The Oracle Database Operator for Kubernetes (a.k.a. OraOperator) helps developers, DBAs, DevOps and GitOps teams reduce the time and complexity of deploying and managing Oracle Databases

Oracle Database Operator for Kubernetes

Make Oracle Database Kubernetes-Native

As part of Oracle's resolution to make Oracle Database Kubernetes-native (that is, observable and operable by Kubernetes), Oracle is announcing Oracle Database Operator for Kubernetes (OraOperator).

Since Oracle Database 19c, Oracle Database images have been supported in containers (Docker, Podman) for production use and Kubernetes deployment with Helm Charts. This release includes Oracle Database Operator, which is a new open source product that extends the Kubernetes API with custom resources and controllers for automating Oracle Database lifecycle management.

In this release, OraOperator supports the following Oracle Database configurations:

  • Oracle Autonomous Database on shared Oracle Cloud Infrastructure (OCI), also known as ADB-S
  • Containerized Single Instance databases (SIDB) deployed in the Oracle Kubernetes Engine (OKE)
  • Containerized Sharded databases (SHARDED) deployed in OKE

Oracle will continue to expand Oracle Database Operator support for additional Oracle Database configurations.

Features Summary

This release of Oracle Database Operator for Kubernetes (the operator) supports the following lifecycle operations:

  • ADB-S: provision, bind, start, stop, terminate (soft/hard), scale (down/up)
  • SIDB: provision, clone, patch (in-place/out-of-place), update database initialization parameters, update database configuration (Flashback, archiving), Oracle Enterprise Manager (EM) Express (a basic observability console)
  • SHARDED: provision/deploy sharded databases and the shard topology, add a new shard, delete an existing shard

Upcoming releases will support new configurations, operations and capabilities.

Release Status

CAUTION: The current release of OraOperator (v0.1.0) is for development and test only. DO NOT USE IN PRODUCTION.

This release can be deployed on the following platforms:

In upcoming releases, the operator will be certified against third-party Kubernetes clusters.

Prerequisites

Oracle strongly recommends that you ensure your system meets the following Prerequisites.

  • Install cert-manager

    The operator uses webhooks for validating user input before persisting it in Etcd. Webhooks require TLS certificates that are generated and managed by a certificate manager.

    Install the certificate manager with the following command:

    kubectl apply -f https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.yaml

  • Create Operator Image Pull Secrets

    Sign into https://container-registry.oracle.com/ and accept the license agreement for the Operator image.

    Create an image pull secret for Oracle Container Registry:

      kubectl create namespace oracle-database-operator-system
  kubectl create secret docker-registry container-registry-secret -n oracle-database-operator-system --docker-server=container-registry.oracle.com --docker-username='
     
      '
      --docker-password='
     
      '
      --docker-email='
     
      '

Quick Install of the Operator

To install the operator in the cluster quickly, you can use a single oracle-database-operator.yaml file. Operator pod replicas are set to a default of 3 for High Availability, which can be scaled up and down.

Run the following command

kubectl apply -f oracle-database-operator.yaml

Ensure that operator pods are up and running

$ kubectl get pods -n oracle-database-operator-system

  NAME                                                                 READY   STATUS    RESTARTS   AGE
  pod/oracle-database-operator-controller-manager-78666fdddb-s4xcm     1/1     Running   0          11d
  pod/oracle-database-operator-controller-manager-78666fdddb-5k6n4     1/1     Running   0          11d
  pod/oracle-database-operator-controller-manager-78666fdddb-t6bzb     1/1     Running   0          11d
  • Check the resources

You should see that the operator is up and running, along with the shipped controllers.

For more details, see Oracle Database Operator Installation Instrunctions.

Getting Started with the Operator (Quickstart)

The quickstarts are designed for specific database configurations, including:

YAML file templates are available under /config/samples. You can copy and edit these template files to configure them for your use cases.

Uninstall the Operator

To uninstall the operator, the final step consists of deciding whether or not you want to delete the CRDs and APIServices that were introduced to the cluster by the operator. Choose one of the following options:

  • Deleting the CRDs and APIServices

    To delete all the CRD instances deployed to cluster by the operator, run the following commands, where is the namespace of the cluster object:

    kubectl delete singleinstancedatabase.database.oracle.com --all -n <namespace>
kubectl delete shardingdatabase.database.oracle.com --all -n <namespace>
kubectl delete autonomousdatabase.database.oracle.com --all -n <namespace>

    After all CRD instances are deleted, it is safe to remove the CRDs, APISerivces and operator deployment.

    kubectl delete -f oracle-database-operator.yaml --ignore-not-found=true

    Note: If the CRD instances are not deleted, and the operator is deleted by using the preceding command, then operator deployment and instance objects (pods,services,PVCs, and so on) are deleted. However, the CRD deletion stops responding, because the CRD instances have finalizers that can only be removed by the operator pod, which is deleted when the APIServices are deleted.

  • Retain the CRDs and APIservices

    To delete the operator deployment and retain the CRDs, run the following commands:

    kubectl delete deployment.apps/oracle-database-operator-controller-manager -n oracle-database-operator-system

Documentation

Contributing

See Contributing to this Repository

Support

You can submit a GitHub issue, or you can also file an Oracle Support service request, using the product id: 14430.

Security

Secure platforms are an important basis for general system security. Ensure that your deployment is in compliance with common security practices.

