diff --git a/docs/examples/hanadb/clustering/standalone.yaml b/docs/examples/hanadb/clustering/standalone.yaml new file mode 100644 index 000000000..7fdb98950 --- /dev/null +++ b/docs/examples/hanadb/clustering/standalone.yaml @@ -0,0 +1,17 @@ +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-standalone + namespace: demo +spec: + version: "2.0.82" + replicas: 1 + storageType: Durable + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + storageClassName: local-path + deletionPolicy: WipeOut diff --git a/docs/examples/hanadb/clustering/system-replication.yaml b/docs/examples/hanadb/clustering/system-replication.yaml new file mode 100644 index 000000000..93303ff42 --- /dev/null +++ b/docs/examples/hanadb/clustering/system-replication.yaml @@ -0,0 +1,22 @@ +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-cluster + namespace: demo +spec: + version: "2.0.82" + replicas: 3 + storageType: Durable + topology: + mode: SystemReplication + systemReplication: + replicationMode: fullsync + operationMode: logreplay_readaccess + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + storageClassName: local-path + deletionPolicy: WipeOut diff --git a/docs/examples/hanadb/configuration/custom-hanadb.yaml b/docs/examples/hanadb/configuration/custom-hanadb.yaml new file mode 100644 index 000000000..c4631234e --- /dev/null +++ b/docs/examples/hanadb/configuration/custom-hanadb.yaml @@ -0,0 +1,19 @@ +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-custom-config + namespace: demo +spec: + version: "2.0.82" + replicas: 1 + configuration: + secretName: hanadb-configuration + storageType: Durable + storage: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + deletionPolicy: WipeOut diff --git a/docs/examples/hanadb/configuration/hanadb-configuration.yaml b/docs/examples/hanadb/configuration/hanadb-configuration.yaml new file mode 100644 index 000000000..477b4db4b --- /dev/null +++ b/docs/examples/hanadb/configuration/hanadb-configuration.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: hanadb-configuration + namespace: demo +stringData: + global.ini: | + [memorymanager] + global_allocation_limit = 8589934592 diff --git a/docs/examples/hanadb/custom-rbac/hanadb-custom-clusterrole.yaml b/docs/examples/hanadb/custom-rbac/hanadb-custom-clusterrole.yaml new file mode 100644 index 000000000..6b4244ff0 --- /dev/null +++ b/docs/examples/hanadb/custom-rbac/hanadb-custom-clusterrole.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: my-custom-clusterrole +rules: +- apiGroups: + - catalog.kubedb.com + resources: + - hanadbversions + verbs: + - get + - list + - watch +- apiGroups: + - kubedb.com + resources: + - hanadbs + verbs: + - get + - list + - watch diff --git a/docs/examples/hanadb/custom-rbac/hanadb-custom-clusterrolebinding.yaml b/docs/examples/hanadb/custom-rbac/hanadb-custom-clusterrolebinding.yaml new file mode 100644 index 000000000..1fd988ef6 --- /dev/null +++ b/docs/examples/hanadb/custom-rbac/hanadb-custom-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: my-custom-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: my-custom-clusterrole +subjects: +- kind: ServiceAccount + name: my-custom-serviceaccount + namespace: demo diff --git a/docs/examples/hanadb/custom-rbac/hanadb-custom-db.yaml b/docs/examples/hanadb/custom-rbac/hanadb-custom-db.yaml new file mode 100644 index 000000000..4e3806670 --- /dev/null +++ b/docs/examples/hanadb/custom-rbac/hanadb-custom-db.yaml @@ -0,0 +1,20 @@ +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-custom-rbac + namespace: demo +spec: + version: "2.0.82" + replicas: 1 + storageType: Durable + podTemplate: + spec: + serviceAccountName: my-custom-serviceaccount + storage: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + deletionPolicy: WipeOut diff --git a/docs/examples/hanadb/custom-rbac/hanadb-custom-role.yaml b/docs/examples/hanadb/custom-rbac/hanadb-custom-role.yaml new file mode 100644 index 000000000..655ce5483 --- /dev/null +++ b/docs/examples/hanadb/custom-rbac/hanadb-custom-role.yaml @@ -0,0 +1,58 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: my-custom-role + namespace: demo +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - "*" +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - kubedb.com + resources: + - hanadbs + verbs: + - get + - list + - watch + - patch +- apiGroups: + - kubedb.com + resources: + - hanadbs/status + verbs: + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - update +- apiGroups: + - apps.k8s.appscode.com + resources: + - petsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - update diff --git a/docs/examples/hanadb/monitoring/builtin-prom-hanadb.yaml b/docs/examples/hanadb/monitoring/builtin-prom-hanadb.yaml new file mode 100644 index 000000000..e065c3dec --- /dev/null +++ b/docs/examples/hanadb/monitoring/builtin-prom-hanadb.yaml @@ -0,0 +1,22 @@ +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-builtin-prometheus + namespace: demo +spec: + version: "2.0.82" + replicas: 1 + storageType: Durable + storage: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + deletionPolicy: WipeOut + monitor: + agent: prometheus.io/builtin + prometheus: + exporter: + port: 9668 diff --git a/docs/examples/hanadb/monitoring/coreos-prom-hanadb.yaml b/docs/examples/hanadb/monitoring/coreos-prom-hanadb.yaml new file mode 100644 index 000000000..2f7318515 --- /dev/null +++ b/docs/examples/hanadb/monitoring/coreos-prom-hanadb.yaml @@ -0,0 +1,26 @@ +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-prometheus-operator + namespace: demo +spec: + version: "2.0.82" + replicas: 1 + storageType: Durable + storage: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + deletionPolicy: WipeOut + monitor: + agent: prometheus.io/operator + prometheus: + exporter: + port: 9668 + serviceMonitor: + labels: + release: prometheus + interval: 10s diff --git a/docs/examples/hanadb/private-registry/pvt-hanadbversion.yaml b/docs/examples/hanadb/private-registry/pvt-hanadbversion.yaml new file mode 100644 index 000000000..7dae9b773 --- /dev/null +++ b/docs/examples/hanadb/private-registry/pvt-hanadbversion.yaml @@ -0,0 +1,18 @@ +apiVersion: catalog.kubedb.com/v1alpha1 +kind: HanaDBVersion +metadata: + name: "2.0.82-private" +spec: + coordinator: + image: PRIVATE_REGISTRY/hanadb-coordinator:v0.4.0 + db: + image: PRIVATE_REGISTRY/hanaexpress:2.00.082.00.20250528.1 + exporter: + image: PRIVATE_REGISTRY/hanadb-exporter:1.0.0 + securityContext: + runAsGroup: 79 + runAsUser: 12000 + updateConstraints: + allowlist: + - 2.0.82-private + version: "2.0.82" diff --git a/docs/examples/hanadb/private-registry/pvt-reg-hanadb.yaml b/docs/examples/hanadb/private-registry/pvt-reg-hanadb.yaml new file mode 100644 index 000000000..ce2ca5772 --- /dev/null +++ b/docs/examples/hanadb/private-registry/pvt-reg-hanadb.yaml @@ -0,0 +1,21 @@ +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-private-registry + namespace: demo +spec: + version: "2.0.82-private" + replicas: 1 + storageType: Durable + storage: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + podTemplate: + spec: + imagePullSecrets: + - name: myregistrykey + deletionPolicy: WipeOut diff --git a/docs/examples/hanadb/quickstart/quick-hanadb.yaml b/docs/examples/hanadb/quickstart/quick-hanadb.yaml new file mode 100644 index 000000000..2c9807627 --- /dev/null +++ b/docs/examples/hanadb/quickstart/quick-hanadb.yaml @@ -0,0 +1,17 @@ +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-quickstart + namespace: demo +spec: + version: "2.0.82" + replicas: 1 + storageType: Durable + storage: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + deletionPolicy: Delete diff --git a/docs/examples/hanadb/quickstart/system-replication.yaml b/docs/examples/hanadb/quickstart/system-replication.yaml new file mode 100644 index 000000000..3396eb92b --- /dev/null +++ b/docs/examples/hanadb/quickstart/system-replication.yaml @@ -0,0 +1,21 @@ +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-cluster + namespace: demo +spec: + version: "2.0.82" + replicas: 3 + storageType: Durable + topology: + mode: SystemReplication + systemReplication: + replicationMode: fullsync + operationMode: logreplay_readaccess + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + storageClassName: local-path diff --git a/docs/guides/hanadb/README.md b/docs/guides/hanadb/README.md new file mode 100644 index 000000000..89e253376 --- /dev/null +++ b/docs/guides/hanadb/README.md @@ -0,0 +1,74 @@ +--- +title: HanaDB +menu: + docs_{{ .version }}: + identifier: hanadb-readme + name: HanaDB + parent: hanadb-guides + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +url: /docs/{{ .version }}/guides/hanadb/ +aliases: + - /docs/{{ .version }}/guides/hanadb/README/ +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# Overview + +KubeDB supports SAP HANA through the `HanaDB` CRD. You can provision standalone SAP HANA instances or system replication clusters from Kubernetes. + +## Supported HanaDB Features + +| Features | Availability | +|---------------------------------------------------------------|:------------:| +| Provisioning in Standalone mode | ✓ | +| Provisioning in System Replication mode | ✓ | +| Custom configuration and auth secret | ✓ | +| Custom pod template and service account | ✓ | +| Private registry images | ✓ | +| Built-in Prometheus discovery | ✓ | +| Prometheus Operator monitoring | ✓ | + +## Supported HanaDB Versions + +KubeDB supports the following SAP HANA version: + +- `2.0.82` + +## Example HanaDB Manifest + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-cluster + namespace: demo +spec: + version: "2.0.82" + replicas: 3 + storageType: "Durable" + topology: + mode: SystemReplication + systemReplication: + replicationMode: fullsync + operationMode: logreplay_readaccess + storage: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 64Gi + storageClassName: local-path +``` + +## User Guide + +- [HanaDB Quickstart](/docs/guides/hanadb/quickstart/quickstart.md) with KubeDB operator. +- [HanaDB CRD](/docs/guides/hanadb/concepts/hanadb.md). +- [HanaDBVersion CRD](/docs/guides/hanadb/concepts/catalog.md). +- [AppBinding](/docs/guides/hanadb/concepts/appbinding.md). +- [Standalone and System Replication](/docs/guides/hanadb/clustering/system-replication.md). +- [Custom Configuration](/docs/guides/hanadb/configuration/using-config-file.md). +- [Private Registry](/docs/guides/hanadb/private-registry/using-private-registry.md). +- [Monitoring](/docs/guides/hanadb/monitoring/overview.md) for metrics collection guidance. diff --git a/docs/guides/hanadb/_index.md b/docs/guides/hanadb/_index.md new file mode 100644 index 000000000..fba9dbe97 --- /dev/null +++ b/docs/guides/hanadb/_index.md @@ -0,0 +1,10 @@ +--- +title: HanaDB +menu: + docs_{{ .version }}: + identifier: hanadb-guides + name: HanaDB + parent: guides + weight: 14 +menu_name: docs_{{ .version }} +--- \ No newline at end of file diff --git a/docs/guides/hanadb/clustering/_index.md b/docs/guides/hanadb/clustering/_index.md new file mode 100644 index 000000000..8150316ca --- /dev/null +++ b/docs/guides/hanadb/clustering/_index.md @@ -0,0 +1,10 @@ +--- +title: HanaDB Clustering +menu: + docs_{{ .version }}: + identifier: hanadb-clustering + name: Clustering + parent: hanadb-guides + weight: 25 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/hanadb/clustering/standalone.md b/docs/guides/hanadb/clustering/standalone.md new file mode 100644 index 000000000..fd943b28d --- /dev/null +++ b/docs/guides/hanadb/clustering/standalone.md @@ -0,0 +1,76 @@ +--- +title: HanaDB Standalone +menu: + docs_{{ .version }}: + identifier: hanadb-standalone-clustering + name: Standalone + parent: hanadb-clustering + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# HanaDB Standalone + +This guide shows how to run a single SAP HANA instance using KubeDB. + +## Before You Begin + +- Prepare a Kubernetes cluster and configure `kubectl`. +- Install KubeDB following the steps [here](/docs/setup/README.md). +- Create a namespace for this tutorial: + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored in [docs/examples/hanadb/clustering](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/hanadb/clustering). + +## Deploy a Standalone Instance + +The following manifest creates a standalone HanaDB instance. If `spec.topology` is omitted, KubeDB treats the database as standalone and requires `spec.replicas: 1`. + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-standalone + namespace: demo +spec: + version: "2.0.82" + replicas: 1 + storageType: Durable + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + storageClassName: local-path + deletionPolicy: WipeOut +``` + +Create the database: + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/clustering/standalone.yaml +hanadb.kubedb.com/hanadb-standalone created +``` + +Wait for the database to become ready: + +```bash +$ kubectl get hanadb -n demo hanadb-standalone +NAME VERSION STATUS AGE +hanadb-standalone 2.0.82 Ready 5m +``` + +## Cleaning up + +```bash +kubectl delete hanadb -n demo hanadb-standalone +kubectl delete ns demo +``` diff --git a/docs/guides/hanadb/clustering/system-replication.md b/docs/guides/hanadb/clustering/system-replication.md new file mode 100644 index 000000000..3200d838c --- /dev/null +++ b/docs/guides/hanadb/clustering/system-replication.md @@ -0,0 +1,226 @@ +--- +title: HanaDB System Replication +menu: + docs_{{ .version }}: + identifier: hanadb-system-replication-clustering + name: System Replication + parent: hanadb-clustering + weight: 20 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# HanaDB System Replication + +This guide shows how to run SAP HANA system replication using KubeDB. In this mode, KubeDB creates multiple HanaDB pods and wires SAP HANA system replication between them. The primary service routes write traffic to the current primary pod, and the optional secondary service can expose readable secondary pods when read access is enabled. + +## Before You Begin + +- Prepare a Kubernetes cluster and configure `kubectl`. +- Install KubeDB following the steps [here](/docs/setup/README.md). +- Create a namespace for this tutorial: + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored in [docs/examples/hanadb/clustering](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/hanadb/clustering). + +## Deploy a System Replication Cluster + +The following manifest creates a three-node HanaDB system replication cluster. `spec.topology.mode: SystemReplication` enables SAP HANA system replication. + +The important fields are: + +| Field | Purpose | +|-------|---------| +| `spec.replicas` | Number of HanaDB data pods. This guide uses `3` replicas. | +| `spec.topology.mode` | Must be `SystemReplication` for SAP HANA system replication. | +| `spec.topology.systemReplication.replicationMode` | Controls transaction commit behavior relative to log shipping. Valid values are `sync`, `syncmem`, `async`, and `fullsync`. If omitted, KubeDB defaults it to `sync`. | +| `spec.topology.systemReplication.operationMode` | Controls how the secondary replays logs. Valid values are `logreplay`, `delta_datashipping`, and `logreplay_readaccess`. If omitted, KubeDB defaults it to `logreplay`. | +| `spec.storage.resources.requests.storage` | Persistent volume size for each HanaDB pod. SAP HANA needs a large volume; the examples use `64Gi`. | + +This guide uses `replicationMode: fullsync` and `operationMode: logreplay_readaccess`. With `logreplay_readaccess`, KubeDB creates a secondary service for read-enabled secondaries. + +## Choose Replication and Operation Mode + +System replication behavior is controlled by two fields under `spec.topology.systemReplication`. + +### Replication Mode + +`replicationMode` controls how strongly the primary waits for log shipping before committing transactions. + +| Mode | Use when | +|------|----------| +| `sync` | You want synchronous replication with the default KubeDB behavior. This