Setup for autonomous DB based cluster in operator #11821

stevefan1999-personal · 2022-05-04T08:52:27Z

stevefan1999-personal
May 4, 2022

Oracle Autonomous DB is wallet based and hence needs TNS_ADMIN to be set to a certain path like /etc/secrets/oracle/.

I've uploaded the entire wallet to K8S as secret (as it definitely is), but there is no way to extract the secret to /etc/secrets/oracle/ without using unsupported

Also, it doesn't seems to have a way to set environmental variables without using unsupported in the operator as well

stevefan1999-personal · 2022-05-04T08:59:01Z

stevefan1999-personal
May 4, 2022
Author

Here's a sample configuration for anyone interested:

---
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
  name: keycloak
spec:
  serverConfiguration:
    - name: db
      value: oracle
    - name: db-url
      value: jdbc:oracle:thin:@apps_medium?TNS_ADMIN=/etc/secrets/oracle/
    - name: db-username
      secret:
        key: DB_USER
        name: keycloak-db
    - name: db-password
      secret:
        key: DB_PASSWORD
        name: keycloak-db
  unsupported:
    podTemplate:
      spec:
        containers:
          - volumeMounts:
              - mountPath: /etc/secrets/oracle
                name: oracle
                readOnly: true
            env:
              - name: TNS_ADMIN
                value: /etc/secrets/oracle/
        volumes:
          - name: oracle
            secret:
              secretName: oracle-app

Under my test this configuration successfully seeded a Keycloak X setup in my Oracle Autonomous DB. I do have to say it is weird to see everything in...Capital letters.

This setting assumes /etc/secrets/oracle, and thus the oracle secret to contain the tnsname.ora and friends from Oracle Autonomous Database in the wallet you downloaded from. I just uploaded all of them in a single K8S secret. The reason to use db-url is that TNS names are not your typical connection string, as they are substitutable to subject to extra configurations.

Unfortunately, it seems like

keycloak/quarkus/config-api/src/main/java/org/keycloak/config/database/Database.java

Line 154 in e3ece82

    
           "jdbc:oracle:thin:@//${kc.db-url-host:localhost}:${kc.db-url-port:1521}/${kc.db-url-database:keycloak}",

mandates traditional connection string format so we need to override it. Oddly enough it seems like TNS_ADMIN environmental variable alone doesn't have any effects, so I also have to add it as a query option. So TNS_ADMIN as an environmental variable seems redundant (since the JDBC URL already specified the location) but is kept for defense purposes.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Setup for autonomous DB based cluster in operator #11821

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Setup for autonomous DB based cluster in operator #11821

Uh oh!

stevefan1999-personal May 4, 2022

Replies: 1 comment

Uh oh!

Uh oh!

stevefan1999-personal May 4, 2022 Author

stevefan1999-personal
May 4, 2022

stevefan1999-personal
May 4, 2022
Author