Oracle Kubernetes Operator
In collaboration with
This project aims to use the Oracle Kubernetes Operator and other Cloud Native Computing Foundations tools to modernise the Oracle Database and Oracle REST Data Services (ORDS) services at CERN. By implementing the Oracle Operator, the CERN team aim to modernize database lifecycle management through native Kubernetes automation. This transition will streamline provisioning and configuration into manageable, declarative resources. Furthermore, it bridges the gap for CERN ORDS infrastructure to fully adopt GitOps workflows. Additionally, the Oracle Operator will complement tools like Crossplane, supporting the implementation of Infrastructure as Code for infrastructure management.
Overview
CERN operates a large number of Oracle databases supporting critical scientific, administrative, and data services. As CERN continues its transition towards cloud native platforms, it is essential to modernise how these databases and related services, such as ORDS — used to provide REST APIs for Oracle databases — are deployed and managed. This project evaluates the Oracle Kubernetes Operator and CNCF tools to automate database and ORDS lifecycle management, improve security and consistency, and enable GitOps based workflows. The outcomes aim to reduce operational complexity at CERN, and would be applicable to other research institutions and Oracle users pursuing similar modernisation efforts.
Highlights in 2025
In 2025, significant progress was made on integrating Oracle REST Data Services (ORDS) with Kubernetes in close collaboration with Oracle teams. CERN actively tested the Oracle Database Operator and the OrdsSrvs controller, identifying functional gaps, configuration limitations, and GitOps-related challenges. Multiple issues were reported and discussed with Oracle engineers, leading to concrete fixes and design improvements.
Key advancements include enhanced secret management for ORDS, notably the introduction of wallet-based authentication using Kubernetes Secrets, support for mounting Oracle wallets and TNS configuration files, and the ability to manage multiple database pools securely. CERN also contributed feedback on CRD (Custom Resource Definition) design, duration settings, password handling, and init scripts, which influenced upcoming releases of the operator.
In parallel, CERN evaluated and successfully prototyped ORDS deployment using the Central Configuration Server model, identifying its strengths and limitations compared to operator-based deployments. This work resulted in new examples, documentation updates, and feature additions on Oracle’s development branch, including Central Configuration support in OrdsSrvs.
Overall, the collaboration led to tangible upstream improvements, clearer deployment patterns, and a more secure and flexible ORDS architecture aligned with CERN’s Kubernetes and GitOps requirements.
Next Steps
In 2026, the project will focus on validating the new OrdsSrvs features introduced in the upcoming Oracle Database Operator 2.1 release, particularly Central Configuration support and wallet-based authentication. In parallel, CERN plans to evaluate the Oracle Operator for managing selected Oracle 26ai databases deployed on-premise. Further work will assess observability (OTel), production readiness, and GitOps alignment to define a sustainable ORDS deployment model.
Technical Contributions
to open source projects:
Technical contributions through issue reporting and participation in technical discussions, supporting improvements to operator functionality and reliability (GitHub issues #186 and #188).
Project Coordinator
Antonio Nappi
Technical Team
Antonio Nappi, Artur Wiecek, Miroslav Potocky, Thomas Saury
Collaboration Liaisons
John Lathouwers, Marco Stefanetti, Matteo Malvezzi, Ruggero Citton, Cristobal Pedregal