diff --git a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/README.md b/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/README.md
deleted file mode 100755
index eb761e87e..000000000
--- a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/README.md
+++ /dev/null
@@ -1,73 +0,0 @@
-# An Ingress per domain chart
-This chart is for deploying an Ingress resource in front of a WebLogic domain cluster. We support two Ingress types: Traeafik and Voyager.
-
-## Prerequisites
-- Have Docker and a Kubernetes cluster running and have `kubectl` installed and configured.
-- Have Helm installed.
-- The corresponding Ingress controller, Traefik or Voyager, is installed in the Kubernetes cluster.
-- A WebLogic domain cluster deployed by `weblogic-operator` is running in the Kubernetes cluster.
-
-## Installing the chart
-
-To install the chart with the release name, `my-ingress`, with the given `values.yaml`:
-```
-# Change directory to the cloned git weblogic-kubernetes-operator repo.
-$ cd kubernetes/samples/charts
-
-# Use helm to install the chart. Use `--namespace` to specify the name of the WebLogic domain's namespace.
-$ helm install ingress-per-domain --name my-ingress --namespace my-domain-namespace --values values.yaml
-```
-The Ingress resource will be created in the same namespace as the WebLogic domain cluster.
-
-Sample `values.yaml` for the Traefik Ingress:
-```
-type: TRAEFIK
-
-# WLS domain as backend to the load balancer
-wlsDomain:
- domainUID: domain1
- clusterName: cluster1
- managedServerPort: 8001
-
-# Traefik specific values
-traefik:
- # hostname used by host-routing
- hostname: domain1.org
-```
-
-Sample `values.yaml` for the Voyager Ingress:
-```
-type: VOYAGER
-
-# WLS domain as backend to the load balancer
-wlsDomain:
- domainUID: domain1
- clusterName: cluster1
- managedServerPort: 8001
-
-# Voyager specific values
-voyager:
- # web port
- webPort: 30305
- # stats port
- statsPort: 30315
-```
-## Uninstalling the chart
-To uninstall and delete the `my-ingress` deployment:
-```
-$ helm delete --purge my-ingress
-```
-## Configuration
-The following table lists the configurable parameters of this chart and their default values.
-
-| Parameter | Description | Default |
-| --- | --- | --- |
-| `type` | Type of Ingress controller. Legal values are `TRAEFIK` or `VOYAGER`. | `TRAEFIK` |
-| `wlsDomain.domainUID` | DomainUID of the WLS domain. | `domain1` |
-| `wlsDomain.clusterName` | Cluster name in the WLS domain. | `cluster-1` |
-| `wlsDomain.managedServerPort` | Port number of the managed servers in the WLS domain cluster. | `8001` |
-| `traefik.hostname` | Hostname to route to the WLS domain cluster. | `domain1.org` |
-| `voyager.webPort` | Web port to access the Voyager load balancer. | `30305` |
-| `voyager.statsPort` | Port to access the Voyager/HAProxy stats page. | `30315` |
-
-**Note:** The input values `domainUID` and `clusterName` will be used to generate the Kubernetes `serviceName` of the WLS cluster with the format `domainUID-cluster-clusterName`.
diff --git a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/nginx-ingress.yaml b/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/nginx-ingress.yaml
deleted file mode 100755
index fe1cfcdf7..000000000
--- a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/nginx-ingress.yaml
+++ /dev/null
@@ -1,69 +0,0 @@
-# Copyright (c) 2020, Oracle Corporation and/or its affiliates.
-# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
-
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
- name: access-ingress
- namespace: accessns
- annotations:
- nginx.ingress.kubernetes.io/proxy-buffer-size: "2000k"
- kubernetes.io/ingress.class: nginx
- nginx.ingress.kubernetes.io/enable-access-log: "false"
-spec:
- rules:
- - host: xxxxx.xxx.xxxxx.xxx
- http:
- paths:
- - path: /console
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /rreg/rreg
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /em
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /oamconsole
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /dms
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /oam/services/rest
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /iam/admin/config
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /iam/admin/diag
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /iam/access
- backend:
- serviceName: accessinfra-cluster-oam-cluster
- servicePort: 14100
- - path: /oam/admin/api
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /oam/services/rest/access/api
- backend:
- serviceName: accessinfra-cluster-oam-cluster
- servicePort: 14100
- - path: /access
- backend:
- serviceName: accessinfra-cluster-policy-cluster
- servicePort: 15100
- - path: /
- backend:
- serviceName: accessinfra-cluster-oam-cluster
- servicePort: 14100
diff --git a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/ssl-nginx-ingress.yaml b/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/ssl-nginx-ingress.yaml
deleted file mode 100755
index aba781d04..000000000
--- a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/ssl-nginx-ingress.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
-# Copyright (c) 2020, Oracle Corporation and/or its affiliates.
-# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
-
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
- name: access-ingress
- namespace: accessns
- annotations:
- nginx.ingress.kubernetes.io/proxy-buffer-size: "2000k"
- kubernetes.io/ingress.class: nginx
- nginx.ingress.kubernetes.io/enable-access-log: "false"
- nginx.ingress.kubernetes.io/configuration-snippet: |
- more_set_input_headers "X-Forwarded-Proto: https";
- more_set_input_headers "WL-Proxy-SSL: true";
- nginx.ingress.kubernetes.io/ingress.allow-http: "false"
-spec:
- rules:
- - http:
- paths:
- - path: /console
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /rreg/rreg
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /em
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /oamconsole
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /dms
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /oam/services/rest
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /iam/admin/config
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /oam/admin/api
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /iam/admin/diag
- backend:
- serviceName: accessinfra-adminserver
- servicePort: 7001
- - path: /iam/access
- backend:
- serviceName: accessinfra-cluster-oam-cluster
- servicePort: 14100
- - path: /oam/services/rest/access/api
- backend:
- serviceName: accessinfra-cluster-oam-cluster
- servicePort: 14100
- - path: /access
- backend:
- serviceName: accessinfra-cluster-policy-cluster
- servicePort: 15100
- - path: /
- backend:
- serviceName: accessinfra-cluster-oam-cluster
- servicePort: 14100
diff --git a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/templates/nginx-ingress.yaml b/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/templates/nginx-ingress.yaml
deleted file mode 100755
index 93e187351..000000000
--- a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/templates/nginx-ingress.yaml
+++ /dev/null
@@ -1,79 +0,0 @@
-# Copyright (c) 2020, Oracle Corporation and/or its affiliates.
-# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
-
-{{- if eq .Values.type "NGINX" }}
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
- name: access-ingress
- namespace: {{ .Release.Namespace }}
- labels:
- weblogic.resourceVersion: domain-v2
-{{- if eq .Values.tls "SSL" }}
- annotations:
- nginx.ingress.kubernetes.io/proxy-buffer-size: "2000k"
- kubernetes.io/ingress.class: nginx
- nginx.ingress.kubernetes.io/enable-access-log: "false"
- nginx.ingress.kubernetes.io/configuration-snippet: |
- more_set_input_headers "X-Forwarded-Proto: https";
- more_set_input_headers "WL-Proxy-SSL: true";
- nginx.ingress.kubernetes.io/ingress.allow-http: "false"
-{{- end }}
-spec:
- rules:
- - http:
- paths:
- - path: /console
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /rreg/rreg
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /em
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /oamconsole
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /dms
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /oam/services/rest
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /iam/admin/config
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /iam/admin/diag
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /iam/access
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.oamManagedServerPort }}
- - path: /oam/admin/api
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /oam/services/rest/access/api
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.oamManagedServerPort }}
- - path: /access
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.policyClusterName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.policyServerPort }}
- - path: /
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.oamManagedServerPort }}
-{{- end }}
diff --git a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/templates/traefik-ingress.yaml b/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/templates/traefik-ingress.yaml
deleted file mode 100755
index d2acf27ed..000000000
--- a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/templates/traefik-ingress.yaml
+++ /dev/null
@@ -1,73 +0,0 @@
-# Copyright (c) 2020, Oracle Corporation and/or its affiliates.
-# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
-
-{{- if eq .Values.type "TRAEFIK" }}
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
- name: {{ .Values.wlsDomain.domainUID }}-traefik
- namespace: {{ .Release.Namespace }}
- labels:
- weblogic.resourceVersion: domain-v2
- annotations:
- kubernetes.io/ingress.class: traefik
-spec:
- rules:
- - host: '{{ .Values.traefik.hostname }}'
- http:
- paths:
- - path: /console
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /rreg/rreg
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /dms
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /oamconsole
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /oam/services/rest
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /iam/admin/config
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /oam/admin/api
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /iam/admin/diag
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /iam/access
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.oamManagedServerPort }}
- - path: /em
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /access
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.policyClusterName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.policyServerPort }}
- - path: /oam/services/rest/access/api
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.oamManagedServerPort }}
- - path: /
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.oamManagedServerPort }}
-{{- end }}
-
diff --git a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/templates/voyager-ingress.yaml b/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/templates/voyager-ingress.yaml
deleted file mode 100755
index 405b55544..000000000
--- a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/templates/voyager-ingress.yaml
+++ /dev/null
@@ -1,106 +0,0 @@
-# Copyright (c) 2020, Oracle Corporation and/or its affiliates.
-# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
-
-{{- if eq .Values.type "VOYAGER" }}
----
-apiVersion: voyager.appscode.com/v1beta1
-kind: Ingress
-metadata:
- name: {{ .Values.wlsDomain.domainUID }}-voyager
- namespace: {{ .Release.Namespace }}
- annotations:
- ingress.appscode.com/type: 'NodePort'
- kubernetes.io/ingress.class: 'voyager'
- ingress.appscode.com/stats: 'true'
- ingress.appscode.com/default-timeout: '{"connect": "1800s", "server": "1800s"}'
- ingress.appscode.com/proxy-body-size: "2000000"
- labels:
- weblogic.resourceVersion: domain-v2
-spec:
-{{- if eq .Values.tls "SSL" }}
- frontendRules:
- - port: 443
- rules:
- - http-request set-header WL-Proxy-SSL true
- tls:
- - secretName: domain1-tls-cert
- hosts:
- - '*'
-{{- end }}
- rules:
- - host: '*'
- http:
- nodePort: '{{ .Values.voyager.webPort }}'
- paths:
- - path: /console
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /rreg/rreg
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /em
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /oamconsole
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /dms
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /oam/services/rest
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /iam/admin/config
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /iam/admin/diag
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /iam/access
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.oamManagedServerPort }}
- - path: /oam/admin/api
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.adminServerPort }}
- - path: /oam/services/rest/access/api
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.oamManagedServerPort }}
- - path: /access
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.policyClusterName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.policyServerPort }}
- - path: /
- backend:
- serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
- servicePort: {{ .Values.wlsDomain.oamManagedServerPort }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.wlsDomain.domainUID }}-voyager-stats
- namespace: {{ .Release.Namespace }}
- labels:
- app: voyager-stats
-spec:
- type: NodePort
- ports:
- - name: client
- protocol: TCP
- port: 56789
- targetPort: 56789
- nodePort: {{ .Values.voyager.statsPort }}
- selector:
- origin: voyager
- origin-name: {{ .Values.wlsDomain.domainUID }}-voyager
-{{- end }}
diff --git a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/values.yaml b/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/values.yaml
deleted file mode 100755
index bc79f0d2d..000000000
--- a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/values.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-# Copyright (c) 2020, Oracle Corporation and/or its affiliates.
-# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
-
-# Default values for ingress-per-domain.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-# Load balancer type. Supported values are: NGINX, VOYAGER
-
-type: VOYAGER
-# Type of Configuration Supported Values are : NONSSL,SSL
-# tls: NONSSL
-tls: SSL
-# TLS secret name if the mode is SSL
-secretName: domain1-tls-cert
-
-
-# WLS domain as backend to the load balancer
-wlsDomain:
- domainUID: accessinfra
- oamClusterName: oam_cluster
- policyClusterName: policy_cluster
- oamManagedServerPort: 14100
- policyServerPort: 15100
- adminServerName: adminserver
- adminServerPort: 7001
- Namespace: accessns
-
-# Traefik specific values
-#traefik:
- # hostname used by host-routing
- #hostname: xxxx.example.com
-
-# Voyager specific values
-voyager:
- # web port
- webPort: 30305
- # stats port
- statsPort: 30315
-
diff --git a/OracleAccessManagement/kubernetes/charts/apache-samples/README.md b/OracleAccessManagement/kubernetes/charts/apache-samples/README.md
new file mode 100755
index 000000000..dcaab57c7
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-samples/README.md
@@ -0,0 +1,8 @@
+# Apache load balancer samples
+
+The sample package contains two samples that use the [Apache Helm chart](../apache-webtier/README.md). The samples use the Docker image for the Apache HTTP Server with the 12.2.1.3.0 and 12.2.1.4.0 Oracle WebLogic Server Proxy Plugin. See the details in [Apache HTTP Server with Oracle WebLogic Server Proxy Plugin on Docker](https://github.com/oracle/docker-images/tree/master/OracleWebLogic/samples/12213-webtier-apache).
+
+* [The default sample](default-sample/README.md) uses the built-in configuration in the Docker image.
+
+* [The custom sample](custom-sample/README.md) demonstrates how to customize the configuration of the Apache HTTP Server with the 12.2.1.3.0 and 12.2.1.4.0 Oracle WebLogic Server Proxy Plugins.
+
diff --git a/OracleAccessManagement/kubernetes/charts/apache-samples/custom-sample/README.md b/OracleAccessManagement/kubernetes/charts/apache-samples/custom-sample/README.md
new file mode 100755
index 000000000..c35d2d700
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-samples/custom-sample/README.md
@@ -0,0 +1,149 @@
+# Apache load balancer custom sample
+In this sample, we will configure the Apache webtier as a load balancer for multiple WebLogic domains using a custom configuration. We will demonstrate how to use the Apache webtier to handle traffic to multiple backend WebLogic domains.
+
+## 1. Create a namespace
+In this sample, both the Apache webtier and WebLogic domain instances are located in the namespace `apache-sample`.
+```shell
+$ kubectl create namespace apache-sample
+```
+
+## 2. Create WebLogic domains
+We need to prepare some backend domains for load balancing by the Apache webtier. Refer to the [sample](/kubernetes/samples/scripts/create-weblogic-domain/domain-home-on-pv/README.md), to create two WebLogic domains under the namespace `apache-sample`.
+
+The first domain uses the following custom configuration parameters:
+- namespace: `apache-sample`
+- domainUID: `domain1`
+- clusterName: `cluster-1`
+- adminServerName: `admin-server`
+- adminPort: `7001`
+- adminNodePort: `30701`
+- managedServerPort: `8001`
+
+The second domain uses the following custom configuration parameters:
+- namespace: `apache-sample`
+- domainUID: `domain2`
+- clusterName: `cluster-1`
+- adminServerName: `admin-server`
+- adminPort: `7011`
+- adminNodePort: `30702`
+- managedServerPort: `8021`
+
+After the domains are successfully created, deploy the sample web application, `testwebapp.war`, on each domain cluster using the WLS Administration Console. The sample web application is located in the `kubernetes/samples/charts/application` directory.
+
+## 3. Build the Apache webtier Docker image
+Refer to the [sample](https://github.com/oracle/docker-images/tree/master/OracleWebLogic/samples/12213-webtier-apache), to build the Apache webtier Docker image.
+
+## 4. Provide the custom Apache plugin configuration
+In this sample, we will provide a custom Apache plugin configuration to fine tune the behavior of Apache.
+
+* Create a custom Apache plugin configuration file named `custom_mod_wl_apache.conf`. The file content is similar to below.
+
+```
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+
+WebLogicHost ${WEBLOGIC_HOST}
+WebLogicPort ${WEBLOGIC_PORT}
+
+
+# Directive for weblogic admin Console deployed on Weblogic Admin Server
+
+SetHandler weblogic-handler
+WebLogicHost domain1-admin-server
+WebLogicPort ${WEBLOGIC_PORT}
+
+
+# Directive for all application deployed on weblogic cluster with a prepath defined by LOCATION variable
+# For example, if the LOCAITON is set to '/weblogic', all applications deployed on the cluster can be accessed via
+# http://myhost:myport/weblogic/application_end_url
+# where 'myhost' is the IP of the machine that runs the Apache web tier, and
+# 'myport' is the port that the Apache web tier is publicly exposed to.
