Add HanaDB user documentation#938
Conversation
Add user-facing guides and runnable examples for KubeDB-managed SAP HanaDB, covering the HanaDB / HanaDBVersion / HanaDBOpsRequest / AppBinding concepts and day-2 operations. Output embedded in the guides was collected from a live cluster running the HanaDB operator. Guides: - Overview, concepts (HanaDB, HanaDBVersion, HanaDBOpsRequest, AppBinding) - Quickstart (standalone) and System Replication clustering - Custom configuration (global.ini) - Monitoring with builtin Prometheus and the Prometheus Operator - TLS/SSL with cert-manager (enable via spec.tls and via ReconfigureTLS) - Restart, Reconfigure, Vertical Scaling, Volume Expansion, Storage Migration - Rotate Authentication (generated and user-provided credentials) Signed-off-by: Tamal Saha <tamal@appscode.com>
📝 WalkthroughWalkthroughThis PR adds a complete set of HanaDB documentation guides and example Kubernetes manifests under docs/guides/hanadb and docs/examples/hanadb. It introduces concept pages (HanaDB, HanaDBVersion, HanaDBOpsRequest, AppBinding) and step-by-step guides for quickstart, clustering, configuration, monitoring, restart, reconfigure, rotate-authentication, scaling, storage-migration, TLS, and volume-expansion, each paired with example YAML manifests. ChangesHanaDB Guides and Examples
Sequence Diagram(s)sequenceDiagram
participant User
participant HanaDBOpsRequest
participant HanaDB
participant PVC
User->>HanaDBOpsRequest: apply ops request (Restart/Reconfigure/Scale/Migrate/Expand)
HanaDBOpsRequest->>HanaDB: target databaseRef
HanaDB->>PVC: update storage/resources
HanaDBOpsRequest->>User: status.phase = Successful
Estimated code review effort🎯 2 (Simple) | ⏱️ ~15 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (16)
docs/examples/hanadb/restart/system-replication-ops.yaml (1)
1-33: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueFilename is misleading: this is a
HanaDBcluster manifest, not an ops request.The file is named
system-replication-ops.yamlbut contains a baseHanaDBCR (lines 1-33), not aHanaDBOpsRequest. This naming pattern recurs across the cohort but can confuse readers expecting an ops-request manifest.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/hanadb/restart/system-replication-ops.yaml` around lines 1 - 33, The manifest content is a base HanaDB cluster resource, but the filename suggests a HanaDBOpsRequest; rename the example file to match the actual kind and keep the name aligned with the document’s purpose. Update any references in the docs/examples set that point to system-replication-ops.yaml so readers can locate the HanaDB cluster manifest by the correct name.docs/guides/hanadb/restart/restart.md (1)
13-13: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueUse descriptive link text instead of "here".
Static analysis flags both links for non-descriptive text.
✏️ Proposed fix
-> New to KubeDB? Please start [here](/docs/README.md). +> New to KubeDB? Please start with the [KubeDB README](/docs/README.md).-- Install the KubeDB Provisioner and Ops-manager operators following the steps [here](/docs/setup/README.md). +- Install the KubeDB Provisioner and Ops-manager operators following [the setup guide](/docs/setup/README.md).Also applies to: 25-25
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/hanadb/restart/restart.md` at line 13, The markdown intro uses non-descriptive link text (“here”), which is flagged by static analysis for accessibility. Update the link text in the restart guide to describe the destination directly, and apply the same change to the other matching link referenced in the comment so both use meaningful anchor text instead of “here”.Source: Linters/SAST tools
docs/guides/hanadb/storage-migration/storage-migration.md (1)
30-50: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winInline StorageClass snippet doesn't match the linked example file.
The embedded YAML at Lines 30-45 omits
fromBackup,disableRevisionCounter, andbackupTargetName, which are present in the actuallonghorn-single-migrated.yamlfile applied right after at Line 49. Readers copy-pasting the inline snippet will get a different StorageClass than the one referenced/applied.📝 Sync the snippet with the actual file
parameters: numberOfReplicas: "1" staleReplicaTimeout: "30" + fromBackup: "" fsType: ext4 dataLocality: disabled + unmapMarkSnapChainRemoved: ignored + disableRevisionCounter: "true" dataEngine: v1 + backupTargetName: default🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/hanadb/storage-migration/storage-migration.md` around lines 30 - 50, The inline StorageClass example is out of sync with the referenced Longhorn migrated manifest, so update the YAML snippet to match the applied longhorn-single-migrated.yaml exactly. Add the missing fromBackup, disableRevisionCounter, and backupTargetName parameters in the embedded StorageClass block, and keep the surrounding kubectl apply commands consistent with that same example.docs/guides/hanadb/volume-expansion/volume-expansion.md (1)
22-38: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winLink to where to create an expandable StorageClass.
The prerequisite only verifies that an expandable
StorageClassexists; it doesn't point readers to instructions for creating one (e.g., the Longhornlonghorn-singleStorageClass examples added under the Storage Migration guide). Readers without one already provisioned have no path forward from this guide alone.📝 Suggested addition
> The `local-path` provisioner used in the other guides does **not** support volume expansion > (`ALLOWVOLUMEEXPANSION` is `false`). For this guide, deploy the database on an expansion-capable > StorageClass such as [Longhorn](https://longhorn.io/) (`longhorn-single` above). +> +> If you don't already have an expandable StorageClass, see the Longhorn `StorageClass` examples +> in the [Storage Migration](/docs/guides/hanadb/storage-migration/storage-migration.md) guide.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/hanadb/volume-expansion/volume-expansion.md` around lines 22 - 38, The “Before You Begin” section only tells readers to verify an expansion-capable StorageClass exists, but it doesn’t point them to where to create one. Update the volume-expansion guide to add a clear link or cross-reference for creating an expandable StorageClass, using the existing Longhorn/`longhorn-single` example or the relevant Storage Migration guide section, so readers can follow a concrete setup path from this page. Keep the addition near the current StorageClass prerequisite text and make sure the reference is easy to find alongside the existing `StorageClass`/`allowVolumeExpansion` guidance.docs/guides/hanadb/clustering/system-replication.md (3)
175-176: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueAdd expected output to cleanup commands for consistency.
The
kubectl deletecommands use$prompts without showing output. While minor, adding output improves consistency with earlier sections where outputs are shown.$ kubectl delete hanadb.kubedb.com -n demo hanadb-cluster +hanadb.kubedb.com "hanadb-cluster" deleted $ kubectl delete ns demo +namespace "demo" deleted🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/hanadb/clustering/system-replication.md` around lines 175 - 176, The cleanup section is missing the expected command output for the `kubectl delete` steps, unlike earlier examples in the guide. Update the cleanup example to include the resulting output for the `kubectl delete` commands in the same style as the rest of the document, keeping the `kubectl delete` entries in the `system-replication.md` cleanup block consistent with the surrounding documentation.
13-13: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueUse descriptive link text.
"here" is non-descriptive and fails accessibility guidelines. Replace with meaningful text.
> New to KubeDB? Please start [here](/docs/README.md). +> New to KubeDB? Please start with the [KubeDB overview](/docs/README.md).🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/hanadb/clustering/system-replication.md` at line 13, The introductory link text is too vague and should be made descriptive for accessibility. Update the markdown in the system-replication guide so the link from the opening sentence uses meaningful text instead of “here,” keeping the target to docs/README.md and preserving the intent of directing new users to the getting-started documentation.
25-25: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueUse descriptive link text.
"here" is non-descriptive and fails accessibility guidelines.
- Install the KubeDB Provisioner and Ops-manager operators following the steps [here](/docs/setup/README.md). + Install the KubeDB Provisioner and Ops-manager operators following the [setup guide steps](/docs/setup/README.md).🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/hanadb/clustering/system-replication.md` at line 25, The system-replication guide uses non-descriptive link text (“here”), which should be replaced with accessible, meaningful text. Update the sentence in this markdown file to use a descriptive label for the link to the setup instructions, keeping the link target the same and making the text clearly identify the referenced setup steps.docs/examples/hanadb/tls/system-replication-reconfigure-tls-base.yaml (1)
1-34: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winFile appears unreferenced in the TLS guide.
This manifest (the pre-TLS cluster for the Option B/
ReconfigureTLSflow) isn't referenced anywhere indocs/guides/hanadb/tls/overview.md. Option B jumps straight to applyingreconfigure-add-tls.yamlagainsthanadb-clusterwithout first showing the user how to provision that cluster. See related comment onoverview.mdLines 114-140.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/hanadb/tls/system-replication-reconfigure-tls-base.yaml` around lines 1 - 34, The pre-TLS HanaDB manifest in the SystemReplication reconfigure flow is currently unused in the TLS guide. Add a reference to this example from docs/guides/hanadb/tls/overview.md in the Option B/ReconfigureTLS walkthrough, near the existing hanadb-cluster steps, so the reader first applies this manifest before reconfigure-add-tls.yaml. Use the manifest filename and the hanadb-cluster resource name to make the provisioning step easy to locate.docs/guides/hanadb/tls/overview.md (2)
255-260: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win"Remove TLS" lacks a runnable example, unlike Add/Rotate.
Both prior sections include full YAML + verification command output, but "Remove TLS" only describes behavior without a
tls.remove: trueexample manifest or apply/verify steps. No correspondingreconfigure-remove-tls.yamlwas included in this cohort either.Want me to draft the missing example manifest and verification commands to match the Add/Rotate sections' format?
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/hanadb/tls/overview.md` around lines 255 - 260, The Remove TLS section is missing the same runnable pattern used by Add/Rotate, so update the HANA TLS overview docs around the ReconfigureTLS workflow to include a concrete `tls.remove: true` YAML manifest and the matching apply/verification steps. Use the existing Add/Rotate examples as the template, and reference the `ReconfigureTLS`/`tls.remove` flow so readers can run the removal end-to-end with a corresponding manifest and command output.
13-13: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueMarkdownlint warnings: non-descriptive link text and bare
$commands without shown output.Static analysis flags
[here]link text (MD059) at Lines 13 and 27, and$-prefixed commands without output (MD014) at Lines 245-246 and 264-267.Also applies to: 27-27, 245-246, 264-267
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/hanadb/tls/overview.md` at line 13, Fix the markdownlint warnings in the HanaDB TLS overview doc by replacing the non-descriptive “[here]” links in the intro and related sections with meaningful link text that describes the target, and update the shell command examples in the affected sections to avoid bare “$” prompts unless the output is shown. Use the existing markdown content around the introduction, the later link reference, and the command blocks near the warned lines to make the text descriptive and lint-compliant.Source: Linters/SAST tools
docs/examples/hanadb/tls/system-replication-tls.yaml (1)
1-39: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winMismatch with embedded snippet in
overview.md.This file includes a
podTemplate.spec.containers[0].resourcesblock (Lines 20-25) and block-stylestorage.accessModes, but the equivalent inline YAML indocs/guides/hanadb/tls/overview.md(Lines 80-107) omits thepodTemplateresources and uses an inlineaccessModes: ["ReadWriteOnce"]. Readers following the doc visually won't see the resource requests/limits that actually get applied via the linked raw file.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/examples/hanadb/tls/system-replication-tls.yaml` around lines 1 - 39, The example in overview.md does not match the raw HanaDB TLS manifest shown here, so update the embedded YAML snippet to mirror the source more closely. In the overview.md example that corresponds to this HanaDB system-replication TLS config, include the podTemplate.spec.containers[0].resources requests/limits and keep storage.accessModes in the same block style as the actual manifest so readers see the same applied settings. Use the HanaDB example block in overview.md as the reference point and make its inline YAML consistent with this file’s spec.docs/guides/hanadb/rotate-authentication/rotate-authentication.md (2)
24-24: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueUse descriptive link text.
"Reconfigure" is better but still vague as link text. Consider "deploy a standalone HanaDB as described in the Reconfigure guide".
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/hanadb/rotate-authentication/rotate-authentication.md` at line 24, The current markdown link text is too vague in the rotate-authentication guide; update the sentence to use descriptive link text instead of a generic “here” reference. Edit the affected markdown in rotate-authentication.md so the link text clearly states what the reader should do and points to the relevant reconfigure guide section, using the existing guide link target and a more specific phrase tied to deploy/reconfigure HanaDB.
13-13: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueUse descriptive link text.
"here" is non-descriptive. Consider rephrasing to something like "follow the KubeDB installation steps".
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/hanadb/rotate-authentication/rotate-authentication.md` at line 13, The README link text in the introduction is too generic; update the Markdown in the document introduction to use descriptive link text instead of “here.” Locate the opening sentence with the existing docs reference and rephrase it so the link clearly names the destination, similar to “KubeDB installation steps” or equivalent, while keeping the same target path.docs/guides/hanadb/quickstart/quickstart.md (1)
13-13: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueUse descriptive link text.
"here" is not descriptive. Use the destination title instead, e.g., "start with the KubeDB overview" and "install KubeDB operators".
Also applies to: 26-26
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/hanadb/quickstart/quickstart.md` at line 13, The quickstart introduction uses non-descriptive link text (“here”), so update the markdown links in the quickstart content to use the destination titles instead of generic wording. Change the introductory links near the “New to KubeDB?” text and the other affected link so they read as meaningful phrases like “start with the KubeDB overview” and “install KubeDB operators,” keeping the same destinations but improving accessibility and clarity.docs/guides/hanadb/monitoring/using-prometheus-operator.md (1)
41-67: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueAlign inline YAML list format with the example file for consistency.
The inline YAML uses the flow style
accessModes: ["ReadWriteOnce"]whileprometheus-operator.yamluses the block style- ReadWriteOnce. Both are valid, but aligning them reduces reader confusion.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/hanadb/monitoring/using-prometheus-operator.md` around lines 41 - 67, The inline YAML in the HanaDB monitoring example uses flow-style lists for accessModes, which is inconsistent with the existing prometheus-operator example. Update the YAML snippet under the monitor/storage configuration to use the same block-style list format as prometheus-operator.yaml, keeping the example consistent and easier to read.docs/guides/hanadb/monitoring/using-builtin-prometheus.md (1)
34-56: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueAlign inline YAML list format with the example file for consistency.
The inline YAML uses the flow style
accessModes: ["ReadWriteOnce"]whilebuiltin-prometheus.yamluses the block style- ReadWriteOnce. Both are valid, but aligning them reduces reader confusion.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/guides/hanadb/monitoring/using-builtin-prometheus.md` around lines 34 - 56, The inline YAML in the monitoring example uses flow-style accessModes formatting, which is inconsistent with the existing builtin-prometheus example. Update the HanaDB snippet under the built-in Prometheus guide to match the block-style list used by the related example file, keeping the same field name and value but changing the list presentation for consistency.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/guides/hanadb/concepts/hanadb.md`:
- Line 200: The documentation incorrectly refers to spec.status.phase instead of
the status field path; update the phase reference in the HanaDB concepts guide
to status.phase. Locate the sentence describing the overall database state and
replace the spec-based path with the correct status.phase wording so it matches
the actual API fields.
In `@docs/guides/hanadb/concepts/opsrequest.md`:
- Around line 84-85: Clarify the `applyConfig` requirement in the ops request
docs by stating exactly what the map key represents in this context, since the
current wording in the `applyConfig` description is ambiguous. Update the
`applyConfig` section to use the correct term consistently, and add a short
inline example near the `restart` description so readers can see whether the key
is the INI section name, the literal `global.ini`, or a file path.
In `@docs/guides/hanadb/quickstart/quickstart.md`:
- Around line 218-230: The `kubectl exec` example in the HANA quickstart is
expanding `HANA_PASSWORD` in the local shell because the `/bin/sh -lc` command
is wrapped in double quotes, which exposes the secret in process listings and
history. Update the example so the password is passed into the container
environment and only expanded inside the pod, using the relevant `kubectl
exec`/`hdbsql` command in the quickstart. Apply the same safe
quoting/env-handling pattern to the matching command in the reconfigure guide as
well.
In `@docs/guides/hanadb/README.md`:
- Line 50: The feature table in the HanaDB README is inconsistent with the guide
matrix for HorizontalScaling, so update the documentation to match reality.
Check whether a Horizontal Scaling guide exists for HanaDB; if it does, add the
corresponding guide link in the README entry for HanaDBOpsRequest, and if it
does not, remove or mark the availability claim so it matches the opsrequest.md
status. Use the Horizontal Scaling row and HanaDBOpsRequest entry to locate and
align the documentation.
In `@docs/guides/hanadb/tls/overview.md`:
- Around line 114-140: Option B is missing the prerequisite step to create the
existing HanaDB cluster without TLS before showing ReconfigureTLS. Update the
“ReconfigureTLS” flow in the TLS overview to first reference and apply the base
example for the no-TLS cluster, then continue with the existing
`HanaDBOpsRequest` example; use the surrounding “Option B — Add TLS to a running
HanaDB (ReconfigureTLS)” section and the
`system-replication-reconfigure-tls-base.yaml` example to place the new step
correctly.
---
Nitpick comments:
In `@docs/examples/hanadb/restart/system-replication-ops.yaml`:
- Around line 1-33: The manifest content is a base HanaDB cluster resource, but
the filename suggests a HanaDBOpsRequest; rename the example file to match the
actual kind and keep the name aligned with the document’s purpose. Update any
references in the docs/examples set that point to system-replication-ops.yaml so
readers can locate the HanaDB cluster manifest by the correct name.
In `@docs/examples/hanadb/tls/system-replication-reconfigure-tls-base.yaml`:
- Around line 1-34: The pre-TLS HanaDB manifest in the SystemReplication
reconfigure flow is currently unused in the TLS guide. Add a reference to this
example from docs/guides/hanadb/tls/overview.md in the Option B/ReconfigureTLS
walkthrough, near the existing hanadb-cluster steps, so the reader first applies
this manifest before reconfigure-add-tls.yaml. Use the manifest filename and the
hanadb-cluster resource name to make the provisioning step easy to locate.
In `@docs/examples/hanadb/tls/system-replication-tls.yaml`:
- Around line 1-39: The example in overview.md does not match the raw HanaDB TLS
manifest shown here, so update the embedded YAML snippet to mirror the source
more closely. In the overview.md example that corresponds to this HanaDB
system-replication TLS config, include the
podTemplate.spec.containers[0].resources requests/limits and keep
storage.accessModes in the same block style as the actual manifest so readers
see the same applied settings. Use the HanaDB example block in overview.md as
the reference point and make its inline YAML consistent with this file’s spec.
In `@docs/guides/hanadb/clustering/system-replication.md`:
- Around line 175-176: The cleanup section is missing the expected command
output for the `kubectl delete` steps, unlike earlier examples in the guide.
Update the cleanup example to include the resulting output for the `kubectl
delete` commands in the same style as the rest of the document, keeping the
`kubectl delete` entries in the `system-replication.md` cleanup block consistent
with the surrounding documentation.
- Line 13: The introductory link text is too vague and should be made
descriptive for accessibility. Update the markdown in the system-replication
guide so the link from the opening sentence uses meaningful text instead of
“here,” keeping the target to docs/README.md and preserving the intent of
directing new users to the getting-started documentation.
- Line 25: The system-replication guide uses non-descriptive link text (“here”),
which should be replaced with accessible, meaningful text. Update the sentence
in this markdown file to use a descriptive label for the link to the setup
instructions, keeping the link target the same and making the text clearly
identify the referenced setup steps.
In `@docs/guides/hanadb/monitoring/using-builtin-prometheus.md`:
- Around line 34-56: The inline YAML in the monitoring example uses flow-style
accessModes formatting, which is inconsistent with the existing
builtin-prometheus example. Update the HanaDB snippet under the built-in
Prometheus guide to match the block-style list used by the related example file,
keeping the same field name and value but changing the list presentation for
consistency.
In `@docs/guides/hanadb/monitoring/using-prometheus-operator.md`:
- Around line 41-67: The inline YAML in the HanaDB monitoring example uses
flow-style lists for accessModes, which is inconsistent with the existing
prometheus-operator example. Update the YAML snippet under the monitor/storage
configuration to use the same block-style list format as
prometheus-operator.yaml, keeping the example consistent and easier to read.
In `@docs/guides/hanadb/quickstart/quickstart.md`:
- Line 13: The quickstart introduction uses non-descriptive link text (“here”),
so update the markdown links in the quickstart content to use the destination
titles instead of generic wording. Change the introductory links near the “New
to KubeDB?” text and the other affected link so they read as meaningful phrases
like “start with the KubeDB overview” and “install KubeDB operators,” keeping
the same destinations but improving accessibility and clarity.
In `@docs/guides/hanadb/restart/restart.md`:
- Line 13: The markdown intro uses non-descriptive link text (“here”), which is
flagged by static analysis for accessibility. Update the link text in the
restart guide to describe the destination directly, and apply the same change to
the other matching link referenced in the comment so both use meaningful anchor
text instead of “here”.
In `@docs/guides/hanadb/rotate-authentication/rotate-authentication.md`:
- Line 24: The current markdown link text is too vague in the
rotate-authentication guide; update the sentence to use descriptive link text
instead of a generic “here” reference. Edit the affected markdown in
rotate-authentication.md so the link text clearly states what the reader should
do and points to the relevant reconfigure guide section, using the existing
guide link target and a more specific phrase tied to deploy/reconfigure HanaDB.
- Line 13: The README link text in the introduction is too generic; update the
Markdown in the document introduction to use descriptive link text instead of
“here.” Locate the opening sentence with the existing docs reference and
rephrase it so the link clearly names the destination, similar to “KubeDB
installation steps” or equivalent, while keeping the same target path.
In `@docs/guides/hanadb/storage-migration/storage-migration.md`:
- Around line 30-50: The inline StorageClass example is out of sync with the
referenced Longhorn migrated manifest, so update the YAML snippet to match the
applied longhorn-single-migrated.yaml exactly. Add the missing fromBackup,
disableRevisionCounter, and backupTargetName parameters in the embedded
StorageClass block, and keep the surrounding kubectl apply commands consistent
with that same example.
In `@docs/guides/hanadb/tls/overview.md`:
- Around line 255-260: The Remove TLS section is missing the same runnable
pattern used by Add/Rotate, so update the HANA TLS overview docs around the
ReconfigureTLS workflow to include a concrete `tls.remove: true` YAML manifest
and the matching apply/verification steps. Use the existing Add/Rotate examples
as the template, and reference the `ReconfigureTLS`/`tls.remove` flow so readers
can run the removal end-to-end with a corresponding manifest and command output.
- Line 13: Fix the markdownlint warnings in the HanaDB TLS overview doc by
replacing the non-descriptive “[here]” links in the intro and related sections
with meaningful link text that describes the target, and update the shell
command examples in the affected sections to avoid bare “$” prompts unless the
output is shown. Use the existing markdown content around the introduction, the
later link reference, and the command blocks near the warned lines to make the
text descriptive and lint-compliant.
In `@docs/guides/hanadb/volume-expansion/volume-expansion.md`:
- Around line 22-38: The “Before You Begin” section only tells readers to verify
an expansion-capable StorageClass exists, but it doesn’t point them to where to
create one. Update the volume-expansion guide to add a clear link or
cross-reference for creating an expandable StorageClass, using the existing
Longhorn/`longhorn-single` example or the relevant Storage Migration guide
section, so readers can follow a concrete setup path from this page. Keep the
addition near the current StorageClass prerequisite text and make sure the
reference is easy to find alongside the existing
`StorageClass`/`allowVolumeExpansion` guidance.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 81a85c2d-8a46-419e-a230-f3db4654c1fa
📒 Files selected for processing (59)
docs/examples/hanadb/clustering/system-replication.yamldocs/examples/hanadb/configuration/hanadb-configuration.yamldocs/examples/hanadb/configuration/standalone-cus-conf.yamldocs/examples/hanadb/monitoring/builtin-prometheus.yamldocs/examples/hanadb/monitoring/prometheus-operator.yamldocs/examples/hanadb/quickstart/standalone.yamldocs/examples/hanadb/reconfigure/reconfigure.yamldocs/examples/hanadb/reconfigure/standalone-ops.yamldocs/examples/hanadb/restart/restart.yamldocs/examples/hanadb/restart/system-replication-ops.yamldocs/examples/hanadb/rotate-authentication/rotate-auth-generated.yamldocs/examples/hanadb/rotate-authentication/rotate-auth-user.yamldocs/examples/hanadb/rotate-authentication/standalone-ops.yamldocs/examples/hanadb/scaling/standalone-ops.yamldocs/examples/hanadb/scaling/system-replication-ops.yamldocs/examples/hanadb/scaling/system-replication-vertical-scaling.yamldocs/examples/hanadb/storage-migration/longhorn-single-migrated.yamldocs/examples/hanadb/storage-migration/longhorn-single.yamldocs/examples/hanadb/storage-migration/storage-migration-base.yamldocs/examples/hanadb/storage-migration/storage-migration.yamldocs/examples/hanadb/tls/hdb-ca-issuer.yamldocs/examples/hanadb/tls/reconfigure-add-tls.yamldocs/examples/hanadb/tls/reconfigure-rotate-tls.yamldocs/examples/hanadb/tls/system-replication-reconfigure-tls-base.yamldocs/examples/hanadb/tls/system-replication-tls.yamldocs/examples/hanadb/volume-expansion/system-replication-ops.yamldocs/examples/hanadb/volume-expansion/volume-expansion.yamldocs/guides/hanadb/README.mddocs/guides/hanadb/_index.mddocs/guides/hanadb/clustering/_index.mddocs/guides/hanadb/clustering/system-replication.mddocs/guides/hanadb/concepts/_index.mddocs/guides/hanadb/concepts/appbinding.mddocs/guides/hanadb/concepts/catalog.mddocs/guides/hanadb/concepts/hanadb.mddocs/guides/hanadb/concepts/opsrequest.mddocs/guides/hanadb/configuration/_index.mddocs/guides/hanadb/configuration/using-config-file.mddocs/guides/hanadb/monitoring/_index.mddocs/guides/hanadb/monitoring/overview.mddocs/guides/hanadb/monitoring/using-builtin-prometheus.mddocs/guides/hanadb/monitoring/using-prometheus-operator.mddocs/guides/hanadb/quickstart/_index.mddocs/guides/hanadb/quickstart/quickstart.mddocs/guides/hanadb/reconfigure/_index.mddocs/guides/hanadb/reconfigure/reconfigure.mddocs/guides/hanadb/restart/_index.mddocs/guides/hanadb/restart/restart.mddocs/guides/hanadb/rotate-authentication/_index.mddocs/guides/hanadb/rotate-authentication/rotate-authentication.mddocs/guides/hanadb/scaling/_index.mddocs/guides/hanadb/scaling/vertical-scaling/_index.mddocs/guides/hanadb/scaling/vertical-scaling/vertical-scaling.mddocs/guides/hanadb/storage-migration/_index.mddocs/guides/hanadb/storage-migration/storage-migration.mddocs/guides/hanadb/tls/_index.mddocs/guides/hanadb/tls/overview.mddocs/guides/hanadb/volume-expansion/_index.mddocs/guides/hanadb/volume-expansion/volume-expansion.md
|
|
||
| ## HanaDB Status | ||
|
|
||
| `spec.status.phase` reflects the overall state of the database and is one of: |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Fix spec.status.phase to status.phase.
phase is a status field, not a spec field. The correct path is status.phase.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/guides/hanadb/concepts/hanadb.md` at line 200, The documentation
incorrectly refers to spec.status.phase instead of the status field path; update
the phase reference in the HanaDB concepts guide to status.phase. Locate the
sentence describing the overall database state and replace the spec-based path
with the correct status.phase wording so it matches the actual API fields.
| `applyConfig` keys must be `global.ini`; the values are **merged** with the existing inline | ||
| configuration. `restart` is `auto` (default), `true`, or `false`. |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Clarify applyConfig key requirements.
The phrase "applyConfig keys must be global.ini" is ambiguous. Clarify whether the map key should be the INI section name (e.g., communication), the literal string global.ini, or a file path. Consider showing an example inline applyConfig snippet.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/guides/hanadb/concepts/opsrequest.md` around lines 84 - 85, Clarify the
`applyConfig` requirement in the ops request docs by stating exactly what the
map key represents in this context, since the current wording in the
`applyConfig` description is ambiguous. Update the `applyConfig` section to use
the correct term consistently, and add a short inline example near the `restart`
description so readers can see whether the key is the INI section name, the
literal `global.ini`, or a file path.
| ```bash | ||
| $ HANA_PASSWORD="$(kubectl get secret hanadb-quickstart-auth -n demo -o jsonpath='{.data.password}' | base64 -d)" | ||
| ``` | ||
|
|
||
| Run a query with `hdbsql` from inside the database pod. Source the HANA environment first: | ||
|
|
||
| ```bash | ||
| $ kubectl exec -n demo hanadb-quickstart-0 -c hanadb -- /bin/sh -lc \ | ||
| "source /usr/sap/HXE/HDB90/HDBSettings.sh; hdbsql -i 90 -d SYSTEMDB -u SYSTEM -p '$HANA_PASSWORD' 'SELECT 1 AS HELLO FROM DUMMY'" | ||
| HELLO | ||
| 1 | ||
| 1 row selected (overall time 3143 usec; server time 158 usec) | ||
| ``` |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
Password exposed in local shell process list.
The kubectl exec command uses double quotes for the /bin/sh -lc argument, so $HANA_PASSWORD is expanded by the local shell before being sent to the pod. This exposes the credential in ps output and shell history on the user's workstation.
Pass the variable via --env so expansion occurs safely inside the container:
🔒 Proposed fix
$ HANA_PASSWORD="$(kubectl get secret hanadb-quickstart-auth -n demo -o jsonpath='{.data.password}' | base64 -d)"
$ kubectl exec -n demo hanadb-quickstart-0 -c hanadb -- /bin/sh -lc \
- "source /usr/sap/HXE/HDB90/HDBSettings.sh; hdbsql -i 90 -d SYSTEMDB -u SYSTEM -p '$HANA_PASSWORD' 'SELECT 1 AS HELLO FROM DUMMY'"
+ --env HANA_PASSWORD="$HANA_PASSWORD" \
+ -- /bin/sh -lc \
+ 'source /usr/sap/HXE/HDB90/HDBSettings.sh; hdbsql -i 90 -d SYSTEMDB -u SYSTEM -p "$HANA_PASSWORD" '\''SELECT 1 AS HELLO FROM DUMMY'\'''
$ kubectl exec -n demo hanadb-quickstart-0 -c hanadb -- /bin/sh -lc \
- "source /usr/sap/HXE/HDB90/HDBSettings.sh; hdbsql -i 90 -d SYSTEMDB -u SYSTEM -p '$HANA_PASSWORD' \"SELECT DATABASE_NAME, ACTIVE_STATUS FROM SYS.M_DATABASES\""
+ --env HANA_PASSWORD="$HANA_PASSWORD" \
+ -- /bin/sh -lc \
+ 'source /usr/sap/HXE/HDB90/HDBSettings.sh; hdbsql -i 90 -d SYSTEMDB -u SYSTEM -p "$HANA_PASSWORD" "SELECT DATABASE_NAME, ACTIVE_STATUS FROM SYS.M_DATABASES"'This same pattern appears in the reconfigure guide and should be fixed there as well.
Also applies to: 235-242
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 219-219: Dollar signs used before commands without showing output
(MD014, commands-show-output)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/guides/hanadb/quickstart/quickstart.md` around lines 218 - 230, The
`kubectl exec` example in the HANA quickstart is expanding `HANA_PASSWORD` in
the local shell because the `/bin/sh -lc` command is wrapped in double quotes,
which exposes the secret in process listings and history. Update the example so
the password is passed into the container environment and only expanded inside
the pod, using the relevant `kubectl exec`/`hdbsql` command in the quickstart.
Apply the same safe quoting/env-handling pattern to the matching command in the
reconfigure guide as well.
| | Reconfigure TLS (`HanaDBOpsRequest`) | ✓ | | ||
| | Vertical Scaling (`HanaDBOpsRequest`) | ✓ | | ||
| | Volume Expansion (`HanaDBOpsRequest`) | ✓ | | ||
| | Horizontal Scaling (`HanaDBOpsRequest`) | ✓ | |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Horizontal Scaling guide link inconsistency.
The README lists Horizontal Scaling as available, but opsrequest.md shows no guide link (—) for HorizontalScaling. Verify that a guide exists or remove the claim from the feature table if it's not yet documented.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/guides/hanadb/README.md` at line 50, The feature table in the HanaDB
README is inconsistent with the guide matrix for HorizontalScaling, so update
the documentation to match reality. Check whether a Horizontal Scaling guide
exists for HanaDB; if it does, add the corresponding guide link in the README
entry for HanaDBOpsRequest, and if it does not, remove or mark the availability
claim so it matches the opsrequest.md status. Use the Horizontal Scaling row and
HanaDBOpsRequest entry to locate and align the documentation.
