From 01f703e40a02ae317c02e7efcff78a1b5afacec4 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Thu, 30 Apr 2026 11:09:53 +0600 Subject: [PATCH 1/5] docs(db2): add guides and examples --- docs/examples/db2/quickstart/standalone.yaml | 15 ++ docs/guides/db2/README.md | 59 ++++++ docs/guides/db2/_index.md | 10 + docs/guides/db2/concepts/_index.md | 10 + docs/guides/db2/concepts/catalog.md | 47 +++++ docs/guides/db2/concepts/db2.md | 53 +++++ docs/guides/db2/concepts/opsrequest.md | 44 ++++ docs/guides/db2/configuration/_index.md | 10 + docs/guides/db2/configuration/overview.md | 43 ++++ docs/guides/db2/custom-rbac/_index.md | 10 + .../db2/custom-rbac/using-custom-rbac.md | 182 +++++++++++++++++ docs/guides/db2/ops-request/_index.md | 10 + docs/guides/db2/ops-request/overview.md | 29 +++ docs/guides/db2/private-registry/_index.md | 10 + .../using-private-registry.md | 147 ++++++++++++++ docs/guides/db2/quickstart/_index.md | 10 + docs/guides/db2/quickstart/quickstart.md | 85 ++++++++ docs/guides/db2/quickstart/rbac.md | 192 ++++++++++++++++++ 18 files changed, 966 insertions(+) create mode 100644 docs/examples/db2/quickstart/standalone.yaml create mode 100644 docs/guides/db2/README.md create mode 100644 docs/guides/db2/_index.md create mode 100644 docs/guides/db2/concepts/_index.md create mode 100644 docs/guides/db2/concepts/catalog.md create mode 100644 docs/guides/db2/concepts/db2.md create mode 100644 docs/guides/db2/concepts/opsrequest.md create mode 100644 docs/guides/db2/configuration/_index.md create mode 100644 docs/guides/db2/configuration/overview.md create mode 100644 docs/guides/db2/custom-rbac/_index.md create mode 100644 docs/guides/db2/custom-rbac/using-custom-rbac.md create mode 100644 docs/guides/db2/ops-request/_index.md create mode 100644 docs/guides/db2/ops-request/overview.md create mode 100644 docs/guides/db2/private-registry/_index.md create mode 100644 docs/guides/db2/private-registry/using-private-registry.md create mode 100644 docs/guides/db2/quickstart/_index.md create mode 100644 docs/guides/db2/quickstart/quickstart.md create mode 100644 docs/guides/db2/quickstart/rbac.md diff --git a/docs/examples/db2/quickstart/standalone.yaml b/docs/examples/db2/quickstart/standalone.yaml new file mode 100644 index 000000000..28767e4a5 --- /dev/null +++ b/docs/examples/db2/quickstart/standalone.yaml @@ -0,0 +1,15 @@ +apiVersion: kubedb.com/v1alpha2 +kind: DB2 +metadata: + name: db2 + namespace: demo +spec: + version: 11.5.8.0 + storageType: Durable + deletionPolicy: Delete + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi diff --git a/docs/guides/db2/README.md b/docs/guides/db2/README.md new file mode 100644 index 000000000..7e1932d9c --- /dev/null +++ b/docs/guides/db2/README.md @@ -0,0 +1,59 @@ +--- +title: DB2 +menu: + docs_{{ .version }}: + identifier: db2-readme + name: DB2 + parent: db2-guides + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +url: /docs/{{ .version }}/guides/db2/ +aliases: + - /docs/{{ .version }}/guides/db2/README/ +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# Overview + +KubeDB supports IBM DB2 using the `DB2` Custom Resource Definition. You can declare the desired DB2 configuration, and KubeDB provisions and manages the required Kubernetes resources. + +## Supported DB2 Features + +| Features | Availability | +|--------------------------------|:------------:| +| Standalone DB2 deployment | ✓ | +| Persistent volume | ✓ | +| Authentication secret | ✓ | +| Pod and service customization | ✓ | +| Health checker | ✓ | + +## Example DB2 Manifest + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: DB2 +metadata: + name: db2 + namespace: demo +spec: + version: 11.5.8.0 + storageType: Durable + deletionPolicy: Delete + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi +``` + +## User Guide + +- [Quickstart DB2](/docs/guides/db2/quickstart/quickstart.md) with KubeDB operator. +- [DB2 CRD Concept](/docs/guides/db2/concepts/db2.md). +- [DB2Version CRD Concept](/docs/guides/db2/concepts/catalog.md). +- [DB2OpsRequest CRD Concept](/docs/guides/db2/concepts/opsrequest.md). +- [Configuration](/docs/guides/db2/configuration/overview.md) for auth, pod, service, and health settings. +- [Ops Request](/docs/guides/db2/ops-request/overview.md). \ No newline at end of file diff --git a/docs/guides/db2/_index.md b/docs/guides/db2/_index.md new file mode 100644 index 000000000..963d6d7d1 --- /dev/null +++ b/docs/guides/db2/_index.md @@ -0,0 +1,10 @@ +--- +title: DB2 +menu: + docs_{{ .version }}: + identifier: db2-guides + name: DB2 + parent: guides + weight: 12 +menu_name: docs_{{ .version }} +--- \ No newline at end of file diff --git a/docs/guides/db2/concepts/_index.md b/docs/guides/db2/concepts/_index.md new file mode 100644 index 000000000..b1b77be5e --- /dev/null +++ b/docs/guides/db2/concepts/_index.md @@ -0,0 +1,10 @@ +--- +title: DB2 Concepts +menu: + docs_{{ .version }}: + identifier: db2-concepts-db2 + name: Concepts + parent: db2-guides + weight: 15 +menu_name: docs_{{ .version }} +--- \ No newline at end of file diff --git a/docs/guides/db2/concepts/catalog.md b/docs/guides/db2/concepts/catalog.md new file mode 100644 index 000000000..c19405e3f --- /dev/null +++ b/docs/guides/db2/concepts/catalog.md @@ -0,0 +1,47 @@ +--- +title: DB2Version CRD +menu: + docs_{{ .version }}: + identifier: db2-catalog-concepts + name: DB2Version + parent: db2-concepts-db2 + weight: 15 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# DB2Version + +## What is DB2Version + +`DB2Version` is the catalog CRD that defines which DB2 engine image and related components KubeDB should use when creating a `DB2` database. + +When you set `spec.version` in a `DB2` resource, KubeDB resolves that value against a `DB2Version` object. + +## DB2Version Specification + +```yaml +apiVersion: catalog.kubedb.com/v1alpha1 +kind: DB2Version +metadata: + name: "11.5.8.0" +spec: + version: "11.5.8.0" + db: + image: "kubedb/db2:11.5.8.0" + deprecated: false +``` + +## Key fields + +- `metadata.name` is the version label you reference from `DB2.spec.version`. +- `spec.version` is the upstream DB2 version represented by this entry. +- `spec.db.image` is the container image KubeDB uses for DB2 pods. +- `spec.deprecated` marks whether this entry should be avoided for new deployments. + +## Next Steps + +- Read the [DB2 CRD concept](/docs/guides/db2/concepts/db2.md). +- Run the [DB2 quickstart](/docs/guides/db2/quickstart/quickstart.md). \ No newline at end of file diff --git a/docs/guides/db2/concepts/db2.md b/docs/guides/db2/concepts/db2.md new file mode 100644 index 000000000..39992a9e1 --- /dev/null +++ b/docs/guides/db2/concepts/db2.md @@ -0,0 +1,53 @@ +--- +title: DB2 CRD +menu: + docs_{{ .version }}: + identifier: db2-db2-concepts + name: DB2 + parent: db2-concepts-db2 + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# DB2 + +## What is DB2 + +`DB2` is a Kubernetes `CustomResourceDefinition` (CRD) provided by KubeDB. It lets you run and manage IBM DB2 with Kubernetes-native declarative APIs. + +## DB2 Spec + +Like all Kubernetes resources, a `DB2` object needs `apiVersion`, `kind`, and `metadata`, and it uses `.spec` to define the desired state. + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: DB2 +metadata: + name: db2 + namespace: demo +spec: + version: 11.5.8.0 + storageType: Durable + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + deletionPolicy: Delete +``` + +### Key fields + +- `spec.version` is required and points to a `DB2Version`. +- `spec.replicas` controls number of DB2 pods. +- `spec.storageType` supports `Durable` (PVC) and `Ephemeral`. +- `spec.storage` defines the PVC template when using durable storage. +- `spec.authSecret` references user credentials. +- `spec.podTemplate` customizes the DB2 pods. +- `spec.serviceTemplates` customizes services exposed by KubeDB. +- `spec.deletionPolicy` controls cleanup behavior on CR deletion. +- `spec.healthChecker` controls readiness/liveness checks. \ No newline at end of file diff --git a/docs/guides/db2/concepts/opsrequest.md b/docs/guides/db2/concepts/opsrequest.md new file mode 100644 index 000000000..22c57a832 --- /dev/null +++ b/docs/guides/db2/concepts/opsrequest.md @@ -0,0 +1,44 @@ +--- +title: DB2OpsRequest CRD +menu: + docs_{{ .version }}: + identifier: db2-opsrequest-concepts + name: DB2OpsRequest + parent: db2-concepts-db2 + weight: 25 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# DB2OpsRequest + +## What is DB2OpsRequest + +`DB2OpsRequest` is the operations CRD KubeDB uses for day-2 lifecycle changes of DB2 databases when that feature is available in a release. + +## Current support status + +Based on [new_db.md](/new_db.md), no DB2 operation types are currently listed. + +## Expected CRD shape + +When available, an ops request follows this structure: + +```yaml +apiVersion: ops.kubedb.com/v1alpha1 +kind: DB2OpsRequest +metadata: + name: db2-ops-sample + namespace: demo +spec: + type: Restart + databaseRef: + name: db2 +``` + +## Next Steps + +- Track [DB2 ops overview](/docs/guides/db2/ops-request/overview.md) for support updates. +- Use [DB2 configuration guide](/docs/guides/db2/configuration/overview.md) for declarative spec updates. \ No newline at end of file diff --git a/docs/guides/db2/configuration/_index.md b/docs/guides/db2/configuration/_index.md new file mode 100644 index 000000000..708c7a1ae --- /dev/null +++ b/docs/guides/db2/configuration/_index.md @@ -0,0 +1,10 @@ +--- +title: DB2 Configuration +menu: + docs_{{ .version }}: + identifier: db2-configuration + name: Configuration + parent: db2-guides + weight: 20 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/db2/configuration/overview.md b/docs/guides/db2/configuration/overview.md new file mode 100644 index 000000000..a7d353f1b --- /dev/null +++ b/docs/guides/db2/configuration/overview.md @@ -0,0 +1,43 @@ +--- +title: DB2 Configuration Overview +menu: + docs_{{ .version }}: + identifier: db2-configuration-overview + name: Overview + parent: db2-configuration + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# DB2 Configuration + +This guide shows the main DB2 configuration knobs you can adjust before creating or updating a database. + +## Before You Begin + +- Review the base DB2 manifest from [Quickstart](/docs/guides/db2/quickstart/quickstart.md). +- Decide whether you need to change credentials, pod resources, service exposure, or probe behavior. + +## Common Configuration Fields + +- spec.authSecret for custom credentials. +- spec.podTemplate for resources, scheduling, and environment. +- spec.serviceTemplates for service exposure. +- spec.healthChecker for readiness and liveness thresholds. + +## How to Apply Configuration + +Start from the quickstart manifest, add the fields you need under `spec`, and then re-apply the DB2 resource. + +```bash +kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/db2/quickstart/standalone.yaml +kubectl edit db2 -n demo db2 +``` + +## Verify + +```bash +kubectl get db2 -n demo db2 -o yaml +kubectl describe db2 -n demo db2 +``` diff --git a/docs/guides/db2/custom-rbac/_index.md b/docs/guides/db2/custom-rbac/_index.md new file mode 100644 index 000000000..49f2077f5 --- /dev/null +++ b/docs/guides/db2/custom-rbac/_index.md @@ -0,0 +1,10 @@ +--- +title: Run DB2 with Custom RBAC resources +menu: + docs_{{ .version }}: + identifier: db2-custom-rbac + name: Custom RBAC + parent: db2-guides + weight: 90 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/db2/custom-rbac/using-custom-rbac.md b/docs/guides/db2/custom-rbac/using-custom-rbac.md new file mode 100644 index 000000000..e4bb018f3 --- /dev/null +++ b/docs/guides/db2/custom-rbac/using-custom-rbac.md @@ -0,0 +1,182 @@ +--- +title: Run DB2 with Custom RBAC resources +menu: + docs_{{ .version }}: + identifier: db2-custom-rbac-quickstart + name: Custom RBAC + parent: db2-custom-rbac + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# Using Custom RBAC Resources + +KubeDB supports finer user control over role based access permissions provided to a DB2 instance. This tutorial will show you how to use KubeDB to run DB2 instance with custom RBAC resources. + +## Before You Begin + +At first, you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). + +Now, install KubeDB cli on your workstation and KubeDB operator in your cluster following the steps [here](/docs/setup/README.md). + +To keep things isolated, this tutorial uses a separate namespace called `demo` throughout this tutorial. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored in [docs/examples/db2](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/db2) folder in GitHub repository [kubedb/docs](https://github.com/kubedb/docs). + +## Overview + +KubeDB allows users to provide custom RBAC resources, namely, `ServiceAccount`, `Role`, and `RoleBinding` for DB2. This is provided via the `spec.podTemplate.spec.serviceAccountName` field in DB2 CRD. If this field is left empty, the KubeDB operator will create a service account name matching the DB2 CRD name. Role and RoleBinding that provide necessary access permissions will also be generated automatically for this service account. + +If a service account name is given, but there's no existing service account by that name, the KubeDB operator will create one, and Role and RoleBinding that provide necessary access permissions will also be generated for this service account. + +If a service account name is given, and there's an existing service account by that name, the KubeDB operator will use that existing service account. Since this service account is not managed by KubeDB, users are responsible for providing necessary access permissions manually. + +This guide will show you how to create custom `Service Account`, `Role`, and `RoleBinding` for a DB2 instance named `quick-db2` to provide the bare minimum access permissions. + +## Custom RBAC for DB2 + +At first, let's create a `Service Account` in `demo` namespace. + +```bash +$ kubectl create serviceaccount -n demo my-custom-serviceaccount +serviceaccount/my-custom-serviceaccount created +``` + +It should create a service account. + +```yaml +$ kubectl get serviceaccount -n demo my-custom-serviceaccount -o yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: my-custom-serviceaccount + namespace: demo +``` + +Now, we need to create a role that has necessary access permissions for the DB2 database named `quick-db2`. + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/db2/custom-rbac/db2-custom-role.yaml +role.rbac.authorization.k8s.io/my-custom-role created +``` + +Below is the YAML for the Role we just created. + +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: my-custom-role + namespace: demo +rules: +- apiGroups: + - apps + resourceNames: + - quick-db2 + resources: + - petsets + verbs: + - get +- apiGroups: + - kubedb.com + resourceNames: + - quick-db2 + resources: + - db2s + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - patch +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - update +``` + +Now create a `RoleBinding` to bind this `Role` with the already created service account. + +```bash +$ kubectl create rolebinding my-custom-rolebinding \ + --role=my-custom-role \ + --serviceaccount=demo:my-custom-serviceaccount \ + --namespace=demo +rolebinding.rbac.authorization.k8s.io/my-custom-rolebinding created +``` + +Now, create a DB2 CRD specifying `spec.podTemplate.spec.serviceAccountName` field to `my-custom-serviceaccount`. + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/db2/custom-rbac/db2-custom-db.yaml +db2.kubedb.com/quick-db2 created +``` + +Below is the YAML for the DB2 CRD we just created. + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: DB2 +metadata: + name: quick-db2 + namespace: demo +spec: + version: "11.5.9" + storageType: Durable + podTemplate: + spec: + serviceAccountName: my-custom-serviceaccount + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + deletionPolicy: WipeOut +``` + +Now, wait a few minutes. The KubeDB operator will create necessary PVC, petset, services, and secret. If everything goes well, we should see that a pod with the name `quick-db2-0` has been created. + +Check that the petset's pod is running: + +```bash +$ kubectl get pod -n demo quick-db2-0 +NAME READY STATUS RESTARTS AGE +quick-db2-0 1/1 Running 0 3m +``` + +## Cleaning up + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl patch -n demo db2/quick-db2 -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" +kubectl delete -n demo db2/quick-db2 + +kubectl delete -n demo serviceaccount my-custom-serviceaccount +kubectl delete -n demo role my-custom-role +kubectl delete -n demo rolebinding my-custom-rolebinding +kubectl delete ns demo +``` diff --git a/docs/guides/db2/ops-request/_index.md b/docs/guides/db2/ops-request/_index.md new file mode 100644 index 000000000..d94fd37dd --- /dev/null +++ b/docs/guides/db2/ops-request/_index.md @@ -0,0 +1,10 @@ +--- +title: Ops Request +menu: + docs_{{ .version }}: + identifier: db2-ops-request + name: Ops Request + parent: db2-guides + weight: 30 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/db2/ops-request/overview.md b/docs/guides/db2/ops-request/overview.md new file mode 100644 index 000000000..a0a8cbe16 --- /dev/null +++ b/docs/guides/db2/ops-request/overview.md @@ -0,0 +1,29 @@ +--- +title: DB2 Ops Request Overview +menu: + docs_{{ .version }}: + identifier: db2-ops-request-overview + name: Overview + parent: db2-ops-request + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# DB2 Ops Request + +This page tracks DB2 operations supported by the new database matrix used for these guides. + +## Before You Begin + +- Deploy a DB2 database first using the [quickstart guide](/docs/guides/db2/quickstart/quickstart.md). +- Confirm the current support list in [new_db.md](/new_db.md) for your release. + +## Current Status + +Based on [new_db.md](/new_db.md), no DB2 ops request types are listed yet. + +## What to Check Next + +- Watch future KubeDB releases for DB2 `OpsRequest` support. +- Use the DB2 configuration guide for declarative spec-level changes that do not require an ops workflow. diff --git a/docs/guides/db2/private-registry/_index.md b/docs/guides/db2/private-registry/_index.md new file mode 100644 index 000000000..58195c351 --- /dev/null +++ b/docs/guides/db2/private-registry/_index.md @@ -0,0 +1,10 @@ +--- +title: Run DB2 using Private Registry +menu: + docs_{{ .version }}: + identifier: db2-private-registry + name: Private Registry + parent: db2-guides + weight: 120 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/db2/private-registry/using-private-registry.md b/docs/guides/db2/private-registry/using-private-registry.md new file mode 100644 index 000000000..ed062a885 --- /dev/null +++ b/docs/guides/db2/private-registry/using-private-registry.md @@ -0,0 +1,147 @@ +--- +title: Run DB2 using Private Registry +menu: + docs_{{ .version }}: + identifier: db2-using-private-registry + name: Quickstart + parent: db2-private-registry + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# Using Private Docker Registry + +KubeDB supports using private Docker registries. This tutorial will show you how to run KubeDB managed DB2 database using private Docker images. + +## Before You Begin + +At first, you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). + +To keep things isolated, this tutorial uses a separate namespace called `demo` throughout this tutorial. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored in [docs/examples/db2](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/db2) folder in GitHub repository [kubedb/docs](https://github.com/kubedb/docs). + +## Prepare Private Docker Registry + +- You will also need a docker private [registry](https://docs.docker.com/registry/) or [private repository](https://docs.docker.com/docker-hub/repos/#private-repositories). In this tutorial we will use private repository of [docker hub](https://hub.docker.com/). + +- You have to push the required images from KubeDB's [Docker hub account](https://hub.docker.com/r/kubedb/) into your private registry. For DB2, push `DB_IMAGE` of the following DB2Versions, where `deprecated` is not true, to your private registry. + + ```bash + $ kubectl get db2versions -o=custom-columns=NAME:.metadata.name,VERSION:.spec.version,DB_IMAGE:.spec.db.image,DEPRECATED:.spec.deprecated + NAME VERSION DB_IMAGE DEPRECATED + 11.5.9 11.5.9 kubedb/db2:11.5.9 + ``` + + Docker hub repositories: + +- [kubedb/db2](https://hub.docker.com/r/kubedb/db2) + +## Create ImagePullSecret + +ImagePullSecrets is a type of a Kubernetes Secret whose sole purpose is to pull private images from a Docker registry. It allows you to specify the url of the docker registry, credentials for logging in and the image name of your private docker image. + +Run the following command, substituting the appropriate uppercase values to create an image pull secret for your private Docker registry: + +```bash +$ kubectl create secret docker-registry -n demo myregistrykey \ + --docker-server=DOCKER_REGISTRY_SERVER \ + --docker-username=DOCKER_USER \ + --docker-email=DOCKER_EMAIL \ + --docker-password=DOCKER_PASSWORD +secret/myregistrykey created +``` + +If you wish to follow other ways to pull private images see [official docs](https://kubernetes.io/docs/concepts/containers/images/) of Kubernetes. + +## Install KubeDB Operator + +When installing KubeDB operator, set the flags `--docker-registry` and `--image-pull-secret` to appropriate values. +Follow the steps to [install KubeDB operator](/docs/setup/README.md) properly in cluster so that it points to the DOCKER_REGISTRY you wish to pull images from. + +## Create DB2Version CRD + +KubeDB uses images specified in DB2Version CRD for database and exporting prometheus metrics. You have to create a DB2Version CRD specifying images from your private registry. Then, you have to point this DB2Version CRD in `spec.version` field of DB2 object. For more details about DB2Version CRD, please visit [here](/docs/guides/db2/concepts/catalog.md). + +Here, is an example of DB2Version CRD. Replace `PRIVATE_REGISTRY` with your private registry. + +```yaml +apiVersion: catalog.kubedb.com/v1alpha1 +kind: DB2Version +metadata: + name: "11.5.9" +spec: + db: + image: PRIVATE_REGISTRY/db2:11.5.9 + version: "11.5.9" +``` + +Now, create the DB2Version CRD: + +```bash +$ kubectl apply -f pvt-db2version.yaml +db2version.catalog.kubedb.com/11.5.9 created +``` + +## Deploy DB2 from Private Registry + +While deploying DB2 from private repository, you have to add `myregistrykey` secret in DB2 `spec.podTemplate.spec.imagePullSecrets` and specify your private version in `spec.version` field. + +Below is the DB2 object we will create in this tutorial: + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: DB2 +metadata: + name: pvt-reg-db2 + namespace: demo +spec: + version: "11.5.9" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + podTemplate: + spec: + imagePullSecrets: + - name: myregistrykey + deletionPolicy: WipeOut +``` + +Now run the command to create this DB2 object: + +```bash +$ kubectl create -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/db2/private-registry/pvt-reg-db2.yaml +db2.kubedb.com/pvt-reg-db2 created +``` + +To check if the images pulled successfully from the repository, see if the DB2 is in Running state: + +```bash +$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=pvt-reg-db2" +NAME READY STATUS RESTARTS AGE +pvt-reg-db2-0 1/1 Running 0 3m +``` + +## Cleaning up + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl patch -n demo db2/pvt-reg-db2 -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" +kubectl delete -n demo db2/pvt-reg-db2 + +kubectl delete ns demo +``` diff --git a/docs/guides/db2/quickstart/_index.md b/docs/guides/db2/quickstart/_index.md new file mode 100644 index 000000000..0f9d6e89b --- /dev/null +++ b/docs/guides/db2/quickstart/_index.md @@ -0,0 +1,10 @@ +--- +title: DB2 Quickstart +menu: + docs_{{ .version }}: + identifier: db2-quickstart-db2 + name: Quickstart + parent: db2-guides + weight: 15 +menu_name: docs_{{ .version }} +--- \ No newline at end of file diff --git a/docs/guides/db2/quickstart/quickstart.md b/docs/guides/db2/quickstart/quickstart.md new file mode 