Managing Sensitive Data

Kubernetes secrets are the usual means for storing credentials or passwords input for access. The operator reads the Secrets programmatically, which limits exposure of sensitive data. However, to protect your sensitive data, Oracle strongly recommends that you set and get sensitive data from Oracle Cloud Infrastructure Vault, or from third-party Vaults.

The following is an example of a YAML file fragment for specifying Oracle Cloud Infrastructure Vault as the repository for the admin password.

adminPassword:
     ociSecretOCID: ocid1.vaultsecret.oc1...

Examples in this repository where passwords are entered on the command line are for demonstration purposes only.

Reporting a Security Issue

See Reporting security vulnerabilities

License

Copyright (c) 2021 Oracle and/or its affiliates. Released under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl/

Owner
Oracle
Open Source at Oracle
Oracle
https://github.com/oracle/oracle-database-operator
Comments
  • Unable to stop and start Single Instance Database

    Unable to stop and start Single Instance Database

    Operator need to provide the ability to stop (normal, immediate & shutdown) and start the database

    When using the Oracle database images with a statefulset replicas can be set to 0 or 1 to stop & start, however this is not possible with the operator.

  • x509: certificate has expired or is not yet valid

    x509: certificate has expired or is not yet valid

    After applying an ADBS yaml, I get an error:

    Resource: "database.oracle.com/v1alpha1, Resource=autonomousdatabases", GroupVersionKind: "database.oracle.com/v1alpha1, Kind=AutonomousDatabase"
Name: "autonomousdatabase-sample", Namespace: "oracle-database-operator-system"
for: "adbs.yaml": Internal error occurred: failed calling webhook "mautonomousdatabase.kb.io": failed to call webhook: Post "https://oracle-database-operator-webhook-service.oracle-database-operator-system.svc:443/mutate-database-oracle-com-v1alpha1-autonomousdatabase?timeout=10s": x509: certificate has expired or is not yet valid: current time 2022-10-14T08:42:12Z is after 2022-10-13T14:21:51Z

    Is ther a procedure in the operator to update an expired certificate?

  • Failover error due to missing admin-password

    Failover error due to missing admin-password

    The admin-password need to persist to support failover.

    For example if you create a single instance database and then kill the pod to relocate to another node the pod can start on a different node but the Operator reports an error.

  • improve docs

    improve docs

    Docs to start using this is not good, in general I tried to follow step by step thru readme and was not able to deploy any database.

    There is even missing simple copy paste approach to deploy minimal Proof of concept environment.

    Currently to deploy it you need a reverse engineer everything what for most of users will not fit at all

  • Include a link to the hands-on lab on the Containerized Single Instance use-case

    Include a link to the hands-on lab on the Containerized Single Instance use-case

    A lab is now available in the LiveLab format with detailed instructions to run the Containerized Single Instance database on an OCI trial account, using both dynamic block storage and NFS storage. It might be interesting to include a link to this lab in the documentation.

  • staticcheck reports issues

    staticcheck reports issues

    running staticheck on code is producing following violations:

    staticcheck ./...
commons/oci/database.go:178:3: this value of ok is never used (SA4006)
commons/oci/database.go:503:6: func getConflictRetryPolicy is unused (U1000)
commons/oci/provider.go:80:15: error strings should not be capitalized (ST1005)
commons/oci/provider.go:80:15: error strings should not end with punctuation or a newline (ST1005)
commons/sharding/exec.go:55:181: error should be returned as the last argument (ST1008)
commons/sharding/gsm.go:432:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/provstatus.go:90:6: should omit comparison to bool constant, can be simplified to instance.Spec.IsExternalSvc (S1002)
commons/sharding/provstatus.go:138:6: should omit comparison to bool constant, can be simplified to instance.Spec.IsExternalSvc (S1002)
commons/sharding/provstatus.go:196:6: should omit comparison to bool constant, can be simplified to instance.Spec.IsExternalSvc (S1002)
commons/sharding/provstatus.go:254:3: unnecessary guard around call to delete (S1033)
commons/sharding/provstatus.go:279:3: unnecessary guard around call to delete (S1033)
commons/sharding/provstatus.go:304:3: unnecessary guard around call to delete (S1033)
commons/sharding/provstatus.go:338:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/provstatus.go:358:10: error strings should not be capitalized (ST1005)
commons/sharding/provstatus.go:380:3: unnecessary guard around call to delete (S1033)
commons/sharding/scommon.go:221:6: should omit comparison to bool constant, can be simplified to masterFlag (S1002)
commons/sharding/scommon.go:315:27: should omit comparison to bool constant, can be simplified to instance.Spec.IsDebug (S1002)
commons/sharding/scommon.go:489:2: this value of labelSelector is never used (SA4006)
commons/sharding/scommon.go:497:11: error strings should not be capitalized (ST1005)
commons/sharding/scommon.go:615:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:734:9: empty branch (SA9003)
commons/sharding/scommon.go:747:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:789:6: func labelsForShardingDatabaseKind is unused (U1000)
commons/sharding/scommon.go:800:6: func removeAlpha is unused (U1000)
commons/sharding/scommon.go:839:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:845:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:851:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:863:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:899:6: func getGsmShardValidateCmd is unused (U1000)
commons/sharding/scommon.go:900:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:906:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:911:6: func getGsmAddShardGroupCmd is unused (U1000)
commons/sharding/scommon.go:912:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:918:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:924:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:961:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:1013:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:1166:4: error should be returned as the last argument (ST1008)
commons/sharding/shard.go:108:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/shard.go:358:2: this value of service is never used (SA4006)
commons/sharding/shard.go:405:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/shard.go:421:2: should merge variable declaration with assignment on next line (S1021)
controllers/database/shardingdatabase_controller.go:155:2: this value of idx is never used (SA4006)
controllers/database/shardingdatabase_controller.go:173:6: should omit comparison to bool constant, can be simplified to isShardTopologyDeleteTrue (S1002)
controllers/database/shardingdatabase_controller.go:285:6: should omit comparison to bool constant, can be simplified to !OraShardSpex.IsDelete (S1002)
controllers/database/shardingdatabase_controller.go:305:7: should omit comparison to bool constant, can be simplified to !OraShardSpex.IsDelete (S1002)
controllers/database/shardingdatabase_controller.go:379:6: should omit comparison to bool constant, can be simplified to !OraShardSpex.IsDelete (S1002)
controllers/database/shardingdatabase_controller.go:463:9: should omit comparison to bool constant, can be simplified to oshInst.deltopology (S1002)
controllers/database/shardingdatabase_controller.go:501:72: should omit comparison to bool constant, can be simplified to !r.osh[idx].onsProviderFlag (S1002)
controllers/database/shardingdatabase_controller.go:545:4: error should be returned as the last argument (ST1008)
controllers/database/shardingdatabase_controller.go:567:10: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:606:2: this value of sfSetFound is never used (SA4006)
controllers/database/shardingdatabase_controller.go:607:2: this value of svcFound is never used (SA4006)
controllers/database/shardingdatabase_controller.go:877:11: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:881:11: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:885:11: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:987:9: empty branch (SA9003)
controllers/database/shardingdatabase_controller.go:990:5: should omit comparison to bool constant, can be simplified to updateFlag (S1002)
controllers/database/shardingdatabase_controller.go:1028:7: should omit comparison to bool constant, can be simplified to !availableFlag (S1002)
controllers/database/shardingdatabase_controller.go:1036:5: should omit comparison to bool constant, can be simplified to availableFlag (S1002)
controllers/database/shardingdatabase_controller.go:1047:2: this value of gsmSfSet is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1051:2: this value of podList is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1075:28: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:1101:7: should omit comparison to bool constant, can be simplified to !availlableFlag (S1002)
controllers/database/shardingdatabase_controller.go:1109:5: should omit comparison to bool constant, can be simplified to availlableFlag (S1002)
controllers/database/shardingdatabase_controller.go:1113:35: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:1121:2: this value of catalogSfSet is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1123:2: this value of podList is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1146:36: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:1166:2: this value of shardSfSet is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1208:2: this value of gsmPod is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1225:2: this value of shardSfSet is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1234:7: should omit comparison to bool constant, can be simplified to !OraShardSpex.IsDelete (S1002)
controllers/database/shardingdatabase_controller.go:1272:5: should omit comparison to bool constant, can be simplified to eventMsgFlag (S1002)
controllers/database/shardingdatabase_controller.go:1299:5: should omit comparison to bool constant, can be simplified to eventMsgFlag (S1002)
controllers/database/shardingdatabase_controller.go:1325:5: should omit comparison to bool constant, can be simplified to eventMsgFlag (S1002)
controllers/database/shardingdatabase_controller.go:1355:5: should omit comparison to bool constant, can be simplified to eventMsgFlag (S1002)
controllers/database/shardingdatabase_controller.go:1366:2: this value of shardSfSet is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1386:7: should omit comparison to bool constant, can be simplified to !OraShardSpex.IsDelete (S1002)
controllers/database/shardingdatabase_controller.go:1387:8: should omit comparison to bool constant, can be simplified to !setLifeCycleFlag (S1002)
controllers/database/shardingdatabase_controller.go:1428:6: should omit comparison to bool constant, can be simplified to deployFlag (S1002)
controllers/database/shardingdatabase_controller.go:1433:5: should omit comparison to bool constant, can be simplified to errStr (S1002)
controllers/database/shardingdatabase_controller.go:1435:10: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:1435:10: error strings should not end with punctuation or a newline (ST1005)
controllers/database/shardingdatabase_controller.go:1481:2: this value of shardSfSet is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1482:2: this value of shardPod is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1484:2: this value of gsmPod is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1495:7: should omit comparison to bool constant, can be simplified to OraShardSpex.IsDelete (S1002)
controllers/database/shardingdatabase_controller.go:1496:8: should omit comparison to bool constant, can be simplified to !setLifeCycleFlag (S1002)
controllers/database/shardingdatabase_controller.go:1597:2: this value of svcFound is never used (SA4006)
main.go:122:2: this value of i is never used (SA4006)
test/e2e/autonomousdatabase_controller_bind_test.go:64:8: const bindingHardLinkTestFileName is unused (U1000)
test/e2e/autonomousdatabase_controller_create_test.go:63:3: const changeStateTimeout is unused (U1000)
test/e2e/autonomousdatabase_controller_create_test.go:64:3: const changeStateInterval is unused (U1000)
test/e2e/behavior/shared_behaviors.go:48:2: should not use dot imports (ST1001)
test/e2e/behavior/shared_behaviors.go:49:2: should not use dot imports (ST1001)
test/e2e/util/oci_config_util.go:137:2: ineffective assignment to field configUtil.provider (SA4005)
test/e2e/util/oci_config_util.go:196:54: should omit nil check; len() for nil slices is defined as zero (S1009)
test/e2e/util/oci_vault_request.go:52:6: func waitForVaultStatePolicy is unused (U1000)
  • Add comment on v0.1.0 to v0.2.0 upgrade

    Add comment on v0.1.0 to v0.2.0 upgrade

    Please add at least one line comment in the Quick Install section of the README that "kubectl apply..." will also upgrade an existing v0.1.0 operator installation to v0.2.0.

