oracle / oci-service-broker Goto Github PK

Oracle Cloud Infrastructure Service Broker is an open source implementation of Open service broker API Spec for OCI services. Customers can use this implementation to install Open Service Broker in Oracle Container Engine for Kubernetes or in other Kubernetes clusters.

License: Universal Permissive License v1.0

Dockerfile 0.22% Shell 4.40% Java 95.16% Mustache 0.23%

kubernetes kubernetes-clusters oracle-cloud-infrastructure osbapi service-broker oci-service-broker autonomous-database helm-chart

oci-service-broker's Introduction

OCI Service Broker

Introduction

The OCI Service Broker is an open source implementation of Open service broker API Spec for OCI services. Customers can use this implementation to install Open Service Broker in Oracle Container Engine for Kubernetes or in other Kubernetes clusters. This implementation is targeted to achieve:

Easy installation.
Easy extension.
Provide OOTB implementations for common OCI services.
OCI Service Broker Installation.

Services Supported

Installation

See the Installation instructions for detailed installation and configuration of OCI Service Broker.

Documentation

See the Documentation for complete details on installation, security and service related configurations of OCI Service Broker.

Charts

The OCI Service Broker is packaged as Helm chart for making it easy to install in Kubernetes Clusters. The chart can be downloaded from below URL.

https://github.com/oracle/oci-service-broker/releases/download/v1.6.0/oci-service-broker-1.6.0.tgz

Samples

Samples for creating Service Instances and Bindings using oci-service-broker, can be found here.

Troubleshooting

You can use the diagnostics tool to help identify the common issues in the installation.

Also see Troubleshooting document for details on debugging common and known issues.

Changes

See CHANGELOG.

Contributing

This project welcomes contributions from the community. Before submitting a pull request, please review our contribution guide

Security

Please consult the security guide for our responsible security vulnerability disclosure process

License

This software is available under the Universal Permissive License v 1.0

See LICENSE.txt for more details.

oci-service-broker's People

Contributors

Stargazers

Watchers

oci-service-broker's Issues

Broken link

The installation instructions use this broken link: https://svc-catalog-charts.storage.googleapis.com. I get an "access denied" error message.

I guess helm repo add svc-cat https://kubernetes-sigs.github.io/service-catalog is the right link?

OSS Stream service instance/binding should support Stream Pool OCID

Depending on connection details, there are situations (such as kafka compatibility) where the provisioned Stream serviceinstance requires a known stream pool identifier. Therefore, two possible requirements:

Support a streamPoolId parameter in oss-service plan for kind: ServiceInstance
Provide a streamPoolId property in the associative ServiceBinding for oss-service type service instances.

Not able to interrupt/cancel ATP provisioning

In some cases when ATP provisioning takes longer than expected - we may want to cancel the current request and retry again by changing parameters or region etc.
Or we may simply want to defer the creation of ATP.
Or for the cases where we might have passed in incorrect parameters (for example incorrect password or say incorrect cpuCount) - we want to cancel the request.

Currently it does not seems possible - once perform a Create on ServiceInstance for ATP - a delete is effective only after that ATP has been configured. This is costly for cases as described above and similar to OCI console - one should be able to Terminate a still provisioning ATP instance using the broker.

Can not download oci-service-broker-1.3.2.tgz

In the readme, there is this step:

curl https://github.com/oracle/oci-service-broker/releases/download/v1.3.2/oci-service-broker-1.3.2.tgz | tar xz

It should be

curl -L https://github.com/oracle/oci-service-broker/releases/download/v1.3.2/oci-service-broker-1.3.2.tgz | tar xz

Incorrect preAuthAccessUri in object-store-service binding - hostname part is missing

after creating an object store bucket, the object-store-service binding returns following data in the corresponding secret:

preAuthAccessUri: L3AvYnViR2s3UW10NmNtdHVjMDN1OWNGTzI1ZkhJLV90Ul93dHduR3BnQXh0QS9uL29yYXNlZW1lYWRlc2FuZGJveC9iL3Rlc3RidWNrZXQvby8=

which after base64 decoding gives: /p/bubGk7Qmt6cmtuc03u9cFO25fHI-_tR_wtwnGpgAxtA/n/oraseemeadesandbox/b/testbucket/o/

The expected prefix of, in my case, "https://objectstorage.ap-seoul-1.oraclecloud.com" is missing

I testefd this with oci-service-broker 1.3.1

issue when using TLS auth on external etcd

Caused by: java.lang.RuntimeException: java.lang.IllegalArgumentException: Input stream does not contain valid certificates.
	at com.oracle.oci.osb.store.EtcdStore.<init>(EtcdStore.java:93)
	at com.oracle.oci.osb.store.DataStoreFactory.createDataStore(DataStoreFactory.java:38)
	at com.oracle.oci.osb.store.DataStoreFactory.<clinit>(DataStoreFactory.java:13)
	... 53 more
Caused by: java.lang.IllegalArgumentException: Input stream does not contain valid certificates.
	at io.netty.handler.ssl.SslContextBuilder.trustManager(SslContextBuilder.java:195)
	at com.oracle.oci.osb.store.EtcdStore.<init>(EtcdStore.java:78)

My cert is valid, I can use it manually directly with etcdctl but it fails in the java code.

An idea what could be wrong?

Full trace:

+ TAGS=
+ init --port 9998 --privatekey /var/run/oci-service-broker/privatekey --tlsEnabled false --log.configfile /oci-service-broker/config/jul-config.properties --logLevel INFO --ociSdkLogLevel INFO --jvmProps '' --storeType etcd --apiServerCaCerts /var/run/secrets/kubernetes.io/serviceaccount/ca.crt --etcd.servers https://etcd-0.etcd-headless.oci-service-broker.svc.cluster.local:2379,https://etcd-1.etcd-headless.oci-service-broker.svc.cluster.local:2379,https://etcd-2.etcd-headless.oci-service-broker.svc.cluster.local:2379 --etcd.client.tls.enabled true
+ ((  22 > 0  ))
+ case "${1}" in
+ PORT=9998
+ shift
+ shift
+ ((  20 > 0  ))
+ case "${1}" in
+ PRIVATEKEY=/var/run/oci-service-broker/privatekey
+ shift
+ shift
+ ((  18 > 0  ))
+ case "${1}" in
+ TLS_ENABLED=false
+ shift
+ shift
+ ((  16 > 0  ))
+ case "${1}" in
+ LOG_CONFIG_FILE=/oci-service-broker/config/jul-config.properties
+ shift
+ shift
+ ((  14 > 0  ))
+ case "${1}" in
+ LOG_LEVEL=INFO
+ shift
+ shift
+ ((  12 > 0  ))
+ case "${1}" in
+ OCI_SDK_LOG_LEVEL=INFO
+ shift
+ shift
+ ((  10 > 0  ))
+ case "${1}" in
+ JVM_PROPS=
+ shift
+ shift
+ ((  8 > 0  ))
+ case "${1}" in
+ STORE_TYPE=etcd
+ shift
+ shift
+ ((  6 > 0  ))
+ case "${1}" in
+ API_SERVER_CA_CERTS=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ shift
+ shift
+ ((  4 > 0  ))
+ case "${1}" in
+ ETCD_SERVERS=https://etcd-0.etcd-headless.oci-service-broker.svc.cluster.local:2379,https://etcd-1.etcd-headless.oci-service-broker.svc.cluster.local:2379,https://etcd-2.etcd-headless.oci-service-broker.svc.cluster.local:2379
+ shift
+ shift
+ ((  2 > 0  ))
+ case "${1}" in
+ ETCD_CLIENT_TLS_ENABLED=true
+ shift
+ shift
+ ((  0 > 0  ))
+ export LD_LIBRARY_PATH=/openssl/lib
+ LD_LIBRARY_PATH=/openssl/lib
+ '[' false = true ']'
+ LIB_DIR=/oci-service-broker/lib
+ ls /oci-service-broker/lib/oci-java-sdk-full-1.22.1.jar
+ [[ true == \t\r\u\e ]]
+ [[ -f /oci-service-broker/etcdTlsSecret/etcd-client-ca.crt ]]
+ ETCD_CA_PATH=/oci-service-broker/etcdTlsSecret/etcd-client-ca.crt
+ [[ -f /oci-service-broker/etcdTlsSecret/etcd-client.crt ]]
+ ETCD_CRT_PATH=/oci-service-broker/etcdTlsSecret/etcd-client.crt
+ [[ -f /oci-service-broker/etcdTlsSecret/etcd-client.key ]]
+ ETCD_KEY_PATH=/oci-service-broker/etcdTlsSecret/etcd-client.key
+ exec java -cp '/oci-service-broker/lib/*' -Dport=9998 -Dtenancy=ocid1.tenancy.oc1..xxx -Dfingerprint=xxx -Duser=ocid1.user.oc1..xxx -Dpassphrase= -Dprivatekey=/var/run/oci-service-broker/privatekey -DregionId=us-ashburn-1 -Djava.util.logging.config.file=/oci-service-broker/config/jul-config.properties -DlogLevel=INFO -Dorg.slf4j.simpleLogger.defaultLogLevel=INFO -Dio.netty.noUnsafe=true -DapiServerCaCert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt -DtlsEnabled=false -DstoreType=etcd -Detcd.servers=https://etcd-0.etcd-headless.oci-service-broker.svc.cluster.local:2379,https://etcd-1.etcd-headless.oci-service-broker.svc.cluster.local:2379,https://etcd-2.etcd-headless.oci-service-broker.svc.cluster.local:2379 -DetcdTlsEnabled=true -DCAPath=/oci-service-broker/etcdTlsSecret/etcd-client-ca.crt -DetcdClientCert=/oci-service-broker/etcdTlsSecret/etcd-client.crt -DetcdClientKey=/oci-service-broker/etcdTlsSecret/etcd-client.key -Dk8sApiTokenFile=/var/run/secrets/kubernetes.io/serviceaccount/token -Djdk.tls.client.protocols=TLSv1.2 com.oracle.oci.osb.Broker
2020-12-18 00:23:48.815|INFO|com.oracle.oci.osb.Broker|Initializing Logger.. 
2020-12-18 00:23:48.834|INFO|com.oracle.oci.osb.Broker|Starting OCI Service Broker... 
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
2020-12-18 00:23:52.907|WARNING|com.oracle.oci.osb.Broker|Insecure configuration found. TLS is not enabled. It is highly recommended to enable TLS. 
2020-12-18 00:23:53.584|INFO|com.oracle.oci.osb.Broker|Started OCI Service Broker: listening in port 9998 
2020-12-18 00:24:00.640|WARNING|org.glassfish.jersey.internal.Errors|The following warnings have been detected: WARNING: Unknown HK2 failure detected:
MultiException stack 1 of 2
java.lang.ExceptionInInitializerError
	at com.oracle.oci.osb.api.OSBV2API.<init>(OSBV2API.java:156)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
	at org.glassfish.hk2.utilities.reflection.ReflectionHelper.makeMe(ReflectionHelper.java:1375)
	at org.jvnet.hk2.internal.ClazzCreator.createMe(ClazzCreator.java:272)
	at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:366)
	at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:487)
	at org.jvnet.hk2.internal.SingletonContext$1.compute(SingletonContext.java:83)
	at org.jvnet.hk2.internal.SingletonContext$1.compute(SingletonContext.java:71)
	at org.glassfish.hk2.utilities.cache.Cache$OriginThreadAwareFuture$1.call(Cache.java:97)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at org.glassfish.hk2.utilities.cache.Cache$OriginThreadAwareFuture.run(Cache.java:154)
	at org.glassfish.hk2.utilities.cache.Cache.compute(Cache.java:199)
	at org.jvnet.hk2.internal.SingletonContext.findOrCreate(SingletonContext.java:122)
	at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2126)
	at org.jvnet.hk2.internal.ServiceLocatorImpl.internalGetService(ServiceLocatorImpl.java:777)
	at org.jvnet.hk2.internal.ServiceLocatorImpl.internalGetService(ServiceLocatorImpl.java:740)
	at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:710)
	at org.glassfish.jersey.inject.hk2.AbstractHk2InjectionManager.getInstance(AbstractHk2InjectionManager.java:184)
	at org.glassfish.jersey.inject.hk2.ImmediateHk2InjectionManager.getInstance(ImmediateHk2InjectionManager.java:54)
	at org.glassfish.jersey.internal.inject.Injections.getOrCreate(Injections.java:129)
	at org.glassfish.jersey.server.model.MethodHandler$ClassBasedMethodHandler.getInstance(MethodHandler.java:284)
	at org.glassfish.jersey.server.internal.routing.PushMethodHandlerRouter.apply(PushMethodHandlerRouter.java:75)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:110)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:113)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:113)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:113)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:113)
