Packages:
Resource Types:
RestDataServices is the Schema for the restdataservices API
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | database.oracle.com/v1 | true |
| kind | string | RestDataServices | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the `metadata` field. | true |
| spec | object |
RestDataServicesSpec defines the desired state of RestDataServices |
false |
| status | object |
RestDataServicesStatus defines the observed state of RestDataServices |
false |
RestDataServicesSpec defines the desired state of RestDataServices
| Name | Type | Description | Required |
|---|---|---|---|
| globalSettings | object |
Contains settings that are configured across the entire ORDS instance. |
true |
| image | string |
Specifies the ORDS container image |
true |
| forceRestart | boolean |
Specifies whether to restart pods when Global or Pool configurations change |
false |
| imagePullPolicy | enum |
Specifies the ORDS container image pull policy Enum: IfNotPresent, Always, Never Default: IfNotPresent |
false |
| imagePullSecrets | string |
Specifies the Secret Name for pulling the ORDS container image |
false |
| poolSettings | []object |
Contains settings for individual pools/databases |
false |
| replicas | integer |
Defines the number of desired Replicas when workloadType is Deployment or StatefulSet Format: int32 Default: 1 Minimum: 1 |
false |
| workloadType | enum |
Specifies the desired Kubernetes Workload Enum: Deployment, StatefulSet, DaemonSet Default: Deployment |
false |
Contains settings that are configured across the entire ORDS instance.
| Name | Type | Description | Required |
|---|---|---|---|
| cache.metadata.enabled | boolean |
Specifies the setting to enable or disable metadata caching. |
false |
| cache.metadata.graphql.expireAfterAccess | integer |
Specifies the duration after a GraphQL schema is not accessed from the cache that it expires. Format: int64 |
false |
| cache.metadata.graphql.expireAfterWrite | integer |
Specifies the duration after a GraphQL schema is cached that it expires and has to be loaded again. Format: int64 |
false |
| cache.metadata.jwks.enabled | boolean |
Specifies the setting to enable or disable JWKS caching. |
false |
| cache.metadata.jwks.expireAfterAccess | integer |
Specifies the duration after a JWK is not accessed from the cache that it expires. By default this is disabled. Format: int64 |
false |
| cache.metadata.jwks.expireAfterWrite | integer |
Specifies the duration after a JWK is cached, that is, it expires and has to be loaded again. Format: int64 |
false |
| cache.metadata.jwks.initialCapacity | integer |
Specifies the initial capacity of the JWKS cache. Format: int32 |
false |
| cache.metadata.jwks.maximumSize | integer |
Specifies the maximum capacity of the JWKS cache. Format: int32 |
false |
| cache.metadata.timeout | integer |
Specifies the setting to determine for how long a metadata record remains in the cache. Longer duration means, it takes longer to view the applied changes. The formats accepted are based on the ISO-8601 duration format. Format: int64 |
false |
| certSecret | object |
Specifies the Secret containing the SSL Certificates Replaces: standalone.https.cert and standalone.https.cert.key |
false |
| database.api.enabled | boolean |
Specifies whether the Database API is enabled. |
false |
| database.api.management.services.disabled | boolean |
Specifies to disable the Database API administration related services. Only applicable when Database API is enabled. |
false |
| db.invalidPoolTimeout | integer |
Specifies how long to wait before retrying an invalid pool. Format: int64 |
false |
| debug.printDebugToScreen | boolean |
Specifies whether to display error messages on the browser. |
false |
| enable.mongo.access.log | boolean |
Specifies if HTTP request access logs should be enabled If enabled, logs will be written to /opt/oracle/sa/log/global Default: false |
false |
| enable.standalone.access.log | boolean |
Specifies if HTTP request access logs should be enabled If enabled, logs will be written to /opt/oracle/sa/log/global Default: false |
false |
| error.responseFormat | string |
Specifies how the HTTP error responses must be formatted. html - Force all responses to be in HTML format json - Force all responses to be in JSON format auto - Automatically determines most appropriate format for the request (default). |
false |
| feature.grahpql.max.nesting.depth | integer |
Specifies the maximum join nesting depth limit for GraphQL queries. Format: int32 |
false |
| icap.port | integer |