    Thanks

  • Improve docs

    Improve docs

    [Copied from internal feedback] This readme step doesn’t work on windows: https://github.com/oracle/oracle-database-operator/blob/main/docs/adb/README.md

    Step 2: Provision an Autonomous Database kubectl create secret generic admin-password --from-literal=admin-password=‘password_here’ The quotes around the password are taken literally and are not allowed as a database password.

    My advice is to replace the quotes with <<password_here>>

  • Unable to deploy DB

    Unable to deploy DB

    Trying to deploy Single Instance DB, however got into issues with AdminPassword. Have created secrets file. Now creation is going on for a long time.

    It will be good if a working sample code is provided.

  • Sample SIDB YAML file changes

    Sample SIDB YAML file changes

    Secrets creation are removed from the sample YAML file and placed in singleinstancedatabase_secret.yaml and oraclerestdataservice_secret.yaml files.

    Signed-off-by: abhisbyk [email protected]

  • Doc changes

    Doc changes

    Addresses issues #29, and #24

    Added the Single Instance Database LiveLab info, and OraOperator version upgrade info. Signed-off-by: abhisbyk [email protected]

  • Error mapping existing PDB:

    Error mapping existing PDB: "ORDSError", "message": "Failed: Unauthorized"

    I'm trying to create CDB and PDB CRDs for an on-prem database.

    The CDB creation apparently was successful, but I keep getting error 401 when I try to map the PDB (I think that Map is the right action, but I've also tried Create with similar results).

    I think the controller manager is getting this error from ORDS, but I can't find what config I'm missing to cause this error.

    kubectl get cdbs -n oracle-database-operator-system

    NAME   CDB NAME   DB SERVER       DB PORT   SCAN NAME   REPLICAS   STATUS   MESSAGE
cdb1   cdb1       10.160.106.88   1521      cdb1        1          Ready

    kubectl get pdbs -n oracle-database-operator-system

    NAME   CONNECT STRING   CDB NAME   PDB NAME   PDB STATE   PDB SIZE   STATUS   MESSAGE
pdb1                    cdb1       pdb1       UNKNOWN                Failed   ORDS Error - HTTP Status Code:401

    kubectl logs -n oracle-database-operator-system -l control-plane=controller-manager -f