	at org.glassfish.jersey.server.internal.routing.RoutingStage.apply(RoutingStage.java:93)
	at org.glassfish.jersey.server.internal.routing.RoutingStage.apply(RoutingStage.java:62)
	at org.glassfish.jersey.process.internal.Stages.process(Stages.java:197)
	at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:269)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:268)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:316)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:298)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:268)
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
	at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
	at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
	at org.glassfish.jersey.jdkhttp.JdkHttpHandlerContainer.handle(JdkHttpHandlerContainer.java:159)
	at jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77)
	at jdk.httpserver/sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:82)
	at jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:80)
	at jdk.httpserver/sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:692)
	at jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77)
	at jdk.httpserver/sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:664)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:835)
Caused by: java.lang.RuntimeException: java.lang.IllegalArgumentException: Input stream does not contain valid certificates.
	at com.oracle.oci.osb.store.EtcdStore.<init>(EtcdStore.java:93)
	at com.oracle.oci.osb.store.DataStoreFactory.createDataStore(DataStoreFactory.java:38)
	at com.oracle.oci.osb.store.DataStoreFactory.<clinit>(DataStoreFactory.java:13)
	... 53 more
Caused by: java.lang.IllegalArgumentException: Input stream does not contain valid certificates.
	at io.netty.handler.ssl.SslContextBuilder.trustManager(SslContextBuilder.java:195)
	at com.oracle.oci.osb.store.EtcdStore.<init>(EtcdStore.java:78)
	... 55 more
Caused by: io.netty.util.IllegalReferenceCountException: refCnt: 0, decrement: 1
	at io.netty.buffer.AbstractReferenceCountedByteBuf.release0(AbstractReferenceCountedByteBuf.java:124)
	at io.netty.buffer.AbstractReferenceCountedByteBuf.release(AbstractReferenceCountedByteBuf.java:107)
	at io.netty.buffer.AbstractDerivedByteBuf.release0(AbstractDerivedByteBuf.java:89)
	at io.netty.buffer.AbstractDerivedByteBuf.release(AbstractDerivedByteBuf.java:85)
	at io.netty.handler.ssl.SslContext.getCertificatesFromBuffers(SslContext.java:1102)
	at io.netty.handler.ssl.SslContext.toX509Certificates(SslContext.java:1078)
	at io.netty.handler.ssl.SslContextBuilder.trustManager(SslContextBuilder.java:193)
	... 56 more
MultiException stack 2 of 2
java.lang.IllegalStateException: Unable to perform operation: create on com.oracle.oci.osb.api.OSBV2API
	at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:393)
	at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:487)
	at org.jvnet.hk2.internal.SingletonContext$1.compute(SingletonContext.java:83)
	at org.jvnet.hk2.internal.SingletonContext$1.compute(SingletonContext.java:71)
	at org.glassfish.hk2.utilities.cache.Cache$OriginThreadAwareFuture$1.call(Cache.java:97)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at org.glassfish.hk2.utilities.cache.Cache$OriginThreadAwareFuture.run(Cache.java:154)
	at org.glassfish.hk2.utilities.cache.Cache.compute(Cache.java:199)
	at org.jvnet.hk2.internal.SingletonContext.findOrCreate(SingletonContext.java:122)
	at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2126)
	at org.jvnet.hk2.internal.ServiceLocatorImpl.internalGetService(ServiceLocatorImpl.java:777)
	at org.jvnet.hk2.internal.ServiceLocatorImpl.internalGetService(ServiceLocatorImpl.java:740)
	at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:710)
	at org.glassfish.jersey.inject.hk2.AbstractHk2InjectionManager.getInstance(AbstractHk2InjectionManager.java:184)
	at org.glassfish.jersey.inject.hk2.ImmediateHk2InjectionManager.getInstance(ImmediateHk2InjectionManager.java:54)
	at org.glassfish.jersey.internal.inject.Injections.getOrCreate(Injections.java:129)
	at org.glassfish.jersey.server.model.MethodHandler$ClassBasedMethodHandler.getInstance(MethodHandler.java:284)
	at org.glassfish.jersey.server.internal.routing.PushMethodHandlerRouter.apply(PushMethodHandlerRouter.java:75)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:110)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:113)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:113)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:113)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:113)
	at org.glassfish.jersey.server.internal.routing.RoutingStage.apply(RoutingStage.java:93)
	at org.glassfish.jersey.server.internal.routing.RoutingStage.apply(RoutingStage.java:62)
	at org.glassfish.jersey.process.internal.Stages.process(Stages.java:197)
	at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:269)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:268)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:316)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:298)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:268)
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
	at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
	at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
	at org.glassfish.jersey.jdkhttp.JdkHttpHandlerContainer.handle(JdkHttpHandlerContainer.java:159)
	at jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77)
	at jdk.httpserver/sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:82)
	at jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:80)
	at jdk.httpserver/sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:692)
	at jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77)
	at jdk.httpserver/sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:664)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:835)

Namespace configuration is not clear

In the step to install the service broker, there is :

kubectl create -f oci-service-broker/samples/oci-service-broker.yaml

The file contains a
url: http://oci-service-broker.<NAMESPACE_OF_OCI_SERVICE_BROKER>:8080

It works for me only with
url: http://oci-service-broker:8080

It took me a huge time to get it working. I think:

or the file oci-service-broker.yaml should not contain <NAMESPACE_OF_OCI_SERVICE_BROKER>
or there should be a explanation about using namespace with the service broker
or probably both

Service Catalog was retired from kubernetes-sigs

link is broken https://kubernetes-sigs.github.io/service-catalog
and I cannot find a replacement for the chart repo

So we now need to git clone the retired repo and install from source.

Failed to download "charts/oci-service-broker/."

When I try to install Service Broker and in Quick Setup I execute the command:
helm install --devel charts/oci-service-broker/. --name oci-service-broker --set ociCredentials.secretName=ocicredentials --set storage.etcd.useEmbedded=true --set tls.enabled=false
I get an error:
Error: failed to download "charts/oci-service-broker/." (hint: running helm repo update may help)
But helm repo update didn't help, I still get the same error.
What could be the reason?

fail to install broker unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "Deployment" in version "extensions/v1beta1

hi
I m trying to install the broker but i m getting this error
in the code below you can see the helm, svcat, kubectl version
I m using the https://github.com/oracle/oci-service-broker/blob/master/charts/oci-service-broker/docs/installation.md
and the issue is coming from the the Quick setup guide :
Quick Setup
any hints for this error ?