+# Note that LOCATION cannot be set to '/' unless this is the only Location module configured.
+
+WLSRequest On
+WebLogicCluster domain1-cluster-cluster-1:8001
+PathTrim /weblogic1
+
+
+# Directive for all application deployed on weblogic cluster with a prepath defined by LOCATION2 variable
+# For example, if the LOCAITON2 is set to '/weblogic2', all applications deployed on the cluster can be accessed via
+# http://myhost:myport/weblogic2/application_end_url
+# where 'myhost' is the IP of the machine that runs the Apache web tier, and
+# 'myport' is the port that the Apache webt ier is publicly exposed to.
+
+WLSRequest On
+WebLogicCluster domain2-cluster-cluster-1:8021
+PathTrim /weblogic2
+
+```
+
+* Create a PV / PVC (pv-claim-name) that can be used to store the `custom_mod_wl_apache.conf`. Refer to the [Sample for creating a PV or PVC](/kubernetes/samples/scripts/create-weblogic-domain-pv-pvc/README.md).
+
+## 5. Prepare your own certificate and private key
+In production, Oracle strongly recommends that you provide your own certificates. Run the following commands to generate your own certificate and private key using `openssl`.
+
+```shell
+$ cd kubernetes/samples/charts/apache-samples/custom-sample
+$ export VIRTUAL_HOST_NAME=apache-sample-host
+$ export SSL_CERT_FILE=apache-sample.crt
+$ export SSL_CERT_KEY_FILE=apache-sample.key
+$ sh certgen.sh
+```
+
+## 6. Prepare the input values for the Apache webtier Helm chart
+Run the following commands to prepare the input value file for the Apache webtier Helm chart.
+
+```shell
+$ base64 -i ${SSL_CERT_FILE} | tr -d '\n'
+$ base64 -i ${SSL_CERT_KEY_FILE} | tr -d '\n'
+$ touch input.yaml
+```
+Edit the input parameters file, `input.yaml`. The file content is similar to below.
+
+```yaml
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# Use this to provide your own Apache webtier configuration as needed; simply define this
+# Persistence Volume which contains your own custom_mod_wl_apache.conf file.
+persistentVolumeClaimName:
+
+# The VirtualHostName of the Apache HTTP server. It is used to enable custom SSL configuration.
+virtualHostName: apache-sample-host
+
+# The customer supplied certificate to use for Apache webtier SSL configuration.
+# The value must be a string containing a base64 encoded certificate. Run following command to get it.
+# base64 -i ${SSL_CERT_FILE} | tr -d '\n'
+customCert:
+
+# The customer supplied private key to use for Apache webtier SSL configuration.
+# The value must be a string containing a base64 encoded key. Run following command to get it.
+# base64 -i ${SSL_KEY_FILE} | tr -d '\n'
+customKey:
+```
+
+## 7. Install the Apache webtier Helm chart
+The Apache webtier Helm chart is located in the `kubernetes/samples/charts/apache-webtier` directory. Install the Apache webtier Helm chart to the `apache-sample` namespace with the specified input parameters:
+
+```shell
+$ cd kubernetes/samples/charts
+$ helm install my-release --values apache-samples/custom-sample/input.yaml --namespace apache-sample apache-webtier
+```
+
+## 8. Run the sample application
+Now you can send requests to different WebLogic domains with the unique entry point of Apache with different paths. Alternatively, you can access the URLs in a web browser.
+```shell
+$ curl --silent http://${HOSTNAME}:30305/weblogic1/testwebapp/
+$ curl --silent http://${HOSTNAME}:30305/weblogic2/testwebapp/
+```
+Also, you can use SSL URLs to send requests to different WebLogic domains. Access the SSL URL via the `curl` command or a web browser.
+```shell
+$ curl -k --silent https://${HOSTNAME}:30443/weblogic1/testwebapp/
+$ curl -k --silent https://${HOSTNAME}:30443/weblogic2/testwebapp/
+```
+
+## 9. Uninstall the Apache webtier
+```shell
+$ helm uninstall my-release --namespace apache-sample
+```
diff --git a/OracleAccessManagement/kubernetes/charts/apache-samples/custom-sample/certgen.sh b/OracleAccessManagement/kubernetes/charts/apache-samples/custom-sample/certgen.sh
new file mode 100755
index 000000000..20dd9fa51
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-samples/custom-sample/certgen.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Since: June, 2018
+# Author: dongbo.xiao@oracle.com
+# Description: script to start Apache HTTP Server
+#
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+
+# Generated configuration file
+CONFIG_FILE="config.txt"
+
+cat > $CONFIG_FILE <<-EOF
+[req]
+default_bits = 2048
+prompt = no
+default_md = sha256
+req_extensions=v3_req
+extensions=v3_req
+distinguished_name = dn
+
+[dn]
+C = US
+ST = CA
+L = Redwood Shores
+O = Oracle Corporation
+OU = Apache HTTP Server With Plugin
+CN = $VIRTUAL_HOST_NAME
+
+[v3_req]
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = $VIRTUAL_HOST_NAME
+DNS.2 = $VIRTUAL_HOST_NAME.cloud.oracle.com
+DNS.3 = *.$VIRTUAL_HOST_NAME
+DNS.4 = localhost
+EOF
+
+echo "Generating certs for $VIRTUAL_HOST_NAME"
+
+# Generate our Private Key, CSR and Certificate
+# Use SHA-2 as SHA-1 is unsupported from Jan 1, 2017
+
+openssl req -x509 -newkey rsa:2048 -sha256 -nodes -keyout "$SSL_CERT_KEY_FILE" -days 3650 -out "$SSL_CERT_FILE" -config "$CONFIG_FILE"
+
+# OPTIONAL - write an info to see the details of the generated crt
+openssl x509 -noout -fingerprint -text < "$SSL_CERT_FILE" > "$SSL_CERT_FILE.info"
+# Protect the key
+chmod 400 "$SSL_CERT_KEY_FILE"
+chmod 400 "$SSL_CERT_FILE.info"
diff --git a/OracleAccessManagement/kubernetes/charts/apache-samples/custom-sample/custom_mod_wl_apache.conf b/OracleAccessManagement/kubernetes/charts/apache-samples/custom-sample/custom_mod_wl_apache.conf
new file mode 100755
index 000000000..8a2d05f0d
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-samples/custom-sample/custom_mod_wl_apache.conf
@@ -0,0 +1,37 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+
+WebLogicHost ${WEBLOGIC_HOST}
+WebLogicPort ${WEBLOGIC_PORT}
+
+
+# Directive for weblogic admin Console deployed on Weblogic Admin Server
+
+SetHandler weblogic-handler
+WebLogicHost domain1-admin-server
+WebLogicPort ${WEBLOGIC_PORT}
+
+
+# Directive for all application deployed on weblogic cluster with a prepath defined by LOCATION variable
+# For example, if the LOCAITON is set to '/weblogic', all applications deployed on the cluster can be accessed via
+# http://myhost:myport/weblogic/application_end_url
+# where 'myhost' is the IP of the machine that runs the Apache web tier, and
+# 'myport' is the port that the Apache web tier is publicly exposed to.
+# Note that LOCATION cannot be set to '/' unless this is the only Location module configured.
+
+WLSRequest On
+WebLogicCluster domain1-cluster-cluster-1:8001
+PathTrim /weblogic1
+
+
+# Directive for all application deployed on weblogic cluster with a prepath defined by LOCATION2 variable
+# For example, if the LOCAITON2 is set to '/weblogic2', all applications deployed on the cluster can be accessed via
+# http://myhost:myport/weblogic2/application_end_url
+# where 'myhost' is the IP of the machine that runs the Apache web tier, and
+# 'myport' is the port that the Apache webt ier is publicly exposed to.
+
+WLSRequest On
+WebLogicCluster domain2-cluster-cluster-1:8021
+PathTrim /weblogic2
+
diff --git a/OracleAccessManagement/kubernetes/charts/apache-samples/custom-sample/input.yaml b/OracleAccessManagement/kubernetes/charts/apache-samples/custom-sample/input.yaml
new file mode 100755
index 000000000..95eaec6e9
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-samples/custom-sample/input.yaml
@@ -0,0 +1,28 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# Use this to provide your own Apache webtier configuration as needed; simply define the
+# Persistence Volume which contains your own custom_mod_wl_apache.conf file and provide the Persistence Volume Claim Name
+persistentVolumeClaimName:
+
+# imagePullSecrets contains an optional list of Kubernetes secrets, that are needed
+# to access the registry containing the apache webtier image.
+# If no secrets are required, then omit this property.
+#
+# Example : a secret is needed, and has been stored in 'my-apache-webtier-secret'
+#
+# imagePullSecrets:
+# - name: my-apache-webtier-secret
+
+# The VirtualHostName of the Apache HTTP server. It is used to enable custom SSL configuration.
+virtualHostName: apache-sample-host
+
+# The customer supplied certificate to use for Apache webtier SSL configuration.
+# The value must be a string containing a base64 encoded certificate. Run following command to get it.
+# base64 -i ${SSL_CERT_FILE} | tr -d '\n'
+customCert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxakNDQXBJQ0NRQ0w2Q2JwRWZ6QnB6QU5CZ2txaGtpRzl3MEJBUXNGQURDQmxqRUxNQWtHQTFVRUJoTUMKVlZNeEN6QUpCZ05WQkFnTUFrTkJNUmN3RlFZRFZRUUhEQTVTWldSM2IyOWtJRk5vYjNKbGN6RWJNQmtHQTFVRQpDZ3dTVDNKaFkyeGxJRU52Y25CdmNtRjBhVzl1TVNjd0pRWURWUVFMREI1QmNHRmphR1VnU0ZSVVVDQlRaWEoyClpYSWdWMmwwYUNCUWJIVm5hVzR4R3pBWkJnTlZCQU1NRW1Gd1lXTm9aUzF6WVcxd2JHVXRhRzl6ZERBZUZ3MHgKT0RFeE1UUXhOVEF3TURGYUZ3MHlPREV4TVRFeE5UQXdNREZhTUlHV01Rc3dDUVlEVlFRR0V3SlZVekVMTUFrRwpBMVVFQ0F3Q1EwRXhGekFWQmdOVkJBY01EbEpsWkhkdmIyUWdVMmh2Y21Wek1Sc3dHUVlEVlFRS0RCSlBjbUZqCmJHVWdRMjl5Y0c5eVlYUnBiMjR4SnpBbEJnTlZCQXNNSGtGd1lXTm9aU0JJVkZSUUlGTmxjblpsY2lCWGFYUm8KSUZCc2RXZHBiakViTUJrR0ExVUVBd3dTWVhCaFkyaGxMWE5oYlhCc1pTMW9iM04wTUlJQklqQU5CZ2txaGtpRwo5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBeXBVWjEzV3ltcUVnSUZOVTZDa2E0SkFqMXFNemZ4T2FjTklNClVKRE9zZUtqdjNOYmpJb0szQTArcE9lRDNPOXBNcUVxM3F5ZWlCTUtnVEQwREhZNS9HQldjeEUvdUJyWk0rQzgKcnl3RVk5QTl5Y1drZ3h4NUFqSFM1ZnRLMFhpQU9OZWdnUnV0RTBTTnRmbmY3T0FwaStzU0k1RlBzT2V2ZWZGVgoybjJHUDg0bHNDTTZ3Y3FLcXRKeStwOC94VEJKdW1MY2RoL1daYktGTDd5YzFGSzdUNXdPVTB3eS9nZ1lVOUVvCk9tT3M3MENQWmloSkNrc1hrd1d0Q0JISEEwWGJPMXpYM1VZdnRpeGMwb2U3aFltd29zZnlQWU1raC9hL2pWYzEKWkhac25wQXZiWTZrVEoyY1dBa1hyS0srVmc5ZGJrWGVPY0FFTnNHazIvcXFxVGNOV1FJREFRQUJNQTBHQ1NxRwpTSWIzRFFFQkN3VUFBNElCQVFDQXZZNzBHVzBTM1V4d01mUHJGYTZvOFJxS3FNSDlCRE9lZ29zZGc5Nm9QakZnClgzRGJjblU5U0QxTzAyZUhNb0RTRldiNFlsK3dwZk9zUDFKekdQTERQcXV0RWRuVjRsbUJlbG15Q09xb0F4R0gKRW1vZGNUSWVxQXBnVDNEaHR1NW90UW4zZTdGaGNRRHhDelN6SldkUTRJTFh4SExsTVBkeHpRN1NwTzVySERGeAo0eEd6dkNHRkMwSlhBZ2w4dFhvR3dUYkpDR1hxYWV2cUIrNXVLY1NpSUo2M2dhQk1USytjUmF5MkR4L1dwcEdBClZWTnJsTWs4TEVQT1VSN2RZMm0xT3RaU1hCckdib3QwQjNEUG9yRkNpeVF5Q20vd0FYMFk0Z0hiMlNmcitOeFoKQkppb2VXajZ6ZGFvU3dPZkwxd2taWlJjVGtlZlZyZXdVRjZRQ3BCcAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+
+# The customer supplied private key to use for Apache webtier SSL configuration.
+# The value must be a string containing a base64 encoded key. Run following command to get it.
+# base64 -i ${SSL_KEY_FILE} | tr -d '\n'
+customKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRREtsUm5YZGJLYW9TQWcKVTFUb0tScmdrQ1BXb3pOL0U1cHcwZ3hRa002eDRxTy9jMXVNaWdyY0RUNms1NFBjNzJreW9TcmVySjZJRXdxQgpNUFFNZGpuOFlGWnpFVCs0R3RrejRMeXZMQVJqMEQzSnhhU0RISGtDTWRMbCswclJlSUE0MTZDQkc2MFRSSTIxCitkL3M0Q21MNnhJamtVK3c1Njk1OFZYYWZZWS96aVd3SXpyQnlvcXEwbkw2bnovRk1FbTZZdHgySDlabHNvVXYKdkp6VVVydFBuQTVUVERMK0NCaFQwU2c2WTZ6dlFJOW1LRWtLU3hlVEJhMElFY2NEUmRzN1hOZmRSaSsyTEZ6UwpoN3VGaWJDaXgvSTlneVNIOXIrTlZ6VmtkbXlla0M5dGpxUk1uWnhZQ1Jlc29yNVdEMTF1UmQ0NXdBUTJ3YVRiCitxcXBOdzFaQWdNQkFBRUNnZ0VCQUtPKzR4VnFHRVN1aWxZMnBVSEd2K2ZWK25IcWxweFh6eFQwWTJuWHNvck0KZzhralNGT1AzUGxEWjJoSmppZE9DUDBZa3B0TWNoUFJPRU4ydXowN2J1RlZTV3RXL09jbUpIeXZZalJCWXdiKwo4b0tlVTd4NmprRTgzcGh3aDJoTGUzRDJzZERKK3hyQTViNjZ5OG9lNHRZcTJ3Mk96aGhUSFY1MnVRdVRQS2xpCjJpSHNYQzIwT1dMSmRuMGU1a0IycTJhV3JJaUJBVzI1Y0JyRDQ5MWFyTDh0emJQOWM4eUUyWUdNM1FKaUFtbkYKNUxZUElzZFdVczJYNEhscWtUM0d6ZEVxNUtzV0pzdjN5QUkxOVJ4eXAwZXd1ditTN3hsRjdIZGlhbnR6ZUp4WAp3MnRWbHpjb1BVQVhoVHIxS0N1UDNCT3BQVXNvMG9oaDNzRFVXamVVWUNVQ2dZRUE3L25QYTE5ckpKUExJOFZiCllhQ2pEKzhTR0FvVWZwSDdRTVFyT2RzR0RkcWRKa2VlNEJ0RDBITUEzL1lLVGFUK0JvRVZmQ2czSWpZVWpmeGcKSkp0VWlJVlcya0RsMU5NY0xXaldINExPaFErQlRGbWcvbFlkc2puMW9FbUJ1Rk1NYWF0ejNGdmZscFRCekg4cwpwMHFyL0hJYTFTbllBckVTUXZUVk9MMVhtcThDZ1lFQTJCd1V6NmpQdVVGR3ZKS3RxWTZVbE9yYm05WXFyYVdDCjlhQ3ZBTDFHZ0Q1U1FEcGRVZnl3MVlWdm9hUU9DWHBOL0Z5UHZCdFF2TzYrbHp0MjVTcmMwZk0weHI3d3ZHRmEKSW5FcmlSOXAvMXdXU01yaWFXZitKaE81NENneFZ0alBXZm1pOVNhc0pqOE1jZVk0cUNCNUVJLzM1cjVaa3lFRQozeEhzcEUxVnVuY0NnWUJLYXBveXZzVTM4NGprRDloMW50M1NIQjN0VEhyc2dSSjhGQmtmZU5jWXhybEMzS1RjCjlEZUVWWlZvM2lCMTBYdGd3dmpKcHFMcVBnRUR3c2FCczVWMFBIMGhjMHlTUWVFVUI5V1dzZmFlOXA3dThVQm0KZm9mNDg5WkNuV2pYb3hGUFYzYTNWOW92RlBSQUdSUGMwT0FpaWJQZWRIcGk0MHc1YlRrTnZsR0RTd0tCZ1FESApubWk2eUR2WDZ5dmowN2tGL2VYUkNIK0NHdm1oSEZremVoRXNwYWtSbkg5dFJId2UxMEtnZUhqODNnVDVURGZzCis3THBGbklsa29JS1A2czdVN1JWV2tsTnErSENvRW9adGw5NGNjUC9WSmhnOU1iZWhtaUQwNFRHUVZvUjFvTHgKb1YyZEJQUFBBRDRHbDVtTjh6RGcwNXN4VUhKOUxPckxBa3VNR01NdlVRS0JnQ2RUUGgwVHRwODNUUVZFZnR3bwpuSGVuSEQzMkhrZkR0MTV4Wk84NVZGcTlONVg2MjB2amZKNkNyVnloS1RISllUREs1N2owQ3Z2STBFTksxNytpCi9yaXgwVlFNMTBIMFFuTkZlb0pmS0VITHhXb2czSHVBSVZxTEg4NmJwcytmb25nOCtuMGgvbk5NZUZNYjdSNUMKdmFHNEVkc0VHV0hZS2FiL2lzRlowUVU0Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
diff --git a/OracleAccessManagement/kubernetes/charts/apache-samples/default-sample/README.md b/OracleAccessManagement/kubernetes/charts/apache-samples/default-sample/README.md
new file mode 100755
index 000000000..806bab5c9
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-samples/default-sample/README.md
@@ -0,0 +1,39 @@
+# Apache load balancer default sample
+In this sample, we will configure the Apache webtier as a load balancer for a WebLogic domain using the default configuration. We will demonstrate how to use the Apache webtier to handle traffic to a backend WebLogic domain.
