Cross Platform Services

# Cross Platform Services Open : https://cockpit.hanatrial.ondemand.com/ Enter into your Trial Account ![](https://i.imgur.com/k9EACZG.png) ## Confirm that you are a security administrator in the subaccount Verify the "Security" section in the left-side menu is visible for you ![](https://i.imgur.com/DVkruHa.png) ## Subscribe to the Service Manager You should subscribe to the Service Manager in order to get the available roles required for this process. 1. In the SAP Cloud Platform cockpit, navigate to your subaccount and choose Subscriptions | Service Manager. 2. Choose Subscribe. ![](https://i.imgur.com/TvDsH8A.png) ### Assign the Subaccount Service Administrator role collection You should have this role collection assigned to you in order to use the Service Manager APIs. 1. In the SAP Cloud Platform cockpit, navigate to your subaccount and choose *Security* --> *Trust Configuration* --> *SAP ID Service*. ![](https://i.imgur.com/8zsF6NB.png) 1. Enter the e-mail of the user you want to assign the role collection to in field *E-Mail Address*. ![](https://i.imgur.com/JrG9EoP.png) 2. Click *Show Assignments*. Then click on *Assign Role Collection* ![](https://i.imgur.com/rILhBh3.png) ### Log in to the Service Manager Execute the following command. It will be either of the Endpoint based on the region in which your trial account exists. `smctl login -a https://service-manager.cfapps.eu10.hana.ondemand.com --param subdomain=<SUBDOMAIN>` `smctl login -a https://service-manager.cfapps.us10.hana.ondemand.com --param subdomain=<SUBDOMAIN>` USER : MAIL-ID Password : Global Password ![](https://i.imgur.com/UKrZsv4.png) ### Register a Kubernetes Cluster as Subaccount-Scoped We have a created a Gardener kubernetes cluster. kubectl cluster-info Execute the following command: ```bash smctl register-platform <cluster_name> kubernetes ``` **<cluster_name> : get from Sticky notes near the system** Command output: ```console ID Name Type Description Created Updated Labels Username Password ------------------------------------ ------- ---------- ----------- --------------------------- --------------------------- -------------------------------------------------- -------------------------------------------- -------------------------------------------- 8435d386-7b3c-4fe3-ace3-8b1fb9d5a617 uniqueName kubernetes 2019-11-26T12:54:28.040401Z 2019-11-26T12:54:28.040401Z subaccount_id=cff348db-6e8d-4eed-ba81-81d4f3f3b1b6 admin admin ``` * `Username` and `Password` are the credentials that the _service manager broker proxy_ uses to communicate with the Service Manager. The credentials should be provided for the helm chart when installing the Service Manager Broker Proxy (later in this tutorial). ## Install the Service Catalog in your kubernetes cluster For convenience we already deployed service catalog kubectl get pods -n catalog ## Install the Service Manager Broker Proxy (Agent) in your Kubernetes cluster Add the Peripli Helm repository to your machine: ``` helm repo add peripli https://peripli.github.io ``` Create the service-broker-proxy namespace: ``` kubectl create namespace service-broker-proxy ``` And finally install the Service Manager Broker Proxy in the service-broker-proxy namespace: ``` helm install service-broker-proxy peripli/service-broker-proxy-k8s --namespace service-broker-proxy --set image.tag=v0.6.0 --set config.sm.url= <SM-URL> --set sm.user=<USER> --set sm.password=<PASSWORD> ``` * Replace SM-URL with `https://service-manager.cfapps. <DOMAIN >` * DOMAIN as you got [above](#Log-in-to-the-Service-Manager) Example: `https://service-manager.cfapps.eu10.hana.ondemand.com` * Replace the USER and PASSWORD with the credentials obtained when registering your K8S cluster as subaccount-scoped [above](#Log-in-to-the-Service-Manager). ## Test your Setup svcat marketplace You should see the list of services available in the marketplace ``` ➜ ~ svcat marketplace CLASS PLANS DESCRIPTION +---------------------+-------------+-----------------------------------------+ transport standard Provides programmatic access to Transport Management. auditlog-management default Retrieve logs and change retention destination lite Provides a secure and reliable access to destination and certificate configurations xsuaa application Manage application authorizations and trust to identity providers. ``` ### Provisioning a service svcat provision xsuaa-k8s --class xsuaa --plan application Once you provision get the status using `svcat get instances` . It show the service in ready state. Create a bind to the service instance svcat bind xsuaa-k8s --name xsuaabind Check if secret is created in the namespace kubectl get secrets xsuaabind -o yaml Now you mount the secret to in your application in kubernetes and can consume the service. CleanUp Resources svcat unbind xsuaa-k8s svcat deprovision xsuaa-k8s smctl delete-platform <CLUSTER NAME> helm uninstall service-broker-proxy -n service-broker-proxy