Instances created with SAP BTP Operator can only be managed from SAP BTP Operator. Management operations that require SAP BTP Operator include service update and deletion, as well as binding creation and access.
- See Prerequisites.
- You need sap-btp-service-operator installed in Kubernetes cluster. In SAP BTP, Kyma runtime, SAP BTP Service Operator is available if the
btp-operatormodule is enabled.
-
To create the namespace
sap-cloud-logging-integration, execute the following command:kubectl create namespace sap-cloud-logging-integration -
To create a service instance of SAP Cloud Logging, first create a
ServiceInstancecustom-resource yaml file. See Service Plans and Configuration Parameters for configuration options.apiVersion: services.cloud.sap.com/v1alpha1 kind: ServiceInstance metadata: name: < name > spec: serviceOfferingName: cloud-logging servicePlanName: < service plan > externalName: < externalName > parameters: < parameterName1 >: < parameterValue1 > < parameterName2 >: < parameterValue2 >For example:
apiVersion: services.cloud.sap.com/v1alpha1 kind: ServiceInstance metadata: name: created-with-sap-btp-service-operators spec: serviceOfferingName: cloud-logging servicePlanName: standard externalName: cloud-logging-created-with-sap-btp-service-operators parameters: retentionPeriod: 14 esApiEnabled: false -
Apply the custom-resource file in your cluster to create the instance in the sap-cloud-logging-integration namespace. Deploy the configuration with:
kubectl apply -n sap-cloud-logging-integration -f path/to/my-service-instance.yaml -
Wait for your dedicated instance to be provisioned. Check the status by executing:
kubectl get serviceinstances.services.cloud.sap.com -o yaml
To update service parameters, change the values in your yaml file and deploy the changes with
kubectl apply.
If you have questions about these steps, see SAP BTP Service operator service instance creation documentation.
This step results in a secret with the name cls``sap-cloud-logging-integration namespace of the Kyma cluster, which provides credentials to see and ingest data.
-
Create a
ServiceBindingandsecretwith the BTP Operator in thesap-cloud-logging-integrationnamespace by executing the following command: in thecat <<EOF | kubectl apply -n sap-cloud-logging-integration -f - apiVersion: services.cloud.sap.com/v1 kind: ServiceBinding metadata: name: cls-binding spec: serviceInstanceName: cls-service-instance externalName: cls-binding-external secretName: sap-cloud-logging credentialsRotationPolicy: enabled: true rotationFrequency: 168hWe recommend you enable credentials rotation for the ServiceBinding, so that the configuration is updated automatically. Assure that the
rotationFrequencybinding parameter reflects a period of more than a day to avoid frequent restarts.The binding creation automatically triggers the creation of a
secretwith the namesap-cloud-loggingin in the same namespace.
Insert the endpoints and credentials from an SAP Cloud Logging key in the following snippet, and run the command to create a Kubernetes secret.
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: https://help.sap.com/docs/btp/sap-business-technology-platform/enable-and-disable-kyma-module
stringData:
# To ingest logs, skip if you want to configure tracing only
# certs/keys should be pasted as is, keeping \n characters
ingest-mtls-endpoint: "<ingest endpoint from service key json>"
ingest-mtls-key: "<ingest-mtls-key from service key json>"
ingest-mtls-cert: "<ingest-mtls-cert from service key json>"
# To ingest distributed traces, skip if you want to configure logging only
# certs/keys should be pasted as is, keeping \n characters
ingest-otlp-endpoint: "<ingest-otlp-endpoint from service key json>"
ingest-otlp-key: "<ingest-otlp-key from service key json>"
ingest-otlp-cert: "<ingest-otlp-cert from service key json
The responsibility to rotate credentials remains with the user when applying this approach.