Merge pull request #98 from psaini79/devop

Added support for v1.1.0

Author: psaini79

.gitlab-ci.yml

@@ -3,7 +3,18 @@
 #
 
 # Build the manager binary
-FROM golang:1.19 as builder
+ARG BUILDER_IMG
+FROM ${BUILDER_IMG} as builder
+
+# Download golang if BUILD_INTERNAL is set to true
+ARG INSTALL_GO
+ARG GOLANG_VERSION
+RUN if [ "$INSTALL_GO" = "true" ]; then \
+        curl -LJO https://go.dev/dl/go${GOLANG_VERSION}.linux-amd64.tar.gz &&\
+        rm -rf /usr/local/go && tar -C /usr/local -xzf go${GOLANG_VERSION}.linux-amd64.tar.gz &&\
+        rm go${GOLANG_VERSION}.linux-amd64.tar.gz; \
+    fi
+ENV PATH=${GOLANG_VERSION:+"${PATH}:/usr/local/go/bin"}
 
 WORKDIR /workspace
 # Copy the Go Modules manifests

Dockerfile

@@ -71,12 +71,23 @@ build: generate fmt vet ## Build manager binary.
 run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./main.go
 
-docker-build: manifests generate fmt vet #test ## Build docker image with the manager. Disable the test but keep the validations to fail fast
-	docker build --no-cache=true --build-arg http_proxy=${HTTP_PROXY} --build-arg https_proxy=${HTTPS_PROXY} \
-	             --build-arg CI_COMMIT_SHA=${CI_COMMIT_SHA} --build-arg CI_COMMIT_BRANCH=${CI_COMMIT_BRANCH}  . -t ${IMG}
+GOLANG_VERSION ?= 1.21.7
+## Download golang in the Dockerfile if BUILD_INTERNAL is set to true.
+## Otherwise, use golang image from docker hub as the builder.
+ifeq ($(BUILD_INTERNAL), true)
+BUILDER_IMG = oraclelinux:8
+BUILD_ARGS = --build-arg BUILDER_IMG=$(BUILDER_IMG) --build-arg GOLANG_VERSION=$(GOLANG_VERSION) --build-arg INSTALL_GO=true
+else
+BUILDER_IMG = golang:$(GOLANG_VERSION)
+BUILD_ARGS = --build-arg BUILDER_IMG=$(BUILDER_IMG) --build-arg INSTALL_GO=false
+endif
+docker-build: #manifests generate fmt vet #test ## Build docker image with the manager. Disable the test but keep the validations to fail fast
+	docker build --no-cache=true --build-arg http_proxy=$(HTTP_PROXY) --build-arg https_proxy=$(HTTPS_PROXY) \
+	             --build-arg CI_COMMIT_SHA=$(CI_COMMIT_SHA) --build-arg CI_COMMIT_BRANCH=$(CI_COMMIT_BRANCH) \
+	             $(BUILD_ARGS) . -t $(IMG)
 
 docker-push: ## Push docker image with the manager.
-	docker push ${IMG}
+	docker push $(IMG)
 
 ##@ Deployment
 
@@ -87,17 +98,17 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified
 	$(KUSTOMIZE) build config/crd | kubectl delete -f -
 
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
 	$(KUSTOMIZE) build config/default | kubectl apply -f -
 
 # Bug:34265574
 # Used sed to reposition the controller-manager Deployment after the certificate creation in the OPERATOR_YAML  
 operator-yaml: manifests kustomize
-	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default > "${OPERATOR_YAML}"
-	sed -i.bak -e '/^apiVersion: apps\/v1/,/---/d' "${OPERATOR_YAML}"
-	(echo --- && sed '/^apiVersion: apps\/v1/,/---/!d' "${OPERATOR_YAML}.bak")  >>  "${OPERATOR_YAML}"
-	rm "${OPERATOR_YAML}.bak"
+	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
+	$(KUSTOMIZE) build config/default > "$(OPERATOR_YAML)"
+	sed -i.bak -e '/^apiVersion: apps\/v1/,/---/d' "$(OPERATOR_YAML)"
+	(echo --- && sed '/^apiVersion: apps\/v1/,/---/!d' "$(OPERATOR_YAML).bak")  >>  "$(OPERATOR_YAML)"
+	rm "$(OPERATOR_YAML).bak"
 
