect: true
     - hosts:
       - <landscape-domain>.apps.xsk.io
       port:
         name: https
         number: 443
         protocol: HTTPS
       tls:
         credentialName: wildcard-tls
         mode: SIMPLE
   ---
   apiVersion: dns.gardener.cloud/v1alpha1
   kind: DNSEntry
   metadata:
     annotations:
       dns.gardener.cloud/class: garden
     name: dns-xsk
     namespace: default
   spec:
     dnsName: "<landscape-domain>.apps.xsk.io"
     ttl: 600
     targets:
     - <dns-entry-target>

   Note: Replace all occurrences of the following placeholders:

   • <namespace-name> with the name of the created namespace

   • <landscape-domain> with the landscape domain name

   • <dns-entry-target> with the DNS Entry Target, the value could be obtain by executing the following command:

     kubectl get service -n istio-system istio-ingressgateway -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"
     

10. Assign the necessary roles as described in the Assign the Developer and Operator roles step.

11. Login by going to https://<landscape-domain>.apps.xsk.io

Scale Deployment to zero:

kubectl -n <namespace-name> scale --replicas=0 deployment/xsk

• Kubectl set env from secret leads to uppercase of the secret keys #107562

To create new landscape (dedicated instance) go through the following steps:

1. Create new SAP HANA Database User, as described here.

2. Obtain access to the XSK Trial Kubernetes cluster (kubeconfig).

3. Create XSUAA Service Instance as described in the Create an XSUAA service instance step:

   Note: For better isolation create a separate Subaccount, and create there the XSUAA service instance, by using the JSON definition.

   Note: Update the redirect-uris section with the following pattern to match the xsk.io domain:

   "redirect-uris":[
       "https://<landscape-domain>.apps.xsk.io"
   ]

4. Get ingress hostname

  kubectl get service -n istio-system istio-ingressgateway -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"

5. Deploy XSK in the target namespace using values from previous steps.

helm repo add xsk https://sap.github.io/xsk
helm repo update

helm install --create-namespace -n <namespace> <release-name> xsk-landscape \
--set hana.username='<HANA-Username>' \
--set hana.password='<HANA-Password>' \
--set hana.url='<HANA-Url>' \
--set xsuaa.url='<XSUAA-Url>' \
--set xsuaa.clientId='<XSUAA-client-id>' \
--set xsuaa.clientSecret='<XSUAA-client-secret>' \
--set xsuaa.verificationKey='<XSUAA-verification-key>' \
--set xsuaa.xsappname='<XSUAA-xsappname>' \
--set dnsentry.targets='<dnsentry>'

This helm chart will create Hana secret and XSUAA secret, namespace, dnsentry, virtualservice, gateway, persistent volume claim.

When you set will add the name in <release-name>.apps.xsk.io for domain record.

dnsentry.targets will create dns record for this landscape, you can take the value from step Get ingress hostname.

When you pass helm install -n '<xsk-demo-..>' this will install the chart in particular namespace and you need to delete namespace manually if you don't need anymore. It's take a while to create dns record, namespace and deployment.

Assign the necessary roles as described in the Assign the Developer and Operator roles step. Login by going to https://<landscape-domain>.apps.xsk.io