diff --git a/go.mod b/go.mod index db139a0..ce908f6 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/sap/cap-operator -go 1.23.0 +go 1.23.1 require ( github.com/MicahParks/keyfunc/v2 v2.1.0 @@ -56,9 +56,9 @@ require ( github.com/spf13/pflag v1.0.5 // indirect github.com/x448/float16 v0.8.4 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.26.0 // indirect + golang.org/x/crypto v0.27.0 // indirect golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e - golang.org/x/net v0.28.0 // indirect + golang.org/x/net v0.29.0 // indirect golang.org/x/oauth2 v0.23.0 // indirect golang.org/x/sync v0.8.0 // indirect golang.org/x/sys v0.25.0 // indirect diff --git a/go.sum b/go.sum index 2c62695..16e5955 100644 --- a/go.sum +++ b/go.sum @@ -117,8 +117,8 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e h1:I88y4caeGeuDQxgdoFPUq097j7kNfw6uvuiNxUBfcBk= golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -129,8 +129,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= diff --git a/website/content/en/docs/installation/prerequisites.md b/website/content/en/docs/installation/prerequisites.md index db3df9c..58569b6 100644 --- a/website/content/en/docs/installation/prerequisites.md +++ b/website/content/en/docs/installation/prerequisites.md @@ -16,11 +16,11 @@ Istio service mesh is used for HTTP traffic management. CAP Operator creates Ist > It's required that you determine the public ingress Gateway subdomain and the overall shoot domain for the system and specify them in the [chart values](../../installation/helm-install/#values) -##### [cf-service-operator](https://sap.github.io/cf-service-operator/docs/) or [sap-btp-service-operator](https://github.com/SAP/sap-btp-service-operator) +##### [sap-btp-service-operator](https://github.com/SAP/sap-btp-service-operator) or [cf-service-operator](https://sap.github.io/cf-service-operator/docs/) These operators can be used for managing SAP BTP service instances and service bindings from within the Kubernetes cluster. -> As some SAP BTP services are not available for Kubernetes platforms, we recommended that you use [cf-service-operator](https://sap.github.io/cf-service-operator/), which creates the services for a Cloud Foundry space and inserts the required access credentials as Secrets into the Kubernetes cluster. +> If some SAP BTP services are not available for Kubernetes platforms, you may use [cf-service-operator](https://sap.github.io/cf-service-operator/), which creates the services for a Cloud Foundry space and inserts the required access credentials as Secrets into the Kubernetes cluster. > Please note that service credentials added as Kubernetes Secrets to a namespace by these operators, support additional metadata. If you don't use this feature of these operators, use `secretKey: credentials` in the spec of these operators to ensure that the service credentials retain any JSON data as it is. **We recommend that you use `secretKey`, even when credential metadata is available to reduce the overhead of interpreting parsing multiple JSON attributes.** diff --git a/website/content/en/docs/troubleshoot/_index.md b/website/content/en/docs/troubleshoot/_index.md index b8b4bb2..1642b25 100644 --- a/website/content/en/docs/troubleshoot/_index.md +++ b/website/content/en/docs/troubleshoot/_index.md @@ -78,6 +78,6 @@ For instance, when deleting a `CAPApplication` CRO, any existing tenants would b The provider `CAPTenant` resource can't be deleted before deleting a consistent `CAPApplication`. _NOTE_: CAP operator needs the `secrets` from service instances/bindings to exist for the entire lifecycle of the SAP Cloud Application Programming Model application. Removing the service instances/bindings i.e. the secrets from the cluster while the CAP application related CROs still exist would cause leftover resources in cluster (and perhaps the db). Recovering from such inconsistent states might not even be possible. -Such a situation can easily arise when using `helm` delete/uninstall as the order of deletion of resouces is not configurable. We recommend tht you do this with care. +Such a situation can easily arise when using `helm` delete/uninstall as the order of deletion of resouces is not configurable. We recommend that you do this with care. It's important that you ensure that the secrets from service instance/bindings aren't deleted before any SAP Cloud Application Programming Model application that consumes those secrets is completely removed. diff --git a/website/content/en/docs/usage/prerequisites.md