helm install oci-service-broker https://github.com/oracle/oci-service-broker/releases/download/v1.4.0/oci-service-broker-1.4.0.tgz \
>   --set ociCredentials.secretName=ocicredentials \
>   --set storage.etcd.useEmbedded=true \
>   --set tls.enabled=false
Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "Deployment" in version "extensions/v1beta1"
(base) [oracle@localhost .ssh]$ helm version
version.BuildInfo{Version:"v3.2.4", GitCommit:"0ad800ef43d3b826f31a5ad8dfbb4fe05d143688", GitTreeState:"clean", GoVersion:"go1.13.12"}
(base) [oracle@localhost .ssh]$ svcat version
Client Version: v0.3.0
Server Version: v1.16.8
(base) [oracle@localhost .ssh]$ kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.2", GitCommit:"52c56ce7a8272c798dbc29846288d7cd9fbae032", GitTreeState:"clean", BuildDate:"2020-04-16T11:56:40Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.8", GitCommit:"fdba62c353cc548995bbe730321f64176e4f6e4b", GitTreeState:"clean", BuildDate:"2020-04-08T18:15:19Z", GoVersion:"go1.13.8 BoringCrypto", Compiler:"gc", Platform:"linux/amd64"}
(base) [oracle@localhost .ssh]$

Creation of stream instances does not work

The creation of streams instances does not work. The OSB outputs in its log:
java.net.UnknownHostException: streams.ap-seoul-1.streaming.oci.oraclecloud.com

Obviously, the Streams API Endpoint can't be resolved.

I tested this with OSB 1.3.0 and 1.3.1

Error building OCI Service Broker Image from the Source

Hi All,

Following the documentation to build a new OCI Service Broker image from source, I encounter the following error:

[opc@instance]$ gradle -b build.gradle clean build docker -x spotbugsMain

FAILURE: Build completed with 2 failures.

1: Task failed with an exception.
-----------
* Where:
Build file '/tmp/oci-service-broker/oci-service-broker/build.gradle' line: 110

* What went wrong:
A problem occurred evaluating root project 'oci-service-broker'.
> Could not create task ':spotbugsMain'.
   > Could not create task of type 'SpotBugsTask'.
      > Could not create an instance of type com.github.spotbugs.internal.SpotBugsReportsImpl.
         > org.gradle.api.reporting.internal.TaskReportContainer.<init>(Ljava/lang/Class;Lorg/gradle/api/Task;)V

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
==============================================================================

2: Task failed with an exception.
-----------
* What went wrong:
A problem occurred configuring root project 'oci-service-broker'.
> Failed to notify project evaluation listener.
   > Could not create task ':spotbugsTest'.
      > Could not create task of type 'SpotBugsTask'.
         > Could not create an instance of type com.github.spotbugs.internal.SpotBugsReportsImpl.
            > org.gradle.api.reporting.internal.TaskReportContainer.<init>(Ljava/lang/Class;Lorg/gradle/api/Task;)V
   > name is a required docker configuration item.

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
==============================================================================

* Get more help at https://help.gradle.org

Deprecated Gradle features were used in this build, making it incompatible with Gradle 7.0.
Use '--warning-mode all' to show the individual deprecation warnings.
See https://docs.gradle.org/6.5.1/userguide/command_line_interface.html#sec:command_line_warnings

BUILD FAILED in 1s

Steps performed are as follows:

Clone the oci-service-broker source code.
Run following commands to build the Docker Image for OCI Service Broker:

cd oci-service-broker/oci-service-broker

#The OCI Service Broker internally uses [oci-java-sdk](https://github.com/oracle/oci-java-sdk) to manage OCI services. But they are not published to any public maven repositories yet. In order to build the project, users are required to download oci-java-sdk archive file and add the dependent libraries to libs directory of oci-service-broker. Below command will download the required libraries and add to the libs directory.

bash download_SDK_libs.sh

#Gradle is the build tool used in OCI Service Broker. Please execute the below command to compile, build and generate a docker image.

gradle -b build.gradle clean build docker -x spotbugsMain

Per the above sample, have attempted to include the argument -x spotbugsMain.