100644 index 000000000..b29cd758d --- /dev/null +++ b/docs/guides/db2/quickstart/quickstart.md @@ -0,0 +1,85 @@ +--- +title: DB2 Quickstart +menu: + docs_{{ .version }}: + identifier: db2-quickstart-overview + name: Overview + parent: db2-quickstart-db2 + weight: 10 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# Running DB2 + +This tutorial shows how to run a DB2 database with KubeDB. + +> Note: YAML files used in this tutorial are stored in [docs/examples/db2/quickstart](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/db2/quickstart). + +## Before You Begin + +- You need a Kubernetes cluster and `kubectl` configured. +- Install KubeDB following the setup guide: [/docs/setup/README.md](/docs/setup/README.md). +- This tutorial uses `docs/examples/db2/quickstart/standalone.yaml` as the working example manifest. +- Use an isolated namespace: + +```bash +kubectl create namespace demo +``` + +## Check Available StorageClass + +```bash +kubectl get storageclass +``` + +## Check Available DB2Version + +```bash +kubectl get db2versions +``` + +## Create a DB2 Database + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: DB2 +metadata: + name: db2 + namespace: demo +spec: + version: 11.5.8.0 + storageType: Durable + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + deletionPolicy: Delete +``` + +Apply the example manifest: + +```bash +kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/db2/quickstart/standalone.yaml +kubectl get db2 -n demo db2 -w +``` + +## Verify DB2 Database + +```bash +kubectl get db2 -n demo +kubectl describe db2 -n demo db2 +``` + +When `status.phase` becomes `Ready`, your DB2 database is ready to use. + +## Cleaning up + +```bash +kubectl delete db2 -n demo db2 +kubectl delete ns demo +``` \ No newline at end of file diff --git a/docs/guides/db2/quickstart/rbac.md b/docs/guides/db2/quickstart/rbac.md new file mode 100644 index 000000000..d59ed7a88 --- /dev/null +++ b/docs/guides/db2/quickstart/rbac.md @@ -0,0 +1,192 @@ +--- +title: RBAC for DB2 +menu: + docs_{{ .version }}: + identifier: db2-rbac-quickstart + name: RBAC + parent: db2-quickstart-db2 + weight: 15 +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to KubeDB? Please start [here](/docs/README.md). + +# RBAC Permissions for DB2 + +When RBAC is enabled in your cluster, KubeDB automatically creates the necessary Role, ServiceAccount, and RoleBinding for each DB2 instance. This tutorial explains what permissions are granted and how to verify them. + +Here is the list of additional permissions required by the PetSet of DB2: + +| Kubernetes Resource | Resource Names | Permission required | +|---------------------|-------------------|---------------------| +| petsets | `{db2-name}` | get | +| pods | | list, patch | +| pods/exec | | create | +| db2s | | get | +| configmaps | `{db2-name}` | get, update, create | + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). + +- Now, install KubeDB cli on your workstation and KubeDB operator in your cluster following the steps [here](/docs/setup/README.md). + +- To keep things isolated, this tutorial uses a separate namespace called `demo` throughout this tutorial. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored in [docs/examples/db2](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/db2) folder in GitHub repository [kubedb/docs](https://github.com/kubedb/docs). + +## Create a DB2 Database + +Below is the DB2 object created in this tutorial. + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: DB2 +metadata: + name: quick-db2 + namespace: demo +spec: + version: "11.5.9" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + deletionPolicy: Delete +``` + +Create the above DB2 object: + +```bash +$ kubectl create -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/db2/quickstart/quick-db2.yaml +db2.kubedb.com/quick-db2 created +``` + +When this DB2 object is created, KubeDB operator creates Role, ServiceAccount and RoleBinding with the matching DB2 name and uses that ServiceAccount in the corresponding PetSet. + +Let's see what KubeDB operator has created for additional RBAC permission. + +### Role + +KubeDB operator creates a Role object `quick-db2` in same namespace as the DB2 object. + +```bash +$ kubectl get role -n demo quick-db2 -o yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: quick-db2 + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: db2s.kubedb.com + name: quick-db2 + namespace: demo +rules: +- apiGroups: + - apps + resourceNames: + - quick-db2 + resources: + - petsets + verbs: + - get +- apiGroups: + - kubedb.com + resourceNames: + - quick-db2 + resources: + - db2s + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - patch +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - update +``` + +### ServiceAccount + +KubeDB operator creates a ServiceAccount object `quick-db2` in same namespace as the DB2 object. + +```bash +$ kubectl get serviceaccount -n demo quick-db2 -o yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: quick-db2 + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: db2s.kubedb.com + name: quick-db2 + namespace: demo +``` + +This ServiceAccount is used in the PetSet created for the DB2 object. + +### RoleBinding + +KubeDB operator creates a RoleBinding object `quick-db2` in same namespace as the DB2 object. + +```bash +$ kubectl get rolebinding -n demo quick-db2 -o yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: quick-db2 + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: db2s.kubedb.com + name: quick-db2 + namespace: demo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: quick-db2 +subjects: +- kind: ServiceAccount + name: quick-db2 + namespace: demo +``` + +This object binds Role `quick-db2` with ServiceAccount `quick-db2`. + +## Cleaning up + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl patch -n demo db2/quick-db2 -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" +kubectl delete -n demo db2/quick-db2 + +kubectl delete ns demo +``` From a823858f23ae44b1969873858c01c96ca36aa758 Mon Sep 17 00:00:00 2001 From: sabnaj Date: Wed, 6 May 2026 18:50:37 +0600 Subject: [PATCH 2/5] db2-docs Signed-off-by: sabnaj --- docs/guides/db2/README.md | 69 +++++- docs/guides/db2/concepts/catalog.md | 50 +++- docs/guides/db2/concepts/db2.md | 221 ++++++++++++++++-- docs/guides/db2/concepts/opsrequest.md | 44 ---- docs/guides/db2/configuration/_index.md | 10 - docs/guides/db2/configuration/overview.md | 43 ---- .../db2/custom-rbac/using-custom-rbac.md | 195 ++++++++++++++-- docs/guides/db2/ops-request/_index.md | 10 - docs/guides/db2/ops-request/overview.md | 29 --- .../using-private-registry.md | 100 ++++++-- docs/guides/db2/quickstart/quickstart.md | 171 ++++++++++++-- docs/guides/db2/quickstart/rbac.md | 140 +++++++---- 12 files changed, 827 insertions(+), 255 deletions(-) delete mode 100644 docs/guides/db2/concepts/opsrequest.md delete mode 100644 docs/guides/db2/configuration/_index.md delete mode 100644 docs/guides/db2/configuration/overview.md delete mode 100644 docs/guides/db2/ops-request/_index.md delete mode 100644 docs/guides/db2/ops-request/overview.md diff --git a/docs/guides/db2/README.md b/docs/guides/db2/README.md index 7e1932d9c..41b6c4471 100644 --- a/docs/guides/db2/README.md +++ b/docs/guides/db2/README.md @@ -17,7 +17,15 @@ aliases: # Overview -KubeDB supports IBM DB2 using the `DB2` Custom Resource Definition. You can declare the desired DB2 configuration, and KubeDB provisions and manages the required Kubernetes resources. +KubeDB supports IBM DB2 using the `DB2` Custom Resource Definition (CRD). You can declare the desired DB2 configuration, and KubeDB provisions and manages the required Kubernetes resources. + +KubeDB simplifies deploying and managing DB2 on Kubernetes with a declarative API. It automates common operational tasks such as: + +- Creating and provisioning standalone DB2 instances +- Managing persistent storage and data recovery +- Handling authentication and authorization +- Customizing pod templates and service configurations +- Monitoring database health ## Supported DB2 Features @@ -28,9 +36,14 @@ KubeDB supports IBM DB2 using the `DB2` Custom Resource Definition. You can decl | Authentication secret | ✓ | | Pod and service customization | ✓ | | Health checker | ✓ | +| Custom RBAC | ✓ | +| Private registry | ✓ | + ## Example DB2 Manifest +Here's a simple example of a DB2 deployment: + ```yaml apiVersion: kubedb.com/v1alpha2 kind: DB2 @@ -40,20 +53,58 @@ metadata: spec: version: 11.5.8.0 storageType: Durable - deletionPolicy: Delete storage: + storageClassName: standard accessModes: - ReadWriteOnce resources: requests: - storage: 5Gi + storage: 10Gi + deletionPolicy: Delete + healthChecker: + periodSeconds: 10 + timeoutSeconds: 10 + failureThreshold: 3 ``` +For a complete list of available configuration options, see the [DB2 CRD Documentation](/docs/guides/db2/concepts/db2.md). + ## User Guide -- [Quickstart DB2](/docs/guides/db2/quickstart/quickstart.md) with KubeDB operator. -- [DB2 CRD Concept](/docs/guides/db2/concepts/db2.md). -- [DB2Version CRD Concept](/docs/guides/db2/concepts/catalog.md). -- [DB2OpsRequest CRD Concept](/docs/guides/db2/concepts/opsrequest.md). -- [Configuration](/docs/guides/db2/configuration/overview.md) for auth, pod, service, and health settings. -- [Ops Request](/docs/guides/db2/ops-request/overview.md). \ No newline at end of file +Learn about DB2 features and how to use them: + +### Quickstart +- [Quickstart](/docs/guides/db2/quickstart/quickstart.md) - Deploy your first DB2 instance with KubeDB operator + +### Concepts +- [DB2 CRD](/docs/guides/db2/concepts/db2.md) - Understand the DB2 Custom Resource Definition and all available configuration options +- [DB2Version CRD](/docs/guides/db2/concepts/catalog.md) - Learn about specifying DB2 versions and docker images + +### Setup & Configuration +- [Custom RBAC](/docs/guides/db2/custom-rbac/using-custom-rbac.md) - Setup custom ServiceAccount, Role, and RoleBinding for DB2 instances +- [Using Private Registry](/docs/guides/db2/private-registry/using-private-registry.md) - Deploy DB2 using images from a private docker registry + + + +## Architecture + +KubeDB uses a PetSet (similar to StatefulSet) to manage DB2 instances, ensuring stable network identities and persistent storage. Each DB2 instance: + +- Runs as a single pod in a PetSet +- Uses a PersistentVolume for data storage +- Comes with automated health checking via a coordinator container + +## What's Next + +- **Want to learn more?** Check out the [DB2 Concepts](/docs/guides/db2/concepts/db2.md) page and explore the [Configuration](/docs/guides/db2/concepts/db2.md#spec-podtemplate) options. +- **Want to deploy DB2?** Follow the [Quickstart](/docs/guides/db2/quickstart/quickstart.md) guide. +- **Want to set up custom RBAC?** See the [Custom RBAC](/docs/guides/db2/custom-rbac/using-custom-rbac.md) guide. +- **Want to use a private registry?