+
+## 1. Create a WebLogic domain
+We need to prepare a backend domain for load balancing by the Apache webtier. Refer to the [sample](/kubernetes/samples/scripts/create-weblogic-domain/domain-home-on-pv/README.md), to create a WebLogic domain. Keep the default values for the following configuration parameters:
+- namespace: `default`
+- domainUID: `domain1`
+- clusterName: `cluster-1`
+- adminServerName: `admin-server`
+- adminPort: `7001`
+- managedServerPort: `8001`
+
+After the domain is successfully created, deploy the sample web application, `testwebapp.war`, on the domain cluster using the WLS Administration Console. The sample web application is located in the `kubernetes/samples/charts/application` directory.
+
+## 2. Build the Apache webtier Docker image
+Refer to the [sample](https://github.com/oracle/docker-images/tree/master/OracleWebLogic/samples/12213-webtier-apache), to build the Apache webtier Docker image.
+
+## 3. Install the Apache webtier with a Helm chart
+The Apache webtier Helm chart [is located here](../../apache-webtier/README.md).
+Install the Apache webtier Helm chart into the default namespace with the default settings:
+```shell
+$ cd kubernetes/samples/charts
+$ helm install my-release apache-webtier
+```
+
+## 4. Run the sample application
+Now you can send request to the WebLogic domain with the unique entry point of Apache. Alternatively, you can access the URL in a web browser.
+```shell
+$ curl --silent http://${HOSTNAME}:30305/weblogic/testwebapp/
+```
+You can also use an SSL URL to send requests to the WebLogic domain. Access the SSL URL via the `curl` command or a web browser.
+```shell
+$ curl -k --silent https://${HOSTNAME}:30443/weblogic/testwebapp/
+```
+
+## 5. Uninstall the Apache webtier
+```shell
+$ helm uninstall my-release
+```
diff --git a/OracleAccessManagement/kubernetes/charts/apache-webtier/Chart.yaml b/OracleAccessManagement/kubernetes/charts/apache-webtier/Chart.yaml
new file mode 100755
index 000000000..413b8ba2d
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-webtier/Chart.yaml
@@ -0,0 +1,20 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+apiVersion: v1
+name: apache-webtier
+version: 1.0.0
+appVersion: 12.2.1.3
+description: Chart for Apache HTTP Server
+keywords:
+- apache
+- http
+- https
+- load balance
+- proxy
+home: https://httpd.apache.org
+sources:
+- https://github.com/oracle/weblogic-kubernetes-operator/tree/master/kubernetes/samples/charts/apache-webtier
+maintainers:
+- name: Oracle
+engine: gotpl
diff --git a/OracleAccessManagement/kubernetes/charts/apache-webtier/README.md b/OracleAccessManagement/kubernetes/charts/apache-webtier/README.md
new file mode 100755
index 000000000..2be875dd3
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-webtier/README.md
@@ -0,0 +1,92 @@
+# Apache webtier Helm chart
+
+This Helm chart bootstraps an Apache HTTP Server deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+The chart depends on the Docker image for the Apache HTTP Server with Oracle WebLogic Server Proxy Plugin (supported versions 12.2.1.3.0 and 12.2.1.4.0). See the details in [Apache HTTP Server with Oracle WebLogic Server Proxy Plugin on Docker](https://github.com/oracle/docker-images/tree/master/OracleWebLogic/samples/12213-webtier-apache).
+
+## Prerequisites
+
+You will need to build a Docker image with the Apache webtier in it using the sample provided [here](https://github.com/oracle/docker-images/tree/master/OracleWebLogic/samples/12213-webtier-apache)
+in order to use this load balancer.
+
+## Installing the Chart
+To install the chart with the release name `my-release`:
+```shell
+$ helm install my-release apache-webtier
+```
+The command deploys the Apache HTTP Server on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete `my-release`:
+
+```shell
+$ helm uninstall my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the Apache webtier chart and their default values.
+
+
+| Parameter | Description | Default |
+| -----------------------------------| ------------------------------------------------------------- | ----------------------|
+| `image` | Apache webtier Docker image | `oracle/apache:12.2.1.3` |
+| `imagePullPolicy` | Image pull policy for the Apache webtier Docker image | `IfNotPresent` |
+| `imagePullSecrets` | Image pull Secrets required to access the registry containing the Apache webtier Docker image| ``|
+| `persistentVolumeClaimName` | Persistence Volume Claim name Apache webtier | `` |
+| `createRBAC` | Boolean indicating if RBAC resources should be created | `true` |
+| `httpNodePort` | Node port to expose for HTTP access | `30305` |
+| `httpsNodePort` | Node port to expose for HTTPS access | `30443` |
+| `virtualHostName` | The `VirtualHostName` of the Apache HTTP Server | `` |
+| `customCert` | The customer supplied certificate | `` |
+| `customKey` | The customer supplied private key | `` |
+| `domainUID` | Unique ID identifying a domain | `domain1` |
+| `clusterName` | Cluster name | `cluster-1` |
+| `adminServerName` | Name of the Administration Server | `admin-server` |
+| `adminPort` | Port number for Administration Server | `7001` |
+| `managedServerPort` | Port number for each Managed Server | `8001` |
+| `location` | Prepath for all applications deployed on the WebLogic cluster | `/weblogic` |
+| `useNonPriviledgedPorts` | Configuration of Apache webtier on NonPriviledgedPort | `false` |
+
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:
+
+```shell
+$ helm install my-release --set persistentVolumeClaimName=webtier-apache-pvc apache-webtier
+```
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while
+installing the chart. For example:
+
+```shell
+$ helm install my-release --values values.yaml apache-webtier
+```
+## useNonPriviledgedPorts
+By default, the chart will install the Apache webtier on PriviledgedPort (port 80). Set the flag `useNonPriviledgedPorts=true` to enable the Apache webtier to listen on port `8080`
+
+
+## RBAC
+By default, the chart will install the recommended RBAC roles and role bindings.
+
+Set the flag `--authorization-mode=RBAC` on the API server. See the following document for how to enable [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/).
+
+To determine if your cluster supports RBAC, run the following command:
+
+```shell
+$ kubectl api-versions | grep rbac
+```
+
+If the output contains "beta", you may install the chart with RBAC enabled.
+
+### Disable RBAC role/rolebinding creation
+
+To disable the creation of RBAC resources (on clusters with RBAC). Do the following:
+
+```shell
+$ helm install my-release apache-webtier --set createRBAC=false
+```
diff --git a/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/_helpers.tpl b/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/_helpers.tpl
new file mode 100755
index 000000000..c7999d287
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/_helpers.tpl
@@ -0,0 +1,25 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "apache.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "apache.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "apache.serviceAccountName" -}}
+{{- printf "%s-%s" .Release.Name .Chart.Name | trunc 63 -}}
+{{- end -}}
diff --git a/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/cluster-role-binding.yaml b/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/cluster-role-binding.yaml
new file mode 100755
index 000000000..188e54d1a
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/cluster-role-binding.yaml
@@ -0,0 +1,17 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{ if .Values.createRBAC }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "apache.fullname" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "apache.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "apache.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+{{ end }}
diff --git a/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/cluster-role.yaml b/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/cluster-role.yaml
new file mode 100755
index 000000000..449a87664
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/cluster-role.yaml
@@ -0,0 +1,29 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{ if .Values.createRBAC }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "apache.fullname" . }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ - services
+ - endpoints
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - extensions
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+{{ end }}
diff --git a/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/deployment.yaml b/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/deployment.yaml
new file mode 100755
index 000000000..cd7b07ad3
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/deployment.yaml
@@ -0,0 +1,106 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: {{ template "apache.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "apache.fullname" . }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ template "apache.fullname" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ template "apache.fullname" . }}
+ spec:
+ serviceAccountName: {{ template "apache.serviceAccountName" . }}
+ terminationGracePeriodSeconds: 60
+{{- if or (and (.Values.virtualHostName) (.Values.customCert)) (.Values.persistentVolumeClaimName) }}
+ volumes:
+{{- end }}
+{{- if and (.Values.virtualHostName) (.Values.customCert) }}
+ - name: serving-cert
+ secret:
+ defaultMode: 420
+ secretName: {{ template "apache.fullname" . }}-cert
+{{- end }}
+{{- if .Values.persistentVolumeClaimName }}
+ - name: {{ template "apache.fullname" . }}
+ persistentVolumeClaim:
+ claimName: {{ .Values.persistentVolumeClaimName | quote }}
+{{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{ .Values.imagePullSecrets | toYaml }}
+ {{- end }}
+ containers:
+ - name: {{ template "apache.fullname" . }}
+ image: {{ .Values.image | quote }}
+ imagePullPolicy: {{ .Values.imagePullPolicy | quote }}
+{{- if or (and (.Values.virtualHostName) (.Values.customCert)) (.Values.persistentVolumeClaimName) }}
+ volumeMounts:
+{{- end }}
+{{- if and (.Values.virtualHostName) (.Values.customCert) }}
+ - name: serving-cert
+ mountPath: "/var/serving-cert"
+{{- end }}
+{{- if .Values.persistentVolumeClaimName }}
+ - name: {{ template "apache.fullname" . }}
+ mountPath: "/config"
+{{- end }}
+{{- if or (not (.Values.persistentVolumeClaimName)) (.Values.virtualHostName) }}
+ env:
+{{- end }}
+{{- if .Values.useNonPriviledgedPorts }}
+ - name: NonPriviledgedPorts
+ value: "true"
+{{- end }}
+{{- if not (.Values.persistentVolumeClaimName) }}
+ - name: WEBLOGIC_CLUSTER
+ value: "{{ .Values.domainUID | replace "_" "-" | lower }}-cluster-{{ .Values.clusterName | replace "_" "-" | lower }}:{{ .Values.managedServerPort }}"
+ - name: LOCATION
+ value: {{ .Values.location | quote }}
+ - name: WEBLOGIC_HOST
+ value: "{{ .Values.domainUID | replace "_" "-" | lower }}-{{ .Values.adminServerName | replace "_" "-" | lower }}"
+ - name: WEBLOGIC_PORT
+ value: {{ .Values.adminPort | quote }}
+{{- end }}
+{{- if .Values.virtualHostName }}
+ - name: VIRTUAL_HOST_NAME
+ value: {{ .Values.virtualHostName | quote }}
+{{- if .Values.customCert }}
+ - name: SSL_CERT_FILE
+ value: "/var/serving-cert/tls.crt"
+ - name: SSL_CERT_KEY_FILE
+ value: "/var/serving-cert/tls.key"
+{{- end }}
+{{- end }}
+ readinessProbe:
+ tcpSocket:
+{{- if .Values.useNonPriviledgedPorts }}
+ port: 8080
+{{- else }}
+ port: 80
+{{- end }}
+ failureThreshold: 1
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 2
+ livenessProbe:
+ tcpSocket:
+{{- if .Values.useNonPriviledgedPorts }}
+ port: 8080
+{{- else }}
+ port: 80
+{{- end }}
+ failureThreshold: 3
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 2
diff --git a/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/secret.yaml b/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/secret.yaml
new file mode 100755
index 000000000..bb716f50b
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/secret.yaml
@@ -0,0 +1,14 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{ if .Values.customCert }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "apache.fullname" . }}-cert
+ namespace: {{ .Release.Namespace | quote }}
+type: Opaque
+data:
+ tls.crt: {{ .Values.customCert | quote }}
+ tls.key: {{ .Values.customKey | quote }}
+{{ end }}
diff --git a/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/service-account.yaml b/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/service-account.yaml
new file mode 100755
index 000000000..f76d46aec
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/service-account.yaml
@@ -0,0 +1,8 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "apache.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
diff --git a/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/service.yaml b/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/service.yaml
new file mode 100755
index 000000000..c8b8089eb
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-webtier/templates/service.yaml
@@ -0,0 +1,28 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "apache.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+spec:
+ type: NodePort
+ selector:
+ app: {{ template "apache.fullname" . }}
+ ports:
+{{- if .Values.useNonPriviledgedPorts }}
+ - port: 8080
+{{- else}}
+ - port: 80
+{{- end }}
+ nodePort: {{ .Values.httpNodePort }}
+ name: http
+{{- if .Values.virtualHostName }}
+ - port: 4433
+{{- else }}
+ - port: 443
+{{- end }}
+ nodePort: {{ .Values.httpsNodePort }}
+ name: https
+
diff --git a/OracleAccessManagement/kubernetes/charts/apache-webtier/values.yaml b/OracleAccessManagement/kubernetes/charts/apache-webtier/values.yaml
new file mode 100755
index 000000000..ee0a8a815
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/apache-webtier/values.yaml
@@ -0,0 +1,79 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# Apache webtier docker image
+image: "oracle/apache:12.2.1.3"
+
+# imagePullPolicy specifies the image pull policy for the apache webiter docker image
+imagePullPolicy: "IfNotPresent"
+
+# imagePullSecrets contains an optional list of Kubernetes secrets, that are needed
+# to access the registry containing the apache webtier image.
+# If no secrets are required, then omit this property.
+#
+# Example : a secret is needed, and has been stored in 'my-apache-webtier-secret'
+#
+# imagePullSecrets:
+# - name: my-apache-webtier-secret
+#
+# imagePullSecrets:
+# - name:
+
+# Volume path for Apache webtier. By default, it is empty, which causes the volume
+# mount be disabled and, therefore, the built-in Apache plugin config be used.
+# Use this to provide your own Apache webtier configuration as needed; simply define this
+# path and put your own custom_mod_wl_apache.conf file under this path.
+persistentVolumeClaimName:
+
+# Boolean indicating if RBAC resources should be created
+createRBAC: true
+
+# NodePort to expose for http access
+httpNodePort: 30305
+
+# NodePort to expose for https access
+httpsNodePort: 30443
+
+# The VirtualHostName of the Apache HTTP server. It is used to enable custom SSL configuration.
+# If it is set, the Apache HTTP Server is configured to listen to port 4433 for SSL traffic.
+virtualHostName:
+
+# The customer supplied certificate to use for Apache webtier SSL configuration.
+# The value must be a string containing a base64 encoded certificate.
+# If 'virtualHostName' is set, the custom certificate and private key are not provided,
+# the default built-in auto-generated sample certificate and private key in the apache image will be used.
+# This parameter is ignored if 'virtualHostName' is not set.
+customCert:
+
+# The customer supplied private key to use for Apache webtier SSL configuration.
+# The value must be a string containing a base64 encoded key.
+# If 'virtualHostName' is set, the custom certificate and private key are not provided,
+# the default built-in auto-generated sample certificate and private key in the apache image will be used.
+# This parameter is ignored if 'virtualHostName' is not set.
+customKey:
+
+# Unique ID identifying a domain.
+# This ID must not contain an underscore ("_"), and must be lowercase and unique across all domains in a Kubernetes cluster.
+domainUID: "domain1"
+
+# Cluster name
+clusterName: "cluster-1"
+
+# Name of the admin server
+adminServerName: "admin-server"
+
+# Port number for admin server
+adminPort: 7001
+
+# Port number for each managed server
+managedServerPort: 8001
+
+# Prepath for all application deployed on WebLogic cluster.
+# For example, if it is set to '/weblogic', all applications deployed on the cluster can be accessed via
+# http://myhost:myport/weblogic/application_end_url
+# where 'myhost' is the IP of the machine that runs the Apache web tier, and
+# 'myport' is the port that the Apache web tier is publicly exposed to.
+location: "/weblogic"
+
+# Use non privileged port 8080 to listen. If set to false, default privileged port 80 will be used.
+useNonPriviledgedPorts: false
diff --git a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/Chart.yaml b/OracleAccessManagement/kubernetes/charts/ingress-per-domain/Chart.yaml
similarity index 78%
rename from OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/Chart.yaml
rename to OracleAccessManagement/kubernetes/charts/ingress-per-domain/Chart.yaml
index a65e7bb2e..dc3981291 100755
--- a/OracleAccessManagement/kubernetes/3.0.1/ingress-per-domain/Chart.yaml
+++ b/OracleAccessManagement/kubernetes/charts/ingress-per-domain/Chart.yaml
@@ -1,6 +1,6 @@
-# Copyright (c) 2020, Oracle Corporation and/or its affiliates.
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
-
+#
apiVersion: v1
appVersion: "1.0"
description: A Helm chart to create an Ingress for a WLS domain.
diff --git a/OracleAccessManagement/kubernetes/charts/ingress-per-domain/templates/nginx-ingress.yaml b/OracleAccessManagement/kubernetes/charts/ingress-per-domain/templates/nginx-ingress.yaml
new file mode 100755
index 000000000..956ac0acb
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/ingress-per-domain/templates/nginx-ingress.yaml
@@ -0,0 +1,181 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- if eq .Values.type "NGINX" }}
+---
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+ name: access-ingress
+ namespace: {{ .Release.Namespace }}
+ labels:
+ weblogic.resourceVersion: domain-v2
+{{- if eq .Values.sslType "SSL" }}
+ annotations:
+ nginx.ingress.kubernetes.io/proxy-buffer-size: "2000k"
+ kubernetes.io/ingress.class: nginx
+ nginx.ingress.kubernetes.io/enable-access-log: "false"
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ more_set_input_headers "X-Forwarded-Proto: https";
+ more_clear_input_headers "WL-Proxy-Client-IP" "WL-Proxy-SSL";
+ more_set_input_headers "WL-Proxy-SSL: true";
+ nginx.ingress.kubernetes.io/ingress.allow-http: "false"
+{{- end }}
+spec:
+ rules:
+ {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
+ - http:
+ paths:
+ - path: /console
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /rreg/rreg
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /em
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /oamconsole
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /dms
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /oam/services/rest
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /iam/admin/config
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /iam/admin/diag
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /iam/access
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oamManagedServerPort }}
+ - path: /oam/admin/api
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /oam/services/rest/access/api
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oamManagedServerPort }}
+ - path: /access
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.policyClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.policyManagedServerPort }}
+ - path: /
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oamManagedServerPort }}
+{{- else }}
+ - http:
+ paths:
+ - path: /console
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /rreg/rreg
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /em
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /oamconsole
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /dms
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /oam/services/rest
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /iam/admin/config
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /iam/admin/diag
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /iam/access
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oamManagedServerPort }}
+ - path: /oam/admin/api
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /oam/services/rest/access/api
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oamManagedServerPort }}
+ - path: /access
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.policyClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.policyManagedServerPort }}
+ - path: /
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oamClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oamManagedServerPort }}
+
+{{- end }}
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/ingress-per-domain/values.yaml b/OracleAccessManagement/kubernetes/charts/ingress-per-domain/values.yaml
new file mode 100755
index 000000000..2ecd64f08
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/ingress-per-domain/values.yaml
@@ -0,0 +1,27 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+#
+# Default values for ingress-per-domain.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+#
+# Load balancer type. Supported values are: NGINX
+type: NGINX
+
+# Type of Configuration Supported Values are : NONSSL and SSL
+sslType: SSL
+
+#WLS domain as backend to the load balancer
+wlsDomain:
+ domainUID: accessinfra
+ adminServerName: AdminServer
+ adminServerPort: 7001
+ adminServerSSLPort:
+ oamClusterName: oam_cluster
+ oamManagedServerPort: 14100
+ oamManagedServerSSLPort:
+ policyClusterName: policy_cluster
+ policyManagedServerPort: 15100
+ policyManagedServerSSLPort:
+
diff --git a/OracleAccessManagement/kubernetes/charts/traefik/values.yaml b/OracleAccessManagement/kubernetes/charts/traefik/values.yaml
new file mode 100755
index 000000000..e94bf24f2
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/traefik/values.yaml
@@ -0,0 +1,52 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+image:
+ name: traefik
+ tag: 2.2.8
+ pullPolicy: IfNotPresent
+ingressRoute:
+ dashboard:
+ enabled: true
+ # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
+ annotations: {}
+ # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
+ labels: {}
+providers:
+ kubernetesCRD:
+ enabled: true
+ kubernetesIngress:
+ enabled: true
+ # IP used for Kubernetes Ingress endpoints
+ports:
+ traefik:
+ port: 9000
+ expose: true
+ # The exposed port for this service
+ exposedPort: 9000
+ # The port protocol (TCP/UDP)
+ protocol: TCP
+ web:
+ port: 8000
+ # hostPort: 8000
+ expose: true
+ exposedPort: 30305
+ nodePort: 30305
+ # The port protocol (TCP/UDP)
+ protocol: TCP
+ # Use nodeport if set. This is useful if you have configured Traefik in a
+ # LoadBalancer
+ # nodePort: 32080
+ # Port Redirections
+ # Added in 2.2, you can make permanent redirects via entrypoints.
+ # https://docs.traefik.io/routing/entrypoints/#redirection
+ # redirectTo: websecure
+ websecure:
+ port: 8443
+# # hostPort: 8443
+ expose: true
+ exposedPort: 30443
+ # The port protocol (TCP/UDP)
+ protocol: TCP
+ nodePort: 30443
+
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/.helmignore b/OracleAccessManagement/kubernetes/charts/weblogic-operator/.helmignore
new file mode 100755
index 000000000..1397cc19f
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/.helmignore
@@ -0,0 +1,12 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+.git/
+.gitignore
+*.bak
+*.tmp
+*.orig
+*~
+.project
+.idea/
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/Chart.yaml b/OracleAccessManagement/kubernetes/charts/weblogic-operator/Chart.yaml
new file mode 100755
index 000000000..b5cac770e
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/Chart.yaml
@@ -0,0 +1,10 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+apiVersion: v1
+name: weblogic-operator
+description: Helm chart for configuring the WebLogic operator.
+
+type: application
+version: 3.3.0
+appVersion: 3.3.0
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_domain-namespaces.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_domain-namespaces.tpl
new file mode 100755
index 000000000..08988c28d
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_domain-namespaces.tpl
@@ -0,0 +1,134 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.domainNamespaces" }}
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+{{- $args := include "utils.cloneDictionary" . | fromYaml -}}
+{{- $key := .Release.Namespace -}}
+{{- $ignore := set $args "domainNamespace" $key -}}
+{{- include "operator.operatorRoleBindingNamespace" $args -}}
+{{- else if eq (default "List" .domainNamespaceSelectionStrategy) "List" }}
+{{- $args := include "utils.cloneDictionary" . | fromYaml -}}
+{{- range $key := $args.domainNamespaces -}}
+{{- $ignore := set $args "domainNamespace" $key -}}
+{{- include "operator.operatorRoleBindingNamespace" $args -}}
+{{- end }}
+{{- else if eq .domainNamespaceSelectionStrategy "LabelSelector" }}
+{{- $args := include "utils.cloneDictionary" . | fromYaml -}}
+{{- /*
+ Split terms on commas not contained in parentheses. Unfortunately, the regular expression
+ support included with Helm templates does not include lookarounds.
+*/ -}}
+{{- $working := dict "rejected" (list) "terms" (list $args.domainNamespaceLabelSelector) }}
+{{- if contains "," $args.domainNamespaceLabelSelector }}
+{{- $cs := regexSplit "," $args.domainNamespaceLabelSelector -1 }}
+{{- $ignore := set $working "st" (list) }}
+{{- $ignore := set $working "item" "" }}
+{{- range $c := $cs }}
+{{- if and (contains "(" $c) (not (contains ")" $c)) }}
+{{- $ignore := set $working "item" (print $working.item $c) }}
+{{- else if not (eq $working.item "") }}
+{{- $ignore := set $working "st" (append $working.st (print $working.item "," $c)) }}
+{{- if contains ")" $c }}
+{{- $ignore := set $working "item" "" }}
+{{- end }}
+{{- else }}
+{{- $ignore := set $working "st" (append $working.st $c) }}
+{{- end }}
+{{- end }}
+{{- $ignore := set $working "terms" $working.st }}
+{{- end }}
+{{- $namespaces := (lookup "v1" "Namespace" "" "").items }}
+{{- range $t := $working.terms }}
+{{- $term := trim $t }}
+{{- range $index, $namespace := $namespaces }}
+{{- /*
+ Label selector patterns
+ Equality-based: =, ==, !=
+ Set-based: x in (a, b), x notin (a, b)
+ Existence: x, !x
+*/ -}}
+{{- if not $namespace.metadata.labels }}
+{{- $ignore := set $namespace.metadata "labels" (dict) }}
+{{- end }}
+{{- if hasPrefix "!" $term }}
+{{- if hasKey $namespace.metadata.labels (trimPrefix "!" $term) }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- end }}
+{{- else if contains "!=" $term }}
+{{- $split := regexSplit "!=" $term 2 }}
+{{- $key := nospace (first $split) }}
+{{- if hasKey $namespace.metadata.labels $key }}
+{{- if eq (last $split | nospace) (get $namespace.metadata.labels $key) }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- end }}
+{{- end }}
+{{- else if contains "==" $term }}
+{{- $split := regexSplit "==" $term 2 }}
+{{- $key := nospace (first $split) }}
+{{- if or (not (hasKey $namespace.metadata.labels $key)) (not (eq (last $split | nospace) (get $namespace.metadata.labels $key))) }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- end }}
+{{- else if contains "=" $term }}
+{{- $split := regexSplit "=" $term 2 }}
+{{- $key := nospace (first $split) }}
+{{- if or (not (hasKey $namespace.metadata.labels $key)) (not (eq (last $split | nospace) (get $namespace.metadata.labels $key))) }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- end }}
+{{- else if contains " notin " $term }}
+{{- $split := regexSplit " notin " $term 2 }}
+{{- $key := nospace (first $split) }}
+{{- if hasKey $namespace.metadata.labels $key }}
+{{- $second := nospace (last $split) }}
+{{- $parenContents := substr 1 (int (sub (len $second) 1)) $second }}
+{{- $values := regexSplit "," $parenContents -1 }}
+{{- range $value := $values }}
+{{- if eq ($value | nospace) (get $namespace.metadata.labels $key) }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- else if contains " in " $term }}
+{{- $split := regexSplit " in " $term 2 }}
+{{- $key := nospace (first $split) }}
+{{- if not (hasKey $namespace.metadata.labels $key) }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- else }}
+{{- $second := nospace (last $split) }}
+{{- $parenContents := substr 1 (int (sub (len $second) 1)) $second }}
+{{- $values := regexSplit "," $parenContents -1 }}
+{{- $ignore := set $working "found" false }}
+{{- range $value := $values }}
+{{- if eq ($value | nospace) (get $namespace.metadata.labels $key) }}
+{{- $ignore := set $working "found" true }}
+{{- end }}
+{{- end }}
+{{- if not $working.found }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- end }}
+{{- end }}
+{{- else }}
+{{- if not (hasKey $namespace.metadata.labels $term) }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- range $index, $namespace := $namespaces }}
+{{- $key := $namespace.metadata.name -}}
+{{- if not (has $key $working.rejected) }}
+{{- $ignore := set $args "domainNamespace" $key -}}
+{{- include "operator.operatorRoleBindingNamespace" $args -}}
+{{- end }}
+{{- end }}
+{{- else if eq .domainNamespaceSelectionStrategy "RegExp" }}
+{{- $args := include "utils.cloneDictionary" . | fromYaml -}}
+{{- range $index, $namespace := (lookup "v1" "Namespace" "" "").items }}
+{{- if regexMatch $args.domainNamespaceRegExp $namespace.metadata.name }}
+{{- $key := $namespace.metadata.name -}}
+{{- $ignore := set $args "domainNamespace" $key -}}
+{{- include "operator.operatorRoleBindingNamespace" $args -}}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-domain-admin.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-domain-admin.tpl
new file mode 100755
index 000000000..94cab9df7
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-domain-admin.tpl
@@ -0,0 +1,40 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorClusterRoleDomainAdmin" }}
+---
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+kind: "Role"
+{{- else }}
+kind: "ClusterRole"
+{{- end }}
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ name: "weblogic-operator-role-domain-admin"
+ namespace: {{ .Release.Namespace | quote }}
+ {{- else }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-domain-admin" | join "-" | quote }}
+ {{- end }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+rules:
+- apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+- apiGroups: [""]
+ resources: ["secrets", "pods", "events"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+ resources: ["pods/log"]
+ verbs: ["get", "list"]
+- apiGroups: [""]
+ resources: ["pods/exec"]
+ verbs: ["get", "create"]
+- apiGroups: ["weblogic.oracle"]
+ resources: ["domains"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+- apiGroups: ["weblogic.oracle"]
+ resources: ["domains/status"]
+ verbs: ["get", "watch"]
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-general.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-general.tpl
new file mode 100755
index 000000000..2eba13b95
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-general.tpl
@@ -0,0 +1,39 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorClusterRoleGeneral" }}
+---
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+kind: "Role"
+{{- else }}
+kind: "ClusterRole"
+{{- end }}
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ name: "weblogic-operator-role-general"
+ namespace: {{ .Release.Namespace | quote }}
+ {{- else }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-general" | join "-" | quote }}
+ {{- end }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+rules:
+{{- if not (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+- apiGroups: [""]
+ resources: ["namespaces"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions"]
+ verbs: ["get", "list", "watch", "create", "update", "patch"]
+{{- end }}
+- apiGroups: ["weblogic.oracle"]
+ resources: ["domains", "domains/status"]
+ verbs: ["get", "list", "watch", "update", "patch"]
+- apiGroups: ["authentication.k8s.io"]
+ resources: ["tokenreviews"]
+ verbs: ["create"]
+- apiGroups: ["authorization.k8s.io"]
+ resources: ["selfsubjectrulesreviews"]
+ verbs: ["create"]
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-namespace.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-namespace.tpl
new file mode 100755
index 000000000..6310779bb
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-namespace.tpl
@@ -0,0 +1,40 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorClusterRoleNamespace" }}
+---
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+kind: "Role"
+{{- else }}
+kind: "ClusterRole"
+{{- end }}
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ name: "weblogic-operator-role-namespace"
+ namespace: {{ .Release.Namespace | quote }}
+ {{- else }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-namespace" | join "-" | quote }}
+ {{- end }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+rules:
+- apiGroups: [""]
+ resources: ["services", "configmaps", "pods", "events"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+- apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+ resources: ["pods/log"]
+ verbs: ["get", "list"]
+- apiGroups: [""]
+ resources: ["pods/exec"]
+ verbs: ["get", "create"]
+- apiGroups: ["batch"]
+ resources: ["jobs"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+- apiGroups: ["policy"]
+ resources: ["poddisruptionbudgets"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-nonresource.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-nonresource.tpl