Java build 1.8.0_212-b31
Gradle 6.5.1

Any advice appreciated!

OSB should use stream.getLifecycleState to filter Deleted stream

In src/main/java/com/oracle/oci/osb/adapters/oss/OSSServiceAdapter.java, line 99, where it is handling conflict, there should be one more filter condition "!item. getLifecycleState().equals(Stream.LifecycleState.Deleted)" to filter delete OSS streams.

Warning prompted by TLS versions issue

This warning is rendered in the logs in jdk 11 onward, with some fixes in 11.0.7 and 14.0.2 apparently but still showing here.

WARNING|com.oracle.oci.osb.api.OSBV2API|Exception occurred while getting cluster id for OKE 
javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
	at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:284)
	at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:278)
	at org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$0(JerseyInvocation.java:753)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:316)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:298)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:229)
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:414)
	at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:752)
	at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:419)
	at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:319)
	at com.oracle.oci.osb.api.OSBV2API.<clinit>(OSBV2API.java:113)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
	at org.glassfish.hk2.utilities.reflection.ReflectionHelper.makeMe(ReflectionHelper.java:1375)
	at org.jvnet.hk2.internal.ClazzCreator.createMe(ClazzCreator.java:272)
	at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:366)
	at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:487)
	at org.jvnet.hk2.internal.SingletonContext$1.compute(SingletonContext.java:83)
	at org.jvnet.hk2.internal.SingletonContext$1.compute(SingletonContext.java:71)
	at org.glassfish.hk2.utilities.cache.Cache$OriginThreadAwareFuture$1.call(Cache.java:97)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at org.glassfish.hk2.utilities.cache.Cache$OriginThreadAwareFuture.run(Cache.java:154)
	at org.glassfish.hk2.utilities.cache.Cache.compute(Cache.java:199)
	at org.jvnet.hk2.internal.SingletonContext.findOrCreate(SingletonContext.java:122)
	at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2126)
	at org.jvnet.hk2.internal.ServiceLocatorImpl.internalGetService(ServiceLocatorImpl.java:777)
	at org.jvnet.hk2.internal.ServiceLocatorImpl.internalGetService(ServiceLocatorImpl.java:740)
	at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:710)
	at org.glassfish.jersey.inject.hk2.AbstractHk2InjectionManager.getInstance(AbstractHk2InjectionManager.java:184)
	at org.glassfish.jersey.inject.hk2.ImmediateHk2InjectionManager.getInstance(ImmediateHk2InjectionManager.java:54)
	at org.glassfish.jersey.internal.inject.Injections.getOrCreate(Injections.java:129)
	at org.glassfish.jersey.server.model.MethodHandler$ClassBasedMethodHandler.getInstance(MethodHandler.java:284)
	at org.glassfish.jersey.server.internal.routing.PushMethodHandlerRouter.apply(PushMethodHandlerRouter.java:75)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:110)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:113)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:113)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:113)
	at org.glassfish.jersey.server.internal.routing.RoutingStage._apply(RoutingStage.java:113)
	at org.glassfish.jersey.server.internal.routing.RoutingStage.apply(RoutingStage.java:93)
	at org.glassfish.jersey.server.internal.routing.RoutingStage.apply(RoutingStage.java:62)
	at org.glassfish.jersey.process.internal.Stages.process(Stages.java:197)
	at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:269)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:268)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:316)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:298)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:268)
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
	at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
	at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
	at org.glassfish.jersey.jdkhttp.JdkHttpHandlerContainer.handle(JdkHttpHandlerContainer.java:159)
	at jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77)
	at jdk.httpserver/sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:82)
	at jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:80)
	at jdk.httpserver/sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:692)
	at jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77)
	at jdk.httpserver/sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:664)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:835)
Caused by: javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:254)
	at java.base/sun.security.ssl.SSLExtensions.<init>(SSLExtensions.java:90)
	at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestMessage.<init>(CertificateRequest.java:800)
	at java.base/sun.security.ssl.CertificateRequest$T13CertificateRequestConsumer.consume(CertificateRequest.java:904)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:441)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:419)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1180)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1091)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
	at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1581)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1509)
	at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527)
	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:330)
	at org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:390)
	at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:282)
	... 62 more