** Follow the [Private Registry](/docs/guides/db2/private-registry/using-private-registry.md) guide. + +## Support + +To speak with us, use the [Slack channel](http://slack.appscode.com) in the `#kubedb` room. + +## Contributing + +Want to help improve KubeDB? Please start [here](/docs/CONTRIBUTING.md). diff --git a/docs/guides/db2/concepts/catalog.md b/docs/guides/db2/concepts/catalog.md index c19405e3f..2169b88f7 100644 --- a/docs/guides/db2/concepts/catalog.md +++ b/docs/guides/db2/concepts/catalog.md @@ -16,9 +16,11 @@ section_menu_id: guides ## What is DB2Version -`DB2Version` is the catalog CRD that defines which DB2 engine image and related components KubeDB should use when creating a `DB2` database. +`DB2Version` is a Kubernetes `Custom Resource Definitions` (CRD). It provides a declarative configuration to specify the docker images to be used for [DB2](https://www.ibm.com/products/db2) database deployed with KubeDB in a Kubernetes native way. -When you set `spec.version` in a `DB2` resource, KubeDB resolves that value against a `DB2Version` object. +When you install KubeDB, a `DB2Version` custom resource will be created automatically for every supported DB2 versions. You have to specify the name of `DB2Version` CR in `spec.version` field of [DB2](/docs/guides/db2/concepts/db2.md) crd. Then, KubeDB will use the docker images specified in the `DB2Version` CR to create your expected database. + +Using a separate CRD for specifying respective docker images, and pod security policy names allow us to modify the images, and policies independent of KubeDB operator. This will also allow the users to use a custom image for the database. ## DB2Version Specification @@ -29,17 +31,51 @@ metadata: name: "11.5.8.0" spec: version: "11.5.8.0" + coordinator: + image: "ghcr.io/kubedb/db2-coordinator:v0.5.0-ubi" db: image: "kubedb/db2:11.5.8.0" deprecated: false ``` -## Key fields +### metadata.name + +`metadata.name` is a required field that specifies the name of the `DB2Version` CR. You have to specify this name in `spec.version` field of [DB2](/docs/guides/db2/concepts/db2.md) CR. + +We follow this convention for naming DB2Version CR: + +- Name format: `{Original DB2 version}-{modification tag}` + +We use official IBM DB2 release images to build docker images for supporting DB2 versions and re-tag the image with v1, v2 etc. modification tag when there's any. An image with higher modification tag will have more features than the images with lower modification tag. Hence, it is recommended to use DB2 CR with the highest modification tag to enjoy the latest features. + +### spec.version + +`spec.version` is a required field that specifies the original version of DB2 database that has been used to build the docker image specified in `spec.db.image` field. + +### spec.deprecated + +`spec.deprecated` is an optional field that specifies whether the docker images specified here is supported by the current KubeDB operator. + +The default value of this field is `false`. If `spec.deprecated` is set to `true`, KubeDB operator will skip processing this CRD object and will add a event to the CRD object specifying that the DB version is deprecated. + +### spec.db.image + +`spec.db.image` is a required field that specifies the docker image which will be used to create PetSet by KubeDB operator to create expected DB2 database. + +### spec.coordinator.image + +`spec.coordinator.image` is a required field that specifies the docker image for the DB2 coordinator container. The coordinator image is used by KubeDB to perform health checks on the DB2 database instance. + +The coordinator container runs alongside the main DB2 database container and is responsible for: + +- Monitoring the health status of the DB2 database +- Performing periodic health checks to ensure the database is running properly +- Reporting the database status to KubeDB operator +- Handling graceful shutdowns and recovery procedures + +This separate coordinator image allows KubeDB to reliably detect database failures and take appropriate actions such as pod restarts or alerts. + -- `metadata.name` is the version label you reference from `DB2.spec.version`. -- `spec.version` is the upstream DB2 version represented by this entry. -- `spec.db.image` is the container image KubeDB uses for DB2 pods. -- `spec.deprecated` marks whether this entry should be avoided for new deployments. ## Next Steps diff --git a/docs/guides/db2/concepts/db2.md b/docs/guides/db2/concepts/db2.md index 39992a9e1..203085add 100644 --- a/docs/guides/db2/concepts/db2.md +++ b/docs/guides/db2/concepts/db2.md @@ -22,6 +22,8 @@ section_menu_id: guides Like all Kubernetes resources, a `DB2` object needs `apiVersion`, `kind`, and `metadata`, and it uses `.spec` to define the desired state. +Below is an example DB2 object with all optional fields. + ```yaml apiVersion: kubedb.com/v1alpha2 kind: DB2 @@ -29,25 +31,218 @@ metadata: name: db2 namespace: demo spec: - version: 11.5.8.0 + version: "11.5.8.0" + replicas: 1 + authSecret: + name: db2-auth storageType: Durable storage: + storageClassName: standard accessModes: - ReadWriteOnce resources: requests: - storage: 5Gi + storage: 10Gi + podTemplate: + metadata: + annotations: + passMe: ToDatabasePod + controller: + annotations: + passMe: ToPetSet + spec: + serviceAccountName: my-custom-sa + schedulerName: my-scheduler + nodeSelector: + disktype: ssd + imagePullSecrets: + - name: myregistrykey + containers: + - name: db2 + env: + - name: DB2INSTANCE + value: db2inst1 + resources: + requests: + memory: "256Mi" + cpu: "500m" + limits: + memory: "1Gi" + cpu: "2" + tolerations: + - key: dedicated + operator: Equal + value: database + effect: NoSchedule + volumes: + - name: custom-volume + emptyDir: {} + podPlacementPolicy: + name: default + serviceTemplates: + - alias: primary + metadata: + annotations: + passMe: ToService + spec: + type: ClusterIP + ports: + - name: db2 + port: 50000 deletionPolicy: Delete + healthChecker: + periodSeconds: 10 + timeoutSeconds: 10 + failureThreshold: 3 + disableWriteCheck: false +``` + +### spec.version + +`spec.version` is a required field that specifies the name of the [DB2Version](/docs/guides/db2/concepts/catalog.md) CRD where the docker images are specified. + +### spec.replicas + +`spec.replicas` specifies the number of DB2 replicas (pods) to be created for the DB2 instance. For standalone deployment, this is typically set to 1. + +### spec.authSecret + +`spec.authSecret` is an optional field that points to a Secret used to hold credentials for DB2 user. If not set, KubeDB operator creates a new Secret named `{db2-object-name}-auth` for storing the password. + +We can use this field in 3 modes: + +1. Using an external secret: +```yaml +authSecret: + name: + externallyManaged: true +``` + +2. Specifying the secret name only: +```yaml +authSecret: + name: +``` + +3. Let KubeDB do everything (omit this field). + +The auth secret should contain `username` and `password` keys with base64-encoded values. + +### spec.storageType + +`spec.storageType` is an optional field that specifies the type of storage to use for the database. It can be either `Durable` or `Ephemeral`. The default value is `Durable`. If `Ephemeral` is used, KubeDB will create the DB2 instance using [emptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) volume. + +### spec.storage + +If `spec.storageType` is set to `Durable`, then `spec.storage` field is required. This field specifies the StorageClass and PVC configuration for persistent storage. + +- `spec.storage.storageClassName` is the name of the StorageClass used to provision PVCs +- `spec.storage.accessModes` uses the same conventions as Kubernetes PVCs (typically ReadWriteOnce) +- `spec.storage.resources` specifies the storage capacity requirements + +To learn how to configure `spec.storage`, visit: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims + +### spec.podTemplate + +KubeDB allows providing a template for DB2 pods through `spec.podTemplate`. KubeDB operator will pass the information provided in `spec.podTemplate` to the PetSet created for the DB2 database. + +KubeDB accepts following fields to set in `spec.podTemplate`: + +- metadata + - annotations (pod's annotation) +- controller + - annotations (petset's annotation) +- spec: + - containers + - volumes + - podPlacementPolicy + - serviceAccountName + - initContainers + - imagePullSecrets + - nodeSelector + - schedulerName + - tolerations + - priorityClassName + - priority + - securityContext + +#### spec.podTemplate.spec.tolerations + +The `spec.podTemplate.spec.tolerations` is an optional field used to specify the pod's tolerations. + +#### spec.podTemplate.spec.volumes + +The `spec.podTemplate.spec.volumes` is an optional field used to provide the list of volumes that can be mounted by containers belonging to the pod. + +#### spec.podTemplate.spec.podPlacementPolicy + +`spec.podTemplate.spec.podPlacementPolicy` is an optional field used to provide the reference of the `podPlacementPolicy`. The `name` of the podPlacementPolicy is referred under this attribute. This will be used by the PetSet controller to place the DB2 pods throughout the region, zone & nodes according to the policy. + +```yaml +spec: + podPlacementPolicy: + name: default ``` -### Key fields - -- `spec.version` is required and points to a `DB2Version`. -- `spec.replicas` controls number of DB2 pods. -- `spec.storageType` supports `Durable` (PVC) and `Ephemeral`. -- `spec.storage` defines the PVC template when using durable storage. -- `spec.authSecret` references user credentials. -- `spec.podTemplate` customizes the DB2 pods. -- `spec.serviceTemplates` customizes services exposed by KubeDB. -- `spec.deletionPolicy` controls cleanup behavior on CR deletion. -- `spec.healthChecker` controls readiness/liveness checks. \ No newline at end of file +#### spec.podTemplate.spec.nodeSelector + +`spec.podTemplate.spec.nodeSelector` is an optional field that specifies a map of key-value pairs. For the pod to be eligible to run on a node, the node must have each of the indicated key-value pairs as labels. + +#### spec.podTemplate.spec.containers + +The `spec.podTemplate.spec.containers` can be used to provide the list of containers and their configurations for the database pod. + +##### spec.podTemplate.spec.containers[].name + +The `spec.podTemplate.spec.containers[].name` field specifies the name of the container as a DNS_LABEL. Each container in a pod must have a unique name. + +##### spec.podTemplate.spec.containers[].env + +`spec.podTemplate.spec.containers[].env` is an optional field that specifies environment variables to pass to the DB2 containers. + +##### spec.podTemplate.spec.containers[].resources + +`spec.podTemplate.spec.containers[].resources` is an optional field used to request compute resources (CPU and memory) required by containers of the database pods. + +### spec.serviceTemplates + +You can provide templates for the services created by KubeDB operator for DB2 through `spec.serviceTemplates`. This allows you to set the type and other properties of the services. + +KubeDB allows following fields to set in `spec.serviceTemplates`: + +- `alias` represents the identifier of the service (typically `primary`) +- metadata: + - labels + - annotations +- spec: + - type + - ports + - clusterIP + - externalIPs + - loadBalancerIP + - externalTrafficPolicy + +### spec.deletionPolicy + +`deletionPolicy` gives flexibility to control what happens when you delete a DB2 CRD. KubeDB provides following deletion policies: + +- DoNotTerminate +- WipeOut +- Halt +- Delete + +When `deletionPolicy` is `DoNotTerminate`, KubeDB takes advantage of `ValidationWebhook` feature in Kubernetes to prevent deletion of the database as long as the policy is set to `DoNotTerminate`. + +### spec.healthChecker + +`spec.healthChecker` defines the attributes for the health checker that monitors the DB2 instance. + +- `spec.healthChecker.periodSeconds` specifies how often to perform the health check (in seconds) +- `spec.healthChecker.timeoutSeconds` specifies the number of seconds after which the health check probe times out +- `spec.healthChecker.failureThreshold` specifies minimum consecutive failures for the health check to be considered failed +- `spec.healthChecker.disableWriteCheck` specifies whether to disable the write check or not + +## Next Steps + +- Learn how to use KubeDB to run DB2 [here](/docs/guides/db2/README.md). +- Want to hack on KubeDB? Check our [contribution guidelines](/docs/CONTRIBUTING.md). diff --git a/docs/guides/db2/concepts/opsrequest.md b/docs/guides/db2/concepts/opsrequest.md deleted file mode 100644 index 22c57a832..000000000 --- a/docs/guides/db2/concepts/opsrequest.