b/website/content/en/docs/usage/prerequisites.md index bd25e7b..8ee2ee8 100644 --- a/website/content/en/docs/usage/prerequisites.md +++ b/website/content/en/docs/usage/prerequisites.md @@ -17,7 +17,7 @@ A multi-tenant CAP-based application consumes the following SAP BTP services. Wh Other services (not listed here) may also be used depending on the requirement (for example, SAP HTML5 Application Repository service for SAP BTP, Business Logging, and so on). -> IMPORTANT: As some SAP BTP services are not available on Kubernetes, enable Cloud Foundry for the provider subaccount to create certain services. We recommend that you use use the [cf-service-operator](https://sap.github.io/cf-service-operator/docs/) for managing the service instances and service bindings directly from within the Kubernetes cluster. Based on the service bindings, it automatically generates the secrets containing the service access credentials. +> Note: If some SAP BTP services are not available on Kubernetes, enable Cloud Foundry for the provider subaccount to create certain services. In such cases you may use the [cf-service-operator](https://sap.github.io/cf-service-operator/docs/) for managing the service instances and service bindings directly from within the Kubernetes cluster. Based on the service bindings, it automatically generates the secrets containing the service access credentials. ##### SAP Authorization and Trust Management Service diff --git a/website/content/en/docs/usage/resources/capapplicationversion.md b/website/content/en/docs/usage/resources/capapplicationversion.md index 29ca126..e35cfda 100644 --- a/website/content/en/docs/usage/resources/capapplicationversion.md +++ b/website/content/en/docs/usage/resources/capapplicationversion.md @@ -346,4 +346,4 @@ spec: > > The supported configurations is kept minimal intentionally to keep the overall API simple by considering commonly used configurations. -Note: For `initContainers` nearly the same environment variables as the main container are made available including VCAP_SERVICES environment. \ No newline at end of file +> Note: For `initContainers` nearly the same environment variables as the main container are made available including VCAP_SERVICES environment. \ No newline at end of file diff --git a/website/content/en/docs/usage/resources/captenantoutput.md b/website/content/en/docs/usage/resources/captenantoutput.md index 5d308d6..7ba932e 100644 --- a/website/content/en/docs/usage/resources/captenantoutput.md +++ b/website/content/en/docs/usage/resources/captenantoutput.md @@ -7,9 +7,7 @@ description: > How to configure the `CAPTenantOutput` resource --- -{{< alert color="warning" title="Warning" >}} -The `CAPTenantOutput` may be used to add additional data to the asynchronous callback parameters from the SaaS provisioning service during tenant onboarding. The resource is not reconciled but just consumed by the subscription server to generate additional data. It has the following structure: -{{< /alert >}} +The [`CAPTenantOutput`](https://sap.github.io/cap-operator/docs/reference/#sme.sap.com/v1alpha1.CAPTenantOutput) may be used to add additional data to the asynchronous callback parameters from the SaaS provisioning service during tenant onboarding. The resource is not reconciled but just consumed by the subscription server to generate additional data. It has the following structure: ```yaml apiVersion: sme.sap.com/v1alpha1 @@ -24,8 +22,11 @@ spec: ``` The example above shows an instance of the resource that is associated with a tenant via the `sme.sap.com/btp-tenant-id` label (which must be set by consumers). + +{{< alert color="warning" title="Warning" >}} The resource is meant to be created/updated during tenant operations for e.g. the ones created during tenant onboarding. As of now, the primary intention of this resource is to enhance the parameters of subscription callback during tenant onboarding. But the resources may be used for further scenarios in the future. Any RBAC related updates needed to create/modify the resources for e.g. in a custom tenant operation needs to be handled by consumers and assigned to the relevant job via `serviceAccountName` config for that workload (job). -Note that all instances of this resources found for a given tenant will be cleaned up before any `CAPTenantOperation` is created. \ No newline at end of file +Note that all instances of this resources found for a given tenant will be cleaned up before any `CAPTenantOperation` is created. +{{< /alert >}} \ No newline at end of file