Merge branch 'AbhiK_tcps_bugfix3' into 'master'

Set min tcpsCertRenewInterval to 5m and some readme changes

See merge request rac-docker-dev/oracle-database-operator!225

Author: yunus-qureshi

apis/database/v1alpha1/singleinstancedatabase_webhook.go

@@ -271,11 +271,11 @@ func (r *SingleInstanceDatabase) ValidateCreate() error {
 					"Please provide valid string to parse the tcpsCertRenewInterval."))
 		}
 		maxLimit, _ := time.ParseDuration("26280h")
-		minLimit, _ := time.ParseDuration("1m")
+		minLimit, _ := time.ParseDuration("5m")
 		if duration > maxLimit || duration < minLimit {
 			allErrs = append(allErrs,
 				field.Invalid(field.NewPath("spec").Child("tcpsCertRenewInterval"), r.Spec.TcpsCertRenewInterval,
-					"Please specify tcpsCertRenewInterval in the range: 1m to 26280h"))
+					"Please specify tcpsCertRenewInterval in the range: 5m to 26280h"))
 		}
 	}
 	if len(allErrs) == 0 {

config/crd/bases/database.oracle.com_cdbs.yaml

@@ -65,6 +65,8 @@ spec:
           spec:
             description: CDBSpec defines the desired state of CDB
             properties:
+              TestVariable:
+                type: string
               cdbAdminPwd:
                 description: Password for the CDB Administrator to manage PDB lifecycle
                 properties:
@@ -103,6 +105,38 @@ spec:
               cdbName:
                 description: Name of the CDB
                 type: string
+              cdbTlsCrt:
+                properties:
+                  secret:
+                    description: CDBSecret defines the secretName
+                    properties:
+                      key:
+                        type: string
+                      secretName:
+                        type: string
+                    required:
+                    - key
+                    - secretName
+                    type: object
+                required:
+                - secret
+                type: object
+              cdbTlsKey:
+                properties:
+                  secret:
+                    description: CDBSecret defines the secretName
+                    properties:
+                      key:
+                        type: string
+                      secretName:
+                        type: string
+                    required:
+                    - key
+                    - secretName
+                    type: object
+                required:
+                - secret
+                type: object
               dbPort:
                 description: DB server port
                 type: integer

config/crd/bases/database.oracle.com_pdbs.yaml

@@ -19,7 +19,7 @@ spec:
   - additionalPrinterColumns:
     - description: The connect string to be used
       jsonPath: .status.connString
-      name: Connect String
+      name: Connect_String
       type: string
     - description: Name of the CDB
       jsonPath: .spec.cdbName
@@ -166,6 +166,54 @@ spec:
                 - OPEN
                 - CLOSE
                 type: string
+              pdbTlsCat:
+                properties:
+                  secret:
+                    description: PDBSecret defines the secretName
+                    properties:
+                      key:
+                        type: string
+                      secretName:
+                        type: string
+                    required:
+                    - key
+                    - secretName
+                    type: object
+                required:
+                - secret
+                type: object
+              pdbTlsCrt:
+                properties:
+                  secret:
+                    description: PDBSecret defines the secretName
+                    properties:
+                      key:
+                        type: string
+                      secretName:
+                        type: string
+                    required:
+                    - key
+                    - secretName
+                    type: object
+                required:
+                - secret
+                type: object
+              pdbTlsKey:
+                properties:
+                  secret:
+                    description: PDBSecret defines the secretName
+                    properties:
+                      key:
+                        type: string
+                      secretName:
+                        type: string
+                    required:
+                    - key
+                    - secretName
+                    type: object
+                required:
+                - secret
+                type: object
               reuseTempFile:
                 description: Whether to reuse temp file
                 type: boolean

config/samples/sidb/singleinstancedatabase.yaml

@@ -49,7 +49,7 @@ spec:
 
   ## TCPS Certificate Renewal Interval: The time after which TCPS certificate will be renewed if TCPS connections are enabled.
   ## tcpsCertRenewInterval can be in hours(h), minutes(m) and seconds(s); e.g. 17520h, 8760h etc.
-  ## Maximum value is 26280h (3 years), Minimum value is 1m; Default value is 17520h (2 years)
+  ## Maximum value is 26280h (3 years), Minimum value is 5m; Default value is 17520h (2 years)
   ## If this field is commented out/removed from the yaml, it will disable the auto-renewal feature for TCPS certificate
   tcpsCertRenewInterval: 17520h
 

config/samples/sidb/singleinstancedatabase_tcps.yaml

@@ -36,7 +36,7 @@ spec:
 
   ## TCPS Certificate Renewal Interval: The time after which TCPS certificate will be renewed if TCPS connections are enabled.
   ## tcpsCertRenewInterval can be in hours(h), minutes(m) and seconds(s); e.g. 17520h, 8760h etc.
-  ## Maximum value is 26280h (3 years), Minimum value is 1m; Default value is 17520h (2 years)
+  ## Maximum value is 26280h (3 years), Minimum value is 5m; Default value is 17520h (2 years)
   ## If this field is commented out/removed from the yaml, it will disable the auto-renewal feature for TCPS certificate
   tcpsCertRenewInterval: 17520h
 

docs/sidb/README.md

@@ -560,7 +560,7 @@ The following steps are required to connect the Database using TCPS:
 - Only database server authentication is supported (no mTLS).
 - When TCPS is enabled, a self-signed certificate is generated and stored inside the wallets. For users' convenience, a client-side wallet is generated and stored at `/opt/oracle/oradata/clientWallet/$ORACLE_SID` location in the pod.
 - The self-signed certificate used with TCPS has validity for 2 years. After the certificate is expired, it will be renewed by the `OraOperator` automatically. You need to download the wallet again after the auto-renewal.
-- You can set the certificate renew interval with the help of `tcpsCertRenewInterval` field in the **[config/samples/sidb/singleinstancedatabase.yaml](../../config/samples/sidb/singleinstancedatabase.yaml)** file. The minimum accepted value is 1m, and the maximum value is 26280h (3 years). The certificates used with TCPS will automatically be renewed after this interval. If this field is omitted/commented in the yaml file, the certificates will not be renewed automatically.
+- You can set the certificate renew interval with the help of `tcpsCertRenewInterval` field in the **[config/samples/sidb/singleinstancedatabase.yaml](../../config/samples/sidb/singleinstancedatabase.yaml)** file. The minimum accepted value is 5m, and the maximum value is 26280h (3 years). The certificates used with TCPS will automatically be renewed after this interval. If this field is omitted/commented in the yaml file, the certificates will not be renewed automatically.
 
 ### Specifying Custom Ports
 As mentioned in the section [Setup Database with LoadBalancer](#setup-database-with-loadbalancer), there are two kubernetes services possible for the database: NodePort and LoadBalancer. You can specify which port to use with these services by editing the `listenerPort` and `tcpsListenerPort` fields of the [config/samples/sidb/singleinstancedatabase.yaml](../../config/samples/sidb/singleinstancedatabase.yaml) file.
@@ -575,7 +575,7 @@ In case of `NodePort` service, `listenerPort`, and `tcpsListenerPort` will be th
 - `listenerPort` and `tcpsListenerPort` can not have same values.
 - `tcpsListenerPort` will come into effect only when TCPS connections are enabled (i.e. `enableTCPS` field is set in [config/samples/sidb/singleinstancedatabase.yaml](../../config/samples/sidb/singleinstancedatabase.yaml) file).
 - If TCPS connections are enabled, and `listenerPort` is commented/removed in the [config/samples/sidb/singleinstancedatabase.yaml](../../config/samples/sidb/singleinstancedatabase.yaml) file, only TCPS endpoint will be exposed.
-- If LoadBalancer is enabled, and either `listenerPort` or `tcpsListenerPort` is changed, then it takes some time to complete the work requests (drain existing backend sets and create new ones). SingleInstanceDatabase and LoadBalancer remains in the healthy state, but, you can check the progress of the work requests by logging into the OCI console and checking the corresponding LoadBalancer.
+- If LoadBalancer is enabled, and either `listenerPort` or `tcpsListenerPort` is changed, then it takes some time to complete the work requests (drain existing backend sets and create new ones). In this time, the database connectivity is broken. Although, SingleInstanceDatabase and LoadBalancer remain in the healthy state, you can check the progress of the work requests by logging into the cloud provider's console and checking the corresponding LoadBalancer.
 
 
 ## OracleRestDataService Resource