Fix:

need to add
-Djdk.tls.client.protocols=TLSv1.2 to the JVM args

Add support for Autonomous JSON Database

Hi!

This week the Autonomous JSON Database went live:
https://blogs.oracle.com/jsondb/autonomous-json-database

It is a new workload type AJD that can be specified in addition to ATP and ADW.

Could you please add support for this workload type in the service broker?

Thanks,
Josh

Possibility to use instance/resource principal?

Is there a way to use this with instance principal (or even resource principal) instead of a user?

The code seems to only consider the 'user' use case. Being on k8s, it would make sense to be able to use resource principal.

OSB does not support updating admin password for ATP

We can update the password for atp in ServiceInstance parameters in k8s but that is not propagated till OCI to actually update the password for the ATP database. We can update the admin password from OCI console - and same should be supported when ATP instance is created using OSB - or please let know if there is any specific reason that this feature has been left out.

I can see in

oci-service-broker/oci-service-broker/src/main/java/com/oracle/oci/osb/adapters/adb/AutonomousDatabaseAdapter.java

Line 299 in f5bd5ce

String name = RequestUtil.getStringParameter(params, REQ_PARAM_NAME, false);

that we do not read password from the update request - even when we can update the password on corresponding ServiceInstance itself
I can also see that in AutonomousDatabaseOCIClient.update - we check for existing values on the AutonomousDatabase instance and it does not expose getPassword and therefore there is not a way to check if password supplied is changed or not. But the UpdateAutonomousDatabaseDetails.Builder does support adding a new admin password and therefore I would assume it should be supported?

Unknown field "fsGroup"

When I try to install Service Broker and in Quick Setup I execute the command:
helm install --devel charts/oci-service-broker/. --name oci-service-broker --set ociCredentials.secretName=ocicredentials --set storage.etcd.useEmbedded=true --set tls.enabled=false
I get an error:
Error: validation failed: error validating "": error validating data: ValidationError(Deployment.spec.template.spec.containers[0].securityContext): unknown field "fsGroup" in io.k8s.api.core.v1.SecurityContext

Helm version:

Client: &version.Version{SemVer:"v2.14.0", GitCommit:"05811b84a3f93603dd6c2fcfe57944dfa7ab7fd0", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.14.0", GitCommit:"05811b84a3f93603dd6c2fcfe57944dfa7ab7fd0", GitTreeState:"clean"}

Based on #5750 helm version v2.14.0 has a bug, which caused this issue, but I'm not sure.

Delay in state propagation of ATP from OCI to ServiceInstance

It was observed while both creating and deleting ServiceInstances for ATP that their is a random delay for state propagation to the ServiceInstance from actual state of ATP in OCI. The behaviour is intermittent but should be addressed.

While create - The ATP might already have provisioned in OCI - but the Status on ServiceInstance will still be Provisioning for as long as 4-5 minutes after the ATP might have provisioned.

Similarly while delete - the Status on ServiceInstance will still be Terminating even after the ATP is terminated

stream secret not namespaced

when creating a stream, even if a namespace is specified, the secret ends up in the default kubernetes namespace.

Any plans to host this in a Helm registry?

It would be much better to be able to reference the chart from the requirements.yaml