Two services: clusterIP for internal communication and external LB/NP for users

Signed-off-by: abhisbyk <abhishek.by.kumar@oracle.com>

Author: abhisbyk

apis/database/v1alpha1/singleinstancedatabase_types.go

@@ -61,12 +61,12 @@ type SingleInstanceDatabaseSpec struct {
 	Charset            string            `json:"charset,omitempty"`
 	Pdbname            string            `json:"pdbName,omitempty"`
 	LoadBalancer       bool              `json:"loadBalancer,omitempty"`
+	ServicePort        int               `json:"servicePort,omitempty"`
 	ServiceAnnotations map[string]string `json:"serviceAnnotations,omitempty"`
 	FlashBack          bool              `json:"flashBack,omitempty"`
 	ArchiveLog         bool              `json:"archiveLog,omitempty"`
 	ForceLogging       bool              `json:"forceLog,omitempty"`
 	EnableTCPS         bool              `json:"enableTCPS,omitempty"`
-	TcpsPort           int               `json:"tcpsPort,omitempty"`
 
 	CloneFrom            string `json:"cloneFrom,omitempty"`
 	ReadinessCheckPeriod int    `json:"readinessCheckPeriod,omitempty"`
@@ -150,8 +150,9 @@ type SingleInstanceDatabaseStatus struct {
 	PrebuiltDB       bool   `json:"prebuiltDB,omitempty"`
 	// +kubebuilder:default:=false
 	IsTcpsEnabled         bool   `json:"isTcpsEnabled"`
-	TcpsPort              int    `json:"tcpsPort,omitempty"`
 	CertCreationTimestamp string `json:"certCreationTimestamp,omitempty"`
+	DbHostname            string `json:"dbHostname,omitempty"`
+	DbPort                int    `json:"dbPort,omitempty"`
 
 	// +patchMergeKey=type
 	// +patchStrategy=merge

apis/database/v1alpha1/singleinstancedatabase_webhook.go

@@ -234,6 +234,16 @@ func (r *SingleInstanceDatabase) ValidateCreate() error {
 		}
 	}
 
+	// servicePort validation
+	if !r.Spec.LoadBalancer {
+		// NodePort service is expected. In this case servicePort should be in range 30000-32767
+		if r.Spec.ServicePort != 0 && (r.Spec.ServicePort < 30000 || r.Spec.ServicePort > 32767) {
+			allErrs = append(allErrs,
+				field.Invalid(field.NewPath("spec").Child("servicePort"), r.Spec.ServicePort,
+					"servicePort should be in 30000-32767 range."))
+		}
+	}
+
 	if len(allErrs) == 0 {
 		return nil
 	}
@@ -297,10 +307,6 @@ func (r *SingleInstanceDatabase) ValidateUpdate(oldRuntimeObject runtime.Object)
 		allErrs = append(allErrs,
 			field.Forbidden(field.NewPath("spec").Child("persistence"), "uninstall ORDS to change Persistence"))
 	}
-	if old.Status.IsTcpsEnabled && old.Status.TcpsPort != r.Spec.TcpsPort {
-		allErrs = append(allErrs,
-			field.Forbidden(field.NewPath("spec").Child("tcpsPort"), "cannot change TCPS port, please disable TCPS first then enable it with newly desired port"))
-	}
 	if len(allErrs) == 0 {
 		return nil
 	}

commons/database/constants.go

@@ -38,7 +38,9 @@
 
 package commons
 
-const DEFAULT_LISTENER_PORT int32 = 1521
+const CONTAINER_LISTENER_PORT int32 = 1521
+
+const CONTAINER_TCPS_PORT int32 = 1522
 
 const ORACLE_UID int64 = 54321
 
@@ -483,10 +485,13 @@ const SetApexUsers string = "\numask 177" +
 const GetSidPdbEditionCMD string = "echo $ORACLE_SID,$ORACLE_PDB,$ORACLE_EDITION,Edition;"
 
 // Command to enable TCPS as a formatted string. The parameter would be the port at which TCPS is enabled.
-const EnableTcpsCMD string = "$ORACLE_BASE/$CONFIG_TCPS_FILE %d"
+const EnableTcpsCMD string = "$ORACLE_BASE/$CONFIG_TCPS_FILE"
 
 // Command for TCPS certs renewal to prevent their expiry. It is same as the EnableTcpsCMD
 const RenewCertsCMD string = EnableTcpsCMD
 
 // Command to disable TCPS
 const DisableTcpsCMD string = "$ORACLE_BASE/$CONFIG_TCPS_FILE disable"
+
+// TCPS clientWallet update command
+const ClientWalletUpdate string = "sed -i -e 's/HOST.*$/HOST=%s)/g' -e 's/PORT.*$/PORT=%d)/g' ${ORACLE_BASE}/oradata/clientWallet/${ORACLE_SID}/tnsnames.ora"

config/crd/bases/database.oracle.com_singleinstancedatabases.yaml

@@ -156,14 +156,14 @@ spec:
                 additionalProperties:
                   type: string
                 type: object
+              servicePort:
+                type: integer
               sid:
                 description: SID must be alphanumeric (no special characters, only
                   a-z, A-Z, 0-9), and no longer than 12 characters.
                 maxLength: 12
                 pattern: ^[a-zA-Z0-9]+$
                 type: string
-              tcpsPort:
-                type: integer
             required:
             - image
             type: object
@@ -263,6 +263,10 @@ spec:
               datafilesPatched:
                 default: "false"
                 type: string
+              dbHostname:
+                type: string
+              dbPort:
+                type: integer
               edition:
                 type: string
               flashBack:
@@ -334,8 +338,6 @@ spec:
                 type: object
               status:
                 type: string
-              tcpsPort:
-                type: integer
             required:
             - isTcpsEnabled
             - persistence

config/samples/sidb/singleinstancedatabase.yaml

@@ -47,9 +47,6 @@ spec:
   ## Enable TCPS
   enableTCPS: false
 
-  ## TCPS custom port
-  tcpsPort: 1522
-
   ## NA if cloning from a SourceDB (cloneFrom is set)
   ## Specify both sgaSize and pgaSize (in MB) or dont specify both
   ## Specify Non-Zero value to use
@@ -85,6 +82,11 @@ spec:
   ## Type of service . Applicable on cloud enviroments only
   ## if loadBalService : false, service type = "NodePort" else "LoadBalancer"
   loadBalancer: false
+  
+  ## If loadBalancer is enabled, the servicePort is the load balancer port number
+  ## If loadBalancer is disabled, the servicePort is the NodePort(should be in range 30000-32767)
+  #servicePort: 30001
+
   ## Service Annotations (Cloud provider specific), for configuring the service (e.g. private LoadBalancer service)
   #serviceAnnotations:
   #  service.beta.kubernetes.io/oci-load-balancer-internal: "true"