Oracle MySQL Database Service¶
Oracle MySQL Database Service is a fully managed OCI service for provisioning and operating MySQL DB Systems.
The generator-owned v2 mysql API uses apiVersion: mysql.oracle.com/v1beta1 and kind: DbSystem. The older mysql compatibility surface is no longer published.
Resource Snapshot¶
| Field | Value |
|---|---|
| Service | mysql |
| Resource | DbSystem |
| API Version | mysql.oracle.com/v1beta1 |
| Package | MySQL |
| Support Status | Preview |
| Latest Released Version | v2.0.0-alpha |
| Install Namespace | oci-service-operator-mysql-system |
Quick Links¶
- Resource Guide Index
- Package Page
- API Reference
- Spec Reference
- Status Reference
- Rendered Sample (
config/samples/mysql_v1beta1_dbsystem.yaml)
Pre-requisites for Setting up MySQL DB Systems¶
If this is your first time using MySQL Database Service, make sure the tenancy administrator has finished the OCI network and policy setup first.
Create VCN and Subnets¶
- Follow the Virtual Networking Quickstart to create a VCN and subnets.
- Prefer placing the MySQL DB System in the same VCN as the Kubernetes cluster.
- Review the MySQL networking setup guide.
Create Policies¶
When using Instance Principals:
Allow dynamic-group <OSOK_DYNAMIC_GROUP> to {SUBNET_READ, SUBNET_ATTACH, SUBNET_DETACH, VCN_READ, COMPARTMENT_INSPECT} in [ tenancy | compartment <compartment_name> | compartment id <compartment_ocid> ]
Allow dynamic-group <OSOK_DYNAMIC_GROUP> to manage mysql-family in [ tenancy | compartment <compartment_name> | compartment id <compartment_ocid> ]
Allow dynamic-group <OSOK_DYNAMIC_GROUP> to use tag-namespaces in tenancy
When using User Principals:
Allow group <OSOK_GROUP> to {SUBNET_READ, SUBNET_ATTACH, SUBNET_DETACH, VCN_READ, COMPARTMENT_INSPECT} in [ tenancy | compartment <compartment_name> | compartment id <compartment_ocid> ]
Allow group <OSOK_GROUP> to manage mysql-family in [ tenancy | compartment <compartment_name> | compartment id <compartment_ocid> ]
Allow group <OSOK_GROUP> to use tag-namespaces in tenancy
Spec Fields¶
This summary shows the top-level spec fields. Use the full API reference for nested fields, defaults, and enum values.
| Field | Description | Type | Required |
|---|---|---|---|
accessMode |
The access mode indicating if the database access will be restricted only to administrators or not: - UNRESTRICTED (default): the access to the database is not restricted; - RESTRICTED: the access will be allowed only to users with specific privileges; RESTRICTED will correspond to setting the MySQL system variable offline_mode (https://dev.mysql.com/doc/en/server-system-variables.html#sysvar_offline_mode) to ON. | string |
No |
adminPassword |
The password for the administrative user sourced from a Kubernetes Secret in the same namespace. The referenced Secret must contain a password key. |
object |
No |
adminUsername |
The username for the administrative user sourced from a Kubernetes Secret in the same namespace. The referenced Secret must contain a username key. |
object |
No |
availabilityDomain |
The availability domain on which to deploy the Read/Write endpoint. This defines the preferred primary instance. In a failover scenario, the Read/Write endpoint is redirected to one of the other availability domains and the MySQL instance in that domain is promoted to the primary instance. This redirection does not affect the IP address of the DB System in any way. For a standalone DB System, this defines the availability domain in which the DB System is placed. | string |
No |
backupPolicy |
DbSystemBackupPolicy defines nested fields for DbSystem.BackupPolicy. | object |
No |
compartmentId |
The OCID of the compartment. | string |
Yes |
configurationId |
The OCID of the Configuration to be used for this DB System. | string |
No |
crashRecovery |
Whether to run the DB System with InnoDB Redo Logs and the Double Write Buffer enabled or disabled, and whether to enable or disable syncing of the Binary Logs. | string |
No |
customerContacts |
The list of customer email addresses that receive information from Oracle about the specified OCI DB System resource. Oracle uses these email addresses to send notifications about planned and unplanned software maintenance updates, information about system hardware, and other information needed by administrators. Up to 10 email addresses can be added to the customer contacts for a DB System. | list[object] |
No |
dataStorage |
DbSystemDataStorage defines nested fields for DbSystem.DataStorage. | object |
No |
dataStorageSizeInGBs |
Initial size of the data volume in GBs that will be created and attached. Keep in mind that this only specifies the size of the database data volume, the log volume for the database will be scaled appropriately with its shape. | integer |
No |
databaseConsole |
DbSystemDatabaseConsole defines nested fields for DbSystem.DatabaseConsole. | object |
No |
databaseManagement |
Whether to enable monitoring via the Database Management service. | string |
No |
databaseMode |
The database mode indicating the types of statements that will be allowed to run in the DB system. This mode will apply only to statements run by user connections. Replicated write statements will continue to be allowed regardless of the DatabaseMode. - READ_WRITE (default): allow running read and write statements on the DB system; - READ_ONLY: only allow running read statements on the DB system. | string |
No |
definedTags |
Usage of predefined tag keys. These predefined keys are scoped to namespaces. Example: {"foo-namespace": {"bar-key": "value"}} |
map[string, map[string, string]] |
No |
deletionPolicy |
DbSystemDeletionPolicy defines nested fields for DbSystem.DeletionPolicy. | object |
No |
description |
User-provided data about the DB System. | string |
No |
displayName |
The user-friendly name for the DB System. It does not have to be unique. | string |
No |
encryptData |
DbSystemEncryptData defines nested fields for DbSystem.EncryptData. | object |
No |
faultDomain |
The fault domain on which to deploy the Read/Write endpoint. This defines the preferred primary instance. In a failover scenario, the Read/Write endpoint is redirected to one of the other fault domains and the MySQL instance in that domain is promoted to the primary instance. This redirection does not affect the IP address of the DB System in any way. For a standalone DB System, this defines the fault domain in which the DB System is placed. | string |
No |
freeformTags |
Simple key-value pair applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"} |
map[string, string] |
No |
hostnameLabel |
The hostname for the primary endpoint of the DB System. Used for DNS. The value is the hostname portion of the primary private IP's fully qualified domain name (FQDN) (for example, "dbsystem-1" in FQDN "dbsystem-1.subnet123.vcn1.oraclevcn.com"). Must be unique across all VNICs in the subnet and comply with RFC 952 and RFC 1123. | string |
No |
ipAddress |
The IP address the DB System is configured to listen on. A private IP address of your choice to assign to the primary endpoint of the DB System. Must be an available IP address within the subnet's CIDR. If you don't specify a value, Oracle automatically assigns a private IP address from the subnet. This should be a "dotted-quad" style IPv4 address. | string |
No |
isHighlyAvailable |
Specifies if the DB System is highly available. When creating a DB System with High Availability, three instances are created and placed according to your region- and subnet-type. The secondaries are placed automatically in the other two availability or fault domains. You can choose the preferred location of your primary instance, only. | boolean |
No |
maintenance |
DbSystemMaintenance defines nested fields for DbSystem.Maintenance. | object |
No |
mysqlVersion |
The specific MySQL version identifier. | string |
No |
nsgIds |
Network Security Group OCIDs used for the VNIC attachment. | list[string] |
No |
port |
The port for primary endpoint of the DB System to listen on. | integer |
No |
portX |
The TCP network port on which X Plugin listens for connections. This is the X Plugin equivalent of port. | integer |
No |
readEndpoint |
DbSystemReadEndpoint defines nested fields for DbSystem.ReadEndpoint. | object |
No |
rest |
DbSystemRest defines nested fields for DbSystem.Rest. | object |
No |
secureConnections |
DbSystemSecureConnections defines nested fields for DbSystem.SecureConnections. | object |
No |
securityAttributes |
Security Attributes for this resource. Each key is predefined and scoped to a namespace. For more information, see ZPR Artifacts (https://docs.oracle.com/en-us/iaas/Content/zero-trust-packet-routing/zpr-artifacts.htm). Example: {"Oracle-ZPR": {"MaxEgressCount": {"value": "42", "mode": "audit"}}} |
map[string, map[string, string]] |
No |
shapeName |
The name of the shape. The shape determines the resources allocated - CPU cores and memory for VM shapes; CPU cores, memory and storage for non-VM (or bare metal) shapes. To get a list of shapes, use the ListShapes operation. | string |
Yes |
source |
DbSystemSource defines nested fields for DbSystem.Source. | object |
No |
subnetId |
The OCID of the subnet the DB System is associated with. | string |
Yes |
telemetryConfiguration |
DbSystemTelemetryConfiguration defines nested fields for DbSystem.TelemetryConfiguration. | object |
No |
Status Fields¶
This summary shows the top-level status fields. Use the full API reference for nested fields, defaults, and enum values.