new file mode 100755
index 000000000..e3b6a2785
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-nonresource.tpl
@@ -0,0 +1,15 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorClusterRoleNonResource" }}
+---
+kind: "ClusterRole"
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-nonresource" | join "-" | quote }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+rules:
+- nonResourceURLs: ["/version/*"]
+ verbs: ["get"]
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-operator-admin.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-operator-admin.tpl
new file mode 100755
index 000000000..46faed184
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-operator-admin.tpl
@@ -0,0 +1,34 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorClusterRoleOperatorAdmin" }}
+---
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+kind: "Role"
+{{- else }}
+kind: "ClusterRole"
+{{- end }}
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ name: "weblogic-operator-role-operator-admin"
+ namespace: {{ .Release.Namespace | quote }}
+ {{- else }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-operator-admin" | join "-" | quote }}
+ {{- end }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+rules:
+- apiGroups: [""]
+ resources: ["configmaps", "secrets"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+- apiGroups: [""]
+ resources: ["pods", "events"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+ resources: ["pods/log"]
+ verbs: ["get", "list"]
+- apiGroups: [""]
+ resources: ["pods/exec"]
+ verbs: ["get", "create"]
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-auth-delegator.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-auth-delegator.tpl
new file mode 100755
index 000000000..783f970e7
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-auth-delegator.tpl
@@ -0,0 +1,30 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.clusterRoleBindingAuthDelegator" }}
+---
+apiVersion: "rbac.authorization.k8s.io/v1"
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+kind: "RoleBinding"
+{{- else }}
+kind: "ClusterRoleBinding"
+{{- end }}
+metadata:
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote}}
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ name: "weblogic-operator-rolebinding-auth-delegator"
+ namespace: {{ .Release.Namespace | quote }}
+ {{- else }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrolebinding-auth-delegator" | join "-" | quote }}
+ {{- end }}
+roleRef:
+ apiGroup: "rbac.authorization.k8s.io"
+ kind: "ClusterRole"
+ name: "system:auth-delegator"
+subjects:
+- kind: "ServiceAccount"
+ apiGroup: ""
+ name: {{ .serviceAccount | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-discovery.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-discovery.tpl
new file mode 100755
index 000000000..48c505fa5
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-discovery.tpl
@@ -0,0 +1,30 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.clusterRoleBindingDiscovery" }}
+---
+apiVersion: "rbac.authorization.k8s.io/v1"
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+kind: "RoleBinding"
+{{- else }}
+kind: "ClusterRoleBinding"
+{{- end }}
+metadata:
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ name: "weblogic-operator-rolebinding-discovery"
+ namespace: {{ .Release.Namespace | quote }}
+ {{- else }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrolebinding-discovery" | join "-" | quote }}
+ {{- end }}
+roleRef:
+ apiGroup: "rbac.authorization.k8s.io"
+ kind: "ClusterRole"
+ name: "system:discovery"
+subjects:
+- kind: "ServiceAccount"
+ apiGroup: ""
+ name: {{ .serviceAccount | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-general.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-general.tpl
new file mode 100755
index 000000000..f2994da33
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-general.tpl
@@ -0,0 +1,35 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.clusterRoleBindingGeneral" }}
+---
+apiVersion: "rbac.authorization.k8s.io/v1"
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+kind: "RoleBinding"
+{{- else }}
+kind: "ClusterRoleBinding"
+{{- end }}
+metadata:
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ name: "weblogic-operator-rolebinding-general"
+ namespace: {{ .Release.Namespace | quote }}
+ {{- else }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrolebinding-general" | join "-" | quote }}
+ {{- end }}
+roleRef:
+ apiGroup: "rbac.authorization.k8s.io"
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ kind: "Role"
+ name: "weblogic-operator-role-general"
+ {{- else }}
+ kind: "ClusterRole"
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-general" | join "-" | quote }}
+ {{- end }}
+subjects:
+- kind: "ServiceAccount"
+ apiGroup: ""
+ name: {{ .serviceAccount | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-nonresource.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-nonresource.tpl
new file mode 100755
index 000000000..d998ab0e9
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-nonresource.tpl
@@ -0,0 +1,21 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.clusterRoleBindingNonResource" }}
+---
+apiVersion: "rbac.authorization.k8s.io/v1"
+kind: "ClusterRoleBinding"
+metadata:
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrolebinding-nonresource" | join "-" | quote }}
+roleRef:
+ apiGroup: "rbac.authorization.k8s.io"
+ kind: "ClusterRole"
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-nonresource" | join "-" | quote }}
+subjects:
+- kind: "ServiceAccount"
+ apiGroup: ""
+ name: {{ .serviceAccount | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-cm.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-cm.tpl
new file mode 100755
index 000000000..dd6594de2
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-cm.tpl
@@ -0,0 +1,58 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorConfigMap" }}
+---
+apiVersion: "v1"
+data:
+ {{- if .externalRestEnabled }}
+ {{- if (hasKey . "externalRestIdentitySecret") }}
+ externalRestIdentitySecret: {{ .externalRestIdentitySecret | quote }}
+ {{- else }}
+ externalOperatorCert: {{ .externalOperatorCert | quote }}
+ {{- end }}
+ {{- end }}
+ {{- $configmap := (lookup "v1" "ConfigMap" .Release.Namespace "weblogic-operator-cm") }}
+ {{- if (and $configmap $configmap.data) }}
+ {{- $internalOperatorCert := index $configmap.data "internalOperatorCert" }}
+ {{- if $internalOperatorCert }}
+ internalOperatorCert: {{ $internalOperatorCert }}
+ {{- end }}
+ {{- end }}
+ serviceaccount: {{ .serviceAccount | quote }}
+ domainNamespaceSelectionStrategy: {{ (default "List" .domainNamespaceSelectionStrategy) | quote }}
+ domainNamespaces: {{ .domainNamespaces | uniq | sortAlpha | join "," | quote }}
+ {{- if .dedicated }}
+ dedicated: {{ .dedicated | quote }}
+ {{- end }}
+ {{- if .domainNamespaceLabelSelector }}
+ domainNamespaceLabelSelector: {{ .domainNamespaceLabelSelector | quote }}
+ {{- end }}
+ {{- if .domainNamespaceRegExp }}
+ domainNamespaceRegExp: {{ .domainNamespaceRegExp | quote }}
+ {{- end }}
+ {{- if .dns1123Fields }}
+ dns1123Fields: {{ .dns1123Fields | quote }}
+ {{- end }}
+ {{- if .featureGates }}
+ featureGates: {{ .featureGates | quote }}
+ {{- end }}
+ {{- if .introspectorJobNameSuffix }}
+ introspectorJobNameSuffix: {{ .introspectorJobNameSuffix | quote }}
+ {{- end }}
+ {{- if .externalServiceNameSuffix }}
+ externalServiceNameSuffix: {{ .externalServiceNameSuffix | quote }}
+ {{- end }}
+ {{- if .clusterSizePaddingValidationEnabled }}
+ clusterSizePaddingValidationEnabled: {{ .clusterSizePaddingValidationEnabled | quote }}
+ {{- end }}
+ {{- if .tokenReviewAuthentication }}
+ tokenReviewAuthentication: {{ .tokenReviewAuthentication | quote }}
+ {{- end }}
+kind: "ConfigMap"
+metadata:
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+ name: "weblogic-operator-cm"
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl
new file mode 100755
index 000000000..3fadac7dc
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl
@@ -0,0 +1,158 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorDeployment" }}
+---
+apiVersion: "apps/v1"
+kind: "Deployment"
+metadata:
+ name: "weblogic-operator"
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+spec:
+ strategy:
+ type: Recreate
+ selector:
+ matchLabels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+ replicas: 1
+ template:
+ metadata:
+ {{- with .annotations }}
+ annotations:
+ {{- end }}
+ {{- range $key, $value := .annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+ app: "weblogic-operator"
+ {{- range $key, $value := .labels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ .serviceAccount | quote }}
+ {{- with .nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: "weblogic-operator"
+ image: {{ .image | quote }}
+ imagePullPolicy: {{ .imagePullPolicy | quote }}
+ command: ["bash"]
+ args: ["/operator/operator.sh"]
+ env:
+ - name: "OPERATOR_NAMESPACE"
+ valueFrom:
+ fieldRef:
+ fieldPath: "metadata.namespace"
+ - name: "OPERATOR_POD_NAME"
+ valueFrom:
+ fieldRef:
+ fieldPath: "metadata.name"
+ - name: "OPERATOR_POD_UID"
+ valueFrom:
+ fieldRef:
+ fieldPath: "metadata.uid"
+ - name: "OPERATOR_VERBOSE"
+ value: "false"
+ - name: "JAVA_LOGGING_LEVEL"
+ value: {{ .javaLoggingLevel | quote }}
+ - name: "JAVA_LOGGING_MAXSIZE"
+ value: {{ .javaLoggingFileSizeLimit | default 20000000 | quote }}
+ - name: "JAVA_LOGGING_COUNT"
+ value: {{ .javaLoggingFileCount | default 10 | quote }}
+ {{- if .remoteDebugNodePortEnabled }}
+ - name: "REMOTE_DEBUG_PORT"
+ value: {{ .internalDebugHttpPort | quote }}
+ - name: "DEBUG_SUSPEND"
+ {{- if .suspendOnDebugStartup }}
+ value: "y"
+ {{- else }}
+ value: "n"
+ {{- end }}
+ {{- end }}
+ {{- if .mockWLS }}
+ - name: "MOCK_WLS"
+ value: "true"
+ {{- end }}
+ resources:
+ requests:
+ cpu: {{ .cpuRequests | default "250m" }}
+ memory: {{ .memoryRequests | default "512Mi" }}
+ limits:
+ {{- if .cpuLimits}}
+ cpu: {{ .cpuLimits }}
+ {{- end }}
+ {{- if .memoryLimits}}
+ memory: {{ .memoryLimits }}
+ {{- end }}
+ volumeMounts:
+ - name: "weblogic-operator-cm-volume"
+ mountPath: "/operator/config"
+ - name: "weblogic-operator-debug-cm-volume"
+ mountPath: "/operator/debug-config"
+ - name: "weblogic-operator-secrets-volume"
+ mountPath: "/operator/secrets"
+ readOnly: true
+ {{- if .elkIntegrationEnabled }}
+ - mountPath: "/logs"
+ name: "log-dir"
+ readOnly: false
+ {{- end }}
+ {{- if not .remoteDebugNodePortEnabled }}
+ livenessProbe:
+ exec:
+ command:
+ - "bash"
+ - "/operator/livenessProbe.sh"
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ readinessProbe:
+ exec:
+ command:
+ - "bash"
+ - "/operator/readinessProbe.sh"
+ initialDelaySeconds: 2
+ periodSeconds: 10
+ {{- end }}
+ {{- if .elkIntegrationEnabled }}
+ - name: "logstash"
+ image: {{ .logStashImage | quote }}
+ args: [ "-f", "/logs/logstash.conf" ]
+ volumeMounts:
+ - name: "log-dir"
+ mountPath: "/logs"
+ env:
+ - name: "ELASTICSEARCH_HOST"
+ value: {{ .elasticSearchHost | quote }}
+ - name: "ELASTICSEARCH_PORT"
+ value: {{ .elasticSearchPort | quote }}
+ {{- end }}
+ {{- if .imagePullSecrets }}
+ imagePullSecrets:
+ {{ .imagePullSecrets | toYaml }}
+ {{- end }}
+ volumes:
+ - name: "weblogic-operator-cm-volume"
+ configMap:
+ name: "weblogic-operator-cm"
+ - name: "weblogic-operator-debug-cm-volume"
+ configMap:
+ name: "weblogic-operator-debug-cm"
+ optional: true
+ - name: "weblogic-operator-secrets-volume"
+ secret:
+ secretName: "weblogic-operator-secrets"
+ {{- if .elkIntegrationEnabled }}
+ - name: "log-dir"
+ emptyDir:
+ medium: "Memory"
+ {{- end }}
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-external-svc.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-external-svc.tpl
new file mode 100755
index 000000000..44bfc1191
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-external-svc.tpl
@@ -0,0 +1,30 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorExternalService" }}
+{{- if or .externalRestEnabled .remoteDebugNodePortEnabled }}
+---
+apiVersion: "v1"
+kind: "Service"
+metadata:
+ name: "external-weblogic-operator-svc"
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+spec:
+ type: "NodePort"
+ selector:
+ app: "weblogic-operator"
+ ports:
+ {{- if .externalRestEnabled }}
+ - name: "rest"
+ port: 8081
+ nodePort: {{ .externalRestHttpsPort }}
+ {{- end }}
+ {{- if .remoteDebugNodePortEnabled }}
+ - name: "debug"
+ port: {{ .internalDebugHttpPort }}
+ nodePort: {{ .externalDebugHttpPort }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-internal-svc.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-internal-svc.tpl
new file mode 100755
index 000000000..0108738de
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-internal-svc.tpl
@@ -0,0 +1,20 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorInternalService" }}
+---
+apiVersion: "v1"
+kind: "Service"
+metadata:
+ name: "internal-weblogic-operator-svc"
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+spec:
+ type: "ClusterIP"
+ selector:
+ app: "weblogic-operator"
+ ports:
+ - port: 8082
+ name: "rest"
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-role.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-role.tpl
new file mode 100755
index 000000000..e0c386b98
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-role.tpl
@@ -0,0 +1,17 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorRole" }}
+---
+kind: "Role"
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ name: "weblogic-operator-role"
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+rules:
+- apiGroups: [""]
+ resources: ["events", "secrets", "configmaps"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-rolebinding-namespace.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-rolebinding-namespace.tpl
new file mode 100755
index 000000000..d55ed3f47
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-rolebinding-namespace.tpl
@@ -0,0 +1,35 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorRoleBindingNamespace" }}
+---
+{{- if .enableClusterRoleBinding }}
+kind: "ClusterRoleBinding"
+{{- else }}
+kind: "RoleBinding"
+{{- end }}
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ {{- if .enableClusterRoleBinding }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrolebinding-namespace" | join "-" | quote }}
+ {{- else }}
+ name: "weblogic-operator-rolebinding-namespace"
+ namespace: {{ .domainNamespace | quote }}
+ {{- end }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+subjects:
+- kind: "ServiceAccount"
+ name: {{ .serviceAccount | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+ apiGroup: ""
+roleRef:
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ kind: "Role"
+ name: "weblogic-operator-role-namespace"
+ {{- else }}
+ kind: "ClusterRole"
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-namespace" | join "-" | quote }}
+ {{- end }}
+ apiGroup: "rbac.authorization.k8s.io"
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-rolebinding.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-rolebinding.tpl
new file mode 100755
index 000000000..98a09424e
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-rolebinding.tpl
@@ -0,0 +1,22 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorRoleBinding" }}
+---
+kind: "RoleBinding"
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ name: "weblogic-operator-rolebinding"
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+subjects:
+- kind: "ServiceAccount"
+ name: {{ .serviceAccount | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+ apiGroup: ""
+roleRef:
+ kind: "Role"
+ name: "weblogic-operator-role"
+ apiGroup: "rbac.authorization.k8s.io"
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-secret.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-secret.tpl
new file mode 100755
index 000000000..6a7442718
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator-secret.tpl
@@ -0,0 +1,25 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorSecrets" }}
+---
+apiVersion: "v1"
+kind: "Secret"
+data:
+ {{- if (and .externalRestEnabled (hasKey . "externalOperatorKey")) }}
+ externalOperatorKey: {{ .externalOperatorKey | quote }}
+ {{- end }}
+ {{- $secret := (lookup "v1" "Secret" .Release.Namespace "weblogic-operator-secrets") }}
+ {{- if (and $secret $secret.data) }}
+ {{- $internalOperatorKey := index $secret.data "internalOperatorKey" }}
+ {{- if $internalOperatorKey }}
+ internalOperatorKey: {{ $internalOperatorKey }}
+ {{- end }}
+ {{- end }}
+metadata:
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+ name: "weblogic-operator-secrets"
+ namespace: {{ .Release.Namespace | quote }}
+type: "Opaque"
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator.tpl
new file mode 100755
index 000000000..c24d7eebf
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_operator.tpl
@@ -0,0 +1,30 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operator" -}}
+{{- include "operator.operatorClusterRoleGeneral" . }}
+{{- include "operator.operatorClusterRoleNamespace" . }}
+{{- if not (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+{{- include "operator.operatorClusterRoleNonResource" . }}
+{{- end }}
+{{- include "operator.operatorClusterRoleOperatorAdmin" . }}
+{{- include "operator.operatorClusterRoleDomainAdmin" . }}
+{{- include "operator.clusterRoleBindingGeneral" . }}
+{{- include "operator.clusterRoleBindingAuthDelegator" . }}
+{{- include "operator.clusterRoleBindingDiscovery" . }}
+{{- if not (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+{{- include "operator.clusterRoleBindingNonResource" . }}
+{{- end }}
+{{- include "operator.operatorRole" . }}
+{{- include "operator.operatorRoleBinding" . }}
+{{- include "operator.operatorConfigMap" . }}
+{{- include "operator.operatorSecrets" . }}
+{{- include "operator.operatorDeployment" . }}
+{{- include "operator.operatorInternalService" . }}
+{{- include "operator.operatorExternalService" . }}
+{{- if .enableClusterRoleBinding }}
+{{- include "operator.operatorRoleBindingNamespace" . }}
+{{- else }}
+{{- include "operator.domainNamespaces" . }}
+{{- end }}
+{{- end }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_utils.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_utils.tpl
new file mode 100755
index 000000000..9f2ed825c
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_utils.tpl
@@ -0,0 +1,493 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{/*
+Start validation
+*/}}
+{{- define "utils.startValidation" -}}
+{{- $scope := . -}}
+{{- $context := dict "scope" $scope "path" list -}}
+{{- $stack := list $context -}}
+{{- $ignore := set $scope "validationContextStack" $stack -}}
+{{- $ignore := include "utils.setCurrentValidationContext" $scope -}}
+{{- end -}}
+
+{{/*
+End validation
+If there were any validation errors, report them and kill the helm chart installation.
+*/}}
+{{- define "utils.endValidation" -}}
+{{- $scope := . -}}
+{{- if hasKey $scope "validationErrors" -}}
+{{- fail $scope.validationErrors -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Push a new validation context
+*/}}
+{{- define "utils.pushValidationContext" -}}
+{{- $scope := index . 0 }}
+{{- $scopeName := index . 1 }}
+{{- $newScope := index $scope.validationScope $scopeName -}}
+{{- $newPath := append $scope.validationPath $scopeName -}}
+{{- $newContext := dict "scope" $newScope "path" $newPath -}}
+{{- $newStack := append $scope.validationContextStack $newContext -}}
+{{- $ignore := set $scope "validationContextStack" $newStack -}}
+{{- $ignore := include "utils.setCurrentValidationContext" $scope -}}
+{{- end -}}
+
+{{/*
+Pop the validation context
+*/}}
+{{- define "utils.popValidationContext" -}}
+{{- $scope := . }}
+{{- $stack := $scope.validationContextStack -}}
+{{- $ignore := set $scope "validationContextStack" (initial $stack) -}}
+{{- $ignore := include "utils.setCurrentValidationContext" $scope -}}
+{{- end -}}
+
+{{/*
+Set the current validation context from the stack
+*/}}
+{{- define "utils.setCurrentValidationContext" -}}
+{{- $scope := . }}
+{{- $context := $scope.validationContextStack | last -}}
+{{- $ignore := set $scope "validationScope" (index $context "scope") -}}
+{{- $ignore := set $scope "validationPath" (index $context "path") -}}
+{{- end -}}
+
+{{/*
+Record a validation error (it will get reported later by utils.reportValidationErrors)
+*/}}
+{{- define "utils.recordValidationError" -}}
+{{- $scope := index . 0 -}}
+{{- $errorMsg := index . 1 -}}
+{{- $path := $scope.validationPath -}}
+{{- $pathStr := $path | join "." | trim -}}
+{{- $scopedErrorMsg := (list "\n" $pathStr $errorMsg) | compact | join " " -}}
+{{- if hasKey $scope "validationErrors" -}}
+{{- $newValidationErrors := cat $scope.validationErrors $scopedErrorMsg -}}
+{{- $ignore := set $scope "validationErrors" $newValidationErrors -}}
+{{- else -}}
+{{- $newValidationErrors := $scopedErrorMsg -}}
+{{- $ignore := set $scope "validationErrors" $newValidationErrors -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns whether any errors have been reported
+*/}}
+{{- define "utils.haveValidationErrors" -}}
+{{- if hasKey . "validationErrors" -}}
+ true
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine whether a dictionary has a non-null value for a key
+*/}}
+{{- define "utils.dictionaryHasNonNullValue" -}}
+{{- $dict := index . 0 -}}
+{{- $name := index . 1 -}}
+{{- if and (hasKey $dict $name) (not ( eq (typeOf (index $dict $name)) "" )) -}}
+ true
+{{- end -}}
+{{- end -}}
+
+{{/*
+Verify that a value of a specific kind has been specified.
+*/}}
+{{- define "utils.verifyValue" -}}
+{{- $requiredKind := index . 0 -}}
+{{- $scope := index . 1 -}}
+{{- $name := index . 2 -}}
+{{- $isRequired := index . 3 -}}
+{{- if $scope.trace -}}
+{{- $errorMsg := cat "TRACE" $name $requiredKind $isRequired -}}
+{{- $ignore := include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- end -}}
+{{- $parent := $scope.validationScope -}}
+{{- if include "utils.dictionaryHasNonNullValue" (list $parent $name) -}}
+{{- $value := index $parent $name -}}
+{{- $actualKind := kindOf $value -}}
+{{- if eq $requiredKind $actualKind -}}
+ true
+{{- else -}}
+{{- $errorMsg := cat $name "must be a" $requiredKind ":" $actualKind -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- end -}}
+{{- else -}}
+{{- if $isRequired -}}
+{{- $errorMsg := cat $requiredKind $name "must be specified" -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- else -}}
+ true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Verify that a list value has been specified
+*/}}
+{{- define "utils.verifyListValue" -}}
+{{- $requiredKind := index . 0 -}}
+{{- $scope := index . 1 -}}
+{{- $name := index . 2 -}}
+{{- $isRequired := index . 3 -}}
+{{- $parent := $scope.validationScope -}}
+{{- $args := . -}}
+{{- if include "utils.verifyValue" (list "slice" $scope $name $isRequired) -}}
+{{- $status := dict -}}
+{{- if hasKey $parent $name -}}
+{{- $list := index $parent $name -}}
+{{- range $value := $list -}}
+{{- $actualKind := kindOf $value -}}
+{{- if not (eq $requiredKind $actualKind) -}}
+{{- $errorMsg := cat $name "must only contain" $requiredKind "elements:" $actualKind -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- $ignore := set $status "error" true -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- if not (hasKey $status "error") -}}
+ true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Verify a string value
+*/}}
+{{- define "utils.baseVerifyString" -}}
+{{- include "utils.verifyValue" (prepend . "string") -}}
+{{- end -}}
+
+{{/*
+Verify a required string value
+*/}}
+{{- define "utils.verifyString" -}}
+{{- include "utils.baseVerifyString" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional string value
+*/}}
+{{- define "utils.verifyOptionalString" -}}
+{{- include "utils.baseVerifyString" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify a boolean value
+*/}}
+{{- define "utils.baseVerifyBoolean" -}}
+{{- include "utils.verifyValue" (prepend . "bool") -}}
+{{- end -}}
+
+{{/*
+Verify a required boolean value
+*/}}
+{{- define "utils.verifyBoolean" -}}
+{{- include "utils.baseVerifyBoolean" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional boolean value
+*/}}
+{{- define "utils.verifyOptionalBoolean" -}}
+{{- include "utils.baseVerifyBoolean" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify an integer value
+*/}}
+{{- define "utils.baseVerifyInteger" -}}
+{{- include "utils.verifyValue" (prepend . "float64") -}}
+{{- end -}}
+
+{{/*
+Verify a required integer value
+*/}}
+{{- define "utils.verifyInteger" -}}
+{{- include "utils.baseVerifyInteger" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional required integer value
+*/}}
+{{- define "utils.verifyOptionalInteger" -}}
+{{- include "utils.baseVerifyInteger" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify a dictionary value
+*/}}
+{{- define "utils.baseVerifyDictionary" -}}
+{{- include "utils.verifyValue" (prepend . "map") -}}
+{{- end -}}
+
+{{/*
+Verify a required dictionary value
+*/}}
+{{- define "utils.verifyDictionary" -}}
+{{- include "utils.baseVerifyDictionary" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional dictionary value
+*/}}
+{{- define "utils.verifyOptionalDictionary" -}}
+{{- include "utils.baseVerifyDictionary" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify a enum string value
+*/}}
+{{- define "utils.baseVerifyEnum" -}}
+{{- $scope := index . 0 -}}
+{{- $name := index . 1 -}}
+{{- $legalValues := index . 2 -}}
+{{- $isRequired := index . 3 -}}
+{{- if include "utils.baseVerifyString" (list $scope $name $isRequired) -}}
+{{- $parent := $scope.validationScope -}}
+{{- if include "utils.dictionaryHasNonNullValue" (list $parent $name) -}}
+{{- $value := index $parent $name -}}
+{{- if has $value $legalValues -}}
+ true
+{{- else -}}
+{{ $errorMsg := cat $name "must be one of the following values" $legalValues ":" $value -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Verify a required enum string value
+*/}}
+{{- define "utils.verifyEnum" -}}
+{{- include "utils.baseVerifyEnum" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional enum string value
+*/}}
+{{- define "utils.verifyOptionalEnum" -}}
+{{- include "utils.baseVerifyEnum" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify a kubernetes resource name string value
+*/}}
+{{- define "utils.baseVerifyResourceName" -}}
+{{/* https://kubernetes.io/docs/concepts/overview/working-with-objects/names */}}
+{{/* names: only lower case, numbers, dot, dash, max 253 */}}
+{{/* https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set */}}
+{{/* labels/selectors - upper & lower case, numbers, dot, dash, underscore, max 63 */}}
+{{- $scope := index . 0 -}}
+{{- $name := index . 1 -}}
+{{- $max := index . 2 -}}
+{{- $isRequired := index . 3 -}}
+{{- if include "utils.baseVerifyString" (list $scope $name $isRequired) -}}
+{{- $parent := $scope.validationScope -}}
+{{- if include "utils.dictionaryHasNonNullValue" (list $parent $name) -}}
+{{- $value := index $parent $name -}}
+{{- $len := len $value -}}
+{{- if and (le $len $max) (regexMatch "^[a-z0-9.-]+$" $value) -}}
+ true
+{{- else -}}
+{{- $errorMsg := cat $name "must only contain lower case letters, numbers, dashes and dots, and must not contain more than" $max "characters: " $value -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- end -}}
+{{- end -}}
+{{- else -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Verify a required kubernetes resource name string value
+*/}}
+{{- define "utils.verifyResourceName" -}}
+{{- include "utils.baseVerifyResourceName" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional kubernetes resource name string value
+*/}}
+{{- define "utils.verifyOptionalResourceName" -}}
+{{- include "utils.baseVerifyResourceName" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify external service name suffix string value
+*/}}
+{{- define "utils.verifyExternalServiceNameSuffix" -}}
+{{- include "utils.baseVerifyResourceName" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify introspector job name suffix string value
+*/}}
+{{- define "utils.verifyIntrospectorJobNameSuffix" -}}
+{{- include "utils.baseVerifyResourceName" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify a list of strings value
+*/}}
+{{- define "utils.baseVerifyStringList" -}}
+{{- include "utils.verifyListValue" (prepend . "string") -}}
+{{- end -}}
+
+{{/*
+Verify a required list of strings value
+*/}}
+{{- define "utils.verifyStringList" -}}
+{{- include "utils.baseVerifyStringList" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional list of strings value
+*/}}
+{{- define "utils.verifyOptionalStringList" -}}
+{{- include "utils.baseVerifyStringList" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify a list of dictionaries value
+*/}}
+{{- define "utils.baseVerifyDictionaryList" -}}
+{{- include "utils.verifyListValue" (prepend . "map") -}}
+{{- end -}}
+
+{{/*
+Verify a required list of dictionaries value
+*/}}
+{{- define "utils.verifyDictionaryList" -}}
+{{- include "utils.baseVerifyDictionaryList" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional list of dictionaries value
+*/}}
+{{- define "utils.verifyOptionalDictionaryList" -}}
+{{- include "utils.baseVerifyDictionaryList" (append . false) -}}
+{{- end -}}
+
+{{/*
+Merge a set of dictionaries into a single dictionary.
+
+The scope must be a list of dictionaries, starting with the least specific
+and ending with the most specific.
+
+First it makes an empty destinaction dictionary, then iterates over the dictionaries,
+overlaying their values on the destination dictionary.
+
+If a value is null, then it removes that key from the destination dictionary.
+
+If the value is already present in the destination dictionary, and the old and
+new values are both dictionaries, it merges them into the destination.
+*/}}
+{{- define "utils.mergeDictionaries" -}}
+{{- $dest := dict -}}
+{{- range $src := . -}}
+{{- if not (empty $src) -}}
+{{- range $key, $value := $src -}}
+{{- $ignore := include "utils.mergeDictionaryValue" (list $dest $key $value) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- toYaml $dest -}}
+{{- end -}}
+
+{{/*
+Merge a value into a dictionary.
+This is like helm's 'merge' function, except that it handles null entries too.
+*/}}
+{{- define "utils.mergeDictionaryValue" -}}
+{{- $dest := index . 0 -}}
+{{- $key := index . 1 -}}
+{{- $newValue := index . 2 -}}
+{{- $newType := typeOf $newValue -}}
+{{- if hasKey $dest $key -}}
+{{- if eq $newType "" -}}
+{{/* # if the value already existed, and the new value is null, remove the old value */}}
+{{- $ignore := unset $dest $key -}}
+{{- else -}}
+{{- $oldValue := index $dest $key -}}
+{{- $oldKind := kindOf $oldValue -}}
+{{- $newKind := kindOf $newValue -}}
+{{- if (and (eq $oldKind "map") (eq $newKind "map")) -}}
+{{/* # if both values are maps, merge them */}}
+{{- $merged := include "utils.mergeDictionaries" (list $oldValue $newValue) | fromYaml -}}
+{{- $ignore := set $dest $key $merged -}}
+{{- else -}}
+{{/* # replace the old value with the new one */}}
+{{- $ignore := set $dest $key $newValue -}}
+{{- end -}}
+{{- end -}}
+{{- else -}}
+{{- if not (eq $newType "") -}}
+{{/* #if there was no old value, and the new value isn't null, use the new value */}}
+{{- $ignore := set $dest $key $newValue -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Make a writable copy of a dictionary.
+TBD - does helm provide a clone method we can use instead?
+*/}}
+{{- define "utils.cloneDictionary" -}}
+{{- include "utils.mergeDictionaries" (list .) -}}
+{{- end -}}
+
+{{/*
+Verify that a list of values (exclude) can not be defined if another value (key) is already defined
+*/}}
+{{- define "utils.mutexValue" -}}
+{{- $scope := index . 0 -}}
+{{- $key := index . 1 -}}
+{{- $exclude := index . 2 -}}
+{{- $type := index . 3 -}}
+{{- $parent := $scope.validationScope -}}
+{{- $args := . -}}
+{{- $status := dict -}}
+{{- if hasKey $parent $key -}}
+{{- range $value := $exclude -}}
+{{- if hasKey $parent $value -}}
+{{- $errorMsg := cat $value "can not be present when" $key "is defined" " " -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- $ignore := set $status "error" true -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- if not (hasKey $status "error") -}}
+ true
+{{- end -}}
+{{- end -}}
+
+{{/*
+Verify that a list of strings can not be defined if another string is already defined
+*/}}
+{{- define "utils.mutexString" -}}
+{{- include "utils.mutexValue" (append . "string") -}}
+{{- end -}}
+
+{{/*
+Verify that a Kubernetes resource exists in a given namespace
+*/}}
+{{- define "utils.verifyK8SResource" -}}
+{{- $scope := index . 0 -}}
+{{- $name := index . 1 -}}
+{{- $type := index . 2 -}}
+{{- $namespace := index . 3 -}}
+{{- $foundNS := (lookup "v1" "Namespace" "" $namespace) }}
+{{- if $foundNS }}
+{{- $foundResource := (lookup "v1" $type $namespace $name) }}
+{{- if not $foundResource }}
+{{- $errorMsg := cat $type $name " not found in namespace " $namespace -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_validate-inputs.tpl b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_validate-inputs.tpl
new file mode 100755
index 000000000..a6ee7dd02
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/_validate-inputs.tpl
@@ -0,0 +1,63 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.validateInputs" -}}
+{{- $scope := include "utils.cloneDictionary" . | fromYaml -}}
+{{- $ignore:= include "utils.startValidation" $scope -}}
+{{- $ignore := include "utils.pushValidationContext" (list $scope "Release") -}}
+{{- $ignore := include "utils.verifyResourceName" (list $scope "Namespace" 63) -}}
+{{- $ignore := include "utils.popValidationContext" $scope -}}
+{{- $ignore := include "utils.verifyString" (list $scope "serviceAccount") -}}
+{{- $ignore := include "utils.verifyK8SResource" (list $scope .serviceAccount "ServiceAccount" .Release.Namespace) -}}
+{{- $ignore := include "utils.verifyString" (list $scope "image") -}}
+{{- $ignore := include "utils.verifyEnum" (list $scope "imagePullPolicy" (list "Always" "IfNotPresent" "Never")) -}}
+{{- $ignore := include "utils.verifyOptionalDictionaryList" (list $scope "imagePullSecrets") -}}
+{{- $ignore := include "utils.verifyEnum" (list $scope "javaLoggingLevel" (list "SEVERE" "WARNING" "INFO" "CONFIG" "FINE" "FINER" "FINEST")) -}}
+{{- if include "utils.verifyBoolean" (list $scope "externalRestEnabled") -}}
+{{- if $scope.externalRestEnabled -}}
+{{- $ignore := include "utils.verifyInteger" (list $scope "externalRestHttpsPort") -}}
+{{- $ignore := include "utils.mutexString" (list $scope "externalRestIdentitySecret" (list "externalOperatorKey" "externalOperatorCert")) -}}
+{{- if (or (hasKey $scope "externalOperatorCert") (hasKey $scope "externalOperatorKey")) -}}
+{{- $ignore := include "utils.verifyString" (list $scope "externalOperatorCert") -}}
+{{- $ignore := include "utils.verifyString" (list $scope "externalOperatorKey") -}}
+{{- else }}
+{{- $ignore := include "utils.verifyString" (list $scope "externalRestIdentitySecret") -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- if include "utils.verifyBoolean" (list $scope "remoteDebugNodePortEnabled") -}}
+{{- if $scope.remoteDebugNodePortEnabled -}}
+{{- $ignore := include "utils.verifyBoolean" (list $scope "suspendOnDebugStartup") -}}
+{{- $ignore := include "utils.verifyInteger" (list $scope "internalDebugHttpPort") -}}
+{{- $ignore := include "utils.verifyInteger" (list $scope "externalDebugHttpPort") -}}
+{{- end -}}
+{{- end -}}
+{{- $ignore := include "utils.verifyOptionalBoolean" (list $scope "enableClusterRoleBinding") -}}
+{{- if and .enableClusterRoleBinding (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+{{- $errorMsg := "The enableClusterRoleBinding value may not be true when either dedicated is true or domainNamespaceSelectionStrategy is Dedicated" -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- end -}}
+{{- if eq (default "List" $scope.domainNamespaceSelectionStrategy) "List" -}}
+{{- $ignore := include "utils.verifyStringList" (list $scope "domainNamespaces") -}}
+{{- end -}}
+{{- if include "utils.verifyBoolean" (list $scope "elkIntegrationEnabled") -}}
+{{- if $scope.elkIntegrationEnabled -}}
+{{- $ignore := include "utils.verifyString" (list $scope "logStashImage") -}}
+{{- $ignore := include "utils.verifyString" (list $scope "elasticSearchHost") -}}
+{{- $ignore := include "utils.verifyInteger" (list $scope "elasticSearchPort") -}}
+{{- end -}}
+{{- end -}}
+{{- $ignore := include "utils.verifyOptionalBoolean" (list $scope "dedicated") -}}
+{{- $ignore := include "utils.verifyOptionalEnum" (list $scope "domainNamespaceSelectionStrategy" (list "List" "LabelSelector" "RegExp" "Dedicated")) -}}
+{{- if eq (default "List" $scope.domainNamespaceSelectionStrategy) "LabelSelector" -}}
+{{- $ignore := include "utils.verifyString" (list $scope "domainNamespaceLabelSelector") -}}
+{{- end -}}
+{{- if eq (default "List" $scope.domainNamespaceSelectionStrategy) "RegExp" -}}
+{{- $ignore := include "utils.verifyString" (list $scope "domainNamespaceRegExp") -}}
+{{- end -}}
+{{- $ignore := include "utils.verifyOptionalBoolean" (list $scope "mockWLS") -}}
+{{- $ignore := include "utils.verifyIntrospectorJobNameSuffix" (list $scope "introspectorJobNameSuffix" 25) -}}
+{{- $ignore := include "utils.verifyExternalServiceNameSuffix" (list $scope "externalServiceNameSuffix" 10) -}}
+{{- $ignore := include "utils.verifyOptionalBoolean" (list $scope "clusterSizePaddingValidationEnabled") -}}
+{{- $ignore := include "utils.endValidation" $scope -}}
+{{- end -}}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/main.yaml b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/main.yaml
new file mode 100755
index 000000000..fb7e731f9
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/templates/main.yaml
@@ -0,0 +1,11 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- $scope := include "utils.cloneDictionary" .Values | fromYaml -}}
+{{- $ignore := set $scope "Files" .Files -}}
+{{- $ignore := set $scope "Chart" .Chart -}}
+{{- $ignore := set $scope "Release" .Release -}}
+{{- $ignore := set $scope "APIVersions" .Capabilities.APIVersions -}}
+
+{{ include "operator.validateInputs" $scope }}
+{{- include "operator.operator" $scope }}
diff --git a/OracleAccessManagement/kubernetes/charts/weblogic-operator/values.yaml b/OracleAccessManagement/kubernetes/charts/weblogic-operator/values.yaml
new file mode 100755
index 000000000..dac9a5382
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/charts/weblogic-operator/values.yaml
@@ -0,0 +1,224 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# serviceAccount specifies the name of the ServiceAccount in the operator's namespace that the
+# operator will use to make requests to the Kubernetes API server.
+# The customer is responsible for creating the ServiceAccount in the same namespace as this Helm release.
+# If not specified, the the operator will use the Helm release namespace's 'default' ServiceAccount.
+serviceAccount: "default"
+
+# domainNamespaceSelectionStrategy specifies how the operator will select the set of namespaces
+# that it will manage. Legal values are: List, LabelSelector, RegExp, and Dedicated. If set to 'List',
+# then the operator will manage the set of namespaces listed by the 'domainNamespaces' value.
+# If set to 'LabelSelector', then the operator will manage the set of namespaces discovered by a list
+# of namespaces using the value specified by 'domainNamespaceLabelSelector' as a label selector.
+# If set to 'RegExp', then the operator will manage the set of namespaces discovered by a list
+# of namespaces using the value specified by 'domainNamespaceRegExp' as a regular expression matched
+# against the namespace names.
+# If set to 'Dedicated', then operator will manage WebLogic Domains only in the same namespace
+# where the operator itself is deployed, which is the namespace of the Helm release.
+domainNamespaceSelectionStrategy: List
+
+# This value is deprecated. Please use 'domainNamespaceSelectionStrategy: Dedicated'.
+# dedicated specifies if this operator will manage WebLogic Domains only in the same namespace in
+# which the operator itself is deployed. If set to 'true', then the 'domainNamespaces' value below
+# is ignored. This value is ignored if 'domainNamespaceSelectionStrategy' is set to a value other
+# than 'List'.
+# dedicated: false
+
+# domainNamespaces specifies list of WebLogic Domain namespaces that this operator manages. This value
+# is ignored if 'domainNamespaceSelectionStrategy' is not 'List'. The customer is responsible for creating these
+# namespaces. If not specified, then the operator will manage WebLogic Domains in the Kubernetes 'default' namespace.
+#
+# Example: In the configuration below, the operator will manage namespace1 and namespace2.
+#
+# domainNamespaces:
+# - "namespace1"
+# - "namespace2"
+domainNamespaces:
+- "default"
+
+# domainNamespaceLabelSelector specifies the label selector value that the operator will use when listing
+# namespaces in search of the namespaces that contain WebLogic Domains that this operator will manage. Ignored
+# if 'domainNamespaceSelectionStrategy' is not 'LabelSelector'.
+#
+# Example: manage any namespace with a label named "weblogic-operator".
+#
+# domainNamespaceLabelSelector: "weblogic-operator"
+#
+# domainNamespaceLabelSelector:
+
+# domainNamespaceRegExp specifies a regular expression that will be matched against namespace names when listing
+# namespaces in search of the namespaces that contain WebLogic Domains that this operator will manage. Ignored
+# if 'domainNamespaceSelectionStrategy' is not 'RegExp'.
+#
+# Example: manage any namespace where the namespace name starts with "prod".
+#
+# domainNamespaceRegExp: "^prod"
+#
+# domainNamespaceRegExp:
+
+# enableClusterRoleBinding specifies whether the roles necessary for the operator to manage domains
+# will be granted using a ClusterRoleBinding rather than using RoleBindings in each managed namespace.
+enableClusterRoleBinding: false
+
+# image specifies the container image containing the operator.
+image: "ghcr.io/oracle/weblogic-kubernetes-operator:3.3.0"
+
+# imagePullPolicy specifies the image pull policy for the operator's container image.
+imagePullPolicy: IfNotPresent
+
+# imagePullSecrets contains an optional list of Kubernetes Secrets, in the operator's namespace,
+# that are needed to access the registry containing the operator's container image.
+# The customer is responsible for creating the Secret.
+# If no Secrets are required, then omit this property.
+#
+# Example: a Secret is needed, and has been stored in 'my-operator-secret'
+#
+# imagePullSecrets:
+# - name: "my-operator-secret"
+
+# externalRestEnabled specifies whether the the operator's REST interface is exposed
+# outside of the Kubernetes cluster on the port specified by the 'externalRestHttpsPort'
+# property.
+#
+# If set to true, then the customer must provide the SSL certificate and private key for
+# the operator's external REST interface by specifying the 'externalOperatorCert' and
+# 'externalOperatorKey' properties.
+externalRestEnabled: false
+
+# externalRestHttpsPort specifies the node port that should be allocated for the external operator REST HTTPS interface.
+# This parameter is required if 'externalRestEnabled' is true.
+# Otherwise, it is ignored.
+externalRestHttpsPort: 31001
+
+# The name of the Secret used to store the certificate and private key to use for the external operator REST HTTPS interface.
+# The Secret has to be created in the same namespace of the WebLogic operator.
+# This parameter is required if 'externalRestEnabled' is true. Otherwise, it is ignored.
+# As example, an external REST identity can be created using the following sample script
+# kubernetes/samples/scripts/rest/generate-external-rest-identity.sh
+# externalRestIdentitySecret:
+
+# elkIntegrationEnabled specifies whether or not ELK integration is enabled.
+elkIntegrationEnabled: false
+
+# logStashImage specifies the container image containing logstash.
+# This parameter is ignored if 'elkIntegrationEnabled' is false.
+logStashImage: "logstash:6.6.0"
+
+# elasticSearchHost specifies the hostname of where elasticsearch is running.
+# This parameter is ignored if 'elkIntegrationEnabled' is false.
+elasticSearchHost: "elasticsearch.default.svc.cluster.local"
+
+# elasticSearchPort specifies the port number of where elasticsearch is running.
+# This parameter is ignored if 'elkIntegrationEnabled' is false.
+elasticSearchPort: 9200
+
+# featureGates specifies a set of key=value pairs separated by commas that describe whether a given
+# operator feature is enabled. You enable a feature by including a key=value pair where the key is the
+# feature name and the value is "true". This will allow the operator team to release features that
+# are not yet ready to be enabled by default, but that are ready for testing by customers. Once a feature is
+# stable then it will be enabled by default and can not be disabled using this configuration.
+# featureGates: "...,AuxiliaryImage=true"
+
+# javaLoggingLevel specifies the Java logging level for the operator. This affects the operator pod's
+# log output and the contents of log files in the container's /logs/ directory.
+# Valid values are: "SEVERE", "WARNING", "INFO", "CONFIG", "FINE", "FINER", and "FINEST".
+javaLoggingLevel: "INFO"
+
+# javaLoggingFileSizeLimit specifies the maximum size in bytes for an individual Java logging file in the operator container's
+# /logs/ directory.
+javaLoggingFileSizeLimit: 20000000
+
+# javaLoggingFileCount specifies the number of Java logging files to preserve in the operator container's /logs/
+# directory as the files are rotated.
+javaLoggingFileCount: 10
+
+# labels specifies a set of key-value labels that will be added to each pod running the operator.
+# See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+#labels:
+
+# annotations specifies a set of key-value annotations that will be added to each pod running the operator.
+# See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+#annotations:
+
+# nodeSelector specifies a matching rule that the Kubernetes scheduler will use when selecting the node
+# where the operator will run. If the nodeSelector value is specified, then this content will be added to
+# the operator's deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
+# for more information on node selectors.
+#nodeSelector:
+
+# affinity specifies a set of matching rules related to the presence of other workloads that the Kubernetes scheduler
+# will use when selecting the node where the operator will run. If the affinity value is specified, then this content
+# will be added to the operator's deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+# for more information on affinity and anti-affinity.
+#affinity:
+
+# Values related to debugging the operator.
+# Customers should not need to use the following properties
+
+# remoteDebugNodePortEnabled specifies whether or not the operator will provide a Java remote debug interface on the
+# provided port. If the 'suspendOnDebugStartup' property is specified, the operator will suspend execution
+# until a remote debugger has attached.
+# The 'internalDebugHttpPort' property controls the port number inside the Kubernetes
+# cluster and the 'externalDebugHttpPort' property controls the port number outside
+# the Kubernetes cluster.
+remoteDebugNodePortEnabled: false
+
+#suspendOnDebugStartup specifies whether the operator will suspend on startup when a Java remote debugging is enabled.
+suspendOnDebugStartup: false
+
+# internalDebugHttpPort specifies the port number inside the Kubernetes cluster for the operator's Java
+# remote debug interface.
+# This parameter is required if 'remoteDebugNodePortEnabled' is true.
+# Otherwise, it is ignored.
+internalDebugHttpPort: 30999
+
+# externalDebugHttpPort specifies the node port that should be allocated for the operator's
+# Java remote debug interface.
+# This parameter is required if 'remoteDebugNodePortEnabled' is true.
+# Otherwise, it is ignored.
+externalDebugHttpPort: 30999
+
+# dns1123Fields overrides the default list of field names that the operator
+# converts to DNS-1123 legal values when replacing variable references in the
+# Domain resource. The default list can be found inside the class LegalNames
+# in the oracle.kubernetes.operator.helpers package.
+# Supply a comma separated list of field names to customize the list of fields
+# such as "name, claimName, volumeName", or leave it commented out to use
+# the default list of field names.
+# dns1123Fields: ""
+
+# introspectorJobNameSuffix overrides the default suffix that the operator uses
+# to append to the domainUID to form the name of the domain introspector job name.
+# Note that the resultant job name should not be more than 58 characters due to
+# the Kubernetes limit to the name of a job and Kubernetes appends five additional
+# characters to the name of the pod that is created by the job controller.
+# The default suffix is '-introspector'.
+# The default suffix in pre-3.1.0 is "-introspect-domain-job"
+introspectorJobNameSuffix: "-introspector"
+
+# externalServiceNameSuffix overrides the default suffix that the operator uses
+# to append to the domainUID and the WebLogic admin server name, to form the name
+# of the domain's admin server external service.