    2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	received request	{"webhook": "/mutate-database-oracle-com-v1alpha1-pdb", "UID": "ea47175b-c130-49c0-b130-19d8248d4bc9", "kind": "database.oracle.com/v1alpha1, Kind=PDB", "resource": {"group":"database.oracle.com","version":"v1alpha1","resource":"pdbs"}}
2022-12-13T15:23:58Z	INFO	pdb-webhook	Setting default values in PDB spec for : pdb1
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - reuseTempFile : true
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - unlimitedStorage : true
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - tdeImport : false
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - tdeExport : false
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - asClone : false
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - getScript : false
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	wrote response	{"webhook": "/mutate-database-oracle-com-v1alpha1-pdb", "code": 200, "reason": "", "UID": "ea47175b-c130-49c0-b130-19d8248d4bc9", "allowed": true}
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	received request	{"webhook": "/validate-database-oracle-com-v1alpha1-pdb", "UID": "747dc310-cb33-4f7f-84fd-8722200056e0", "kind": "database.oracle.com/v1alpha1, Kind=PDB", "resource": {"group":"database.oracle.com","version":"v1alpha1","resource":"pdbs"}}
2022-12-13T15:23:58Z	INFO	pdb-webhook	ValidateCreate-Validating PDB spec for : pdb1
2022-12-13T15:23:58Z	INFO	pdb-webhook	validateCommon	{"name": "pdb1"}
2022-12-13T15:23:58Z	INFO	pdb-webhook	Valdiating PDB Resource Action : MAP
2022-12-13T15:23:58Z	INFO	pdb-webhook	PDB Resource : pdb1 successfully validated for Action : MAP
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	wrote response	{"webhook": "/validate-database-oracle-com-v1alpha1-pdb", "code": 200, "reason": "", "UID": "747dc310-cb33-4f7f-84fd-8722200056e0", "allowed": true}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Reconcile requested	{"onpremdboperator": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Adding finalizer	{"managePDBDeletion": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	received request	{"webhook": "/mutate-database-oracle-com-v1alpha1-pdb", "UID": "72994449-d5c5-469a-ab44-5996cd13ea07", "kind": "database.oracle.com/v1alpha1, Kind=PDB", "resource": {"group":"database.oracle.com","version":"v1alpha1","resource":"pdbs"}}
2022-12-13T15:23:58Z	INFO	pdb-webhook	Setting default values in PDB spec for : pdb1
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	wrote response	{"webhook": "/mutate-database-oracle-com-v1alpha1-pdb", "code": 200, "reason": "", "UID": "72994449-d5c5-469a-ab44-5996cd13ea07", "allowed": true}
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	received request	{"webhook": "/validate-database-oracle-com-v1alpha1-pdb", "UID": "68eafb19-f11f-498c-adc3-72a6072fa2fc", "kind": "database.oracle.com/v1alpha1, Kind=PDB", "resource": {"group":"database.oracle.com","version":"v1alpha1","resource":"pdbs"}}
2022-12-13T15:23:58Z	INFO	pdb-webhook	ValidateUpdate-Validating PDB spec for : pdb1
2022-12-13T15:23:58Z	INFO	pdb-webhook	validateCommon	{"name": "pdb1"}
2022-12-13T15:23:58Z	INFO	pdb-webhook	Valdiating PDB Resource Action : MAP
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	wrote response	{"webhook": "/validate-database-oracle-com-v1alpha1-pdb", "code": 200, "reason": "", "UID": "68eafb19-f11f-498c-adc3-72a6072fa2fc", "allowed": true}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Found PDB: pdb1	{"checkDuplicatePDB": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Validating PDB phase for: pdb1	{"validatePhase": "oracle-database-operator-system/pdb1", "Action": "MAP"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Validation complete	{"validatePhase": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	PDB:	{"onpremdboperator": "oracle-database-operator-system/pdb1", "Name": "pdb1", "Phase": "Mapping", "Status": "false"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Found CR for CDB	{"getCDBResource": "oracle-database-operator-system/pdb1", "Name": "cdb1", "CR Name": "cdb1"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Issuing REST call	{"callAPI": "oracle-database-operator-system/pdb1", "URL": "http://cdb1-ords:8888/ords/_/db-api/latest/database/pdbs/pdb1/", "Action": "GET"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Found CR for CDB	{"getCDBResource": "oracle-database-operator-system/pdb1", "Name": "cdb1", "CR Name": "cdb1"}
2022-12-13T15:23:59Z	INFO	controllers.PDB	ORDS Error - HTTP Status Code :401	{"callAPI": "oracle-database-operator-system/pdb1", "Err": "\n{\n    \"code\": \"Unauthorized\",\n    \"message\": \"Unauthorized\",\n    \"type\": \"tag:oracle.com,2020:error/Unauthorized\",\n    \"instance\": \"tag:oracle.com,2020:ecid/nVFy_LEmkC2NpInSAjA6bw\"\n}"}
2022-12-13T15:23:59Z	INFO	controllers.PDB	Reconcile completed	{"onpremdboperator": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:59Z	DEBUG	events	Warning	{"object": {"kind":"PDB","namespace":"oracle-database-operator-system","name":"pdb1","uid":"a3ae6a10-f378-4b66-80d7-9b00569316a5","apiVersion":"database.oracle.com/v1alpha1","resourceVersion":"861439"}, "reason": "ORDSError", "message": "Failed: Unauthorized"}

    kubectl logs -n oracle-database-operator-system -l name=cdb1-ords -f

    db.username=ORDS_PUBLIC_USER
restEnabledSql.active=true
resource.templates.enabled=true
db.port=1521
feature.sdw=true
db.connectionType=basic

2022-12-13T14:28:04.620Z WARNING     *** jdbc.MaxLimit in configuration |apex|pu| is using a value of 10, this setting may not be sized adequately for a production environment ***
2022-12-13T14:28:04.620Z WARNING     *** jdbc.InitialLimit in configuration |apex|pu| is using a value of 3, this setting may not be sized adequately for a production environment ***
2022-12-13T14:28:05.604Z WARNING     :::got unchecked exception from user-defined connection labeling callback

    cdb-secret.yaml

    apiVersion: v1
kind: Secret
metadata:
  name: cdb1-secret
  namespace: oracle-database-operator-system
type: Opaque
data:
  ords_pwd: " T3JhY2xlXzEyMyEK"
  sysadmin_pwd: " T3JhY2xlXzEyMyEK"
  cdbadmin_user: "QyMjREJBUElfQ0RCX0FETUlOCg=="
  cdbadmin_pwd: " T3JhY2xlXzEyMyEK"
  webserver_user: "c3FsX2FkbWluCg=="
  webserver_pwd: " T3JhY2xlXzEyMyEK"

    pdb-secret.yaml

    apiVersion: v1
kind: Secret
metadata:
  name: pdb1-secret
  namespace: oracle-database-operator-system
type: Opaque
data:
  sysadmin_user: "cGRiYWRtaW4="
  sysadmin_pwd: " T3JhY2xlXzEyMyEK"

    cdb.yaml

    apiVersion: database.oracle.com/v1alpha1
kind: CDB
metadata:
  name: cdb1
  namespace: oracle-database-operator-system
spec:
  cdbName: "cdb1"
  scanName: "cdb1"
  dbServer: "10.160.106.88"
  dbPort: 1521
  replicas: 1
  ordsImage: "533693045312.dkr.ecr.us-west-2.amazonaws.com/oracle-database:21.4.3-ords"
  ordsImagePullPolicy: "Always"
  # Uncomment Below Secret Format for accessing ords image from private docker registry
  ordsImagePullSecret: "aws-ecr-cred"
  serviceName: "cdb1"
  sysAdminPwd:
    secret:
      secretName: "cdb1-secret"
      key: "sysadmin_pwd"
  ordsPwd:
    secret:
      secretName: "cdb1-secret"
      key: "ords_pwd"
  cdbAdminUser:
    secret:
      secretName: "cdb1-secret"
      key: "cdbadmin_user"
  cdbAdminPwd:
    secret:
      secretName: "cdb1-secret"
      key: "cdbadmin_pwd"
  webServerUser:
    secret:
      secretName: "cdb1-secret"
      key: "webserver_user"
  webServerPwd:
    secret:
      secretName: "cdb1-secret"
      key: "webserver_pwd"

    pdb.yaml

    apiVersion: database.oracle.com/v1alpha1
kind: PDB
metadata:
  name: pdb1
  namespace: oracle-database-operator-system
  labels:
    cdb: cdb1
spec:
  cdbResName: "cdb1"
  cdbName: "cdb1"
  pdbName: "pdb1"
  adminName:
    secret:
      secretName: "pdb1-secret"
      key: "sysadmin_user"
  adminPwd:
    secret:
      secretName: "pdb1-secret"
      key: "sysadmin_pwd"
  fileNameConversions: "NONE"
  totalSize: "1G"
  tempSize: "100M"
  action: "Map"
  • discussion: operators and operational ownership of created cloud components

    discussion: operators and operational ownership of created cloud components

    Hi,

    I do like the concept of abstracting operational complexity with operators and offering the Kubernetes API to provision and maintain cloud resources. Especially on databases though there might still be an operational component left.

    For this I would like to start a bit of a discussion and start by bringing in a suggestion:

    Usually there are DBA's taking care of operational aspects of Databases (also in the cloud), making sure they are monitoring and action is taken when they are faulty.

    This operational ownership shifts a bit with using an operator - technical a developer can deploy a database by defining the CR and applying it. The question is: should this person then also be responsible for operating the DB?

    An potential concept could be that DBA's are the ones maintaining the operator and encoding (config) compliance and operational requirements into the operator. Thus every DB created this way will adhere to the policies set by the DBA.

    DBA's could maintain general operational ownership and have generic monitoring created via the operator as well.

    What we would need for that:

    • the operator would need to support setting those requirements via config
    • the operator would need to bridge metrics/telemetry from the cloud resources into a common monitoring channel (like making it available via a metrics endpoint that then can be scraped via PodMonitor/ServiceMonitor)

    This is not fully thought through yet and is just meant as a basis for discussion.

  • arm support for the operator image

    arm support for the operator image

    with growing support of arm it would make sense to have the operator also be available as arm images in the registry

    currently it only supports linux/amd64

  • Kube Oracle Operator

    Kube Oracle Operator

    We need below feature enhancements on Oracle Operator Side.

    1. TCPS support.
    2. Operator DR support. (Currently it’s only supported single Kube cluster)
    3. OEM agent Sidcar rather than OEM Express. If OEM agent supported, We can add endpoint on our existing OEM setup .
    4. Standby DB (HA Support)
    5. Production Support ETA for Operator.
  • ORD Pod Crash looping

    ORD Pod Crash looping

    I tried to create a CDB using the cdb.yaml provided however its status is stuck as "ValidatingPods' and the Message is 'Waiting for ORDS Pod(s) to be ready'. The logs from the cdb-dev-ords pod are : `cp: cannot create regular file '/opt/oracle/ords/params/ords_params.properties': No such file or directory sed: can't read /opt/oracle/ords/params/ords_params.properties: No such file or directory sed: can't read /opt/oracle/ords/params/ords_params.properties: No such file or directory sed: can't read /opt/oracle/ords/params/ords_params.properties: No such file or directory sed: can't read /opt/oracle/ords/params/ords_params.properties: No such file or directory sed: can't read /opt/oracle/ords/params/ords_params.properties: No such file or directory Warning: Support for executing: java -jar ords.war has been deprecated. Please add ords to your PATH and use the ords command instead. Run the following command to add ords to your PATH:

    echo -e 'export PATH="$PATH:/opt/oracle/ords/bin"' >> ~/.bash_profile

    Start a new shell to pick up this change.

    ORDS: Release 22.2 Production on Thu Sep 08 19:43:10 2022

    Copyright (c) 2010, 2022, Oracle.

    Configuration: /home/oracle/

    Unknown command: ords install [simple]

    Use ords install --help to review the help for this command spawn java -jar /opt/oracle/ords/ords.war user sql_admin SQL Administrator Warning: Support for executing: java -jar ords.war has been deprecated. Please add ords to your PATH and use the ords command instead. Run the following command to add ords to your PATH:

    echo -e 'export PATH="$PATH:/opt/oracle/ords/bin"' >> ~/.bash_profile

    Start a new shell to pick up this change.

    ORDS: Release 22.2 Production on Thu Sep 08 19:43:12 2022

    Copyright (c) 2010, 2022, Oracle.

    `

  • Unable to delete oraclerestdataservice resource on AKS

    Unable to delete oraclerestdataservice resource on AKS

    Hi all, we are testing the operator with an Azure deployment and we are facing this issue.