| Field | Description | Type | Required |
|---|---|---|---|
accessMode |
The access mode indicating if the database access is unrestricted (to all MySQL user accounts), or restricted (to only certain users with specific privileges): - UNRESTRICTED: the access to the database is not restricted; - RESTRICTED: access allowed only to users with specific privileges; RESTRICTED will correspond to setting the MySQL system variable offline_mode (https://dev.mysql.com/doc/en/server-system-variables.html#sysvar_offline_mode) to ON. | string |
No |
adminPassword |
The last applied secret reference for the administrative password. | object |
No |
adminUsername |
The last applied secret reference for the administrative username. | object |
No |
availabilityDomain |
The availability domain on which to deploy the Read/Write endpoint. This defines the preferred primary instance. In a failover scenario, the Read/Write endpoint is redirected to one of the other availability domains and the MySQL instance in that domain is promoted to the primary instance. This redirection does not affect the IP address of the DB System in any way. For a standalone DB System, this defines the availability domain in which the DB System is placed. | string |
No |
backupPolicy |
DbSystemBackupPolicyObservedState defines nested fields for DbSystem.BackupPolicy. | object |
No |
channels |
A list with a summary of all the Channels attached to the DB System. | list[object] |
No |
compartmentId |
The OCID of the compartment the DB System belongs in. | string |
No |
configurationId |
The OCID of the Configuration to be used for Instances in this DB System. | string |
No |
controlledUpdate |
DbSystemControlledUpdate defines nested fields for DbSystem.ControlledUpdate. | object |
No |
crashRecovery |
Whether to run the DB System with InnoDB Redo Logs and the Double Write Buffer enabled or disabled, and whether to enable or disable syncing of the Binary Logs. | string |
No |
currentPlacement |
DbSystemCurrentPlacement defines nested fields for DbSystem.CurrentPlacement. | object |
No |
customerContacts |
The list of customer email addresses that receive information from Oracle about the specified OCI DB System resource. Oracle uses these email addresses to send notifications about planned and unplanned software maintenance updates, information about system hardware, and other information needed by administrators. Up to 10 email addresses can be added to the customer contacts for a DB System. | list[object] |
No |
dataStorage |
DbSystemDataStorageObservedState defines nested fields for DbSystem.DataStorage. | object |
No |
dataStorageSizeInGBs |
DEPRECATED: User specified size of the data volume. May be less than current allocatedStorageSizeInGBs. Replaced by dataStorage.dataStorageSizeInGBs. | integer |
No |
databaseConsole |
DbSystemDatabaseConsole defines nested fields for DbSystem.DatabaseConsole. | object |
No |
databaseManagement |
Whether to enable monitoring via the Database Management service. | string |
No |
databaseMode |
The database mode indicating the types of statements that are allowed to run in the the DB system. This mode applies only to statements run by user connections. Replicated write statements continue to be allowed regardless of the DatabaseMode. - READ_WRITE: allow running read and write statements on the DB system; - READ_ONLY: only allow running read statements on the DB system. | string |
No |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace": {"bar-key": "value"}} |
map[string, map[string, string]] |
No |
deletionPolicy |
DbSystemDeletionPolicy defines nested fields for DbSystem.DeletionPolicy. | object |
No |
description |
User-provided data about the DB System. | string |
No |
displayName |
The user-friendly name for the DB System. It does not have to be unique. | string |
No |
encryptData |
DbSystemEncryptData defines nested fields for DbSystem.EncryptData. | object |
No |
endpoints |
The network endpoints available for this DB System. | list[object] |
No |
faultDomain |
The fault domain on which to deploy the Read/Write endpoint. This defines the preferred primary instance. In a failover scenario, the Read/Write endpoint is redirected to one of the other fault domains and the MySQL instance in that domain is promoted to the primary instance. This redirection does not affect the IP address of the DB System in any way. For a standalone DB System, this defines the fault domain in which the DB System is placed. | string |
No |
freeformTags |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"} |
map[string, string] |
No |
heatWaveCluster |
DbSystemHeatWaveCluster defines nested fields for DbSystem.HeatWaveCluster. | object |