Specifies the Internet Content Adaptation Protocol (ICAP) port to virus scan files. Either icap.port or icap.secure.port are required to have a value. Format: int32 |
false |
| icap.secure.port | integer |
Specifies the Internet Content Adaptation Protocol (ICAP) port to virus scan files. Either icap.port or icap.secure.port are required to have a value. If values for both icap.port and icap.secure.port are provided, then the value of icap.port is ignored. Format: int32 |
false |
| icap.server | string |
Specifies the Internet Content Adaptation Protocol (ICAP) server name or IP address to virus scan files. The icap.server is required to have a value. |
false |
| log.procedure | boolean |
Specifies whether procedures are to be logged. |
false |
| mongo.enabled | boolean |
Specifies to enable the API for MongoDB. |
false |
| mongo.idle.timeout | integer |
Specifies the maximum idle time for a Mongo connection in milliseconds. Format: int64 |
false |
| mongo.op.timeout | integer |
Specifies the maximum time for a Mongo database operation in milliseconds. Format: int64 |
false |
| mongo.port | integer |
Specifies the API for MongoDB listen port. Format: int32 Default: 27017 |
false |
| request.traceHeaderName | string |
Specifies the name of the HTTP request header that uniquely identifies the request end to end as it passes through the various layers of the application stack. In Oracle this header is commonly referred to as the ECID (Entity Context ID). |
false |
| security.credentials.attempts | integer |
Specifies the maximum number of unsuccessful password attempts allowed. Enabled by setting a positive integer value. Format: int32 |
false |
| security.credentials.lock.time | integer |
Specifies the period to lock the account that has exceeded maximum attempts. Format: int64 |
false |
| security.disableDefaultExclusionList | boolean |
If this value is set to true, then the Oracle REST Data Services internal exclusion list is not enforced. Oracle recommends that you do not set this value to true. |
false |
| security.exclusionList | string |
Specifies a pattern for procedures, packages, or schema names which are forbidden to be directly executed from a browser. |
false |
| security.externalSessionTrustedOrigins | string |
Specifies to trust Access from originating domains |
false |
| security.forceHTTPS | boolean |
Specifies to force HTTPS; this is set to default to false as in real-world TLS should terminiate at the LoadBalancer |
false |
| security.httpsHeaderCheck | string |
Specifies that the HTTP Header contains the specified text Usually set to 'X-Forwarded-Proto: https' coming from a load-balancer |
false |
| security.inclusionList | string |
Specifies a pattern for procedures, packages, or schema names which are allowed to be directly executed from a browser. |
false |
| security.maxEntries | integer |
Specifies the maximum number of cached procedure validations. Set this value to 0 to force the validation procedure to be invoked on each request. Format: int32 |
false |
| security.verifySSL | boolean |
Specifies whether HTTPS is available in your environment. |
false |
| standalone.context.path | string |
Specifies the context path where ords is located. Default: /ords |
false |
| standalone.http.port | integer |
Specifies the HTTP listen port. Format: int32 Default: 8080 |
false |
| standalone.https.host | string |
Specifies the SSL certificate hostname. |
false |
| standalone.https.port | integer |
Specifies the HTTPS listen port. Format: int32 Default: 8443 |
false |
| standalone.stop.timeout | integer |
Specifies the period for Standalone Mode to wait until it is gracefully shutdown. Format: int64 |
false |
Specifies the Secret containing the SSL Certificates Replaces: standalone.https.cert and standalone.https.cert.key
| Name | Type | Description | Required |
|---|---|---|---|
| cert | string |
Specifies the Certificate |
true |
| key | string |
Specifies the Certificate Key |
true |
| secretName | string |
Specifies the name of the certificate Secret |
true |
| Name | Type | Description | Required |
|---|---|---|---|
| db.secret | object |
Specifies the Secret with the dbUsername and dbPassword values for the connection. |
true |
| poolName | string |
Specifies the Pool Name |
true |
| apex.security.administrator.roles | string |
Specifies the comma delimited list of additional roles to assign authenticated APEX administrator type users. |
false |
| apex.security.user.roles | string |
Specifies the comma delimited list of additional roles to assign authenticated regular APEX users. |
false |
| autoUpgradeAPEX | boolean |
