Create and set up a subaccount
This guide shows how to provision and set up an SAP BTP subaccount in an existing global account using code.
🚧 Prerequisites
- You've created a control plane.
- You've installed and configured the BTP provider.
- You're connected to your control plane.
Create a Subaccount
-
Save the following YAML content to
subaccount.yaml.subaccount.yamlapiVersion: account.btp.sap.crossplane.io/v1alpha1kind: Subaccountmetadata:name: my-subaccountspec:forProvider:betaEnabled: truedescription: hello subaccountdisplayName: <display-name> # This value will be displayed as a subaccount name in the BTP cockpitregion: eu12 # Adjust if neededsubaccountAdmins:- <admin-email> # Use the email address of your technical usersubdomain: <subaccount-subdomain> # This value must be unique across all BTP subaccountsusedForProduction: "NOT_USED_FOR_PRODUCTION" # Other supported values are "USED_FOR_PRODUCTION" and "UNSET"providerConfigRef:name: account-provider-configMake sure to replace all placeholders:
<display-name>: The subaccount name as it should appear in the BTP cockpit<admin-email>: The email address of your technical user<subaccount-subdomain>: A unique subdomain name for your subaccount
View available regions
To view the available regions, you can use the btp CLI:
Run in Terminalbtp login --ssobtp list accounts/available-region --global-account <global-account-subdomain> # The subdomain of your global account can be found in BTP cost center global account view page. -
Apply
subaccount.yamlto your control plane:Run in Terminalkubectl apply -f subaccount.yamlIt may take a few moments before the changes are reflected.
Set up your subaccount
Create a ServiceManager instance
SAP Service Manager allows you to create, update, and delete services within your BTP subaccount from code. It's a prerequisite for orchestrating other resources like environments (Cloud Foundry and Kyma) and service instances.
More information on the Service Manager can be found on the SAP Help Portal: About SAP Service Manager.
You can create an instance of the Service Manager service with the ServiceManager resource:
-
Save the following YAML content to
servicemanager.yaml.servicemanager.yamlapiVersion: account.btp.sap.crossplane.io/v1beta1kind: ServiceManagermetadata:name: my-subaccount-service-managerspec:writeConnectionSecretToRef:name: sap-btp-service-operatornamespace: defaultforProvider:subaccountRef:name: my-subaccountproviderConfigRef:name: account-provider-config
Please ensure the user (used in the Secret referenced from the ProviderConfig) needs to be part of the Subaccounts subaccountAdmins field (See FAQs below)
-
Apply
servicemanager.yamlto your control plane:Run in Terminalkubectl create -f servicemanager.yaml -
You can import existing instances using the
external-nameannotation in the following way:...metadata:annotations:# crossplane.io/external-name: <instanceID>/<instanceBindingID>crossplane.io/external-name: 7433f9b1-2905-4ce0-8945-c6370a0077b2/ba92eafd-b549-448d-a58a-06e2b09e999c...
Create a CloudManagement instance
The Cloud Management service is essential for provisioning and maintaining other cloud resources like environments (CloudFoundry and Kyma) or subscriptions on SAP BTP. A local instance needs to be running in each subaccount you wish to orchestrate.
More information on the Cloud Management service can be found in the SAP Help Portal.
To create a Cloud Management service instance, you first need to entitle it. You can do that in code using our Entitlement custom resource.
-
Save the following YAML content to
entitlement-service-manager.yaml.entitlement-service-manager.yamlapiVersion: account.btp.sap.crossplane.io/v1alpha1kind: Entitlementmetadata:name: cis-entitlementspec:forProvider:serviceName: cisservicePlanName: localenable: truesubaccountRef:name: my-subaccountproviderConfigRef:name: account-provider-config -
Apply
entitlement-service-manager.yamlto your control plane:Run in Terminalkubectl create -f entitlement-service-manager.yamlLearn more about how to entitle services from our guide: Order service instances and subscriptions.
You can then create a Cloud Management service using the CloudManagement custom resource, as explained in the following steps.
-
Save the following YAML content to
cloudmanagement.yaml.cloudmanagement.yamlapiVersion: account.btp.sap.crossplane.io/v1alpha1kind: CloudManagementmetadata:name: cis-localspec:writeConnectionSecretToRef:name: cis-localnamespace: defaultforProvider:serviceManagerRef:name: my-subaccount-service-manager # Use the ServiceManager resource created in the previous stepsubaccountRef:name: my-subaccountproviderConfigRef:name: account-provider-config -
Apply
cloudmanagement.yamlto your control plane:Run in Terminalkubectl create -f cloudmanagement.yaml
Next steps
⁉ FAQs
How can I manage BTP subaccount admins?
There is no reconciliation of .spec.forProvider.subaccountAdmins after initial creation, and the field can't be updated once set. This is a limitation of the underlying SAP BTP API.
To manage subaccount admins, use offerings such as XSUAA.
When creating a ServiceManager instance, I receive the error message Cannot create: Login failed. Check your credentials (401).
This error indicates an authentication failure. Please make sure the users in the secrets referenced in the ProviderConfig are listed as subaccountAdmins in your Subaccount.
When creating a ServiceManager instance, I receive a response with unexpected status (404).
The error indicates that the client cannot recognize the specified subaccount. To resolve this issue, please verify the following:
- The
ProviderConfigreferences the correct global account subdomain. - The
ServiceManagerreferences the correctSubaccountname.
When creating a ServiceManager instance, I receive a response with unexpected status (405).
The error indicates that the operation is not allowed via the requested endpoint.
The most likely cause is that the cliServerUrl in the ProviderConfig is not correct.
Please verify that the cliServerUrlis set to https://cli.btp.cloud.sapif you are on canary or other enviroments please check what the correct URL is for your environment and update the ProviderConfig accordingly.