No |
hostnameLabel |
The hostname for the primary endpoint of the DB System. Used for DNS. The value is the hostname portion of the primary private IP's fully qualified domain name (FQDN) (for example, "dbsystem-1" in FQDN "dbsystem-1.subnet123.vcn1.oraclevcn.com"). Must be unique across all VNICs in the subnet and comply with RFC 952 and RFC 1123. | string |
No |
id |
The OCID of the DB System. | string |
No |
ipAddress |
The IP address the DB System is configured to listen on. A private IP address of the primary endpoint of the DB System. Must be an available IP address within the subnet's CIDR. This will be a "dotted-quad" style IPv4 address. | string |
No |
isHeatWaveClusterAttached |
If the DB System has a HeatWave Cluster attached. | boolean |
No |
isHighlyAvailable |
Specifies if the DB System is highly available. | boolean |
No |
lifecycleDetails |
Additional information about the current lifecycleState. | string |
No |
lifecycleState |
The current state of the DB System. | string |
No |
maintenance |
DbSystemMaintenanceObservedState defines nested fields for DbSystem.Maintenance. | object |
No |
mysqlVersion |
Name of the MySQL Version in use for the DB System. | string |
No |
nsgIds |
Network Security Group OCIDs used for the VNIC attachment. | list[string] |
No |
pointInTimeRecoveryDetails |
DbSystemPointInTimeRecoveryDetails defines nested fields for DbSystem.PointInTimeRecoveryDetails. | object |
No |
port |
The port for primary endpoint of the DB System to listen on. | integer |
No |
portX |
The network port on which X Plugin listens for TCP/IP connections. This is the X Plugin equivalent of port. | integer |
No |
readEndpoint |
DbSystemReadEndpoint defines nested fields for DbSystem.ReadEndpoint. | object |
No |
rest |
DbSystemRest defines nested fields for DbSystem.Rest. | object |
No |
secureConnections |
DbSystemSecureConnections defines nested fields for DbSystem.SecureConnections. | object |
No |
securityAttributes |
Security Attributes for this resource. Each key is predefined and scoped to a namespace. For more information, see ZPR Artifacts (https://docs.oracle.com/en-us/iaas/Content/zero-trust-packet-routing/zpr-artifacts.htm). Example: {"Oracle-ZPR": {"MaxEgressCount": {"value": "42", "mode": "audit"}}} |
map[string, map[string, string]] |
No |
shapeName |
The shape of the primary instances of the DB System. The shape determines resources allocated to a DB System - CPU cores and memory for VM shapes; CPU cores, memory and storage for non-VM (or bare metal) shapes. To get a list of shapes, use (the ListShapes operation. | string |
No |
source |
DbSystemSourceObservedState defines nested fields for DbSystem.Source. | object |
No |
status |
- | object |
Yes |
subnetId |
The OCID of the subnet the DB System is associated with. | string |
No |
systemTags |
Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No |
telemetryConfiguration |
DbSystemTelemetryConfiguration defines nested fields for DbSystem.TelemetryConfiguration. | object |
No |
timeCreated |
The date and time the DB System was created. | string |
No |
timeUpdated |
The time the DB System was last updated. | string |
No |
Sample Manifest¶
This example is generated from the checked-in sample manifest at config/samples/mysql_v1beta1_dbsystem.yaml. Replace placeholder values before applying it.
#
# Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
#
apiVersion: mysql.oracle.com/v1beta1
kind: DbSystem
metadata:
name: dbsystem-sample
spec:
compartmentId: ocid1.compartment.oc1..exampleuniqueID
# Replace with a currently supported MySQL DB System shape for your tenancy.
shapeName: MySQL.2
# Replace with a private subnet OCID. MySQL DB Systems reject public subnets.
subnetId: ocid1.subnet.oc1..exampleuniqueID
adminUsername:
secret:
secretName: admin-secret
adminPassword:
secret:
secretName: admin-secret
Update Behavior¶
Update the same DbSystem object by modifying supported mutable fields and reapplying the manifest with kubectl apply -f <UPDATE_YAML>.yaml.
Keep admin credential references in their secret-backed form instead of sending literal values in the CR.
Kubernetes Secrets¶
spec.adminUsername.secret.secretNamemust reference a Secret in the same namespace with ausernameentry.spec.adminPassword.secret.secretNamemust reference a Secret in the same namespace with apasswordentry.- OSOK mirrors only referenced Secret names into status for drift tracking; it does not write secret payloads into the CR status.
- Once the
DbSystemreachesActive, OSOK manages a same-name Secret containing observed endpoint data such asInternalFQDN,MySQLPort,MySQLXProtocolPort,PrivateIPAddress,AvailabilityDomain,FaultDomain, andEndpoints.