Skip to content
This repository has been archived by the owner on Aug 1, 2022. It is now read-only.

Trial Landscape

Jump to bottom
krasimirdermendzhiev edited this page Feb 24, 2022 · 50 revisions

Overview

The shared XSK Trial instance is available at: https://trial.apps.xsk.io

Provision Landscape

NOTE: You can Provision Landscape with helm

To create new landscape (dedicated instance) go through the following steps:

  1. Create new SAP HANA Database User, as described here.

  2. Obtain access to the XSK Trial Kubernetes cluster (kubeconfig).

  3. Create separate Kubernetes namespace for the new landscape:

    kubectl create namespace <namespace-name>
kubectl label namespace <namespace-name> istio-injection=enabled

  4. Create hana-cloud-database secret as described in the Create an SAP HANA Cloud secret step.

    Note: Add -n <namespace-name> to the original command, so that the secret would be created in the dedicated namespace:

     kubectl -n <namespace-name> create secret generic hana-cloud-database \
 --from-literal=DIRIGIBLE_DATABASE_PROVIDER=custom \
 ...

  5. Deploy XSK in the target namespace/landscape as described in the Deploy XSK step.

    Note: Use the Deployment (Only) option and replace all occurrences of the default namespace with the <namespace-name> as shown:

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: xsk
  namespace: <namespace-name>
...
apiVersion: v1
kind: Service
metadata:
  labels:
    app: xsk
  name: xsk
  namespace: <namespace-name>
...
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: xsk-claim
  namespace: <namespace-name>

    Note: Replace the DIRIGIBLE_HOST environment variable as follows:

    ...
- name: DIRIGIBLE_HOST
  value: https://<landscape-domain>.apps.xsk.io
...

  6. Create XSUAA Service Instance as described in the Create an XSUAA service instance step:

    Note: For better isolation create a separate Subaccount, and create there the XSUAA service instance, by using the JSON definition.

    Note: Update the redirect-uris section with the following pattern to match the xsk.io domain:

    "redirect-uris":[
    "https://<landscape-domain>.apps.xsk.io"
]

  7. Create xsuaa-credentials secret with the following command:

    Note: Create Service Key/Service Binding to obtain the XSUAA credentials:

    kubectl -n <namespace-name> create secret generic xsuaa-credentials \
--from-literal=url='<xsuaa-url>' \
--from-literal=clientid='<xsuaa-clientid>' \
--from-literal=clientsecret='<xsuaa-clientsecret>' \
--from-literal=verificationkey='<xsuaa-verificationkey>' \
--from-literal=xsappname='<xsuaa-xsappname>'

  8. Bind the xsuaa-credentials to the XSK deployment by executing the following command:

    Note: Due to an issue related to the case sensitivity of the secret keys, first the deployment should be scaled to zero, then the secret should be set and finally the deployment should be edited and scaled up again.

    kubectl -n <namespace-name> scale --replicas=0 deployment/xsk

    kubectl -n <namespace-name> set env --from=secret/xsuaa-credentials deployment/xsk

    Note: Set XSUAA related secrets to lowercase -> URL, CLIENTID, CLIENTSECRET, VERIFICATIONKEY, XSAPPNAME

    kubectl -n <namespace-name> edit deployment xsk

         - name: CLIENTSECRET
       valueFrom:
         secretKeyRef:
           key: clientsecret
           name: xsuaa-credentials

    ->

         - name: clientsecret
       valueFrom:
         secretKeyRef:
           key: clientsecret
           name: xsuaa-credentials
    kubectl -n <namespace-name> scale --replicas=1 deployment/xsk

  9. Create Gateway, VirtualService and DNSEntry with the following descriptor:

    apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: xsk
  namespace: <namespace-name>
spec:
  gateways:
  - xsk-gateway
  hosts:
  - <landscape-domain>.apps.xsk.io
  http:
  - match:
    - uri:
        regex: /.*
    route:
    - destination:
        host: xsk.<namespace-name>.svc.cluster.local
        port:
          number: 8080
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: xsk-gateway
  namespace: <namespace-name>
spec:
  selector:
    istio: ingressgateway
  servers:
  - hosts:
    - <landscape-domain>.apps.xsk.io
    port:
      name: http
      number: 80
      protocol: HTTP
    tls:
      httpsRedirect: true
  - hosts:
    - <landscape-domain>.apps.xsk.io
    port:
      name: https
      number: 443
      protocol: HTTPS
    tls:
      credentialName: wildcard-tls
      mode: SIMPLE
---
apiVersion: dns.gardener.cloud/v1alpha1
kind: DNSEntry
metadata:
  annotations:
    dns.gardener.cloud/class: garden
  name: dns-xsk
  namespace: default
spec:
  dnsName: "<landscape-domain>.apps.xsk.io"
  ttl: 600
  targets:
  - <dns-entry-target>

    Note: Replace all occurrences of the following placeholders:

    • <namespace-name> with the name of the created namespace

    • <landscape-domain> with the landscape domain name

    • <dns-entry-target> with the DNS Entry Target, the value could be obtain by executing the following command:

      kubectl get service -n istio-system istio-ingressgateway -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"

  10. Assign the necessary roles as described in the Assign the Developer and Operator roles step.

  11. Login by going to https://<landscape-domain>.apps.xsk.io

Tips & Tricks

Scale Deployment to zero:

kubectl -n <namespace-name> scale --replicas=0 deployment/xsk

Note:

Provision Landscape with helm

To create new landscape (dedicated instance) go through the following steps:

  1. Create new SAP HANA Database User, as described here.

  2. Obtain access to the XSK Trial Kubernetes cluster (kubeconfig).

  3. Create XSUAA Service Instance as described in the Create an XSUAA service instance step:

    Note: For better isolation create a separate Subaccount, and create there the XSUAA service instance, by using the JSON definition.

    Note: Update the redirect-uris section with the following pattern to match the xsk.io domain:

    "redirect-uris":[
    "https://<landscape-domain>.apps.xsk.io"
]

  4. Get ingress hostname

  kubectl get service -n istio-system istio-ingressgateway -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"
  1. Deploy XSK in the target namespace using values from previous steps.
helm repo add xsk https://sap.github.io/xsk
helm repo update

helm install --create-namespace -n <namespace> <release-name> xsk-landscape \
--set hana.username='<HANA-Username>' \
--set hana.password='<HANA-Password>' \
--set hana.url='<HANA-Url>' \
--set xsuaa.url='<XSUAA-Url>' \
--set xsuaa.clientId='<XSUAA-client-id>' \
--set xsuaa.clientSecret='<XSUAA-client-secret>' \
--set xsuaa.verificationKey='<XSUAA-verification-key>' \
--set xsuaa.xsappname='<XSUAA-xsappname>' \
--set dnsentry.targets='<dnsentry>'

This helm chart will create Hana secret and XSUAA secret, namespace, dnsentry, virtualservice, gateway, persistent volume claim.

When you set will add the name in <release-name>.apps.xsk.io for domain record.

dnsentry.targets will create dns record for this landscape, you can take the value from step Get ingress hostname.

When you pass helm install -n '<xsk-demo-..>' this will install the chart in particular namespace and you need to delete namespace manually if you don't need anymore. It's take a while to create dns record, namespace and deployment.

Assign the necessary roles as described in the Assign the Developer and Operator roles step. Login by going to https://<landscape-domain>.apps.xsk.io

Home

Project

Architecture

Tips & Tricks

Infrastructure

Troubleshooting guide

Clone this wiki locally