SAP/sap-btp-service-operator

"could not find such instance" error while creating a servicebinding

valiparsa opened this issue · 6 comments

valiparsa commented

There was a feature implemented recently in this release v0.5.2

  • Allow binding creation for instance located in a different namespace

I'd like to use this feature in the scenario depicted here

sap-btp-service-operator

Scenario:

  1. Create a K8s secret with this name "eu10-sap-btp-service-operator" with the content of a binding key from the service manager service in EU10 BTP region.
  2. Create a K8s secret with this name "eu21-sap-btp-service-operator" with the content of a binding key from the service manager service in EU21 BTP region.
  3. Create two K8s namespaces with names "eu10" and "eu21"
  4. Create a serviceinstance object inside "eu10" namespace which leads to creation of an instance in eu10 BTP region.
  5. Create a serviceinstance object inside "eu21" namespace which leads to creation of an instance in eu21 BTP region.
  6. Create a separate K8s namespace with the name "component" to hold two servicebinding objects.
  7. Create a servicebinding object inside "component" namespace containing serviceInstanceNamespace: eu10 under the spec section.
  8. Create a servicebinding object inside "component" namespace containing serviceInstanceNamespace: eu21 under the spec section.
  9. Two secrets containing a binding key should be generated in the "component" namespace by the sap-btp-service-operator

Steps 7 fails with this error message

2023-10-25T09:26:00Z    ERROR   controllers.ServiceBinding      failed to create service binding        {"servicebinding": {"name":"test1-eu10","namespace":"component"}, "correlation_id": "5efc72d6-366c-47f2-b6f7-5acb4e9cdb13", "serviceInstanceID": "ca3c5d0d-0437-452a-a5ca-b5dd610d4df2"}
github.com/SAP/sap-btp-service-operator/controllers.(*ServiceBindingReconciler).createBinding
        /workspace/controllers/servicebinding_controller.go:237
github.com/SAP/sap-btp-service-operator/controllers.(*ServiceBindingReconciler).Reconcile
        /workspace/controllers/servicebinding_controller.go:206
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile
        /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:118
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
        /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:314
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
        /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
        /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226
2023-10-25T09:26:00Z    INFO    controllers.ServiceBinding      SM returned error with status code 404  {"servicebinding": {"name":"test1-eu10","namespace":"component"}, "correlation_id": "5efc72d6-366c-47f2-b6f7-5acb4e9cdb13"}
2023-10-25T09:26:00Z    INFO    controllers.ServiceBinding      operation create of ServiceBinding encountered a transient error could not find such instance, retrying operation :)    {"servicebinding": {"name":"test1-eu10","namespace":"component"}, "correlation_id": "5efc72d6-366c-47f2-b6f7-5acb4e9cdb13"}

Is my understanding wrong? Did I miss anything in this scenario to be configured? Are eu10-sap-btp-service-operator and eu21-sap-btp-service-operator secrets required only for the serviceinstances or also similar secrets are required to be there for the servicebinding objects which are located in different namespace than the serviceinstance objects?

pre commented

Normally the ServiceInstance and ServiceBinding live in the same namespace. There was a new feature in v0.5.2 which allows the ServiceBinding be defined in a different namespace than the ServiceInstance.

If you're using that new (undocumented?) feature, could you share your ServiceBinding configuration on how did you map the namespaces. Otherwise, try defining the ServiceBinding and ServiceInstance in the same namespace.

In our case, we have most of our common ServiceInstances and ServiceBindings in a single integration namespace. From that namespace we copy the generated Secret resources to each namespace needing those credentials.

The sap-btp-service-operator does not support copying the Secret over multiple namespacesH owever, it would be a useful feature because it seems almost everyone needs to perform this copying somehow, using an external controller other than the sap-btp-service-operator.

kerenlahav commented

Hi @pre ,
It is supported but not yet documented, to use this feature you need to add to the binding's spec a new property "serviceInstanceNamespace" and the value should be the namespace where the instance is found.

@valiparsa , you cannot mix between regions, currently a namespace is associated with one region, in the next release you will be able to use multiple regions/subaccounts in a single namespace. stay tuned :)

valiparsa commented

Thanks to both of you for your comments. @kerenlahav I observed this merged PR in the commit history of the main branch, which seems to be our requested feature. I tried it and it worked with our target scenario. I'll provide it here for others (if interested). I'd like to thank you and your team for your efforts and considering our feature request.

sap-btp-service-operator

Scenario:

  1. Create a K8s secret (inside sap-btp-service-operator namespace) with this name eu10-canary-sap-btp-service-operator with the content of a binding key from the service manager service in the eu10-canary BTP region.
  2. Create a K8s secret (inside sap-btp-service-operator namespace) with this name eu21-sap-btp-service-operator with the content of a binding key from the service manager service in the eu21 BTP region.
  3. Create a separate K8s namespace with the name component to hold two serviceinstance and two servicebinding objects.
  4. Create a serviceinstance object inside component namespace containing spec.subaccountID: eu10-canary.
  5. Create a serviceinstance object inside component namespace containing spec.subaccountID: eu21.
  6. Create corresponding servicebinding objects inside component namespace.
  7. Two secrets containing a binding key should be generated in the component namespace by the sap-btp-service-operator.
kerenlahav commented

this feature is not yet released and i made changes in this area this morning.. it is currently being tested and will be released later today.

valiparsa commented

this feature is not yet released and i made changes in this area this morning.. it is currently being tested and will be released later today.

No worries, I just wanted to test it locally :). Take your time for the proper release.