• SQL Query Engine Configuration
  • endpoints.json file
  • Apply the endpoints.json file as a new Kubernetes secret
  • Update the SQL Query Engine deployment
  • Test the connections
  • Timeout Duration

SQL Query Engine Configuration

The SQL Query Engine exposes a REST API to generate CSV files from user supplied SQL. An HTTP POST request is made to the SQL Query endpoint passing the SQL statement. The SQL Query Engine makes a database connection, executes the query and then closes the connection. Results are returned to the user as CSV or JSON.

Access to this feature is controlled by a configuration file. This allows a DBA to limit the list of database environments that allow SQL access. For example, they may wish to allow access for development databases but not production.

endpoints.json file

The configuration file is called endpoints.json. It contains an object of key value pairs with keys that correspond to database endpoints and a values that represent their connect strings. Example:

{"oracle18XE":"db205.visulate.net:98521/XEPDB1",
 "oracle11XE":"db205.visulate.net:44561/XE",
 "vis115":"db135.visulate.net:88521/vis115"}

The API server exposes an /endpoints endpoint which returns a list of valid endpoints based on the database registration file. Use the /endpoints API to generate a default configuration file for your environment:

curl http://load-balancer-ip/endpoints/ > endpoints.json

Edit the generated file to remove any entries you don’t want to expose. Note: Do not edit individual endpoint keys or connect string values. The UI will not enable the query editor for database endpoints where the API Server and SQL Query Engine values do not match.

Apply the endpoints.json file as a new Kubernetes secret

Generate a kubernetes secret from the file with a key of endpoints.json:

kubectl create secret generic sql-endpoints --from-file=endpoints.json=./endpoints.json

Note: the secret name is not important but it’s key must be endpoints.json

use kubectl to verify the secret has been applied

kubectl get secret
NAME                                            TYPE                                  DATA   AGE
other entries ...

sql-endpoints                                   Opaque                                1      10d

Update the SQL Query Engine deployment

Find the deployment name:

kubectl get deploy
NAME                                               READY   UP-TO-DATE   AVAILABLE   AGE
visulate-for-oracle-1107-visulate-for-oracle-api   1/1     1            1           3d1h
visulate-for-oracle-1107-visulate-for-oracle-sql   1/1     1            1           3d1h
visulate-for-oracle-1107-visulate-for-oracle-ui    1/1     1            1           3d1h

Download the deployment manifest:

kubectl get deploy visulate-for-oracle-1107-visulate-for-oracle-sql \
 -oyaml > sql-deployment.yaml

Edit the config-endpoints-volume entry in the manifest:

      volumes:
      - name: config-endpoints-volume
        secret:
          defaultMode: 420
          secretName: sql-endpoints

Validate the edited file:

$ kubectl apply --dry-run=client --validate -f sql-deployment.yaml

Apply the file:

$ kubectl apply --validate -f sql-deployment.yaml

Test the connections

Use curl to verify the connections. A GET request for a given endpoint should return its connect string. For example, with the endpoints.json example shown above:

$ curl http:\\load-balancer-ip/sql/vis115
db135.visulate.net:88521/vis115

Timeout Duration

By default requests to the SQL Query Engine timeout after 30 seconds. This can be extended using backend service timeouts as described in the GKE Ingress Documentation.

Use a text editor to create a manifest. For example, the following file creates a backend config called sql-engine-5-minute-timeout in the test-ns namespace with a timeout value of 300 seconds:

---
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
  name: sql-engine-5-minute-timeout
  namespace: test-ns
spec:
  timeoutSec: 300

Use kubectl to apply the file:

kubectl apply -f BackendConfig.yaml

Download the manifest for SQL Engine service. Find the service with the visulate-for-oracle-sql-svc suffix

 kubectl get service -n test-ns
NAME                                                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
visulate-for-oracle-1121-visulate-for-oracle-api-svc   NodePort   10.202.15.63    <none>        3000:31668/TCP               18d
visulate-for-oracle-1121-visulate-for-oracle-sql-svc   NodePort   10.202.13.200   <none>        5000:30458/TCP               18d
visulate-for-oracle-1121-visulate-for-oracle-ui-svc    NodePort   10.202.14.94    <none>        80:31934/TCP,443:30824/TCP   18d

kubectl get service visulate-for-oracle-1121-visulate-for-oracle-sql-svc -n test-nat-ns -oyaml > sqlEngineSrv.yaml

Edit the generated file (sqlEngineSrv.yaml in the example above). Add an annotation cloud.google.com/backend-config: '{"default":"sql-engine-5-minute-timeout-conf"}' as shown below

kind: Service
metadata:
  annotations:
    cloud.google.com/backend-config: '{"default":"sql-engine-5-minute-timeout-conf"}'
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app":"visulate-for-oracle", ... other content
  creationTimestamp: "2021-03-03T23:20:27Z"
  labels:
    ... other content

Validate and apply the file:

$ kubectl apply --dry-run=client --validate --namespace=test-ns -f sqlEngineSrv.yaml
service/visulate-for-oracle-1121-visulate-for-oracle-sql-svc configured (dry run)

$ kubectl apply --namespace=test-ns -f sqlEngineSrv.yaml
service/visulate-for-oracle-1121-visulate-for-oracle-sql-svc configured

Wait a few minutes for the changes to take effect. The current timeout is displayed on the Load balancer details screen: