You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You can enable TCPS connections in the database by setting the `enableTCPS` field to `true`in the [config/samples/sidb/singleinstancedatabase.yaml](../../config/samples/sidb/singleinstancedatabase.yaml) file, and applying it using `kubectl apply` command.
Once TCPS connections are enabled, the database connect string will change accordingly. The TCPS connections status can also be queried by the following command:
525
+
```bash
526
+
kubectl get singleinstancedatabase sidb-sample -o "jsonpath={.status.isTcpsEnabled}"
527
+
true
528
+
```
529
+
530
+
The following steps are required to connect the Database using TCPS:
531
+
- You need to download the wallet from the Persistent Volume(PV) attached with the database pod. You can use the following command to get the list of pod:
532
+
```bash
533
+
kubectl get po
534
+
NAME READY STATUS RESTARTS AGE
535
+
sidb-sample-gaqoe 1/1 Running 0 3d14h
536
+
```
537
+
- The location of the wallet inside the pod is as `/opt/oracle/oradata/clientWallet/$ORACLE_SID`. **Let us assume the `ORACLE_SID` is `ORCL1`for the upcoming example commands**. The sample command to download the wallet is as follows:
- This wallet includes the sample `tnsnames.ora` and `sqlnet.ora` files. All the TNS entries forthe database (corresponding to the CDB and PDB) residesin`tnsnames.ora` file. You need to go inside the downloaded wallet directory and set the `TNS_ADMIN` environment variable to point to the current directory as follows:
542
+
```bash
543
+
# After going inside the downloaded wallet directory
544
+
export TNS_ADMIN=$(pwd)
545
+
```
546
+
After this, you can connect using SQL\*Plus using the following sample commands:
547
+
```bash
548
+
sqlplus sys@ORCL1 as sysdba
549
+
550
+
sqlplus system@ORCL1
551
+
```
552
+
**NOTE:**
553
+
- Only database server authentication is supported (no mTLS).
554
+
- When TCPS is enabled, a self-signed certificate is generated and stored inside the wallets. For users' convenience, a client-side wallet is generated and stored at `/opt/oracle/oradata/clientWallet/$ORACLE_SID` location.
555
+
- The self-signed certificate used with TCPS has validity for 3 years. After the certificate is expired, it will be renewed by the `OraOperator` automatically. You need to download the wallet again after the auto-renewal.
556
+
557
+
### Specifying Custom Ports
558
+
As mentioned in the section [Setup Database with LoadBalancer](#setup-database-with-loadbalancer), there are two kubernetes services possible for the database: NodePort and LoadBalancer. You can specify which port to use with these services by editing the `servicePort` field of the [config/samples/sidb/singleinstancedatabase.yaml](../../config/samples/sidb/singleinstancedatabase.yaml) file.
559
+
560
+
If the `LoadBalancer` is enabled, the `servicePort` will be the opened load balancer port for database connections.
561
+
562
+
In case of `NodePort` service, the `servicePort` will be the opened port on the Kubernetes nodes for database connections. In this case, the allowed range for the `servicePort` is 30000-32767.
563
+
564
+
507
565
## OracleRestDataService Resource
508
566
509
567
The Oracle Database Operator creates the `OracleRestDataService` as a custom resource. We will refer `OracleRestDataService` as ORDS from now onwards. Creating ORDS as a custom resource enables the RESTful API access to the Oracle Database in K8s and enables it to be managed as a native Kubernetes object.
0 commit comments