WARNING: Examples with https are located in the use case directories
Detailed examples can be found here
- Usecase01 pdb crd and cdb pod are running in the same namesaoce
- Usecase02 unplug and plug operation examples
- Usecase03 multiple namespace example cdb pod ,pdb crd and pod operator are running in different namespaces
CDBs and PDBs are part of the Oracle Database Multitenant Architecture. The Multitenant Database Controller is a feature of Oracle DB Operator for Kubernetes (OraOperator), which helps to manage the lifecycle of Pluggable Databases (PDBs) in an Oracle Container Database (CDB).
The target CDB for which PDB lifecycle management is needed can be running on a machine on-premises. To manage the PDBs of that target CDB, you can run the Oracle DB Operator on a Kubernetes system on-premises (For Example: Oracle Linux Cloud Native Environment or OLCNE).
NOTE: The target CDB can also run in a Cloud environment, such as an OCI Oracle Base Database Service). To manage PDBs on the target CDB, the Oracle DB Operator can run on a Kubernetes Cluster running in the cloud, such as OCI's Container Engine for Kubernetes or OKE)
To deploy OraOperator, use this Oracle Database Operator for Kubernetes step-by-step procedure.
After the Oracle Database Operator is deployed, you can see the DB Operator Pods running in the Kubernetes Cluster. As part of the OraOperator deployment, the multitenant Database Controller is deployed. You can see the CRDs (Custom Resource Definition) for the CDB and PDBs in the list of CRDs. The following output is an example of such a deployment:
[root@test-server oracle-database-operator]# kubectl get ns
NAME STATUS AGE
cert-manager Active 32h
default Active 245d
kube-node-lease Active 245d
kube-public Active 245d
kube-system Active 245d
oracle-database-operator-system Active 24h <<<< namespace to deploy the Oracle Database Operator
[root@test-server oracle-database-operator]# kubectl get all -n oracle-database-operator-system
NAME READY STATUS RESTARTS AGE
pod/oracle-database-operator-controller-manager-665874bd57-dlhls 1/1 Running 0 28s
pod/oracle-database-operator-controller-manager-665874bd57-g2cgw 1/1 Running 0 28s
pod/oracle-database-operator-controller-manager-665874bd57-q42f8 1/1 Running 0 28s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/oracle-database-operator-controller-manager-metrics-service ClusterIP 10.96.130.124 <none> 8443/TCP 29s
service/oracle-database-operator-webhook-service ClusterIP 10.96.4.104 <none> 443/TCP 29s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/oracle-database-operator-controller-manager 3/3 3 3 29s
NAME DESIRED CURRENT READY AGE
replicaset.apps/oracle-database-operator-controller-manager-665874bd57 3 3 3 29s
[root@docker-test-server oracle-database-operator]#
[root@test-server oracle-database-operator]# kubectl get crd
NAME CREATED AT
autonomouscontainerdatabases.database.oracle.com 2022-06-22T01:21:36Z
autonomousdatabasebackups.database.oracle.com 2022-06-22T01:21:36Z
autonomousdatabaserestores.database.oracle.com 2022-06-22T01:21:37Z
autonomousdatabases.database.oracle.com 2022-06-22T01:21:37Z
cdbs.database.oracle.com 2022-06-22T01:21:37Z <<<<
certificaterequests.cert-manager.io 2022-06-21T17:03:46Z
certificates.cert-manager.io 2022-06-21T17:03:47Z
challenges.acme.cert-manager.io 2022-06-21T17:03:47Z
clusterissuers.cert-manager.io 2022-06-21T17:03:48Z
dbcssystems.database.oracle.com 2022-06-22T01:21:38Z
issuers.cert-manager.io 2022-06-21T17:03:49Z
oraclerestdataservices.database.oracle.com 2022-06-22T01:21:38Z
orders.acme.cert-manager.io 2022-06-21T17:03:49Z
pdbs.database.oracle.com 2022-06-22T01:21:39Z <<<<
shardingdatabases.database.oracle.com 2022-06-22T01:21:39Z
singleinstancedatabases.database.oracle.com 2022-06-22T01:21:40ZThe following sections explain the setup and functionality of this controller.
CAUTION : You must complete the following steps before managing the lifecycle of a PDB in a CDB using the Oracle DB Operator Multitenant Database Controller.
- Prepare CDB for PDB Lifecycle Management or PDB-LM
- Oracle REST Data Service or ORDS Image
- Kubernetes Secrets
- Kubernetes CRD for CDB
- Kubernetes CRD for PDB
Pluggable Database (PDB) management operations are performed in the Container Database (CDB). These operations include create, clone, plug, unplug, delete, modify and map operations.
You cannot have an ORDS-enabled schema in the container database. To perform the PDB lifecycle management operations, you must first use the following steps to define the default CDB administrator credentials on target CDBs:
Create the CDB administrator user, and grant the required privileges. In this example, the user is C##DBAPI_CDB_ADMIN. However, any suitable common user name can be used.
SQL> conn /as sysdba
-- Create following users at the database level:
ALTER SESSION SET "_oracle_script"=true;
DROP USER C##DBAPI_CDB_ADMIN cascade;
CREATE USER C##DBAPI_CDB_ADMIN IDENTIFIED BY <Password> CONTAINER=ALL ACCOUNT UNLOCK;
GRANT SYSOPER TO C##DBAPI_CDB_ADMIN CONTAINER = ALL;
GRANT SYSDBA TO C##DBAPI_CDB_ADMIN CONTAINER = ALL;
GRANT CREATE SESSION TO C##DBAPI_CDB_ADMIN CONTAINER = ALL;
-- Verify the account status of the following usernames. They should not be in locked status:
col username for a30
col account_status for a30
select username, account_status from dba_users where username in ('ORDS_PUBLIC_USER','C##DBAPI_CDB_ADMIN','APEX_PUBLIC_USER','APEX_REST_PUBLIC_USER');Reference Setup: Example of a setup using OCI OKE(Kubernetes Cluster) and a CDB in Cloud (OCI Exadata Database Cluster)
See this provisioning example setup for steps to configure a Kubernetes Cluster and a CDB. This example uses an OCI OKE Cluster as the Kubernetes Cluster and a CDB in OCI Exadata Database service.
-
Oracle DB Operator Multitenant Database controller requires that the Oracle REST Data Services (ORDS) image for PDB Lifecycle Management is present in the target CDB.
You can build this image by using the ORDS Dockerfile
For the steps to build the ORDS Docker image, see ORDS_image
-
Oracle DB Operator Multitenant Database Controller uses Kubernetes Secrets to store usernames and passwords that you must have to manage the lifecycle operations of a PDB in the target CDB. In addition, to use https protocol, all certificates need to be stored using Kubernetes Secret.
Note In multi namespace enviroment you have to create specific secrets for each namespaces
Create a secret file as shown here: config/samples/multitenant/cdb_secret.yaml. Modify this file with the base64 encoded values of the required passwords for CDB, and use this file to create the required secrets.
kubectl apply -f cdb_secret.yamlNote: To obtain the base64 encoded value for a password, use the following command:
echo -n "<password to be encoded using base64>" | base64The value that is returned is the base64-encoded value for that password string.
Note: After successful creation of the CDB Resource, the CDB secrets are deleted from the Kubernetes system .
Create a secret file as shown here: config/samples/multitenant/pdb_secret.yaml. Modify this file with the base64 encoded values of the required passwords for PDB and use it to create the required secrets.
kubectl apply -f pdb_secret.yamlNOTE: To encode the password using base64, see the command example in the preceding Secrets for CDB CRD section.
NOTE: Don't leave plaintext files containing sensitive data on disk. After loading the Secret, remove the plaintext file or move it to secure storage.
Create the certificates and key on your local host, and use them to create the Kubernetes secret.
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -subj "/C=US/ST=California/L=SanFrancisco/O=oracle /CN=cdb-dev-ords /CN=localhost Root CA " -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout tls.key -subj "/C=US/ST=California/L=SanFrancisco/O=oracle /CN=cdb-dev-ords /CN=localhost" -out server.csr
echo "subjectAltName=DNS:cdb-dev-ords,DNS:www.example.com" > extfile.txt
openssl x509 -req -extfile extfile.txt -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out tls.crtkubectl create secret tls db-tls --key="tls.key" --cert="tls.crt" -n oracle-database-operator-system
kubectl create secret generic db-ca --from-file=ca.crt -n oracle-database-operator-system
**Note:** On successful creation of the certificates secret creation remove files or move to secure storage .
The Oracle Database Operator Multitenant Controller creates the CDB kind as a custom resource that models a target CDB as a native Kubernetes object. This kind is used only to create Pods to connect to the target CDB to perform PDB-LM operations. These CDB resources can be scaled, based on the expected load, using replicas. Each CDB resource follows the CDB CRD as defined here: config/crd/bases/database.oracle.com_cdbs.yaml
To create a CDB CRD, see this example .yaml file: config/samples/multitenant/cdb.yaml
Note: The password and username fields in this cdb.yaml Yaml are the Kubernetes Secrets created earlier in this procedure. For more information, see the section Kubernetes Secrets. To understand more about creating secrets for pulling images from a Docker private registry, see Kubernetes Private Registry Documenation.
The Oracle Database Operator Multitenant Controller creates the PDB kind as a custom resource that models a PDB as a native Kubernetes object. There is a one-to-one mapping between the actual PDB and the Kubernetes PDB Custom Resource. You cannot have more than one Kubernetes resource for a target PDB. This PDB resource can be used to perform PDB-LM operations by specifying the action attribute in the PDB Specs. Each PDB resource follows the PDB CRD as defined here: config/crd/bases/database.oracle.com_pdbs.yaml
To create a PDB CRD Resource, a sample .yaml file is available here: config/samples/multitenant/pdb_create.yaml
Using the Oracle DB Operator Multitenant Controller, you can perform the following PDB-LM operations: CREATE, CLONE, MODIFY, DELETE, UNPLUG, PLUG.
To see how to look for any validation errors, see validation_error.
To find out about known issue related to Oracle DB Operator Multitenant Controller, see known_issues.