is the default when `replicationMode` is omitted. | +| `syncmem` | You want synchronous replication where the secondary acknowledges after receiving logs in memory. | +| `async` | You prefer lower write latency and can tolerate more replication lag. | +| `fullsync` | You want the strictest acknowledgement behavior supported by SAP HANA system replication. | + +### Operation Mode + +`operationMode` controls how the secondary receives and replays data. +For every system replication cluster, KubeDB creates the primary service and governing headless service. The operation mode determines whether KubeDB also creates a secondary read service. + +| Mode | Read access | Secondary service | +|------|-------------|-------------------| +| `logreplay` | Disabled | Not created. This is the default when `operationMode` is omitted. | +| `delta_datashipping` | Disabled | Not created. | +| `logreplay_readaccess` | Enabled | Created as `secondary-`. | + +Read access is enabled only by setting: + +```yaml +topology: + mode: SystemReplication + systemReplication: + operationMode: logreplay_readaccess +``` + +If you do not need read-only traffic on secondary pods, use `operationMode: logreplay` or omit `spec.topology.systemReplication.operationMode`. + +For example, this uses default `sync` + `logreplay` behavior and does not create the secondary read service: + +```yaml +topology: + mode: SystemReplication +``` + +The following example enables strict replication acknowledgment and read access on secondaries: + +```yaml +topology: + mode: SystemReplication + systemReplication: + replicationMode: fullsync + operationMode: logreplay_readaccess +``` + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-cluster + namespace: demo +spec: + version: "2.0.82" + replicas: 3 + storageType: Durable + topology: + mode: SystemReplication + systemReplication: + replicationMode: fullsync + operationMode: logreplay_readaccess + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + storageClassName: local-path + deletionPolicy: WipeOut +``` + +Create the database: + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/clustering/system-replication.yaml +hanadb.kubedb.com/hanadb-cluster created +``` + +Wait for the cluster to become ready: + +```bash +$ kubectl get hanadb -n demo hanadb-cluster +NAME VERSION STATUS AGE +hanadb-cluster 2.0.82 Ready 8m +``` + +## Verify System Replication Resources + +Check the pods. Each HanaDB pod should have the database container and the coordinator sidecar running. + +```bash +$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=hanadb-cluster" +NAME READY STATUS RESTARTS AGE +hanadb-cluster-0 2/2 Running 0 8m +hanadb-cluster-1 2/2 Running 0 8m +hanadb-cluster-2 2/2 Running 0 8m +``` + +Check the services created for the cluster: + +```bash +$ kubectl get svc -n demo --selector="app.kubernetes.io/instance=hanadb-cluster" +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +hanadb-cluster ClusterIP 10.96.100.10 39017/TCP 8m +secondary-hanadb-cluster ClusterIP 10.96.100.11 39017/TCP 8m +hanadb-cluster-pods ClusterIP None 39001/TCP,39017/TCP 8m +``` + +The services have the following roles: + +| Service | Use | +|---------|-----| +| `hanadb-cluster` | Primary service. Applications should use this service for write traffic. | +| `secondary-hanadb-cluster` | Secondary service. Created when `operationMode` is `logreplay_readaccess`; applications can use it for read traffic. | +| `hanadb-cluster-pods` | Headless governing service used for pod DNS and internal cluster coordination. | + +If you use `operationMode: logreplay` or `operationMode: delta_datashipping`, the `secondary-hanadb-cluster` service is not created because secondary read access is disabled. + +You can also inspect the endpoints to see which pods each service currently selects: + +```bash +$ kubectl get endpoints -n demo hanadb-cluster secondary-hanadb-cluster hanadb-cluster-pods +NAME ENDPOINTS AGE +hanadb-cluster 10.244.0.12:39017 8m +secondary-hanadb-cluster 10.244.0.13:39017,10.244.0.14:39017 8m +hanadb-cluster-pods 10.244.0.12:39017,10.244.0.13:39017 + 4 more 8m +``` + +## Verify Replication Status + +KubeDB checks SAP HANA system replication by querying `SYS.M_SERVICE_REPLICATION` from the primary service. You can run the same check manually. + +First, read the generated SYSTEM user password: + +```bash +$ export HANA_PASSWORD=$(kubectl get secret -n demo hanadb-cluster-auth -o jsonpath='{.data.password}' | base64 -d) +``` + +Then query the replication status from the primary pod: + +```bash +$ kubectl exec -it -n demo hanadb-cluster-0 -c hanadb -- hdbsql \ + -u SYSTEM -p "$HANA_PASSWORD" -d SYSTEMDB \ + "SELECT REPLICATION_STATUS, REPLICATION_STATUS_DETAILS, (LAST_LOG_POSITION - REPLAYED_LOG_POSITION) AS REPLAY_BACKLOG FROM SYS.M_SERVICE_REPLICATION" +REPLICATION_STATUS REPLICATION_STATUS_DETAILS REPLAY_BACKLOG +ACTIVE Connected 0 +ACTIVE Connected 0 +``` + +The cluster is healthy when every secondary reports `ACTIVE` and the replay backlog is `0` or close to `0`. During startup, the status may temporarily show `SYNCING` or `INITIALIZING`. + +## Connect to HanaDB + +Applications should connect to the primary service for writes: + +```bash +hanadb-cluster.demo.svc:39017 +``` + +If you selected `operationMode: logreplay_readaccess`, read-only clients can connect to the secondary service: + +```bash +secondary-hanadb-cluster.demo.svc:39017 +``` + +## Cleaning up + +```bash +kubectl delete hanadb -n demo hanadb-cluster +kubectl delete ns demo +``` diff --git a/docs/guides/hanadb/concepts/_index.md b/docs/guides/hanadb/concepts/_index.md new file mode 100644 index 000000000..9854781f1 --- /dev/null +++ b/docs/guides/hanadb/concepts/_index.md @@ -0,0 +1,10 @@ +--- +title: HanaDB Concepts +menu: + docs_{{ .version }}: + identifier: hanadb-concepts + name: Concepts + parent: hanadb-guides + weight: 20 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/hanadb/concepts/appbinding.md b/docs/guides/hanadb/concepts/appbinding.md new file mode 100644 index 000000000..a16aea7cb --- /dev/null +++ b/docs/guides/hanadb/concepts/appbinding.md @@ -0,0 +1,67 @@ +--- +title: AppBinding CRD +menu: + docs_{{ .version }}: + identifier: hanadb-appbinding-concepts + name: AppBinding + parent: hanadb-concepts + weight: 20 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# AppBinding + +## What is AppBinding? + +An `AppBinding` is a Kubernetes custom resource that points to an application using either a Kubernetes service or an external URL, along with optional parameters and a credential secret. + +KubeDB creates an `AppBinding` automatically for each `HanaDB` object. Applications and other operators can use this object to discover the service endpoint and credentials for the SAP HANA database. + +## AppBinding Specification + +An `AppBinding` object created by KubeDB for a HanaDB instance looks like this: + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: hanadb-cluster + namespace: demo + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: hanadb-cluster + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: hanadbs.kubedb.com +spec: + appRef: + apiGroup: kubedb.com + kind: HanaDB + name: hanadb-cluster + namespace: demo + clientConfig: + service: + name: hanadb-cluster + path: / + port: 39017 + scheme: tcp + secret: + name: hanadb-cluster-auth + type: kubedb.com/hanadb + version: "2.0.82" +``` + +## Key fields + +- `spec.type` identifies the application type as `kubedb.com/hanadb`. +- `spec.appRef` points back to the source `HanaDB` object. +- `spec.clientConfig.service` contains the in-cluster service endpoint for SAP HANA. +- `spec.secret.name` points to the secret containing the database credentials. +- `spec.version` is the SAP HANA version resolved from the `HanaDBVersion` catalog. + +## Next Steps + +- Read the [HanaDB CRD](/docs/guides/hanadb/concepts/hanadb.md). +- Run the [HanaDB quickstart](/docs/guides/hanadb/quickstart/quickstart.md). diff --git a/docs/guides/hanadb/concepts/catalog.md b/docs/guides/hanadb/concepts/catalog.md new file mode 100644 index 000000000..aad7ea518 --- /dev/null +++ b/docs/guides/hanadb/concepts/catalog.md @@ -0,0 +1,60 @@ +--- +title: HanaDBVersion CRD +menu: + docs_{{ .version }}: + identifier: hanadb-catalog-concepts + name: HanaDBVersion + parent: hanadb-concepts + weight: 15 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# HanaDBVersion + +## What is HanaDBVersion? + +`HanaDBVersion` is the catalog custom resource that maps a HanaDB version string to the container images and metadata used by KubeDB. + +KubeDB resolves `HanaDB.spec.version` through this catalog. + +## HanaDBVersion Specification + +```yaml +apiVersion: catalog.kubedb.com/v1alpha1 +kind: HanaDBVersion +metadata: + name: "2.0.82" +spec: + coordinator: + image: ghcr.io/kubedb/hanadb-coordinator:v0.4.0 + db: + image: docker.io/saplabs/hanaexpress:2.00.082.00.20250528.1 + exporter: + image: ghcr.io/kubedb/hanadb-exporter:1.0.0 + securityContext: + runAsGroup: 79 + runAsUser: 12000 + updateConstraints: + allowlist: + - 2.0.82 + version: "2.0.82" +``` + +## Key fields + +- `metadata.name` is the value used in `HanaDB.spec.version`. +- `spec.version` is the HanaDB engine version. +- `spec.coordinator.image` points to the coordinator sidecar image. +- `spec.db.image` points to the image used for database pods. +- `spec.exporter.image` points to the metrics exporter image. +- `spec.securityContext` provides the default user and group used by database containers. +- `spec.updateConstraints.allowlist` lists the versions this catalog entry can update to. +- `spec.deprecated` marks versions that are not recommended for new use. + +## Next Steps + +- Read the [HanaDB CRD](/docs/guides/hanadb/concepts/hanadb.md). +- Run the [HanaDB quickstart](/docs/guides/hanadb/quickstart/quickstart.md). diff --git a/docs/guides/hanadb/concepts/hanadb.md b/docs/guides/hanadb/concepts/hanadb.md new file mode 100644 index 000000000..f312dee78 --- /dev/null +++ b/docs/guides/hanadb/concepts/hanadb.md @@ -0,0 +1,54 @@ +--- +title: HanaDB CRD +menu: + docs_{{ .version }}: + identifier: hanadb-concepts-hanadb + name: HanaDB + parent: hanadb-concepts + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# HanaDB + +## What is HanaDB? + +`HanaDB` is a KubeDB custom resource for running SAP HANA databases in Kubernetes. + +## HanaDB Spec + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-cluster + namespace: demo +spec: + version: "2.0.82" + replicas: 3 + storageType: "Durable" + topology: + mode: SystemReplication + systemReplication: + replicationMode: fullsync + operationMode: logreplay_readaccess + storage: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 64Gi + storageClassName: local-path +``` + +### Key fields + +- `spec.version` refers to a `HanaDBVersion`. +- `spec.replicas` controls the number of database instances. +- `spec.topology.mode` supports `Standalone` and `SystemReplication`. If `topology` is omitted, KubeDB runs a standalone instance. +- `spec.topology.systemReplication` configures replication and operation mode. +- `spec.storageType` and `spec.storage` define persistent data configuration. +- `spec.authSecret`, `spec.configuration`, `spec.podTemplate`, and `spec.monitor` are optional tuning controls. +- `spec.deletionPolicy` controls cleanup behavior. diff --git a/docs/guides/hanadb/configuration/_index.md b/docs/guides/hanadb/configuration/_index.md new file mode 100644 index 000000000..0ee932820 --- /dev/null +++ b/docs/guides/hanadb/configuration/_index.md @@ -0,0 +1,10 @@ +--- +title: Run HanaDB with Custom Configuration +menu: + docs_{{ .version }}: + identifier: hanadb-configuration + name: Custom Configuration + parent: hanadb-guides + weight: 30 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/hanadb/configuration/using-config-file.md b/docs/guides/hanadb/configuration/using-config-file.md new file mode 100644 index 000000000..ec9f4bf9e --- /dev/null +++ b/docs/guides/hanadb/configuration/using-config-file.md @@ -0,0 +1,143 @@ +--- +title: Run HanaDB with Custom Configuration +menu: + docs_{{ .version }}: + identifier: hanadb-using-config-file + name: Config File + parent: hanadb-configuration + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# Using Custom Configuration File + +KubeDB supports user-provided SAP HANA configuration. This tutorial shows how to run HanaDB with a custom `global.ini` file. + +## Before You Begin + +- Prepare a Kubernetes cluster and configure `kubectl` to communicate with it. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). + +- Install the KubeDB CLI on your workstation and the KubeDB operator in your cluster by following the steps [here](/docs/setup/README.md). + +- To keep things isolated, this tutorial uses a separate namespace called `demo` throughout this tutorial. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored in [docs/examples/hanadb/configuration](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/hanadb/configuration) folder in GitHub repository [kubedb/docs](https://github.com/kubedb/docs). + +## Overview + +KubeDB supports custom HanaDB configuration through a user-provided `global.ini` file. The `spec.configuration.secretName` field lets you provide this configuration without manually mounting any volume into the pod. + +To apply custom configuration, you create a Kubernetes Secret containing your custom config file and provide its name in `spec.configuration.secretName`. The operator reads this Secret internally and applies the configuration automatically. + +In this tutorial, you configure `global.ini` with a custom memory allocation limit. + +## Custom Configuration + +Create a Secret that contains a custom `global.ini` file: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: hanadb-configuration + namespace: demo +stringData: + global.ini: | + [memorymanager] + global_allocation_limit = 8589934592 +``` + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/configuration/hanadb-configuration.yaml +secret/hanadb-configuration created +``` + +Verify the Secret has the configuration file. + +```yaml +$ kubectl get secret -n demo hanadb-configuration -o yaml +apiVersion: v1 +data: + global.ini: +kind: Secret +metadata: + name: hanadb-configuration + namespace: demo +``` + +Create a HanaDB object with `spec.configuration.secretName` set to the Secret name. + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-custom-config + namespace: demo +spec: + version: "2.0.82" + replicas: 1 + configuration: + secretName: hanadb-configuration + storageType: Durable + storage: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + deletionPolicy: WipeOut +``` + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/configuration/custom-hanadb.yaml +hanadb.kubedb.com/hanadb-custom-config created +``` + +Wait for the HanaDB instance to become ready. + +```bash +$ kubectl get hanadb -n demo hanadb-custom-config +NAME VERSION STATUS AGE +hanadb-custom-config 2.0.82 Ready 5m +``` + +Check that the pod is running: + +```bash +$ kubectl get pod -n demo hanadb-custom-config-0 +NAME READY STATUS RESTARTS AGE +hanadb-custom-config-0 1/1 Running 0 5m +``` + +Check whether the database started with the custom configuration by running `hdbsql` inside the pod. + +```bash +$ kubectl exec -it -n demo hanadb-custom-config-0 -- hdbsql \ + -u SYSTEM -p \ + "SELECT KEY, VALUE FROM SYS.M_INIFILE_CONTENTS WHERE FILE_NAME = 'global.ini' AND KEY = 'global_allocation_limit'" +KEY VALUE +global_allocation_limit 8589934592 +``` + +This guide covers initial custom configuration during provisioning. + +## Cleaning up + +To clean up the Kubernetes resources created by this tutorial, run: + +```bash +kubectl patch -n demo hanadb/hanadb-custom-config -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" +kubectl delete -n demo hanadb/hanadb-custom-config + +kubectl delete -n demo secret hanadb-configuration +kubectl delete ns demo +``` diff --git a/docs/guides/hanadb/custom-rbac/_index.md b/docs/guides/hanadb/custom-rbac/_index.md new file mode 100644 index 000000000..97578bdfc --- /dev/null +++ b/docs/guides/hanadb/custom-rbac/_index.md @@ -0,0 +1,10 @@ +--- +title: Run HanaDB with Custom RBAC Resources +menu: + docs_{{ .version }}: + identifier: hanadb-custom-rbac + name: Custom RBAC + parent: hanadb-guides + weight: 35 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/hanadb/custom-rbac/using-custom-rbac.md b/docs/guides/hanadb/custom-rbac/using-custom-rbac.md new file mode 100644 index 000000000..e514b8525 --- /dev/null +++ b/docs/guides/hanadb/custom-rbac/using-custom-rbac.md @@ -0,0 +1,230 @@ +--- +title: Run HanaDB with Custom RBAC Resources +menu: + docs_{{ .version }}: + identifier: hanadb-custom-rbac-quickstart + name: Custom RBAC + parent: hanadb-custom-rbac + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# Using Custom RBAC Resources + +KubeDB supports user-managed role-based access permissions for HanaDB. This tutorial shows how to run a HanaDB instance with custom RBAC resources. + +## Before You Begin + +Prepare a Kubernetes cluster and configure `kubectl` to communicate with it. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). + +Install the KubeDB CLI on your workstation and the KubeDB operator in your cluster by following the steps [here](/docs/setup/README.md). + +To keep things isolated, this tutorial uses a separate namespace called `demo` throughout this tutorial. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +## Overview + +KubeDB allows users to provide custom RBAC resources for HanaDB: `ServiceAccount`, `Role`, `RoleBinding`, `ClusterRole`, and `ClusterRoleBinding`. Configure the service account through `spec.podTemplate.spec.serviceAccountName`. If this field is empty, the KubeDB operator creates a service account whose name matches the HanaDB object. + +If you reference an existing service account, the KubeDB operator uses it. You are responsible for granting the required permissions. + +## Custom RBAC for HanaDB + +Create a `ServiceAccount` in the `demo` namespace. + +```bash +$ kubectl create serviceaccount -n demo my-custom-serviceaccount +serviceaccount/my-custom-serviceaccount created +``` + +Create a `Role` with the namespace-scoped permissions required by the HanaDB instance named `hanadb-custom-rbac`. + +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: my-custom-role + namespace: demo +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - "*" +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - kubedb.com + resources: + - hanadbs + verbs: + - get + - list + - watch + - patch +- apiGroups: + - kubedb.com + resources: + - hanadbs/status + verbs: + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - update +- apiGroups: + - apps.k8s.appscode.com + resources: + - petsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - update +``` + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/custom-rbac/hanadb-custom-role.yaml +role.rbac.authorization.k8s.io/my-custom-role created +``` + +Create a `RoleBinding` to bind this `Role` to the custom service account. + +```bash +$ kubectl create rolebinding my-custom-rolebinding \ + --role=my-custom-role \ + --serviceaccount=demo:my-custom-serviceaccount \ + --namespace=demo +rolebinding.rbac.authorization.k8s.io/my-custom-rolebinding created +``` + +Create the cluster-scoped permissions required by the HanaDB pod. + +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: my-custom-clusterrole +rules: +- apiGroups: + - catalog.kubedb.com + resources: + - hanadbversions + verbs: + - get + - list + - watch +- apiGroups: + - kubedb.com + resources: + - hanadbs + verbs: + - get + - list + - watch +``` + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/custom-rbac/hanadb-custom-clusterrole.yaml +clusterrole.rbac.authorization.k8s.io/my-custom-clusterrole created +``` + +Bind the `ClusterRole` with the custom service account. + +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: my-custom-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: my-custom-clusterrole +subjects: +- kind: ServiceAccount + name: my-custom-serviceaccount + namespace: demo +``` + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/custom-rbac/hanadb-custom-clusterrolebinding.yaml +clusterrolebinding.rbac.authorization.k8s.io/my-custom-clusterrolebinding created +``` + +Create a HanaDB object with `spec.podTemplate.spec.serviceAccountName` set to `my-custom-serviceaccount`. + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-custom-rbac + namespace: demo +spec: + version: "2.0.82" + replicas: 1 + storageType: Durable + podTemplate: + spec: + serviceAccountName: my-custom-serviceaccount + storage: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + deletionPolicy: WipeOut +``` + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/custom-rbac/hanadb-custom-db.yaml +hanadb.kubedb.com/hanadb-custom-rbac created +``` + +Check that the pod is running: + +```bash +$ kubectl get pod -n demo hanadb-custom-rbac-0 +NAME READY STATUS RESTARTS AGE +hanadb-custom-rbac-0 1/1 Running 0 5m +``` + +## Cleaning up + +To clean up the Kubernetes resources created by this tutorial, run: + +```bash +kubectl patch -n demo hanadb/hanadb-custom-rbac -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" +kubectl delete -n demo hanadb/hanadb-custom-rbac + +kubectl delete -n demo serviceaccount my-custom-serviceaccount +kubectl delete -n demo role my-custom-role +kubectl delete -n demo rolebinding my-custom-rolebinding +kubectl delete clusterrole my-custom-clusterrole +kubectl delete clusterrolebinding my-custom-clusterrolebinding +kubectl delete ns demo +``` diff --git a/docs/guides/hanadb/monitoring/_index.md b/docs/guides/hanadb/monitoring/_index.md new file mode 100644 index 000000000..8f16ebc00 --- /dev/null +++ b/docs/guides/hanadb/monitoring/_index.md @@ -0,0 +1,10 @@ +--- +title: HanaDB Monitoring +menu: + docs_{{ .version }}: + identifier: hanadb-monitoring + name: Monitoring + parent: hanadb-guides + weight: 90 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/hanadb/monitoring/overview.md b/docs/guides/hanadb/monitoring/overview.md new file mode 100644 index 000000000..7f5fbdfbb --- /dev/null +++ b/docs/guides/hanadb/monitoring/overview.md @@ -0,0 +1,76 @@ +--- +title: HanaDB Monitoring Overview +menu: + docs_{{ .version }}: + identifier: hanadb-monitoring-overview + name: Overview + parent: hanadb-monitoring + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# HanaDB Monitoring + +KubeDB has native support for monitoring HanaDB via [Prometheus](https://prometheus.io/). You can use built-in Prometheus discovery or Prometheus Operator to monitor KubeDB-managed HanaDB instances. + +## Before You Begin + +- Deploy HanaDB first using the [quickstart guide](/docs/guides/hanadb/quickstart/quickstart.md). +- Install Prometheus Operator or another monitoring stack that can scrape Kubernetes services. + +## Overview + +When you create a HanaDB object with `spec.monitor` configured, KubeDB injects the HanaDB exporter sidecar into the database pod. KubeDB also creates a stats service named `{hanadb-name}-stats` for scraping the exporter endpoint. + +## Configure Monitoring + +HanaDB monitoring is configured via `spec.monitor`. + +| Field | Type | Uses | +|---------------------------------------------------|------------|------| +| `spec.monitor.agent` | `Required` | Monitoring agent type. Use `prometheus.io/builtin` or `prometheus.io/operator`. | +| `spec.monitor.prometheus.exporter.port` | `Optional` | Port where the exporter sidecar serves metrics. Defaults to `9668`. | +| `spec.monitor.prometheus.exporter.args` | `Optional` | Arguments passed to the exporter sidecar. | +| `spec.monitor.prometheus.exporter.env` | `Optional` | Environment variables set in the exporter sidecar. | +| `spec.monitor.prometheus.exporter.resources` | `Optional` | Resource requirements for the exporter