| ## Option B — Add TLS to a running HanaDB (ReconfigureTLS) | ||
|
|
||
| If the database already exists without TLS, add TLS with a `HanaDBOpsRequest` of type `ReconfigureTLS`: | ||
|
|
||
| ```yaml | ||
| apiVersion: ops.kubedb.com/v1alpha1 | ||
| kind: HanaDBOpsRequest | ||
| metadata: | ||
| name: hdbops-add-tls | ||
| namespace: demo | ||
| spec: | ||
| type: ReconfigureTLS | ||
| databaseRef: | ||
| name: hanadb-cluster | ||
| tls: | ||
| issuerRef: | ||
| apiGroup: cert-manager.io | ||
| kind: Issuer | ||
| name: hdb-ca-issuer | ||
| timeout: 30m | ||
| apply: IfReady | ||
| ``` | ||
|
|
||
| ```bash | ||
| $ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/tls/reconfigure-add-tls.yaml | ||
| hanadbopsrequest.ops.kubedb.com/hdbops-add-tls created | ||
| ``` |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Option B is missing the precondition step to provision the no-TLS cluster.
The section states the database "already exists without TLS" but never shows the command to create it. The example file docs/examples/hanadb/tls/system-replication-reconfigure-tls-base.yaml exists for exactly this purpose but is never referenced here, leaving readers without a working starting point for this flow.
📝 Suggested addition before the ReconfigureTLS example
If the database already exists without TLS, add TLS with a `HanaDBOpsRequest` of type `ReconfigureTLS`:
+First, provision a HanaDB cluster without TLS:
+
+```bash
+$ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/tls/system-replication-reconfigure-tls-base.yaml
+hanadb.kubedb.com/hanadb-cluster created
+```
+
+Then apply the `ReconfigureTLS` ops request:
+
```yaml
apiVersion: ops.kubedb.com/v1alpha1📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ## Option B — Add TLS to a running HanaDB (ReconfigureTLS) | |
| If the database already exists without TLS, add TLS with a `HanaDBOpsRequest` of type `ReconfigureTLS`: | |
| ```yaml | |
| apiVersion: ops.kubedb.com/v1alpha1 | |
| kind: HanaDBOpsRequest | |
| metadata: | |
| name: hdbops-add-tls | |
| namespace: demo | |
| spec: | |
| type: ReconfigureTLS | |
| databaseRef: | |
| name: hanadb-cluster | |
| tls: | |
| issuerRef: | |
| apiGroup: cert-manager.io | |
| kind: Issuer | |
| name: hdb-ca-issuer | |
| timeout: 30m | |
| apply: IfReady | |
| ``` | |
| ```bash | |
| $ kubectl apply -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/hanadb/tls/reconfigure-add-tls.yaml | |
| hanadbopsrequest.ops.kubedb.com/hdbops-add-tls created | |
| ``` | |
| ## Option B — Add TLS to a running HanaDB (ReconfigureTLS) | |
| If the database already exists without TLS, add TLS with a `HanaDBOpsRequest` of type `ReconfigureTLS`: | |
| First, provision a HanaDB cluster without TLS: | |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/guides/hanadb/tls/overview.md` around lines 114 - 140, Option B is
missing the prerequisite step to create the existing HanaDB cluster without TLS
before showing ReconfigureTLS. Update the “ReconfigureTLS” flow in the TLS
overview to first reference and apply the base example for the no-TLS cluster,
then continue with the existing `HanaDBOpsRequest` example; use the surrounding
“Option B — Add TLS to a running HanaDB (ReconfigureTLS)” section and the
`system-replication-reconfigure-tls-base.yaml` example to place the new step
correctly.
|
Visit the preview URL for this PR (updated for commit c86c6c2): https://kubedb-v2-hugo--pr938-update-hanadb-docs-mqx9xsb2.web.app (expires Tue, 07 Jul 2026 20:00:24 GMT) 🔥 via Firebase Hosting GitHub Action 🌎 Sign: 0f29ae8ae0bd54a99bf2b223b6833be47acd5943 |
What
Adds user-facing documentation and runnable examples for KubeDB-managed SAP HanaDB, under
docs/guides/hanadb/anddocs/examples/hanadb/.All command output embedded in the guides was collected from a live cluster running the HanaDB operator (standalone + System Replication topologies), not invented.
Guides
HanaDB,HanaDBVersion,HanaDBOpsRequest,AppBindinghdbnsutil -sr_state)global.inisecretspec.tls) and viaReconfigureTLSCoverage notes
HanaDBOpsRequesttype is present in the API and implemented by the ops controller.ReconfigureTLS) validated live. The certificate-rotation path is documented with a troubleshooting note: in testing, after a rotation the raft coordinator could fail to verify the new certificate (x509: certificate signed by unknown authority), stalling primary re-election — the guide tells users how to detect this.allowVolumeExpansion: true); the guides call out the expandable-StorageClass requirement sincelocal-pathcannot expand.Validation
kubectl apply --dry-run=server.Summary by CodeRabbit