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: DB2OpsRequest CRD -menu: - docs_{{ .version }}: - identifier: db2-opsrequest-concepts - name: DB2OpsRequest - parent: db2-concepts-db2 - weight: 25 -menu_name: docs_{{ .version }} -section_menu_id: guides ---- - -> New to KubeDB? Please start [here](/docs/README.md). - -# DB2OpsRequest - -## What is DB2OpsRequest - -`DB2OpsRequest` is the operations CRD KubeDB uses for day-2 lifecycle changes of DB2 databases when that feature is available in a release. - -## Current support status - -Based on [new_db.md](/new_db.md), no DB2 operation types are currently listed. - -## Expected CRD shape - -When available, an ops request follows this structure: - -```yaml -apiVersion: ops.kubedb.com/v1alpha1 -kind: DB2OpsRequest -metadata: - name: db2-ops-sample - namespace: demo -spec: - type: Restart - databaseRef: - name: db2 -``` - -## Next Steps - -- Track [DB2 ops overview](/docs/guides/db2/ops-request/overview.md) for support updates. -- Use [DB2 configuration guide](/docs/guides/db2/configuration/overview.md) for declarative spec updates. \ No newline at end of file diff --git a/docs/guides/db2/configuration/_index.md b/docs/guides/db2/configuration/_index.md deleted file mode 100644 index 708c7a1ae..000000000 --- a/docs/guides/db2/configuration/_index.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -title: DB2 Configuration -menu: - docs_{{ .version }}: - identifier: db2-configuration - name: Configuration - parent: db2-guides - weight: 20 -menu_name: docs_{{ .version }} ---- diff --git a/docs/guides/db2/configuration/overview.md b/docs/guides/db2/configuration/overview.md deleted file mode 100644 index a7d353f1b..000000000 --- a/docs/guides/db2/configuration/overview.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: DB2 Configuration Overview -menu: - docs_{{ .version }}: - identifier: db2-configuration-overview - name: Overview - parent: db2-configuration - weight: 10 -menu_name: docs_{{ .version }} -section_menu_id: guides ---- - -# DB2 Configuration - -This guide shows the main DB2 configuration knobs you can adjust before creating or updating a database. - -## Before You Begin - -- Review the base DB2 manifest from [Quickstart](/docs/guides/db2/quickstart/quickstart.md). -- Decide whether you need to change credentials, pod resources, service exposure, or probe behavior. - -## Common Configuration Fields - -- spec.authSecret for custom credentials. -- spec.podTemplate for resources, scheduling, and environment. -- spec.serviceTemplates for service exposure. -- spec.healthChecker for readiness and liveness thresholds. - -## How to Apply Configuration - -Start from the quickstart manifest, add the fields you need under `spec`, and then re-apply the DB2 resource. - -```bash -kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/db2/quickstart/standalone.yaml -kubectl edit db2 -n demo db2 -``` - -## Verify - -```bash -kubectl get db2 -n demo db2 -o yaml -kubectl describe db2 -n demo db2 -``` diff --git a/docs/guides/db2/custom-rbac/using-custom-rbac.md b/docs/guides/db2/custom-rbac/using-custom-rbac.md index e4bb018f3..2efa54cc0 100644 --- a/docs/guides/db2/custom-rbac/using-custom-rbac.md +++ b/docs/guides/db2/custom-rbac/using-custom-rbac.md @@ -12,9 +12,9 @@ section_menu_id: guides > New to KubeDB? Please start [here](/docs/README.md). -# Using Custom RBAC Resources +# Using Custom RBAC resources -KubeDB supports finer user control over role based access permissions provided to a DB2 instance. This tutorial will show you how to use KubeDB to run DB2 instance with custom RBAC resources. +KubeDB (version 0.13.0 and higher) supports finer user control over role based access permissions provided to a DB2 instance. This tutorial will show you how to use KubeDB to run DB2 instance with custom RBAC resources. ## Before You Begin @@ -27,13 +27,17 @@ To keep things isolated, this tutorial uses a separate namespace called `demo` t ```bash $ kubectl create ns demo namespace/demo created + +$ kubectl get ns demo +NAME STATUS AGE +demo Active 5s ``` > Note: YAML files used in this tutorial are stored in [docs/examples/db2](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/db2) folder in GitHub repository [kubedb/docs](https://github.com/kubedb/docs). ## Overview -KubeDB allows users to provide custom RBAC resources, namely, `ServiceAccount`, `Role`, and `RoleBinding` for DB2. This is provided via the `spec.podTemplate.spec.serviceAccountName` field in DB2 CRD. If this field is left empty, the KubeDB operator will create a service account name matching the DB2 CRD name. Role and RoleBinding that provide necessary access permissions will also be generated automatically for this service account. +KubeDB allows users to provide custom RBAC resources, namely, `ServiceAccount`, `Role`, and `RoleBinding` for DB2. This is provided via the `spec.podTemplate.spec.serviceAccountName` field in DB2 CRD. If this field is left empty, the KubeDB operator will create a service account name matching DB2 crd name. Role and RoleBinding that provide necessary access permissions will also be generated automatically for this service account. If a service account name is given, but there's no existing service account by that name, the KubeDB operator will create one, and Role and RoleBinding that provide necessary access permissions will also be generated for this service account. @@ -57,11 +61,17 @@ $ kubectl get serviceaccount -n demo my-custom-serviceaccount -o yaml apiVersion: v1 kind: ServiceAccount metadata: + creationTimestamp: "2019-05-30T04:23:39Z" name: my-custom-serviceaccount namespace: demo + resourceVersion: "21657" + selfLink: /api/v1/namespaces/demo/serviceaccounts/my-custom-serviceaccount + uid: b2ec2b05-8292-11e9-8d10-080027a8b217 +secrets: +- name: my-custom-serviceaccount-token-t8zxd ``` -Now, we need to create a role that has necessary access permissions for the DB2 database named `quick-db2`. +Now, we need to create a role that has necessary access permissions for the DB2 Database named `quick-db2`. ```bash $ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/db2/custom-rbac/db2-custom-role.yaml @@ -116,16 +126,38 @@ rules: - update ``` +Please note that resourceName `quick-db2` is unique to `quick-db2` DB2 instance. Another database `quick-db2-2`, for example, will require the resourceName to be `quick-db2-2`. + Now create a `RoleBinding` to bind this `Role` with the already created service account. ```bash -$ kubectl create rolebinding my-custom-rolebinding \ - --role=my-custom-role \ - --serviceaccount=demo:my-custom-serviceaccount \ - --namespace=demo +$ kubectl create rolebinding my-custom-rolebinding --role=my-custom-role --serviceaccount=demo:my-custom-serviceaccount --namespace=demo rolebinding.rbac.authorization.k8s.io/my-custom-rolebinding created ``` +It should bind `my-custom-role` and `my-custom-serviceaccount` successfully. + +```yaml +$ kubectl get rolebinding -n demo my-custom-rolebinding -o yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + creationTimestamp: "2019-05-30T04:54:56Z" + name: my-custom-rolebinding + namespace: demo + resourceVersion: "23944" + selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/demo/rolebindings/my-custom-rolebinding + uid: 123afc02-8297-11e9-8d10-080027a8b217 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: my-custom-role +subjects: +- kind: ServiceAccount + name: my-custom-serviceaccount + namespace: demo +``` + Now, create a DB2 CRD specifying `spec.podTemplate.spec.serviceAccountName` field to `my-custom-serviceaccount`. ```bash @@ -133,7 +165,7 @@ $ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" > db2.kubedb.com/quick-db2 created ``` -Below is the YAML for the DB2 CRD we just created. +Below is the YAML for the DB2 crd we just created. ```yaml apiVersion: kubedb.com/v1alpha2 @@ -141,6 +173,9 @@ kind: DB2 metadata: name: quick-db2 namespace: demo + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: quick-db2 spec: version: "11.5.9" storageType: Durable @@ -153,13 +188,12 @@ spec: - ReadWriteOnce resources: requests: - storage: 1Gi - deletionPolicy: WipeOut + storage: 10Gi ``` -Now, wait a few minutes. The KubeDB operator will create necessary PVC, petset, services, and secret. If everything goes well, we should see that a pod with the name `quick-db2-0` has been created. +Now, wait a few minutes. the KubeDB operator will create necessary PVC, petset, services, secret etc. If everything goes well, we should see that a pod with the name `quick-db2-0` has been created. -Check that the petset's pod is running: +Check that the petset's pod is running ```bash $ kubectl get pod -n demo quick-db2-0 @@ -167,6 +201,123 @@ NAME READY STATUS RESTARTS AGE quick-db2-0 1/1 Running 0 3m ``` +Check the pod's log to see if the database is ready + +Once we see `database system is ready to accept connections` in the log, the database is ready. + +## Reusing Service Account + +An existing service account can be reused in another DB2 Database. However, users need to create a new Role specific to that DB2 and bind it to the existing service account so that all the necessary access permissions are available to run the new DB2 Database. + +For example, to reuse `my-custom-serviceaccount` in a new Database `second-db2`, create a role that has all the necessary access permissions for this DB2 Database. + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/db2/custom-rbac/db2-custom-role-two.yaml +role.rbac.authorization.k8s.io/my-custom-role-two created +``` + +Below is the YAML for the Role we just created. + +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: my-custom-role-two + namespace: demo +rules: +- apiGroups: + - apps + resourceNames: + - second-db2 + resources: + - petsets + verbs: + - get +- apiGroups: + - kubedb.com + resourceNames: + - second-db2 + resources: + - db2s + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - patch +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - update +``` + +Now create a `RoleBinding` to bind `my-custom-role-two` with the already created `my-custom-serviceaccount`. + +```bash +$ kubectl create rolebinding my-custom-rolebinding-two --role=my-custom-role-two --serviceaccount=demo:my-custom-serviceaccount --namespace=demo +rolebinding.rbac.authorization.k8s.io/my-custom-rolebinding-two created +``` + +Now, create DB2 CRD `second-db2` using the existing service account name `my-custom-serviceaccount` in the `spec.podTemplate.spec.serviceAccountName` field. + +```bash +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/db2/custom-rbac/db2-custom-db-two.yaml +db2.kubedb.com/second-db2 created +``` + +Below is the YAML for the DB2 crd we just created. + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: DB2 +metadata: + name: second-db2 + namespace: demo + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: second-db2 +spec: + version: "11.5.9" + storageType: Durable + podTemplate: + spec: + serviceAccountName: my-custom-serviceaccount + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi +``` + +Now, wait a few minutes. the KubeDB operator will create necessary PVC, petset, services, secret etc. If everything goes well, we should see that a pod with the name `second-db2-0` has been created. + +Check that the petset's pod is running + +```bash +$ kubectl get pod -n demo second-db2-0 +NAME READY STATUS RESTARTS AGE +second-db2-0 1/1 Running 0 3m +``` + +Check the pod's log to see if the database is ready + +`database system is ready to accept connections` in the log signifies that the database is running successfully. + ## Cleaning up To cleanup the Kubernetes resources created by this tutorial, run: @@ -175,8 +326,24 @@ To cleanup the Kubernetes resources created by this tutorial, run: kubectl patch -n demo db2/quick-db2 -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" kubectl delete -n demo db2/quick-db2 -kubectl delete -n demo serviceaccount my-custom-serviceaccount +kubectl patch -n demo db2/second-db2 -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" +kubectl delete -n demo db2/second-db2 + kubectl delete -n demo role my-custom-role +kubectl delete -n demo role my-custom-role-two + kubectl delete -n demo rolebinding my-custom-rolebinding +kubectl delete -n demo rolebinding my-custom-rolebinding-two + +kubectl delete sa -n demo my-custom-serviceaccount + kubectl delete ns demo ``` + +If you would like to uninstall the KubeDB operator, please follow the steps [here](/docs/setup/README.md). + +## Next Steps + +- Learn about initializing [DB2 with Script](/docs/guides/db2/initialization/script_source.md). +- Want to hack on KubeDB? Check our [contribution guidelines](/docs/CONTRIBUTING.md). + diff --git a/docs/guides/db2/ops-request/_index.md b/docs/guides/db2/ops-request/_index.md deleted file mode 100644 index d94fd37dd..000000000 --- a/docs/guides/db2/ops-request/_index.