    We deployed the sample singleinstancedatabase example with success

    NAME EDITION STATUS VERSION CONNECT STR OEM EXPRESS URL sidb-sample Enterprise Healthy 19.3.0.0.0 10.240.0.6:31515/ORCL1 https://10.240.0.6:30613/em but the oraclerestdataservice creation thrown this error

    2022-09-07T19:09:37Z    ERROR    controllers.OracleRestDataService    Internal error occurred: failed calling webhook "[moraclerestdataservice.kb.io](http://moraclerestdataservice.kb.io/)": failed to call webhook: Post "[https://oracle-database-operator-webhook-service.oracle-database-operator-system.svc:443/mutate-database-oracle-com-v1alpha1-oraclerestdataservice?timeout=10s](https://oracle-database-operator-webhook-service.oracle-database-operator-system.svc/mutate-database-oracle-com-v1alpha1-oraclerestdataservice?timeout=10s)": proxy error from [127.0.0.1:6443](http://127.0.0.1:6443/) while dialing [10.244.1.245:9443](http://10.244.1.245:9443/), code 500: 500 Internal Server Error    {"manageOracleRestDataServiceDeletion": "db-oracle/ords-sample", "error": "Internal error occurred: failed calling webhook \"[moraclerestdataservice.kb.io](http://moraclerestdataservice.kb.io/)\": failed to call webhook: Post \"[https://oracle-database-operator-webhook-service.oracle-database-operator-system.svc:443/mutate-database-oracle-com-v1alpha1-oraclerestdataservice?timeout=10s\](https://oracle-database-operator-webhook-service.oracle-database-operator-system.svc/mutate-database-oracle-com-v1alpha1-oraclerestdataservice?timeout=10s%5C)": proxy error from [127.0.0.1:6443](http://127.0.0.1:6443/) while dialing [10.244.1.245:9443](http://10.244.1.245:9443/), code 500: 500 Internal Server Error"}
[github.com/oracle/oracle-database-operator/controllers/database.(*OracleRestDataServiceReconciler).Reconcile](http://github.com/oracle/oracle-database-operator/controllers/database.%28*OracleRestDataServiceReconciler%29.Reconcile)
    /workspace/controllers/database/oraclerestdataservice_controller.go:151
[sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile](http://sigs.k8s.io/controller-runtime/pkg/internal/controller.%28*Controller%29.Reconcile)
    /go/pkg/mod/[sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:114](http://sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:114)
[sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler](http://sigs.k8s.io/controller-runtime/pkg/internal/controller.%28*Controller%29.reconcileHandler)
    /go/pkg/mod/[sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:311](http://sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:311)
[sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem](http://sigs.k8s.io/controller-runtime/pkg/internal/controller.%28*Controller%29.processNextWorkItem)
    /go/pkg/mod/[sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266](http://sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266)
[sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2](http://sigs.k8s.io/controller-runtime/pkg/internal/controller.%28*Controller%29.Start.func2.2)
    /go/pkg/mod/[sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227](http://sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227)

    and we are not able to delete it anymore. We tried to remove the finalizers, the CRDs, reinstall the operator without luck

    kubectl describe oraclerestdataservice ords-sample

Name:         ords-sample
Namespace:    db-oracle
Labels:       <none>
Annotations:  <none>
API Version:  database.oracle.com/v1alpha1
Kind:         OracleRestDataService
Metadata:
  Creation Timestamp:             2022-09-07T16:20:56Z
  Deletion Grace Period Seconds:  0
  Deletion Timestamp:             2022-09-07T17:39:48Z
  Finalizers:
    database.oracle.com/oraclerestdataservicefinalizer
  Generation:  2
  Managed Fields:
    API Version:  database.oracle.com/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:kubectl.kubernetes.io/last-applied-configuration:
      f:spec:
        .:
        f:adminPassword:
          .:
          f:secretKey:
          f:secretName:
        f:databaseRef:
        f:image:
          .:
          f:pullFrom:
          f:pullSecrets:
        f:ordsPassword:
          .:
          f:secretKey:
          f:secretName:
        f:restEnableSchemas:
    Manager:      kubectl-client-side-apply
    Operation:    Update
    Time:         2022-09-07T16:20:56Z
    API Version:  database.oracle.com/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:status:
        .:
        f:apexUrl:
        f:databaseActionsUrl:
        f:databaseApiUrl:
        f:databaseRef:
        f:image:
          .:
          f:pullFrom:
          f:pullSecrets:
        f:loadBalancer:
    Manager:      manager
    Operation:    Update
    Time:         2022-09-07T16:34:42Z
    API Version:  database.oracle.com/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:status:
        f:status:
    Manager:         manager
    Operation:       Update
    Subresource:     status
    Time:            2022-09-07T16:58:25Z
  Resource Version:  310396
  UID:               ea244096-0034-496c-8274-b7dc472ddb25
Spec:
  Admin Password:
    Keep Secret:  true
    Secret Key:   oracle_pwd
    Secret Name:  <secretName>
  Apex Password:
    Keep Secret:  true
    Secret Key:   oracle_pwd
    Secret Name:
  Database Ref:   sidb-sample
  Image:
    Pull From:     <imagePath>
    Pull Secrets:  azurecrkey
  Ords Password:
    Keep Secret:  true
    Secret Key:   oracle_pwd
    Secret Name:  ords-secret
  Persistence:
  Replicas:  1
  Rest Enable Schemas:
    Enable:       true
    Schema Name:  <schemaName>
Status:
  Apex URL:              Unavailable
  Database Actions URL:  Unavailable
  Database API URL:      Unavailable
  Database Ref:          sidb-sample
  Image:
    Pull From:     commerceimages.azurecr.io/oracle-db/ords:21.4.2-gh
    Pull Secrets:  azurecrkey
  Load Balancer:   false
  Status:          Error
Events:            <none>

    Any idea? We cannot proceed with any tests and we would really like to fully test this interesting option.

    Thanks

Related tags
DevOps Tools kubernetes operator kubernetes-operator oracle-database oracle-cloud-infrastucture autonomous-database
A Kubernetes Operator, that helps DevOps team accelerate their journey into the cloud and K8s.
 A Kubernetes Operator, that helps DevOps team accelerate their journey into the cloud and K8s.

A Kubernetes Operator, that helps DevOps team accelerate their journey into the cloud and K8s. OAM operator scaffolds all of the code required to create resources across various cloud provides, which includes both K8s and Non-K8s resources

Nov 30, 2021
El Carro is a new project that offers a way to run Oracle databases in Kubernetes as a portable, open source, community driven, no vendor lock-in container orchestration system. El Carro provides a powerful declarative API for comprehensive and consistent configuration and deployment as well as for real-time operations and monitoring.

El Carro: The Oracle Operator for Kubernetes Run Oracle on Kubernetes with El Carro El Carro is a new project that offers a way to run Oracle database

Jan 7, 2023
Basic Kubernetes operator that have multiple versions in CRD. This operator can be used to experiment and understand Operator/CRD behaviors.

add-operator Basic Kubernetes operator that have multiple versions in CRD. This operator can be used to experiment and understand Operator/CRD behavio

Dec 15, 2021
Litmus helps Kubernetes SREs and developers practice chaos engineering in a Kubernetes native way.
Litmus helps Kubernetes SREs and developers practice chaos engineering in a Kubernetes native way.

Litmus Cloud-Native Chaos Engineering Read this in other languages. ???? ???? ???? ???? Overview Litmus is a toolset to do cloud-native chaos engineer

Jan 1, 2023
Kubernetes operator for the Azure DevOps pipe-line agents

adoagent-operator Kubernetes operator for the Azure DevOps pipe-line agents init.sh #!/bin/bash # docker and github repo username export USERNAME='ba

Nov 11, 2021
Kubernetes operator for the Azure DevOps self-hosted pipe-line agent.

Kubernetes operator for the Azure DevOps self-hosted pipe-line agent. The operator adds an extra layer of configuration on top of the default images like: proxy settings, pool settings and auth keys.

Sep 1, 2022
An operator which complements grafana-operator for custom features which are not feasible to be merged into core operator

Grafana Complementary Operator A grafana which complements grafana-operator for custom features which are not feasible to be merged into core operator

Aug 16, 2022
Terraform-operator - The Terraform Operator provides support to run Terraform modules in Kubernetes in a declaritive way as a Kubernetes manifest

Terraform Operator The Terraform Operator provides support to run Terraform modu

Oct 19, 2022
Multi cluster kubernetes dashboard with batteries included. Build by developers, for developers.

kubetower Multi cluster kubernetes dashboard with batteries included. Built by developers, for developers. Features Restart deployments with one click

Nov 28, 2022
k6 is a modern load testing tool for developers and testers in the DevOps era.
 k6 is a modern load testing tool for developers and testers in the DevOps era.

k6 is a modern load testing tool, building on our years of experience in the load and performance testing industry. It provides a clean, approachable scripting API, local and cloud execution, and flexible configuration.

Jan 8, 2023
Fluxcdproj - The Ultimate Swiss Army knife for DevOps, Developers and Platform Engineers
 Fluxcdproj - The Ultimate Swiss Army knife for DevOps, Developers and Platform Engineers

Fluxcdproj - The Ultimate Swiss Army knife for DevOps, Developers and Platform Engineers

Feb 1, 2022
The GCP Enterprise Cloud Cost Optimiser, or gecco for short, helps teams optimise their cloud project costs.
 The GCP Enterprise Cloud Cost Optimiser, or gecco for short, helps teams optimise their cloud project costs.

gecco helps teams optimise their cloud resource costs. Locate abandoned, idle, and inefficiently configured resources quickly. gecco helps teams build

Jan 9, 2022
Kubegres is a Kubernetes operator allowing to create a cluster of PostgreSql instances and manage databases replication, failover and backup.

Kubegres is a Kubernetes operator allowing to deploy a cluster of PostgreSql pods with data replication enabled out-of-the box. It brings simplicity w

Dec 30, 2022
Modular Kubernetes operator to manage the lifecycle of databases

Ensemble Ensemble is a simple and modular Kubernetes Operator to manage the lifecycle of a wide range of databases. Infrastructure as code with Kubern

Aug 12, 2022
A k8s operator to reduce CO2 footprint of your clusters
 A k8s operator to reduce CO2 footprint of your clusters

How many of your dev/preview pods stay on during weekends? Or at night? It's a waste of resources! And money! But fear not, kube-green is here to the

Jan 3, 2023
Injective-price-oracle-ext - Injective's Oracle with dynamic price feeds (for External Integrations)

injective-price-oracle Injective's Oracle with dynamic price feeds. Allows anyon

Aug 29, 2022
Kubernetes Operator Samples using Go, the Operator SDK and OLM
 Kubernetes Operator Samples using Go, the Operator SDK and OLM

Kubernetes Operator Patterns and Best Practises This project contains Kubernetes operator samples that demonstrate best practices how to develop opera

Nov 24, 2022
Minecraft-operator - A Kubernetes operator for Minecraft Java Edition servers

Minecraft Operator A Kubernetes operator for dedicated servers of the video game

Dec 15, 2022
K8s-network-config-operator - Kubernetes network config operator to push network config to switches

Kubernetes Network operator Will add more to the readme later :D Operations The

May 16, 2022