Specify whether to perform APEX installation/upgrades automatically The db.adminUser and db.adminUser.secret must be set, otherwise setting is ignored This setting will be ignored for ADB Default: false |
false |
| autoUpgradeORDS | boolean |
Specify whether to perform ORDS installation/upgrades automatically The db.adminUser and db.adminUser.secret must be set, otherwise setting is ignored This setting will be ignored for ADB Default: false |
false |
| db.adminUser | string |
Specifies the username for the database account that ORDS uses for administration operations in the database. |
false |
| db.adminUser.secret | object |
Specifies the Secret with the dbAdminUser (SYS) and dbAdminPassword values for the database account that ORDS uses for administration operations in the database. replaces: db.adminUser.password |
false |
| db.cdb.adminUser | string |
Specifies the username for the database account that ORDS uses for the Pluggable Database Lifecycle Management. |
false |
| db.cdb.adminUser.secret | object |
Specifies the Secret with the dbCdbAdminUser (SYS) and dbCdbAdminPassword values Specifies the username for the database account that ORDS uses for the Pluggable Database Lifecycle Management. Replaces: db.cdb.adminUser.password |
false |
| db.connectionType | enum |
The type of connection. Enum: basic, tns, customurl |
false |
| db.credentialsSource | enum |
Specifies the source for database credentials when creating a direct connection for running SQL statements. Value can be one of pool or request. If the value is pool, then the credentials defined in this pool is used to create a JDBC connection. If the value request is used, then the credentials in the request is used to create a JDBC connection and if successful, grants the requestor SQL Developer role. Enum: pool, request |
false |
| db.customURL | string |
Specifies the JDBC URL connection to connect to the database. |
false |
| db.hostname | string |
Specifies the host system for the Oracle database. |
false |
| db.poolDestroyTimeout | integer |
Indicates how long to wait to gracefully destroy a pool before moving to forcefully destroy all connections including borrowed ones. Format: int64 |
false |
| db.port | integer |
Specifies the database listener port. Format: int32 |
false |
| db.servicename | string |
Specifies the network service name of the database. |
false |
| db.sid | string |
Specifies the name of the database. |
false |
| db.tnsAliasName | string |
Specifies the TNS alias name that matches the name in the tnsnames.ora file. |
false |
| db.username | string |
Specifies the name of the database user for the connection. For non-ADB this will default to ORDS_PUBLIC_USER For ADBs this must be specified and not ORDS_PUBLIC_USER If ORDS_PUBLIC_USER is specified for an ADB, the workload will fail Default: ORDS_PUBLIC_USER |
false |
| db.wallet.zip.service | string |
Specifies the service name in the wallet archive for the pool. |
false |
| dbWalletSecret | object |
Specifies the Secret containing the wallet archive containing connection details for the pool. Replaces: db.wallet.zip |
false |
| debug.trackResources | boolean |
Specifies to enable tracking of JDBC resources. If not released causes in resource leaks or exhaustion in the database. Tracking imposes a performance overhead. |
false |
| feature.openservicebroker.exclude | boolean |
Specifies to disable the Open Service Broker services available for the pool. |
false |
| feature.sdw | boolean |
Specifies to enable the Database Actions feature. |
false |
| http.cookie.filter | string |
Specifies a comma separated list of HTTP Cookies to exclude when initializing an Oracle Web Agent environment. |
false |
| jdbc.DriverType | enum |
Specifies the JDBC driver type. Enum: thin, oci8 |
false |
| jdbc.InactivityTimeout | integer |
Specifies how long an available connection can remain idle before it is closed. The inactivity connection timeout is in seconds. Format: int32 |
false |
| jdbc.InitialLimit | integer |
Specifies the initial size for the number of connections that will be created. The default is low, and should probably be set higher in most production environments. Format: int32 |
false |
| jdbc.MaxConnectionReuseCount | integer |
Specifies the maximum number of times to reuse a connection before it is discarded and replaced with a new connection. Format: int32 |
false |
| jdbc.MaxConnectionReuseTime | integer |
Sets the maximum connection reuse time property. Format: int32 |
false |
| jdbc.MaxLimit | integer |
Specifies the maximum number of connections. Might be too low for some production environments. Format: int32 |
false |
| jdbc.MaxStatementsLimit | integer |
Specifies the maximum number of statements to cache for each connection. Format: int32 |
false |
| jdbc.MinLimit | integer |
Specifies the minimum number of connections. Format: int32 |
false |
| jdbc.SecondsToTrustIdleConnection | integer |
Sets the time in seconds to trust an idle connection to skip a validation test. Format: int32 |
false |
| jdbc.auth.admin.role | string |
Identifies the database role that indicates that the database user must get the SQL Administrator role. |
false |
| jdbc.auth.enabled | boolean |
Specifies if the PL/SQL Gateway calls can be authenticated using database users. If the value is true then this feature is enabled. If the value is false, then this feature is disabled. Oracle recommends not to use this feature. This feature used only to facilitate customers migrating from mod_plsql. |
false |
| jdbc.cleanup.mode | string |
Specifies how a pooled JDBC connection and corresponding database session, is released when a request has been processed. |
false |
| jdbc.statementTimeout | integer |
Specifies a timeout period on a statement. An abnormally long running query or script, executed by a request, may leave it in a hanging state unless a timeout is set on the statement. Setting a timeout on the statement ensures that all the queries automatically timeout if they are not completed within the specified time period. Format: int32 |
false |
| misc.defaultPage | string |
Specifies the default page to display. The Oracle REST Data Services Landing Page. |
false |
| misc.pagination.maxRows | integer |
Specifies the maximum number of rows that will be returned from a query when processing a RESTful service and that will be returned from a nested cursor in a result set. Affects all RESTful services generated through a SQL query, regardless of whether the resource is paginated. Format: int32 |
false |
| owa.trace.sql | boolean |
If it is true, then it causes a trace of the SQL statements performed by Oracle Web Agent to be echoed to the log. |
false |
| plsql.gateway.mode | enum |
Indicates if the PL/SQL Gateway functionality should be available for a pool or not. Value can be one of disabled, direct, or proxied. If the value is direct, then the pool serves the PL/SQL Gateway requests directly. If the value is proxied, the PLSQL_GATEWAY_CONFIG view is used to determine the user to whom to proxy. Enum: disabled, direct, proxied |
false |
| procedure.preProcess | string |
Specifies the procedure name(s) to execute prior to executing the procedure specified on the URL. Multiple procedure names must be separated by commas. |
false |
| procedure.rest.preHook | string |
Specifies the function to be invoked prior to dispatching each Oracle REST Data Services based REST Service. The function can perform configuration of the database session, perform additional validation or authorization of the request. If the function returns true, then processing of the request continues. If the function returns false, then processing of the request is aborted and an HTTP 403 Forbidden status is returned. |
false |
| procedurePostProcess | string |
Specifies the procedure name(s) to execute after executing the procedure specified on the URL. Multiple procedure names must be separated by commas. |
false |
| restEnabledSql.active | boolean |
Specifies whether the REST-Enabled SQL service is active. |
false |
| security.jwks.connection.timeout | integer |
Specifies the maximum amount of time before timing-out when accessing a JWK url. Format: int64 |
false |
| security.jwks.read.timeout | integer |
Specifies the maximum amount of time reading a response from the JWK url before timing-out. Format: int64 |
false |
| security.jwks.refresh.interval | integer |
Specifies the minimum interval between refreshing the JWK cached value. Format: int64 |
false |
| security.jwks.size | integer |
Specifies the maximum number of bytes read from the JWK url. Format: int32 |
false |
| security.jwt.allowed.age | integer |
Specifies the maximum allowed age of a JWT in seconds, regardless of expired claim. The age of the JWT is taken from the JWT issued at claim. Format: int64 |
false |
| security.jwt.allowed.skew | integer |
Specifies the maximum skew the JWT time claims are accepted. This is useful if the clock on the JWT issuer and ORDS differs by a few seconds. Format: int64 |
false |
| security.jwt.profile.enabled | boolean |
Specifies whether the JWT Profile authentication is available. Supported values: |
false |
| security.requestAuthenticationFunction | string |