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -title: Ops Request -menu: - docs_{{ .version }}: - identifier: db2-ops-request - name: Ops Request - parent: db2-guides - weight: 30 -menu_name: docs_{{ .version }} ---- diff --git a/docs/guides/db2/ops-request/overview.md b/docs/guides/db2/ops-request/overview.md deleted file mode 100644 index a0a8cbe16..000000000 --- a/docs/guides/db2/ops-request/overview.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: DB2 Ops Request Overview -menu: - docs_{{ .version }}: - identifier: db2-ops-request-overview - name: Overview - parent: db2-ops-request - weight: 10 -menu_name: docs_{{ .version }} -section_menu_id: guides ---- - -# DB2 Ops Request - -This page tracks DB2 operations supported by the new database matrix used for these guides. - -## Before You Begin - -- Deploy a DB2 database first using the [quickstart guide](/docs/guides/db2/quickstart/quickstart.md). -- Confirm the current support list in [new_db.md](/new_db.md) for your release. - -## Current Status - -Based on [new_db.md](/new_db.md), no DB2 ops request types are listed yet. - -## What to Check Next - -- Watch future KubeDB releases for DB2 `OpsRequest` support. -- Use the DB2 configuration guide for declarative spec-level changes that do not require an ops workflow. diff --git a/docs/guides/db2/private-registry/using-private-registry.md b/docs/guides/db2/private-registry/using-private-registry.md index ed062a885..fcff0ec91 100644 --- a/docs/guides/db2/private-registry/using-private-registry.md +++ b/docs/guides/db2/private-registry/using-private-registry.md @@ -3,7 +3,7 @@ title: Run DB2 using Private Registry menu: docs_{{ .version }}: identifier: db2-using-private-registry - name: Quickstart + name: Using Private Registry parent: db2-private-registry weight: 10 menu_name: docs_{{ .version }} @@ -25,25 +25,34 @@ To keep things isolated, this tutorial uses a separate namespace called `demo` t ```bash $ kubectl create ns demo namespace/demo created + +$ kubectl get ns demo +NAME STATUS AGE +demo Active 5s ``` > Note: YAML files used in this tutorial are stored in [docs/examples/db2](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/db2) folder in GitHub repository [kubedb/docs](https://github.com/kubedb/docs). ## Prepare Private Docker Registry -- You will also need a docker private [registry](https://docs.docker.com/registry/) or [private repository](https://docs.docker.com/docker-hub/repos/#private-repositories). In this tutorial we will use private repository of [docker hub](https://hub.docker.com/). +You need to have a private Docker registry to host the DB2 images. You can use: + +- A private repository in [Docker Hub](https://docs.docker.com/docker-hub/repos/#private-repositories) +- A self-hosted [Docker Registry](https://docs.docker.com/registry/) +- A cloud provider's container registry (AWS ECR, Google GCR, etc.) -- You have to push the required images from KubeDB's [Docker hub account](https://hub.docker.com/r/kubedb/) into your private registry. For DB2, push `DB_IMAGE` of the following DB2Versions, where `deprecated` is not true, to your private registry. +You have to push the required images from KubeDB's [Docker hub account](https://hub.docker.com/r/kubedb/) into your private registry. For DB2, push the `DB_IMAGE` and `COORDINATOR_IMAGE` of the following DB2Versions (where `deprecated` is not true) to your private registry. - ```bash - $ kubectl get db2versions -o=custom-columns=NAME:.metadata.name,VERSION:.spec.version,DB_IMAGE:.spec.db.image,DEPRECATED:.spec.deprecated - NAME VERSION DB_IMAGE DEPRECATED - 11.5.9 11.5.9 kubedb/db2:11.5.9 - ``` +```bash +$ kubectl get db2versions -o=custom-columns=NAME:.metadata.name,VERSION:.spec.version,DB_IMAGE:.spec.db.image,COORDINATOR_IMAGE:.spec.coordinator.image,DEPRECATED:.spec.deprecated +NAME VERSION DB_IMAGE COORDINATOR_IMAGE DEPRECATED +11.5.9 11.5.9 kubedb/db2:11.5.9 ghcr.io/kubedb/db2-coordinator:v0.5.0-ubi +``` - Docker hub repositories: +Docker Hub repositories: - [kubedb/db2](https://hub.docker.com/r/kubedb/db2) +- [kubedb/db2-coordinator](https://github.com/orgs/kubedb/packages/container/db2-coordinator) ## Create ImagePullSecret @@ -62,16 +71,23 @@ secret/myregistrykey created If you wish to follow other ways to pull private images see [official docs](https://kubernetes.io/docs/concepts/containers/images/) of Kubernetes. +Verify the image pull secret is created: + +```bash +$ kubectl get secret -n demo myregistrykey +NAME TYPE DATA AGE +myregistrykey kubernetes.io/dockercfg 1 5m +``` + ## Install KubeDB Operator -When installing KubeDB operator, set the flags `--docker-registry` and `--image-pull-secret` to appropriate values. -Follow the steps to [install KubeDB operator](/docs/setup/README.md) properly in cluster so that it points to the DOCKER_REGISTRY you wish to pull images from. +When installing KubeDB operator, set the flags `--docker-registry` and `--image-pull-secret` to appropriate values. Follow the steps to [install KubeDB operator](/docs/setup/README.md) properly in cluster so that it points to the DOCKER_REGISTRY you wish to pull images from. ## Create DB2Version CRD -KubeDB uses images specified in DB2Version CRD for database and exporting prometheus metrics. You have to create a DB2Version CRD specifying images from your private registry. Then, you have to point this DB2Version CRD in `spec.version` field of DB2 object. For more details about DB2Version CRD, please visit [here](/docs/guides/db2/concepts/catalog.md). +KubeDB uses images specified in DB2Version CRD for the database container and the coordinator container for health checking. You have to create a DB2Version CRD specifying images from your private registry. Then, you have to point this DB2Version CRD in `spec.version` field of DB2 object. For more details about DB2Version CRD, please visit [here](/docs/guides/db2/concepts/catalog.md). -Here, is an example of DB2Version CRD. Replace `PRIVATE_REGISTRY` with your private registry. +Here is an example of DB2Version CRD. Replace `PRIVATE_REGISTRY` with your private registry. ```yaml apiVersion: catalog.kubedb.com/v1alpha1 @@ -79,9 +95,12 @@ kind: DB2Version metadata: name: "11.5.9" spec: + version: "11.5.9" db: image: PRIVATE_REGISTRY/db2:11.5.9 - version: "11.5.9" + coordinator: + image: PRIVATE_REGISTRY/db2-coordinator:v0.5.0-ubi + deprecated: false ``` Now, create the DB2Version CRD: @@ -91,6 +110,14 @@ $ kubectl apply -f pvt-db2version.yaml db2version.catalog.kubedb.com/11.5.9 created ``` +Verify the DB2Version is created: + +```bash +$ kubectl get db2version +NAME VERSION DB_IMAGE COORDINATOR_IMAGE DEPRECATED +11.5.9 11.5.9 PRIVATE_REGISTRY/db2:11.5.9 PRIVATE_REGISTRY/db2-coordinator:v0.5.0-ubi false +``` + ## Deploy DB2 from Private Registry While deploying DB2 from private repository, you have to add `myregistrykey` secret in DB2 `spec.podTemplate.spec.imagePullSecrets` and specify your private version in `spec.version` field. @@ -112,12 +139,12 @@ spec: - ReadWriteOnce resources: requests: - storage: 1Gi + storage: 10Gi podTemplate: spec: imagePullSecrets: - name: myregistrykey - deletionPolicy: WipeOut + deletionPolicy: Delete ``` Now run the command to create this DB2 object: @@ -135,13 +162,48 @@ NAME READY STATUS RESTARTS AGE pvt-reg-db2-0 1/1 Running 0 3m ``` +Wait for the DB2 instance to be ready: + +```bash +$ kubectl get db2 -n demo pvt-reg-db2 +NAME VERSION STATUS AGE +pvt-reg-db2 11.5.9 Running 3m +``` + +Check the pod logs to verify the database is ready: + +## Verify Image Pull + +To verify that KubeDB has successfully pulled the private images from your registry, you can inspect the pod events: + +```bash +$ kubectl describe pod -n demo pvt-reg-db2-0 +``` + +Look for events like: +``` +Successfully pulled image "PRIVATE_REGISTRY/db2:11.5.9" in XXms +Successfully pulled image "PRIVATE_REGISTRY/db2-coordinator:v0.5.0-ubi" in XXms +``` + ## Cleaning up To cleanup the Kubernetes resources created by this tutorial, run: ```bash -kubectl patch -n demo db2/pvt-reg-db2 -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" -kubectl delete -n demo db2/pvt-reg-db2 +$ kubectl patch -n demo db2/pvt-reg-db2 -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" +$ kubectl delete -n demo db2/pvt-reg-db2 + +$ kubectl delete -n demo db2version 11.5.9 -kubectl delete ns demo +$ kubectl delete secret -n demo myregistrykey + +$ kubectl delete ns demo ``` + +## Next Steps + +- Learn how to use KubeDB to run DB2 [here](/docs/guides/db2/README.md). +- Learn about [custom RBAC](/docs/guides/db2/custom-rbac/using-custom-rbac.md) for DB2. +- Want to hack on KubeDB? Check our [contribution guidelines](/docs/CONTRIBUTING.md). + diff --git a/docs/guides/db2/quickstart/quickstart.md b/docs/guides/db2/quickstart/quickstart.md index b29cd758d..96e3b4d77 100644 --- a/docs/guides/db2/quickstart/quickstart.md +++ b/docs/guides/db2/quickstart/quickstart.md @@ -20,29 +20,48 @@ This tutorial shows how to run a DB2 database with KubeDB. ## Before You Begin -- You need a Kubernetes cluster and `kubectl` configured. +- You need a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). + - Install KubeDB following the setup guide: [/docs/setup/README.md](/docs/setup/README.md). -- This tutorial uses `docs/examples/db2/quickstart/standalone.yaml` as the working example manifest. -- Use an isolated namespace: + +- To keep things isolated, this tutorial uses a separate namespace called `demo` throughout this tutorial. ```bash -kubectl create namespace demo +$ kubectl create namespace demo +namespace/demo created + +$ kubectl get ns demo +NAME STATUS AGE +demo Active 5s ``` ## Check Available StorageClass +First, check the available StorageClasses in your cluster: + ```bash -kubectl get storageclass +$ kubectl get storageclass +NAME PROVISIONER RECLAIM POLICY STATUS AGE +standard kubernetes.io/host-path Delete Bound 30s +fast-ssd kubernetes.io/host-path Delete Bound 30s ``` +This tutorial will use the `standard` StorageClass. + ## Check Available DB2Version +List all available DB2 versions that can be deployed with KubeDB: + ```bash -kubectl get db2versions +$ kubectl get db2versions +NAME VERSION DB_IMAGE COORDINATOR_IMAGE DEPRECATED +11.5.9 11.5.8.0 kubedb/db2:11.5.8.0 ghcr.io/kubedb/db2-coordinator:... false ``` ## Create a DB2 Database +Here's the YAML manifest for creating a standalone DB2 instance: + ```yaml apiVersion: kubedb.com/v1alpha2 kind: DB2 @@ -53,33 +72,155 @@ spec: version: 11.5.8.0 storageType: Durable storage: + storageClassName: standard accessModes: - ReadWriteOnce resources: requests: - storage: 5Gi + storage: 10Gi deletionPolicy: Delete ``` Apply the example manifest: ```bash -kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/db2/quickstart/standalone.yaml -kubectl get db2 -n demo db2 -w +$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/db2/quickstart/standalone.yaml +db2.kubedb.com/db2 created +``` + +KubeDB operator will create the necessary PetSet, Service, and other resources. Let's wait for the DB2 instance to be ready: + +```bash +$ kubectl get db2 -n demo db2 -w +NAME VERSION STATUS AGE +db2 11.5.8.0 Running 2m ``` +Now, you can press `Ctrl+C` to stop the watch command. + ## Verify DB2 Database +Check that the DB2 instance is up and running: + ```bash -kubectl get db2 -n demo -kubectl describe db2 -n demo db2 +$ kubectl get db2 -n demo +NAME VERSION STATUS AGE +db2 11.5.8.0 Running 3m ``` -When `status.phase` becomes `Ready`, your DB2 database is ready to use. +To verify the database is ready, use `describe` command: + +```bash +$ kubectl describe db2 -n demo db2 +Name: db2 +Namespace: demo +Labels: +Annotations: +API Version: kubedb.com/v1alpha2 +Kind: DB2 +... +Spec: + Version: 11.5.8.0 + Storage Type: Durable + Deletion Policy: Delete + ... +Status: + Conditions: + Last Transition Time: 2025-01-09T12:05:51Z + Status: True + Type: Ready + Phase: Ready +``` + +When `status.phase` is `Ready`, your DB2 database is ready to use. + +## Check DB2 Pod + +Check that the DB2 pod is running: + +```bash +$ kubectl get pod -n demo +NAME READY STATUS RESTARTS AGE +db2-0 1/1 Running 0 3m +``` + +## Get Database Credentials + +Get the generated credentials for connecting to the DB2 database: + +```bash +$ kubectl get secret -n demo db2-auth -o jsonpath='{.data.username}' | base64 -d +db2inst1 + +$ kubectl get secret -n demo db2-auth -o jsonpath='{.data.password}' | base64 -d +your-generated-password +``` + +## Access the Database + +Let's access the DB2 database to verify it's working. First, port-forward the service: + +```bash +$ kubectl port-forward -n demo svc/db2 50000:50000 +Forwarding from 127.0.0.1:50000 -> 50000 +Forwarding from [::1]:50000 -> 50000 +``` + +Now you can connect to the database using a DB2 client. Here's an example using the DB2 command line: + +```bash +$ db2 connect to testdb user db2inst1 using +``` + +Or you can check the pod logs to verify database operations: + +```bash +$ kubectl logs -f -n demo db2-0 +``` + +## View Service & PVC + +Check the Service and PersistentVolumeClaim created by KubeDB: + +```bash +$ kubectl get svc -n demo +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +db2 ClusterIP 10.96.28.88 50000/TCP 3m +``` + +```bash +$ kubectl get pvc -n demo +NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE +db2-0 Bound pvc-a1b2c3d4-e5f6-47a8-9b0c-1d2e3f4g5h6i 10Gi RWO standard 3m +``` + +## Delete the Database + +To delete the DB2 database, use the following command: + +```bash +$ kubectl delete db2 -n demo db2 +db2.kubedb.com "db2" deleted +``` + +The PVC will also be deleted due to the `deletionPolicy: Delete` setting: + +```bash +$ kubectl get pvc -n demo +No resources found in demo namespace. +``` ## Cleaning up ```bash -kubectl delete db2 -n demo db2 -kubectl delete ns demo -``` \ No newline at end of file +$ kubectl delete namespace demo +namespace "demo" deleted +``` + +## Next Steps + +- Learn about the [DB2 CRD](/docs/guides/db2/concepts/db2.md). +- Learn about the [DB2Version CRD](/docs/guides/db2/concepts/catalog.md). +- Learn about [custom RBAC](/docs/guides/db2/custom-rbac/using-custom-rbac.md) for DB2. +- Learn about using [private registry](/docs/guides/db2/private-registry/using-private-registry.md) with DB2. +- Want to hack on KubeDB? Check our [contribution guidelines](/docs/CONTRIBUTING.md). diff --git a/docs/guides/db2/quickstart/rbac.md b/docs/guides/db2/quickstart/rbac.md index d59ed7a88..cb89922bc 100644 --- a/docs/guides/db2/quickstart/rbac.md +++ b/docs/guides/db2/quickstart/rbac.md @@ -14,29 +14,44 @@ section_menu_id: guides # RBAC Permissions for DB2 -When RBAC is enabled in your cluster, KubeDB automatically creates the necessary Role, ServiceAccount, and RoleBinding for each DB2 instance. This tutorial explains what permissions are granted and how to verify them. +When RBAC (Role-Based Access Control) is enabled in your Kubernetes cluster, KubeDB automatically creates the necessary Role, ServiceAccount, and RoleBinding for each DB2 instance. This ensures that the DB2 pods have only the permissions they need to function properly. + +This tutorial explains what permissions are granted and how to verify them. + +## Required Permissions Here is the list of additional permissions required by the PetSet of DB2: -| Kubernetes Resource | Resource Names | Permission required | -|---------------------|-------------------|---------------------| -| petsets | `{db2-name}` | get | -| pods | | list, patch | -| pods/exec | | create | -| db2s | | get | -| configmaps | `{db2-name}` | get, update, create | +| Kubernetes Resource | Resource Names | Permissions | +|---------------------|-------------------|-------------| +| petsets | `{db2-name}` | get | +| pods | | list, patch | +| pods/exec | | create | +| db2s | | get | +| configmaps | | create, get, update | + +These permissions allow the DB2 instance to: +- Access its own PetSet configuration +- List and modify pods for health checking and management +- Execute commands within pods for operational tasks +- Access its DB2 CRD configuration +- Manage configuration stored in ConfigMaps ## Before You Begin -- At first, you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). +At first, you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). -- Now, install KubeDB cli on your workstation and KubeDB operator in your cluster following the steps [here](/docs/setup/README.md). +Now, install KubeDB cli on your workstation and KubeDB operator in your cluster following the steps [here](/docs/setup/README.md). -- To keep things isolated, this tutorial uses a separate namespace called `demo` throughout this tutorial. +To keep things isolated, this tutorial uses a separate namespace called `demo` throughout this tutorial. ```bash $ kubectl create ns demo namespace/demo created + +$ kubectl get ns demo +NAME STATUS AGE +demo Active 5s ``` > Note: YAML files used in this tutorial are stored in [docs/examples/db2](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/db2) folder in GitHub repository [kubedb/docs](https://github.com/kubedb/docs). @@ -52,7 +67,7 @@ metadata: name: quick-db2 namespace: demo spec: - version: "11.5.9" + version: "11.5.8.0" storageType: Durable storage: storageClassName: "standard" @@ -60,7 +75,7 @@ spec: - ReadWriteOnce resources: requests: - storage: 1Gi + storage: 10Gi deletionPolicy: Delete ``` @@ -71,13 +86,40 @@ $ kubectl create -f https://github.com/kubedb/docs/raw/{{< param "info.version" db2.kubedb.com/quick-db2 created ``` -When this DB2 object is created, KubeDB operator creates Role, ServiceAccount and RoleBinding with the matching DB2 name and uses that ServiceAccount in the corresponding PetSet. +When this DB2 object is created, KubeDB operator automatically creates Role, ServiceAccount and RoleBinding with the matching DB2 name (`quick-db2`) and uses that ServiceAccount in the corresponding PetSet. + +Let's verify and see what KubeDB operator has created for additional RBAC permission. + +## Verify RBAC Resources + +### Verify ServiceAccount + +KubeDB operator creates a ServiceAccount object `quick-db2` in the same namespace as the DB2 object. + +```bash +$ kubectl get serviceaccount -n demo quick-db2 -o yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: quick-db2 + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: db2s.kubedb.com + name: quick-db2 + namespace: demo +``` + +This ServiceAccount is used in the PetSet created for the DB2 object. Verify it's being used: -Let's see what KubeDB operator has created for additional RBAC permission. +```bash +$ kubectl get petset -n demo quick-db2 -o jsonpath='{.spec.template.spec.serviceAccountName}' +quick-db2 +``` -### Role +### Verify Role -KubeDB operator creates a Role object `quick-db2` in same namespace as the DB2 object. +KubeDB operator creates a Role object `quick-db2` in the same namespace as the DB2 object: ```bash $ kubectl get role -n demo quick-db2 -o yaml @@ -132,29 +174,11 @@ rules: - update ``` -### ServiceAccount +This Role grants minimal permissions required for the DB2 instance to function properly. Note that permissions are scoped to the specific DB2 instance name (`quick-db2`). -KubeDB operator creates a ServiceAccount object `quick-db2` in same namespace as the DB2 object. +### Verify RoleBinding -```bash -$ kubectl get serviceaccount -n demo quick-db2 -o yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: database - app.kubernetes.io/instance: quick-db2 - app.kubernetes.io/managed-by: kubedb.com - app.kubernetes.io/name: db2s.kubedb.com - name: quick-db2 - namespace: demo -``` - -This ServiceAccount is used in the PetSet created for the DB2 object. - -### RoleBinding - -KubeDB operator creates a RoleBinding object `quick-db2` in same namespace as the DB2 object. +KubeDB operator creates a RoleBinding object `quick-db2` in the same namespace as the DB2 object: ```bash $ kubectl get rolebinding -n demo quick-db2 -o yaml @@ -178,15 +202,47 @@ subjects: namespace: demo ``` -This object binds Role `quick-db2` with ServiceAccount `quick-db2`. +This object binds the Role `quick-db2` with the ServiceAccount `quick-db2`, granting the defined permissions to the ServiceAccount. + +## Verify DB2 is Running + +Let's verify that the DB2 instance is running successfully with the created RBAC permissions: + +```bash +$ kubectl get db2 -n demo quick-db2 +NAME VERSION STATUS AGE +quick-db2 11.5.8.0 Running 3m +``` + +Check the pod is running: + +```bash +$ kubectl get pod -n demo quick-db2-0 +NAME READY STATUS RESTARTS AGE +quick-db2-0 1/1 Running 0 3m +``` + +## Custom RBAC + +If you want to use custom RBAC resources for your DB2 instance, you can specify a custom ServiceAccount. Please refer to the [Custom RBAC guide](/docs/guides/db2/custom-rbac/using-custom-rbac.md) for more details. ## Cleaning up To cleanup the Kubernetes resources created by this tutorial, run: ```bash -kubectl patch -n demo db2/quick-db2 -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" -kubectl delete -n demo db2/quick-db2 +$ kubectl patch -n demo db2/quick-db2 -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" +$ kubectl delete -n demo db2/quick-db2 -kubectl delete ns demo +$ kubectl delete ns demo ``` + +Note that when you delete the DB2 object, the associated ServiceAccount, Role, and RoleBinding are automatically deleted as they are owned by the DB2 object. + +## Next Steps + +- Learn how to [create custom RBAC resources](/docs/guides/db2/custom-rbac/using-custom-rbac.md) for DB2. +- Learn about [DB2 CRD](/docs/guides/db2/concepts/db2.md) and its configuration options. +- Learn about [DB2Version CRD](/docs/guides/db2/concepts/catalog.md) for specifying versions and images. +- Want to hack on KubeDB? Check our [contribution guidelines](/docs/CONTRIBUTING.md). + From 10e0d25aa3f0254ef3283a6f1efc1cbadfe4ee3b Mon Sep 17 00:00:00 2001 From: sabnaj Date: Mon, 11 May 2026 13:19:02 +0600 Subject: [PATCH 3/5] catalog modified Signed-off-by: sabnaj --- docs/guides/db2/concepts/db2.md | 14 -------------- docs/guides/db2/custom-rbac/using-custom-rbac.md | 10 ++++------ .../db2/private-registry/using-private-registry.md | 14 +++++++------- docs/guides/db2/quickstart/quickstart.md | 2 +- 4 files changed, 12 insertions(+), 28 deletions(-) diff --git a/docs/guides/db2/concepts/db2.md b/docs/guides/db2/concepts/db2.md index 203085add..be88442b1 100644 --- a/docs/guides/db2/concepts/db2.md +++ b/docs/guides/db2/concepts/db2.md @@ -90,11 +90,6 @@ spec: - name: db2 port: 50000 deletionPolicy: Delete - healthChecker: - periodSeconds: 10 - timeoutSeconds: 10 - failureThreshold: 3 - disableWriteCheck: false ``` ### spec.version @@ -233,15 +228,6 @@ KubeDB allows following fields to set in `spec.serviceTemplates`: When `deletionPolicy` is `DoNotTerminate`, KubeDB takes advantage of `ValidationWebhook` feature in Kubernetes to prevent deletion of the database as long as the policy is set to `DoNotTerminate`. -### spec.healthChecker - -`spec.healthChecker` defines the attributes for the health checker that monitors the DB2 instance. - -- `spec.healthChecker.periodSeconds` specifies how often to perform the health check (in seconds) -- `spec.healthChecker.timeoutSeconds` specifies the number of seconds after which the health check probe times out -- `spec.healthChecker.failureThreshold` specifies minimum consecutive failures for the health check to be considered failed -- `spec.healthChecker.disableWriteCheck` specifies whether to disable the write check or not - ## Next Steps - Learn how to use KubeDB to run DB2 [here](/docs/guides/db2/README.md). diff --git a/docs/guides/db2/custom-rbac/using-custom-rbac.md b/docs/guides/db2/custom-rbac/using-custom-rbac.md index 2efa54cc0..2105c1b42 100644 --- a/docs/guides/db2/custom-rbac/using-custom-rbac.md +++ b/docs/guides/db2/custom-rbac/using-custom-rbac.md @@ -61,7 +61,7 @@ $ kubectl get serviceaccount -n demo my-custom-serviceaccount -o yaml apiVersion: v1 kind: ServiceAccount metadata: - creationTimestamp: "2019-05-30T04:23:39Z" + creationTimestamp: "2026-05-30T04:23:39Z" name: my-custom-serviceaccount namespace: demo resourceVersion: "21657" @@ -142,7 +142,7 @@ $ kubectl get rolebinding -n demo my-custom-rolebinding -o yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - creationTimestamp: "2019-05-30T04:54:56Z" + creationTimestamp: "2026-05-30T04:54:56Z" name: my-custom-rolebinding namespace: demo resourceVersion: "23944" @@ -177,7 +177,7 @@ metadata: app.kubernetes.io/component: database app.kubernetes.io/instance: quick-db2 spec: - version: "11.5.9" + version: "11.5.8.0" storageType: Durable podTemplate: spec: @@ -290,7 +290,7 @@ metadata: app.kubernetes.io/component: database app.kubernetes.io/instance: second-db2 spec: - version: "11.5.9" + version: "11.5.8.0" storageType: Durable podTemplate: spec: @@ -343,7 +343,5 @@ kubectl delete ns demo If you would like to uninstall the KubeDB operator, please follow the steps [here](/docs/setup/README.md). ## Next Steps - -- Learn about initializing [DB2 with Script](/docs/guides/db2/initialization/script_source.md). - Want to hack on KubeDB? Check our [contribution guidelines](/docs/CONTRIBUTING.md). diff --git a/docs/guides/db2/private-registry/using-private-registry.md b/docs/guides/db2/private-registry/using-private-registry.md index fcff0ec91..35bd2916b 100644 --- a/docs/guides/db2/private-registry/using-private-registry.md +++ b/docs/guides/db2/private-registry/using-private-registry.md @@ -46,7 +46,7 @@ You have to push the required images from KubeDB's [Docker hub account](https:// ```bash $ kubectl get db2versions -o=custom-columns=NAME:.metadata.name,VERSION:.spec.version,DB_IMAGE:.spec.db.image,COORDINATOR_IMAGE:.spec.coordinator.image,DEPRECATED:.spec.deprecated NAME VERSION DB_IMAGE COORDINATOR_IMAGE DEPRECATED -11.5.9 11.5.9 kubedb/db2:11.5.9 ghcr.io/kubedb/db2-coordinator:v0.5.0-ubi +11.5.8.0 11.5.8.0 kubedb/db2:11.5.8.0 ghcr.io/kubedb/db2-coordinator:v0.5.0-ubi ``` Docker Hub repositories: @@ -93,9 +93,9 @@ Here is an example of DB2Version CRD. Replace `PRIVATE_REGISTRY` with your priva apiVersion: catalog.kubedb.com/v1alpha1 kind: DB2Version metadata: - name: "11.5.9" + name: "11.5.8.0" spec: - version: "11.5.9" + version: "11.5.8.0" db: image: PRIVATE_REGISTRY/db2:11.5.9 coordinator: @@ -115,7 +115,7 @@ Verify the DB2Version is created: ```bash $ kubectl get db2version NAME VERSION DB_IMAGE COORDINATOR_IMAGE DEPRECATED -11.5.9 11.5.9 PRIVATE_REGISTRY/db2:11.5.9 PRIVATE_REGISTRY/db2-coordinator:v0.5.0-ubi false +11.5.8.0 11.5.8.0 PRIVATE_REGISTRY/db2:11.5.8.0 PRIVATE_REGISTRY/db2-coordinator:v0.5.0-ubi false ``` ## Deploy DB2 from Private Registry @@ -131,7 +131,7 @@ metadata: name: pvt-reg-db2 namespace: demo spec: - version: "11.5.9" + version: "11.5.8.0" storageType: Durable storage: storageClassName: "standard" @@ -167,7 +167,7 @@ Wait for the DB2 instance to be ready: ```bash $ kubectl get db2 -n demo pvt-reg-db2 NAME VERSION STATUS AGE -pvt-reg-db2 11.5.9 Running 3m +pvt-reg-db2 11.5.8.0 Running 3m ``` Check the pod logs to verify the database is ready: @@ -194,7 +194,7 @@ To cleanup the Kubernetes resources created by this tutorial, run: $ kubectl patch -n demo db2/pvt-reg-db2 -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge" $ kubectl delete -n demo db2/pvt-reg-db2 -$ kubectl delete -n demo db2version 11.5.9 +$ kubectl delete -n demo db2version 11.5.8.0 $ kubectl delete secret -n demo myregistrykey diff --git a/docs/guides/db2/quickstart/quickstart.md b/docs/guides/db2/quickstart/quickstart.md index 96e3b4d77..7db0b8303 100644 --- a/docs/guides/db2/quickstart/quickstart.md +++ b/docs/guides/db2/quickstart/quickstart.md @@ -55,7 +55,7 @@ List all available DB2 versions that can be deployed with KubeDB: ```bash $ kubectl get db2versions NAME VERSION DB_IMAGE COORDINATOR_IMAGE DEPRECATED -11.5.9 11.5.8.0 kubedb/db2:11.5.8.0 ghcr.io/kubedb/db2-coordinator:... false +11.5.8.0 11.5.8.0 kubedb/db2:11.5.8.0 ghcr.io/kubedb/db2-coordinator:... false ``` ## Create a DB2 Database From d2fef3c2e44f0020e1384aca1d505865f2c14254 Mon Sep 17 00:00:00 2001 From: sabnaj Date: Mon, 11 May 2026 15:45:22 +0600 Subject: [PATCH 4/5] dockerhub repo Signed-off-by: sabnaj --- docs/guides/db2/private-registry/using-private-registry.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docs/guides/db2/private-registry/using-private-registry.md b/docs/guides/db2/private-registry/using-private-registry.md index 35bd2916b..763750aea 100644 --- a/docs/guides/db2/private-registry/using-private-registry.md +++ b/docs/guides/db2/private-registry/using-private-registry.md @@ -49,11 +49,6 @@ NAME VERSION DB_IMAGE COORDINATOR_IMAGE 11.5.8.0 11.5.8.0 kubedb/db2:11.5.8.0 ghcr.io/kubedb/db2-coordinator:v0.5.0-ubi ``` -Docker Hub repositories: - -- [kubedb/db2](https://hub.docker.com/r/kubedb/db2) -- [kubedb/db2-coordinator](https://github.com/orgs/kubedb/packages/container/db2-coordinator) - ## Create ImagePullSecret ImagePullSecrets is a type of a Kubernetes Secret whose sole purpose is to pull private images from a Docker registry. It allows you to specify the url of the docker registry, credentials for logging in and the image name of your private docker image. From 4246bc9a755da111e1f9a1932ed883550edf5e9c Mon Sep 17 00:00:00 2001 From: sabnaj Date: Tue, 12 May 2026 12:05:38 +0600 Subject: [PATCH 5/5] modified rbac role Signed-off-by: sabnaj --- .../db2/custom-rbac/using-custom-rbac.md | 82 ++++++------------- docs/guides/db2/quickstart/rbac.md | 55 +++---------- 2 files changed, 39 insertions(+), 98 deletions(-) diff --git a/docs/guides/db2/custom-rbac/using-custom-rbac.md b/docs/guides/db2/custom-rbac/using-custom-rbac.md index 2105c1b42..aa96fc269 100644 --- a/docs/guides/db2/custom-rbac/using-custom-rbac.md +++ b/docs/guides/db2/custom-rbac/using-custom-rbac.md @@ -78,7 +78,7 @@ $ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" > role.rbac.authorization.k8s.io/my-custom-role created ``` -Below is the YAML for the Role we just created. +Below is the YAML for the Role we just created. This role grants the minimum permissions needed for DB2 coordinator health checking. ```yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -87,46 +87,24 @@ metadata: name: my-custom-role namespace: demo rules: -- apiGroups: - - apps - resourceNames: - - quick-db2 - resources: - - petsets - verbs: - - get -- apiGroups: - - kubedb.com - resourceNames: - - quick-db2 - resources: - - db2s - verbs: - - get - apiGroups: - "" resources: - pods verbs: + - get - list - - patch - apiGroups: - "" resources: - pods/exec verbs: - create -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - update ``` -Please note that resourceName `quick-db2` is unique to `quick-db2` DB2 instance. Another database `quick-db2-2`, for example, will require the resourceName to be `quick-db2-2`. +These permissions allow the DB2 coordinator to: +- **pods (get, list)**: Monitor pod status and list pods for health checking +- **pods/exec (create)**: Execute health check commands within the pod Now create a `RoleBinding` to bind this `Role` with the already created service account. @@ -201,7 +179,14 @@ NAME READY STATUS RESTARTS AGE quick-db2-0 1/1 Running 0 3m ``` -Check the pod's log to see if the database is ready +Check the pod's log to see if the database is ready: + +```bash +$ kubectl logs -f -n demo quick-db2-0 +2026-05-30 04:25:31.456 UTC [1] LOG: starting DB2 +2026-05-30 04:25:31.789 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 50000 +2026-05-30 04:25:32.123 UTC [1] LOG: database system is ready to accept connections +``` Once we see `database system is ready to accept connections` in the log, the database is ready. @@ -216,7 +201,7 @@ $ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" > role.rbac.authorization.k8s.io/my-custom-role-two created ``` -Below is the YAML for the Role we just created. +Below is the YAML for the Role we just created. This role grants the minimum permissions needed for the second DB2 instance. ```yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -225,43 +210,19 @@ metadata: name: my-custom-role-two namespace: demo rules: -- apiGroups: - - apps - resourceNames: - - second-db2 - resources: - - petsets - verbs: - - get -- apiGroups: - - kubedb.com - resourceNames: - - second-db2 - resources: - - db2s - verbs: - - get - apiGroups: - "" resources: - pods verbs: + - get - list - - patch - apiGroups: - "" resources: - pods/exec verbs: - create -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - update ``` Now create a `RoleBinding` to bind `my-custom-role-two` with the already created `my-custom-serviceaccount`. @@ -314,7 +275,14 @@ NAME READY STATUS RESTARTS AGE second-db2-0 1/1 Running 0 3m ``` -Check the pod's log to see if the database is ready +Check the pod's log to see if the database is ready: + +```bash +$ kubectl logs -f -n demo second-db2-0 +2026-05-30 04:30:15.456 UTC [1] LOG: starting DB2 +2026-05-30 04:30:15.789 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 50000 +2026-05-30 04:30:16.123 UTC [1] LOG: database system is ready to accept connections +``` `database system is ready to accept connections` in the log signifies that the database is running successfully. @@ -343,5 +311,9 @@ kubectl delete ns demo If you would like to uninstall the KubeDB operator, please follow the steps [here](/docs/setup/README.md). ## Next Steps + +- Learn about [DB2 CRD](/docs/guides/db2/concepts/db2.md). +- Learn about [DB2Version CRD](/docs/guides/db2/concepts/catalog.md). +- Learn about [using private registries](/docs/guides/db2/private-registry/using-private-registry.md). - Want to hack on KubeDB? Check our [contribution guidelines](/docs/CONTRIBUTING.md). diff --git a/docs/guides/db2/quickstart/rbac.md b/docs/guides/db2/quickstart/rbac.md index cb89922bc..bc6f74e6b 100644 --- a/docs/guides/db2/quickstart/rbac.md +++ b/docs/guides/db2/quickstart/rbac.md @@ -20,22 +20,16 @@ This tutorial explains what permissions are granted and how to verify them. ## Required Permissions -Here is the list of additional permissions required by the PetSet of DB2: - -| Kubernetes Resource | Resource Names | Permissions | -|---------------------|-------------------|-------------| -| petsets | `{db2-name}` | get | -| pods | | list, patch | -| pods/exec | | create | -| db2s | | get | -| configmaps | | create, get, update | - -These permissions allow the DB2 instance to: -- Access its own PetSet configuration -- List and modify pods for health checking and management -- Execute commands within pods for operational tasks -- Access its DB2 CRD configuration -- Manage configuration stored in ConfigMaps +Here is the list of permissions required by the DB2 coordinator for health checking and monitoring: + +| Kubernetes Resource | Permissions | +|---------------------|-----------------| +| pods | get, list | +| pods/exec | create | + +These permissions allow the DB2 coordinator to: +- **pods (get, list)**: Monitor pod status and list pods in the namespace +- **pods/exec (create)**: Execute health check commands within the pod ## Before You Begin @@ -134,22 +128,6 @@ metadata: name: quick-db2 namespace: demo rules: -- apiGroups: - - apps - resourceNames: - - quick-db2 - resources: - - petsets - verbs: - - get -- apiGroups: - - kubedb.com - resourceNames: - - quick-db2 - resources: - - db2s - verbs: - - get - apiGroups: - "" resources: @@ -157,24 +135,15 @@ rules: verbs: - get - list - - patch - apiGroups: - "" resources: - pods/exec verbs: - create -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - update ``` -This Role grants minimal permissions required for the DB2 instance to function properly. Note that permissions are scoped to the specific DB2 instance name (`quick-db2`). +This Role grants the minimum permissions required for the DB2 coordinator to monitor the database health and execute health check commands within the pod. ### Verify RoleBinding @@ -202,7 +171,7 @@ subjects: namespace: demo ``` -This object binds the Role `quick-db2` with the ServiceAccount `quick-db2`, granting the defined permissions to the ServiceAccount. +This object binds the Role `quick-db2` with the ServiceAccount `quick-db2`, granting the coordinator the necessary permissions to perform health checks. ## Verify DB2 is Running