sidecar. | +| `spec.monitor.prometheus.serviceMonitor.labels` | `Optional` | Labels added to the `ServiceMonitor` for Prometheus selection. | +| `spec.monitor.prometheus.serviceMonitor.interval` | `Optional` | Scrape interval for Prometheus Operator. | + +## Sample Configuration + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-prometheus-operator + namespace: demo +spec: + version: "2.0.82" + replicas: 1 + storageType: Durable + storage: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + monitor: + agent: prometheus.io/operator + prometheus: + exporter: + port: 9668 + serviceMonitor: + labels: + release: prometheus + interval: 10s + deletionPolicy: WipeOut +``` + +## Next Steps + +- Learn how to monitor HanaDB using [Prometheus Operator](/docs/guides/hanadb/monitoring/using-prometheus-operator.md). +- Learn how to monitor HanaDB using [built-in Prometheus discovery](/docs/guides/hanadb/monitoring/using-builtin-prometheus.md). diff --git a/docs/guides/hanadb/monitoring/using-builtin-prometheus.md b/docs/guides/hanadb/monitoring/using-builtin-prometheus.md new file mode 100644 index 000000000..48f4a42d5 --- /dev/null +++ b/docs/guides/hanadb/monitoring/using-builtin-prometheus.md @@ -0,0 +1,182 @@ +--- +title: Monitor HanaDB using Built-in Prometheus Discovery +menu: + docs_{{ .version }}: + identifier: hanadb-using-builtin-prometheus-monitoring + name: Built-in Prometheus + parent: hanadb-monitoring + weight: 20 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# Monitoring HanaDB with Built-in Prometheus + +This tutorial shows how to monitor a HanaDB instance using the built-in [Prometheus](https://github.com/prometheus/prometheus) scraper. + +## Before You Begin + +- Prepare a Kubernetes cluster and configure `kubectl` to communicate with it. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). + +- Install KubeDB operator in your cluster following the steps [here](/docs/setup/README.md). + +- If you are not familiar with how to configure Prometheus to scrape metrics from various Kubernetes resources, please read the tutorial from [here](https://github.com/appscode/third-party-tools/tree/master/monitoring/prometheus/builtin). + +- To learn how Prometheus monitoring works with KubeDB in general, please visit [here](/docs/guides/hanadb/monitoring/overview.md). + +- This tutorial deploys Prometheus resources in the `monitoring` namespace and the database in the `demo` namespace. + + ```bash + $ kubectl create ns monitoring + namespace/monitoring created + + $ kubectl create ns demo + namespace/demo created + ``` + +> Note: YAML files used in this tutorial are stored in [docs/examples/hanadb/monitoring](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/hanadb/monitoring) folder in GitHub repository [kubedb/docs](https://github.com/kubedb/docs). + +## Deploy HanaDB with Monitoring Enabled + +Deploy a HanaDB instance with monitoring enabled. The manifest is shown below. + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-builtin-prometheus + namespace: demo +spec: + version: "2.0.82" + replicas: 1 + storageType: Durable + storage: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + deletionPolicy: WipeOut + monitor: + agent: prometheus.io/builtin + prometheus: + exporter: + port: 9668 +``` + +Here, `spec.monitor.agent: prometheus.io/builtin` tells KubeDB to use Prometheus annotation-based discovery. `spec.monitor.prometheus.exporter.port` specifies the exporter port. If omitted, KubeDB defaults it to `9668`. + +Create the HanaDB object: + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/monitoring/builtin-prom-hanadb.yaml +hanadb.kubedb.com/hanadb-builtin-prometheus created +``` + +Wait for the database to reach the `Ready` state. + +```bash +$ kubectl get hanadb -n demo hanadb-builtin-prometheus +NAME VERSION STATUS AGE +hanadb-builtin-prometheus 2.0.82 Ready 2m +``` + +KubeDB creates a separate stats service named `{hanadb-name}-stats` for metrics scraping. + +```bash +$ kubectl get svc -n demo --selector="app.kubernetes.io/instance=hanadb-builtin-prometheus" +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +hanadb-builtin-prometheus ClusterIP 10.96.100.10 39017/TCP 2m +hanadb-builtin-prometheus-stats ClusterIP 10.96.100.11 9668/TCP 90s +``` + +The `hanadb-builtin-prometheus-stats` service exposes the exporter endpoint. Describe the service: + +```bash +$ kubectl describe svc -n demo hanadb-builtin-prometheus-stats +Name: hanadb-builtin-prometheus-stats +Namespace: demo +Labels: app.kubernetes.io/name=hanadbs.kubedb.com + app.kubernetes.io/instance=hanadb-builtin-prometheus +Annotations: monitoring.appscode.com/agent: prometheus.io/builtin + prometheus.io/path: /metrics + prometheus.io/port: 9668 + prometheus.io/scheme: http + prometheus.io/scrape: true +Selector: app.kubernetes.io/name=hanadbs.kubedb.com,app.kubernetes.io/instance=hanadb-builtin-prometheus +Type: ClusterIP +Port: metrics 9668/TCP +``` + +The service contains the following annotations, which are used by Prometheus to discover the endpoint: + +``` +prometheus.io/path: /metrics +prometheus.io/port: 9668 +prometheus.io/scheme: http +prometheus.io/scrape: true +``` + +## Configure Prometheus + +Configure Prometheus to scrape metrics from this service. Add the following `scrape_config` to your Prometheus configuration: + +```yaml +scrape_configs: +- job_name: kubedb-hanadbs + honor_labels: true + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + separator: ; + regex: true + target_label: __tmp_prometheus_service_scrape + replacement: $1 + action: keep + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + separator: ; + regex: (https?) + target_label: __scheme__ + replacement: $1 + action: replace + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + separator: ; + regex: (.+) + target_label: __metrics_path__ + replacement: $1 + action: replace + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + separator: ; + regex: ([^:]+)(?::\d+)?;(\d+) + target_label: __address__ + replacement: $1:$2 + action: replace +``` + +Now Prometheus will discover the HanaDB stats service and scrape metrics automatically. + +## Access Prometheus Dashboard + +To access the Prometheus dashboard, port-forward the Prometheus service and visit `http://localhost:9090` in your browser. + +```bash +$ kubectl port-forward -n monitoring svc/prometheus 9090:9090 +``` + +You should see the HanaDB metrics in the Prometheus dashboard under the `kubedb-hanadbs` job. + +## Cleaning up + +To clean up the Kubernetes resources created by this tutorial, run: + +```bash +kubectl patch -n demo hanadb/hanadb-builtin-prometheus -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" +kubectl delete -n demo hanadb/hanadb-builtin-prometheus + +kubectl delete ns demo +kubectl delete ns monitoring +``` diff --git a/docs/guides/hanadb/monitoring/using-prometheus-operator.md b/docs/guides/hanadb/monitoring/using-prometheus-operator.md new file mode 100644 index 000000000..44f9a0be1 --- /dev/null +++ b/docs/guides/hanadb/monitoring/using-prometheus-operator.md @@ -0,0 +1,157 @@ +--- +title: Monitor HanaDB using Prometheus Operator +menu: + docs_{{ .version }}: + identifier: hanadb-using-prometheus-operator-monitoring + name: Prometheus Operator + parent: hanadb-monitoring + weight: 30 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# Monitoring HanaDB with Prometheus Operator + +This tutorial shows how to monitor a HanaDB instance using [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). + +## Before You Begin + +- Prepare a Kubernetes cluster and configure `kubectl` to communicate with it. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). + +- Install KubeDB operator in your cluster following the steps [here](/docs/setup/README.md). + +- Install Prometheus Operator in your cluster following the steps from [here](https://github.com/appscode/third-party-tools/tree/master/monitoring/prometheus/coreos-operator). If you want to use an already deployed Prometheus instance, configure it to monitor all namespaces. + +- To learn how Prometheus monitoring works with KubeDB in general, please visit [here](/docs/guides/hanadb/monitoring/overview.md). + +- This tutorial deploys Prometheus resources in the `monitoring` namespace and the database in the `demo` namespace. + + ```bash + $ kubectl create ns monitoring + namespace/monitoring created + + $ kubectl create ns demo + namespace/demo created + ``` + +> Note: YAML files used in this tutorial are stored in [docs/examples/hanadb/monitoring](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/hanadb/monitoring) folder in GitHub repository [kubedb/docs](https://github.com/kubedb/docs). + +## Deploy HanaDB with Monitoring Enabled + +Deploy a HanaDB instance with monitoring enabled using Prometheus Operator. + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-prometheus-operator + namespace: demo +spec: + version: "2.0.82" + replicas: 1 + storageType: Durable + storage: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + deletionPolicy: WipeOut + monitor: + agent: prometheus.io/operator + prometheus: + exporter: + port: 9668 + serviceMonitor: + labels: + release: prometheus + interval: 10s +``` + +Here, + +- `spec.monitor.agent: prometheus.io/operator` tells KubeDB that we want to monitor using Prometheus Operator. +- `spec.monitor.prometheus.exporter.port` specifies the exporter port. If omitted, KubeDB defaults it to `9668`. +- `spec.monitor.prometheus.serviceMonitor.labels` specifies labels to add to the ServiceMonitor. The Prometheus CR must have matching labels in its `serviceMonitorSelector`. +- `spec.monitor.prometheus.serviceMonitor.interval` specifies the scrape interval. + +Create the HanaDB object: + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/monitoring/coreos-prom-hanadb.yaml +hanadb.kubedb.com/hanadb-prometheus-operator created +``` + +Wait for the database to reach the `Ready` state. + +```bash +$ kubectl get hanadb -n demo hanadb-prometheus-operator +NAME VERSION STATUS AGE +hanadb-prometheus-operator 2.0.82 Ready 2m +``` + +KubeDB will create a ServiceMonitor and stats service for this HanaDB instance. + +```bash +$ kubectl get servicemonitor -n demo +NAME AGE +hanadb-prometheus-operator-stats 2m +``` + +Verify the `ServiceMonitor`: + +```yaml +$ kubectl get servicemonitor -n demo hanadb-prometheus-operator-stats -o yaml +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: hanadb-prometheus-operator + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: hanadbs.kubedb.com + release: prometheus + name: hanadb-prometheus-operator-stats + namespace: demo +spec: + endpoints: + - honorLabels: true + interval: 10s + path: /metrics + port: metrics + scheme: http + namespaceSelector: + matchNames: + - demo + selector: + matchLabels: + app.kubernetes.io/instance: hanadb-prometheus-operator + app.kubernetes.io/name: hanadbs.kubedb.com +``` + +Prometheus Operator will automatically pick up this ServiceMonitor and start scraping metrics from the HanaDB stats service. + +## Access Prometheus Dashboard + +To verify, port-forward the Prometheus service and visit `http://localhost:9090/targets`: + +```bash +$ kubectl port-forward -n monitoring svc/prometheus-kube-prometheus-prometheus 9090:9090 +``` + +You should see `demo/hanadb-prometheus-operator-stats` target in an UP state. + +## Cleaning up + +To clean up the Kubernetes resources created by this tutorial, run: + +```bash +kubectl patch -n demo hanadb/hanadb-prometheus-operator -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" +kubectl delete -n demo hanadb/hanadb-prometheus-operator + +kubectl delete ns demo +kubectl delete ns monitoring +``` diff --git a/docs/guides/hanadb/private-registry/_index.md b/docs/guides/hanadb/private-registry/_index.md new file mode 100644 index 000000000..31c60a4be --- /dev/null +++ b/docs/guides/hanadb/private-registry/_index.md @@ -0,0 +1,10 @@ +--- +title: Run HanaDB using Private Registry +menu: + docs_{{ .version }}: + identifier: hanadb-private-registry + name: Private Registry + parent: hanadb-guides + weight: 40 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/hanadb/private-registry/using-private-registry.md b/docs/guides/hanadb/private-registry/using-private-registry.md new file mode 100644 index 000000000..e7ac4e061 --- /dev/null +++ b/docs/guides/hanadb/private-registry/using-private-registry.md @@ -0,0 +1,137 @@ +--- +title: Run HanaDB using Private Registry +menu: + docs_{{ .version }}: + identifier: hanadb-using-private-registry + name: Quickstart + parent: hanadb-private-registry + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# Using Private Docker Registry + +KubeDB supports private Docker registries. This tutorial shows how to run a KubeDB-managed HanaDB instance using private images. + +## Before You Begin + +Prepare a Kubernetes cluster and configure `kubectl` to communicate with it. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). + +To keep things isolated, this tutorial uses a separate namespace called `demo` throughout this tutorial. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +## Prepare Private Docker Registry + +- Prepare a private Docker [registry](https://docs.docker.com/registry/) or [private repository](https://docs.docker.com/docker-hub/repos/#private-repositories). + +- Push the required HanaDB images into your private registry. For HanaDB, push the database, coordinator, and exporter images from the active `HanaDBVersion` entries. + + ```bash + $ kubectl get hanadbversions -o=custom-columns=NAME:.metadata.name,VERSION:.spec.version,DB_IMAGE:.spec.db.image,COORDINATOR_IMAGE:.spec.coordinator.image,EXPORTER_IMAGE:.spec.exporter.image,DEPRECATED:.spec.deprecated + NAME VERSION DB_IMAGE COORDINATOR_IMAGE EXPORTER_IMAGE DEPRECATED + 2.0.82 2.0.82 docker.io/saplabs/hanaexpress:2.00.082.00.20250528.1 ghcr.io/kubedb/hanadb-coordinator:v0.4.0 ghcr.io/kubedb/hanadb-exporter:1.0.0 + ``` + +## Create ImagePullSecret + +Run the following command to create an image pull secret for your private Docker registry: + +```bash +$ kubectl create secret docker-registry -n demo myregistrykey \ + --docker-server=DOCKER_REGISTRY_SERVER \ + --docker-username=DOCKER_USER \ + --docker-email=DOCKER_EMAIL \ + --docker-password=DOCKER_PASSWORD +secret/myregistrykey created +``` + +## Install the KubeDB Operator + +Install the [KubeDB operator](/docs/setup/README.md) in your cluster and configure it to use the private registry that hosts the required images. + +## Create a HanaDBVersion + +Create a `HanaDBVersion` object that points to images in your private registry. Replace `PRIVATE_REGISTRY` with your registry address. + +```yaml +apiVersion: catalog.kubedb.com/v1alpha1 +kind: HanaDBVersion +metadata: + name: "2.0.82-private" +spec: + coordinator: + image: PRIVATE_REGISTRY/hanadb-coordinator:v0.4.0 + db: + image: PRIVATE_REGISTRY/hanaexpress:2.00.082.00.20250528.1 + exporter: + image: PRIVATE_REGISTRY/hanadb-exporter:1.0.0 + securityContext: + runAsGroup: 79 + runAsUser: 12000 + updateConstraints: + allowlist: + - 2.0.82-private + version: "2.0.82" +``` + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/private-registry/pvt-hanadbversion.yaml +hanadbversion.catalog.kubedb.com/2.0.82-private created +``` + +## Deploy HanaDB from Private Registry + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-private-registry + namespace: demo +spec: + version: "2.0.82-private" + replicas: 1 + storageType: Durable + storage: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + podTemplate: + spec: + imagePullSecrets: + - name: myregistrykey + deletionPolicy: WipeOut +``` + +```bash +$ kubectl create -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/private-registry/pvt-reg-hanadb.yaml +hanadb.kubedb.com/hanadb-private-registry created +``` + +Check that the HanaDB pod is running: + +```bash +$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=hanadb-private-registry" +NAME READY STATUS RESTARTS AGE +hanadb-private-registry-0 1/1 Running 0 3m +``` + +## Cleaning up + +To clean up the Kubernetes resources created by this tutorial, run: + +```bash +kubectl patch -n demo hanadb/hanadb-private-registry -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" +kubectl delete -n demo hanadb/hanadb-private-registry + +kubectl delete ns demo +``` diff --git a/docs/guides/hanadb/quickstart/_index.md b/docs/guides/hanadb/quickstart/_index.md new file mode 100644 index 000000000..084840002 --- /dev/null +++ b/docs/guides/hanadb/quickstart/_index.md @@ -0,0 +1,10 @@ +--- +title: HanaDB Quickstart +menu: + docs_{{ .version }}: + identifier: hanadb-quickstart + name: Quickstart + parent: hanadb-guides + weight: 15 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/hanadb/quickstart/quickstart.md b/docs/guides/hanadb/quickstart/quickstart.md new file mode 100644 index 000000000..bde1013cd --- /dev/null +++ b/docs/guides/hanadb/quickstart/quickstart.md @@ -0,0 +1,90 @@ +--- +title: HanaDB Quickstart +menu: + docs_{{ .version }}: + identifier: hanadb-quickstart-overview + name: Overview + parent: hanadb-quickstart + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# Running HanaDB + +This tutorial shows how to run a SAP HANA database with KubeDB. + +> Note: YAML files used in this tutorial are stored in [docs/examples/hanadb/quickstart](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/hanadb/quickstart). + +## Before You Begin + +- Prepare a Kubernetes cluster and `kubectl`. +- Install KubeDB from [/docs/setup/README.md](/docs/setup/README.md). +- This tutorial uses `docs/examples/hanadb/quickstart/system-replication.yaml` as the working example manifest. +- Create namespace: + +```bash +kubectl create ns demo +``` + +## Check Available StorageClass + +```bash +kubectl get storageclass +``` + +The example manifests use `storageClassName: local-path` and request `64Gi` storage for each HanaDB pod. Update the storage class if your cluster uses a different provisioner. + +## Check Available HanaDBVersion + +```bash +kubectl get hanadbversions +``` + +## Create a HanaDB Cluster + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-cluster + namespace: demo +spec: + version: "2.0.82" + replicas: 3 + storageType: "Durable" + topology: + mode: SystemReplication + systemReplication: + replicationMode: fullsync + operationMode: logreplay_readaccess + storage: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 64Gi + storageClassName: local-path +``` + +```bash +kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/quickstart/system-replication.yaml +kubectl get hanadb -n demo hanadb-cluster -w +``` + +## Verify the Cluster + +```bash +kubectl get hanadb -n demo +kubectl describe hanadb -n demo hanadb-cluster +``` + +When `status.phase` becomes `Ready`, the HanaDB deployment is ready for application traffic. + +## Cleaning up + +```bash +kubectl delete hanadb -n demo hanadb-cluster +kubectl delete ns demo +``` diff --git a/docs/guides/hanadb/quickstart/rbac.md b/docs/guides/hanadb/quickstart/rbac.md new file mode 100644 index 000000000..41d7d2357 --- /dev/null +++ b/docs/guides/hanadb/quickstart/rbac.md @@ -0,0 +1,249 @@ +--- +title: RBAC for HanaDB +menu: + docs_{{ .version }}: + identifier: hanadb-rbac-quickstart + name: RBAC + parent: hanadb-quickstart + weight: 15 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# RBAC Permissions for HanaDB + +When RBAC is enabled in your cluster, KubeDB automatically creates the RBAC resources required by each HanaDB instance. This tutorial explains what permissions are granted and how to verify them. + +The HanaDB pods require the following namespace-scoped permissions: + +| Kubernetes Resource | Permission required | +|---------------------|----------------------------------| +| pods | `*` | +| pods/exec | `create` | +| hanadbs | `get`, `list`, `watch`, `patch` | +| hanadbs/status | `patch` | +| secrets | `get`, `list`, `create`, `update` | +| petsets | `get`, `list`, `watch` | +| configmaps | `create`, `get`, `update` | + +They also require cluster-scoped read access to `hanadbversions` and `hanadbs`. + +## Before You Begin + +- Prepare a Kubernetes cluster and configure `kubectl` to communicate with it. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). + +- Install the KubeDB CLI on your workstation and the KubeDB operator in your cluster by following the steps [here](/docs/setup/README.md). + +- To keep things isolated, this tutorial uses a separate namespace called `demo` throughout this tutorial. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +## Create a HanaDB Database + +The following manifest creates the HanaDB instance used in this tutorial. + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: HanaDB +metadata: + name: hanadb-quickstart + namespace: demo +spec: + version: "2.0.82" + replicas: 1 + storageType: Durable + storage: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + deletionPolicy: Delete +``` + +Create the HanaDB object: + +```bash +$ kubectl create -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/quickstart/quick-hanadb.yaml +hanadb.kubedb.com/hanadb-quickstart created +``` + +When the HanaDB object is created, the KubeDB operator creates a `Role`, `ServiceAccount`, `RoleBinding`, `ClusterRole`, and `ClusterRoleBinding` with the matching HanaDB name. + +### Role + +```bash +$ kubectl get role -n demo hanadb-quickstart -o yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: hanadb-quickstart + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: hanadbs.kubedb.com + name: hanadb-quickstart + namespace: demo +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - "*" +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - kubedb.com + resources: + - hanadbs + verbs: + - get + - list + - watch + - patch +- apiGroups: + - kubedb.com + resources: + - hanadbs/status + verbs: + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - update +- apiGroups: + - apps.k8s.appscode.com + resources: + - petsets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - update +``` + +### ServiceAccount + +```bash +$ kubectl get serviceaccount -n demo hanadb-quickstart -o yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: hanadb-quickstart + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: hanadbs.kubedb.com + name: hanadb-quickstart + namespace: demo +``` + +### RoleBinding + +```bash +$ kubectl get rolebinding -n demo hanadb-quickstart -o yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: hanadb-quickstart + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: hanadbs.kubedb.com + name: hanadb-quickstart + namespace: demo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: hanadb-quickstart +subjects: +- kind: ServiceAccount + name: hanadb-quickstart + namespace: demo +``` + +### ClusterRole + +```bash +$ kubectl get clusterrole hanadb-quickstart -o yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: hanadb-quickstart +rules: +- apiGroups: + - catalog.kubedb.com + resources: + - hanadbversions + verbs: + - get + - list + - watch +- apiGroups: + - kubedb.com + resources: + - hanadbs + verbs: + - get + - list + - watch +``` + +### ClusterRoleBinding + +```bash +$ kubectl get clusterrolebinding hanadb-quickstart -o yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: hanadb-quickstart + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: hanadbs.kubedb.com + name: hanadb-quickstart +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: hanadb-quickstart +subjects: +- kind: ServiceAccount + name: hanadb-quickstart + namespace: demo +``` + +## Cleaning up + +To clean up the Kubernetes resources created by this tutorial, run: + +```bash +kubectl patch -n demo hanadb/hanadb-quickstart -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" +kubectl delete -n demo hanadb/hanadb-quickstart + +kubectl delete clusterrolebinding hanadb-quickstart +kubectl delete clusterrole hanadb-quickstart +kubectl delete ns demo +```