With the SAP BTP Operator module, you can create configurations for several subaccounts in a single Kyma cluster.
By default, a Kyma cluster is associated with one subaccount. Consequently, any service instance created within any namespace is provisioned in the associated subaccount. See Preconfigured Credentials and Access. However, with SAP BTP Operator, you can create configurations in a single Kyma cluster that are applied to several subaccounts. To apply the multitenancy feature, choose the method that suits your needs and application architecture:
- Namespace-level mapping: Connect namespaces to separate subaccounts by configuring dedicated credentials for each namespace.
- Instance-level mapping: Define a specific subaccount for each service instance, regardless of the namespace context.
Regardless of the method, you must create Secrets managed in the kyma-system namespace.
SAP BTP Operator searches for the credentials in the following order:
- Explicit Secret defined in a service instance
- Managed namespace Secret assigned for a given namespace
- Managed namespace default Secret
- To connect a namespace to a specific subaccount, see Namespace-Level Mapping.
- To deploy service instances belonging to different subaccounts within the same namespace, see Instance-Level Mapping.