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/default | kubectl delete -f -

Makefile

@@ -136,4 +136,17 @@ resources:
     defaulting: true
     validation: true
     webhookVersion: v1beta1
+- api:
+    crdVersion: v1beta1
+    namespaced: true
+  controller: true
+  domain: oracle.com
+  group: observability
+  kind: DatabaseObserver
+  path: github.com/oracle/oracle-database-operator/apis/observability/v1alpha1
+  version: v1alpha1
+  webhooks:
+    defaulting: true
+    validation: true
+    webhookVersion: v1beta1
 version: "3"

PROJECT

@@ -4,31 +4,48 @@
 
 As part of Oracle's resolution to make Oracle Database Kubernetes native (that is, observable and operable by Kubernetes), Oracle released _Oracle Database Operator for Kubernetes_ (`OraOperator` or the operator). OraOperator extends the Kubernetes API with custom resources and controllers for automating Oracle Database lifecycle management.
 
-In this v1.0.0 production release, `OraOperator` supports the following database configurations and infrastructure:
+In this v1.1.0 production release, `OraOperator` supports the following database configurations and infrastructure:
 
 * Oracle Autonomous Database:
   * Oracle Autonomous Database shared Oracle Cloud Infrastructure (OCI) (ADB-S)
   * Oracle Autonomous Database on dedicated Cloud infrastructure (ADB-D)
-  * Oracle Autonomous Container Database (ACD) (infrastructure) the infrastructure for provisionning Autonomous Databases.
+  * Oracle Autonomous Container Database (ACD) (infrastructure) the infrastructure for provisioning Autonomous Databases.
 * Containerized Single Instance databases (SIDB) deployed in the Oracle Kubernetes Engine (OKE) and any k8s where OraOperator is deployed
 * Containerized Sharded databases (SHARDED) deployed in OKE and any k8s where OraOperator is deployed
 * Oracle Multitenant Databases (CDB/PDBs)
 * Oracle Base Database Cloud Service (BDBCS)
 * Oracle Data Guard (Preview status)
+* Oracle Database Observability  (Preview status)
 
 Oracle will continue to extend `OraOperator` to support additional Oracle Database configurations.
 
+## New in V1.1.0 Release
+* Namespace scope deployment option
+* Support for Oracle Database 23ai Free (with SIDB)
+* Automatic Storage Expansion for SIDB and Sharded DB
+* User-Defined Sharding
+* TCPS support customer provided certs
+* Execute custom scripts during DB setup/startup
+* Patching for SIDB Primary/Standby in Data Guard
+* Long-term backup for Autonomous Databases (ADB): Moves to long-term backup and removes the deprecated mandatory backup
+* Wallet expiry date for ADB: A user-freindly enhancement to display wallet expiry date in the status of assiciated ADB
+* Wait-for-Completion option for ADB: Supports `kubectl wait` command that allows user to wait a specific condition on ADB
+* OKE workload Identify: Supports OKE workload indentity authentication method. For more details, refer to [Oracle Autonomous Database (ADB) Prerequisites](docs/adb/ADB_PREREQUISITES.md#authorized-with-oke-workload-identity)
+* Database Observability (Preview - Metrics)
+
 ## Features Summary
 
 This release of Oracle Database Operator for Kubernetes (the operator) supports the following lifecycle operations:
 
-* ADB-S/ADB-D: Provision, Bind, Start, Stop, terminate (soft/hard), scale (up/down), Manual Backup, Manual Restore
+* ADB-S/ADB-D: Provision, bind, start, stop, terminate (soft/hard), scale (up/down), long-term backup, manual restore
 * ACD: provision, bind, restart, terminate (soft/hard)
 * SIDB: Provision, clone, patch (in-place/out-of-place), update database initialization parameters, update database configuration (Flashback, archiving), Oracle Enterprise Manager (EM) Express (a basic observability console), Oracle REST Data Service (ORDS) to support REST based SQL, PDB management, SQL Developer Web, and Application Express (Apex)
 * SHARDED: Provision/deploy sharded databases and the shard topology, Add a new shard, Delete an existing shard
 * Oracle Multitenant Database: Bind to a CDB, Create a  PDB, Plug a  PDB, Unplug a PDB, Delete a PDB, Clone a PDB, Open/Close a PDB
 * Oracle Base Database Cloud Service (BDBCS): provision, bind, scale shape Up/Down, Scale Storage Up, Terminate and Update License
 * Oracle Data Guard: Provision a Standby for the SIDB resource, Create a Data Guard Configuration, Perform a Switchover, Patch Primary and Standby databases in Data Guard Configuration
+* Oracle Database Observability: create, patch, delete databaseObserver resources
+* Watch over a set of namespaces or all the namespaces in the cluster using the "WATCH_NAMESPACE" env variable of the operator deployment
 
 The upcoming releases will support new configurations, operations and capabilities.
 
@@ -55,19 +72,70 @@ Oracle strongly recommends that you ensure your system meets the following [Prer
   Install the certificate manager with the following command:
 
   ```sh
-  kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yaml
+  kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml
   ```
 
-## Quick Install of the Operator
+* ### Create Role Bindings for Access Management
+
+  OraOperator supports the following two modes of deployment:
+  ##### 1. Cluster Scoped Deployment
+
+    This is the default mode, in which OraOperator is deployed to operate in a cluster, and to monitor all the namespaces in the cluster.
+
+  - Grant the `serviceaccount:oracle-database-operator-system:default` cluster wide access for the resources by applying [cluster-role-binding.yaml](./rbac/cluster-role-binding.yaml)
+      
+    ```sh
+      kubectl apply -f rbac/cluster-role-binding.yaml
+    ```
+
+  - Next, apply the [oracle-database-operator.yaml](./oracle-database-operator.yaml) to deploy the Operator
+
+    ```sh
+      kubectl apply -f oracle-database-operator.yaml
+    ```
+
+  ##### 2. Namespace Scoped Deployment
 
-  To install the operator in the cluster quickly, you can use a single [oracle-database-operator.yaml](https://github.com/oracle/oracle-database-operator/blob/main/oracle-database-operator.yaml) file. 
+   In this mode, OraOperator can be deployed to operate in a namespace, and to monitor one or many namespaces.
 
-  Run the following command
+  - Grant `serviceaccount:oracle-database-operator-system:default` service account with resource access in the required namespaces. For example, to monitor only the default namespace, apply the [default-ns-role-binding.yaml](./rbac/default-ns-role-binding.yaml)
+
+    ```sh
+      kubectl apply -f rbac/default-ns-role-binding.yaml
+    ```
+    To watch additional namespaces, create different role binding files for each namespace, using [default-ns-role-binding.yaml](./rbac/default-ns-role-binding.yaml) as a template, and changing the `metadata.name` and `metadata.namespace` fields
+
+  - Next, edit the [oracle-database-operator.yaml](./oracle-database-operator.yaml) to add the required namespaces under `WATCH_NAMESPACE`. Use comma-delimited values for multiple namespaces.
+
+    ```sh
+    - name: WATCH_NAMESPACE
+      value: "default"
+    ```
+  - Finally, apply the edited [oracle-database-operator.yaml](./oracle-database-operator.yaml) to deploy the Operator
+
+    ```sh
+      kubectl apply -f oracle-database-operator.yaml
+    ```
+
+  
+* ### ClusterRole and ClusterRoleBinding for NodePort services
+
+  To expose services on each node's IP and port (the NodePort) apply the [node-rbac.yaml](./rbac/node-rbac.yaml). Note that this step is not required for LoadBalancer services.
 
   ```sh
-  kubectl apply -f https://raw.githubusercontent.com/oracle/oracle-database-operator/main/oracle-database-operator.yaml
+    kubectl apply -f rbac/node-rbac.yaml
   ```
 
+## Install Oracle DB Operator
+
+   After you have completed the preceding prerequisite changes, you can install the operator. To install the operator in the cluster quickly, you can apply the modified `oracle-database-operator.yaml` file from the preceding step.
+
+   Run the following command
+
+   ```sh
+   kubectl apply -f oracle-database-operator.yaml
+   ```
+
   Ensure that the operator pods are up and running. For high availability, Operator pod replicas are set to a default of 3. You can scale this setting up or down.
 