Specifies an authentication function to determine if the requested procedure in the URL should be allowed or disallowed for processing. The function should return true if the procedure is allowed; otherwise, it should return false. If it returns false, Oracle REST Data Services will return WWW-Authenticate in the response header. |
false |
| security.requestValidationFunction | string |
Specifies a validation function to determine if the requested procedure in the URL should be allowed or disallowed for processing. The function should return true if the procedure is allowed; otherwise, return false. Default: ords_util.authorize_plsql_gateway |
false |
| security.validationFunctionType | enum |
Indicates the type of security.requestValidationFunction: javascript or plsql. Enum: plsql, javascript |
false |
| soda.defaultLimit | string |
When using the SODA REST API, specifies the default number of documents returned for a GET request on a collection when a limit is not specified in the URL. Must be a positive integer, or "unlimited" for no limit. |
false |
| soda.maxLimit | string |
When using the SODA REST API, specifies the maximum number of documents that will be returned for a GET request on a collection URL, regardless of any limit specified in the URL. Must be a positive integer, or "unlimited" for no limit. |
false |
| tnsAdminSecret | object |
Specifies the Secret containing the TNS_ADMIN directory Replaces: db.tnsDirectory |
false |
Specifies the Secret with the dbUsername and dbPassword values for the connection.
| Name | Type | Description | Required |
|---|---|---|---|
| secretName | string |
Specifies the name of the password Secret |
true |
| passwordKey | string |
Specifies the key holding the value of the Secret Default: password |
false |
Specifies the Secret with the dbAdminUser (SYS) and dbAdminPassword values for the database account that ORDS uses for administration operations in the database. replaces: db.adminUser.password
| Name | Type | Description | Required |
|---|---|---|---|
| secretName | string |
Specifies the name of the password Secret |
true |
| passwordKey | string |
Specifies the key holding the value of the Secret Default: password |
false |
Specifies the Secret with the dbCdbAdminUser (SYS) and dbCdbAdminPassword values Specifies the username for the database account that ORDS uses for the Pluggable Database Lifecycle Management. Replaces: db.cdb.adminUser.password
| Name | Type | Description | Required |
|---|---|---|---|
| secretName | string |
Specifies the name of the password Secret |
true |
| passwordKey | string |
Specifies the key holding the value of the Secret Default: password |
false |
Specifies the Secret containing the wallet archive containing connection details for the pool. Replaces: db.wallet.zip
| Name | Type | Description | Required |
|---|---|---|---|
| secretName | string |
Specifies the name of the Database Wallet Secret |
true |
| walletName | string |
Specifies the Secret key name containing the Wallet |
true |
Specifies the Secret containing the TNS_ADMIN directory Replaces: db.tnsDirectory
| Name | Type | Description | Required |
|---|---|---|---|
| secretName | string |
Specifies the name of the TNS_ADMIN Secret |
true |
RestDataServicesStatus defines the observed state of RestDataServices
| Name | Type | Description | Required |
|---|---|---|---|
| restartRequired | boolean |
Indicates if the resource is out-of-sync with the configuration |
true |
| conditions | []object |
|
false |
| httpPort | integer |
Indicates the HTTP port of the resource exposed by the pods Format: int32 |
false |
| httpsPort | integer |
Indicates the HTTPS port of the resource exposed by the pods Format: int32 |
false |
| mongoPort | integer |
Indicates the MongoAPI port of the resource exposed by the pods (if enabled) Format: int32 |
false |
| ordsVersion | string |
Indicates the ORDS version |
false |
| status | string |
Indicates the current status of the resource |
false |
| workloadType | string |
Indicates the current Workload type of the resource |
false |
Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"
// other fields }
| Name | Type | Description | Required |
|---|---|---|---|
| lastTransitionTime | string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. Format: date-time |
true |
| message | string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
| reason | string |
reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
| status | enum |
status of the condition, one of True, False, Unknown. Enum: True, False, Unknown |
true |
| type | string |
type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
true |
| observedGeneration | integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. Format: int64 Minimum: 0 |
false |