   ```sh
@@ -86,9 +154,9 @@ You should see that the operator is up and running, along with the shipped contr
 
 For more details, see [Oracle Database Operator Installation Instructions](./docs/installation/OPERATOR_INSTALLATION_README.md).
 
-## Getting Started
+## Getting Started with the Operator (Quickstart)
 
-The quickstarts are designed for specific database configurations:
+The following quickstarts are designed for specific database configurations:
 
 * [Oracle Autonomous Database](./docs/adb/README.md)
 * [Oracle Autonomous Container Database](./docs/adb/ACD.md)
@@ -97,13 +165,17 @@ The quickstarts are designed for specific database configurations:
 * [Oracle Multitenant Database](./docs/multitenant/README.md)
 * [Oracle Base Database Cloud Service (BDBCS)](./docs/dbcs/README.md)
 
+
+The following quickstart is designed for non-database configurations:
+* [Oracle Database Observability](./docs/observability/README.md)
+
 YAML file templates are available under [`/config/samples`](./config/samples/). You can copy and edit these template files to configure them for your use cases.
 
 ## Uninstall the Operator
 
   To uninstall the operator, the final step consists of deciding whether you want to delete the custom resource definitions (CRDs) and Kubernetes APIServices introduced into the cluster by the operator. Choose one of the following options:
 
-* ### Deleting the CRDs and APIServices
+* ### Delete the CRDs and APIServices
 
   To delete all the CRD instances deployed to cluster by the operator, run the following commands, where <namespace> is the namespace of the cluster object:
 
@@ -119,8 +191,17 @@ YAML file templates are available under [`/config/samples`](./config/samples/).
   kubectl delete cdb.database.oracle.com --all -n <namespace>
   kubectl delete pdb.database.oracle.com --all -n <namespace>
   kubectl delete dataguardbrokers.database.oracle.com --all -n <namespace>
+  kubectl delete databaseobserver.observability.oracle.com --all -n <namespace>
+  ```
+
+* ### Delete the RBACs
+
+  ```sh
+  cat rbac/* | kubectl delete -f -
   ```
 
+* ### Delete the Deployment
+
   After all CRD instances are deleted, it is safe to remove the CRDs, APIServices and operator deployment. To remove these files, use the following command:
 
   ```sh
@@ -129,7 +210,7 @@ YAML file templates are available under [`/config/samples`](./config/samples/).
 
   Note: If the CRD instances are not deleted, and the operator is deleted by using the preceding command, then operator deployment and instance objects (pods, services, PVCs, and so on) are deleted. However, if that happens, then the CRD deletion stops responding. This is because the CRD instances have properties that prevent their deletion, and that can only be removed by the operator pod, which is deleted when the APIServices are deleted.
 
-## Docs of the supported Oracle Database configurations
+## Documentation for the supported Oracle Database configurations
 
 * [Oracle Autonomous Database](https://docs.oracle.com/en-us/iaas/Content/Database/Concepts/adboverview.htm)
 * [Components of Dedicated Autonomous Database](https://docs.oracle.com/en-us/iaas/autonomous-database/doc/components.html)
@@ -143,7 +224,7 @@ See [Contributing to this Repository](./CONTRIBUTING.md)
 
 ## Support
 
-You can submit a GitHub issue, and/or you file an [Oracle Support service](https://support.oracle.com/portal/) request, using this product ID: 14430.
+You can submit a GitHub issue, oir submit an issue and then file an [Oracle Support service](https://support.oracle.com/portal/) request. To file an issue or a service request, use the following product ID: 14430.
 
 ## Security
 
@@ -168,5 +249,5 @@ See [Reporting security vulnerabilities](./SECURITY.md)
 
 ## License
 
-Copyright (c) 2022, 2023 Oracle and/or its affiliates.
+Copyright (c) 2022, 2024 Oracle and/or its affiliates.
 Released under the Universal Permissive License v1.0 as shown at [https://oss.oracle.com/licenses/upl/](https://oss.oracle.com/licenses/upl/)

README.md

@@ -21,7 +21,7 @@ security features are welcome on GitHub Issues.
 
 Security updates will be released on a regular cadence. Many of our projects
 will typically release security fixes in conjunction with the
-Oracle Critical Patch Update program. Additional
+[Oracle Critical Patch Update][3] program. Additional
 information, including past advisories, is available on our [security alerts][4]
 page.