+# Note that the resultant name should not be more than 63 characters due to
+# the Kubernetes limit to the name of a service.
+# The default suffix is '-ext'.
+# The default suffix in pre-3.1.0 is "-external".
+externalServiceNameSuffix: "-ext"
+
+# clusterSizePaddingValidationEnabled specifies if additional one or two characters
+# need to be reserved to account for longer managed server names because of an increased
+# cluster size.
+# The default value is true.
+clusterSizePaddingValidationEnabled: true
+
+# tokenReviewAuthentication, if set to true, specifies whether the the operator's REST API should use
+# 1. Kubernetes token review API for authenticating users, and
+# 2. Kubernetes subject access review API for authorizing a user's operation (get, list,
+# patch, etc) on a resource.
+# 3. Update the Domain resource using the operator's privileges.
+# This parameter, if set to false, will use the caller's bearer token for any update
+# to the Domain resource so that it is done using the caller's privileges.
+# The default value is false.
+#tokenReviewAuthentication: false
diff --git a/OracleAccessManagement/kubernetes/common/createFMWJRFDomain.py b/OracleAccessManagement/kubernetes/common/createFMWJRFDomain.py
new file mode 100755
index 000000000..bde936ca5
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/common/createFMWJRFDomain.py
@@ -0,0 +1,332 @@
+# Copyright (c) 2014, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+import os
+import sys
+
+import com.oracle.cie.domain.script.jython.WLSTException as WLSTException
+
+class Infra12213Provisioner:
+
+ MACHINES = {
+ 'machine1' : {
+ 'NMType': 'SSL',
+ 'ListenAddress': 'localhost',
+ 'ListenPort': 5658
+ }
+ }
+
+ JRF_12213_TEMPLATES = {
+ 'baseTemplate' : '@@ORACLE_HOME@@/wlserver/common/templates/wls/wls.jar',
+ 'extensionTemplates' : [
+ '@@ORACLE_HOME@@/oracle_common/common/templates/wls/oracle.jrf_template.jar',
+ '@@ORACLE_HOME@@/oracle_common/common/templates/wls/oracle.jrf.ws.async_template.jar',
+ '@@ORACLE_HOME@@/oracle_common/common/templates/wls/oracle.wsmpm_template.jar',
+ '@@ORACLE_HOME@@/oracle_common/common/templates/wls/oracle.ums_template.jar',
+ '@@ORACLE_HOME@@/em/common/templates/wls/oracle.em_wls_template.jar'
+ ],
+ 'serverGroupsToTarget' : [ 'JRF-MAN-SVR', 'WSMPM-MAN-SVR' ]
+ }
+
+ def __init__(self, oracleHome, javaHome, domainParentDir, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount, clusterName):
+ self.oracleHome = self.validateDirectory(oracleHome)
+ self.javaHome = self.validateDirectory(javaHome)
+ self.domainParentDir = self.validateDirectory(domainParentDir, create=True)
+ return
+
+ def createInfraDomain(self, domainName, user, password, db, dbPrefix, dbPassword, adminListenPort, adminName,
+ managedNameBase, managedServerPort, prodMode, managedCount, clusterName,
+ exposeAdminT3Channel=None, t3ChannelPublicAddress=None, t3ChannelPort=None):
+ domainHome = self.createBaseDomain(domainName, user, password, adminListenPort, adminName, managedNameBase,
+ managedServerPort, prodMode, managedCount, clusterName
+ )
+ self.extendDomain(domainHome, db, dbPrefix, dbPassword, exposeAdminT3Channel, t3ChannelPublicAddress,
+ t3ChannelPort)
+
+ def createBaseDomain(self, domainName, user, password, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount, clusterName):
+ baseTemplate = self.replaceTokens(self.JRF_12213_TEMPLATES['baseTemplate'])
+
+ readTemplate(baseTemplate)
+ setOption('DomainName', domainName)
+ setOption('JavaHome', self.javaHome)
+ if (prodMode == 'true'):
+ setOption('ServerStartMode', 'prod')
+ else:
+ setOption('ServerStartMode', 'dev')
+ set('Name', domainName)
+
+ admin_port = int(adminListenPort)
+ ms_port = int(managedServerPort)
+ ms_count = int(managedCount)
+
+ # Create Admin Server
+ # =======================
+ print 'Creating Admin Server...'
+ cd('/Servers/AdminServer')
+ #set('ListenAddress', '%s-%s' % (domain_uid, admin_server_name_svc))
+ set('ListenPort', admin_port)
+ set('Name', adminName)
+
+ # Define the user password for weblogic
+ # =====================================
+ cd('/Security/' + domainName + '/User/weblogic')
+ set('Name', user)
+ set('Password', password)
+
+ # Create a cluster
+ # ======================
+ print 'Creating cluster...'
+ cd('/')
+ cl=create(clusterName, 'Cluster')
+
+ # Create managed servers
+ for index in range(0, ms_count):
+ cd('/')
+ msIndex = index+1
+ cd('/')
+ name = '%s%s' % (managedNameBase, msIndex)
+ create(name, 'Server')
+ cd('/Servers/%s/' % name )
+ print('managed server name is %s' % name);
+ set('ListenPort', ms_port)
+ set('NumOfRetriesBeforeMSIMode', 0)
+ set('RetryIntervalBeforeMSIMode', 1)
+ set('Cluster', clusterName)
+
+ # Create Node Manager
+ # =======================
+ print 'Creating Node Managers...'
+ for machine in self.MACHINES:
+ cd('/')
+ create(machine, 'Machine')
+ cd('Machine/' + machine)
+ create(machine, 'NodeManager')
+ cd('NodeManager/' + machine)
+ for param in self.MACHINES[machine]:
+ set(param, self.MACHINES[machine][param])
+
+
+ setOption('OverwriteDomain', 'true')
+ domainHome = self.domainParentDir + '/' + domainName
+ print 'Will create Base domain at ' + domainHome
+
+ print 'Writing base domain...'
+ writeDomain(domainHome)
+ closeTemplate()
+ print 'Base domain created at ' + domainHome
+ return domainHome
+
+
+ def extendDomain(self, domainHome, db, dbPrefix, dbPassword, exposeAdminT3Channel, t3ChannelPublicAddress,
+ t3ChannelPort):
+ print 'Extending domain at ' + domainHome
+ print 'Database ' + db
+ readDomain(domainHome)
+ setOption('AppDir', self.domainParentDir + '/applications')
+
+ print 'ExposeAdminT3Channel %s with %s:%s ' % (exposeAdminT3Channel, t3ChannelPublicAddress, t3ChannelPort)
+ if 'true' == exposeAdminT3Channel:
+ self.enable_admin_channel(t3ChannelPublicAddress, t3ChannelPort)
+
+ print 'Applying JRF templates...'
+ for extensionTemplate in self.JRF_12213_TEMPLATES['extensionTemplates']:
+ addTemplate(self.replaceTokens(extensionTemplate))
+
+ print 'Extension Templates added'
+
+ print 'Configuring the Service Table DataSource...'
+ fmwDb = 'jdbc:oracle:thin:@' + db
+ print 'fmwDatabase ' + fmwDb
+ cd('/JDBCSystemResource/LocalSvcTblDataSource/JdbcResource/LocalSvcTblDataSource')
+ cd('JDBCDriverParams/NO_NAME_0')
+ set('DriverName', 'oracle.jdbc.OracleDriver')
+ set('URL', fmwDb)
+ set('PasswordEncrypted', dbPassword)
+
+ stbUser = dbPrefix + '_STB'
+ cd('Properties/NO_NAME_0/Property/user')
+ set('Value', stbUser)
+
+ print 'Getting Database Defaults...'
+ getDatabaseDefaults()
+
+ print 'Targeting Server Groups...'
+ managedName= '%s%s' % (managedNameBase, 1)
+ print "Set CoherenceClusterSystemResource to defaultCoherenceCluster for server:" + managedName
+ serverGroupsToTarget = list(self.JRF_12213_TEMPLATES['serverGroupsToTarget'])
+ cd('/')
+ setServerGroups(managedName, serverGroupsToTarget)
+ print "Set CoherenceClusterSystemResource to defaultCoherenceCluster for server:" + managedName
+ cd('/Servers/' + managedName)
+ set('CoherenceClusterSystemResource', 'defaultCoherenceCluster')
+
+ print 'Targeting Cluster ...'
+ cd('/')
+ print "Set CoherenceClusterSystemResource to defaultCoherenceCluster for cluster:" + clusterName
+ cd('/Cluster/' + clusterName)
+ set('CoherenceClusterSystemResource', 'defaultCoherenceCluster')
+ print "Set WLS clusters as target of defaultCoherenceCluster:" + clusterName
+ cd('/CoherenceClusterSystemResource/defaultCoherenceCluster')
+ set('Target', clusterName)
+
+ print 'Preparing to update domain...'
+ updateDomain()
+ print 'Domain updated successfully'
+ closeDomain()
+ return
+
+
+ ###########################################################################
+ # Helper Methods #
+ ###########################################################################
+
+ def validateDirectory(self, dirName, create=False):
+ directory = os.path.realpath(dirName)
+ if not os.path.exists(directory):
+ if create:
+ os.makedirs(directory)
+ else:
+ message = 'Directory ' + directory + ' does not exist'
+ raise WLSTException(message)
+ elif not os.path.isdir(directory):
+ message = 'Directory ' + directory + ' is not a directory'
+ raise WLSTException(message)
+ return self.fixupPath(directory)
+
+
+ def fixupPath(self, path):
+ result = path
+ if path is not None:
+ result = path.replace('\\', '/')
+ return result
+
+
+ def replaceTokens(self, path):
+ result = path
+ if path is not None:
+ result = path.replace('@@ORACLE_HOME@@', oracleHome)
+ return result
+
+ def enable_admin_channel(self, admin_channel_address, admin_channel_port):
+ if admin_channel_address == None or admin_channel_port == 'None':
+ return
+ cd('/')
+ admin_server_name = get('AdminServerName')
+ print('setting admin server t3channel for ' + admin_server_name)
+ cd('/Servers/' + admin_server_name)
+ create('T3Channel', 'NetworkAccessPoint')
+ cd('/Servers/' + admin_server_name + '/NetworkAccessPoint/T3Channel')
+ set('ListenPort', int(admin_channel_port))
+ set('PublicPort', int(admin_channel_port))
+ set('PublicAddress', admin_channel_address)
+
+#############################
+# Entry point to the script #
+#############################
+
+def usage():
+ print sys.argv[0] + ' -oh -jh -parent -name ' + \
+ '-user -password ' + \
+ '-rcuDb -rcuPrefix -rcuSchemaPwd ' \
+ '-adminListenPort -adminName ' \
+ '-managedNameBase -managedServerPort -prodMode ' \
+ '-managedServerCount -clusterName ' \
+ '-exposeAdminT3Channel -t3ChannelPublicAddress ' \
+ '-t3ChannelPort '
+ sys.exit(0)
+
+# Uncomment for Debug only
+#print str(sys.argv[0]) + " called with the following sys.argv array:"
+#for index, arg in enumerate(sys.argv):
+# print "sys.argv[" + str(index) + "] = " + str(sys.argv[index])
+
+if len(sys.argv) < 16:
+ usage()
+
+#oracleHome will be passed by command line parameter -oh.
+oracleHome = None
+#javaHome will be passed by command line parameter -jh.
+javaHome = None
+#domainParentDir will be passed by command line parameter -parent.
+domainParentDir = None
+#domainUser is hard-coded to weblogic. You can change to other name of your choice. Command line paramter -user.
+domainUser = 'weblogic'
+#domainPassword will be passed by Command line parameter -password.
+domainPassword = None
+#rcuDb will be passed by command line parameter -rcuDb.
+rcuDb = None
+#change rcuSchemaPrefix to your infra schema prefix. Command line parameter -rcuPrefix.
+rcuSchemaPrefix = 'DEV12'
+#change rcuSchemaPassword to your infra schema password. Command line parameter -rcuSchemaPwd.
+rcuSchemaPassword = None
+exposeAdminT3Channel = None
+t3ChannelPort = None
+t3ChannelPublicAddress = None
+i = 1
+while i < len(sys.argv):
+ if sys.argv[i] == '-oh':
+ oracleHome = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-jh':
+ javaHome = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-parent':
+ domainParentDir = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-name':
+ domainName = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-user':
+ domainUser = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-password':
+ domainPassword = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-rcuDb':
+ rcuDb = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-rcuPrefix':
+ rcuSchemaPrefix = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-rcuSchemaPwd':
+ rcuSchemaPassword = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-adminListenPort':
+ adminListenPort = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-adminName':
+ adminName = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-managedNameBase':
+ managedNameBase = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-managedServerPort':
+ managedServerPort = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-prodMode':
+ prodMode = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-managedServerCount':
+ managedCount = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-clusterName':
+ clusterName = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-t3ChannelPublicAddress':
+ t3ChannelPublicAddress = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-t3ChannelPort':
+ t3ChannelPort = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-exposeAdminT3Channel':
+ exposeAdminT3Channel = sys.argv[i + 1]
+ i += 2
+ else:
+ print 'Unexpected argument switch at position ' + str(i) + ': ' + str(sys.argv[i])
+ usage()
+ sys.exit(1)
+
+provisioner = Infra12213Provisioner(oracleHome, javaHome, domainParentDir, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount, clusterName)
+provisioner.createInfraDomain(domainName, domainUser, domainPassword, rcuDb, rcuSchemaPrefix, rcuSchemaPassword,
+ adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount,
+ clusterName, exposeAdminT3Channel, t3ChannelPublicAddress, t3ChannelPort)
\ No newline at end of file
diff --git a/OracleAccessManagement/kubernetes/common/createFMWRestrictedJRFDomain.py b/OracleAccessManagement/kubernetes/common/createFMWRestrictedJRFDomain.py
new file mode 100755
index 000000000..acfe5da80
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/common/createFMWRestrictedJRFDomain.py
@@ -0,0 +1,291 @@
+# Copyright (c) 2014, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+import os
+import sys
+
+import com.oracle.cie.domain.script.jython.WLSTException as WLSTException
+
+class Infra12213Provisioner:
+
+ MACHINES = {
+ 'machine1' : {
+ 'NMType': 'SSL',
+ 'ListenAddress': 'localhost',
+ 'ListenPort': 5658
+ }
+ }
+
+ JRF_12213_TEMPLATES = {
+ 'baseTemplate' : '@@ORACLE_HOME@@/wlserver/common/templates/wls/wls.jar',
+ 'extensionTemplates' : [
+ '@@ORACLE_HOME@@/oracle_common/common/templates/wls/oracle.jrf_restricted_template.jar',
+ '@@ORACLE_HOME@@/em/common/templates/wls/oracle.em_wls_restricted_template.jar'
+ ],
+ 'serverGroupsToTarget' : [ 'JRF-MAN-SVR', 'WSMPM-MAN-SVR' ]
+ }
+
+ def __init__(self, oracleHome, javaHome, domainParentDir, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount, clusterName):
+ self.oracleHome = self.validateDirectory(oracleHome)
+ self.javaHome = self.validateDirectory(javaHome)
+ self.domainParentDir = self.validateDirectory(domainParentDir, create=True)
+ return
+
+ def createInfraDomain(self, domainName, user, password, adminListenPort, adminName,
+ managedNameBase, managedServerPort, prodMode, managedCount, clusterName,
+ exposeAdminT3Channel=None, t3ChannelPublicAddress=None, t3ChannelPort=None):
+ domainHome = self.createBaseDomain(domainName, user, password, adminListenPort, adminName, managedNameBase,
+ managedServerPort, prodMode, managedCount, clusterName
+ )
+ self.extendDomain(domainHome, exposeAdminT3Channel, t3ChannelPublicAddress, t3ChannelPort)
+
+ def createBaseDomain(self, domainName, user, password, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount, clusterName):
+ baseTemplate = self.replaceTokens(self.JRF_12213_TEMPLATES['baseTemplate'])
+
+ readTemplate(baseTemplate)
+ setOption('DomainName', domainName)
+ setOption('JavaHome', self.javaHome)
+ if (prodMode == 'true'):
+ setOption('ServerStartMode', 'prod')
+ else:
+ setOption('ServerStartMode', 'dev')
+ set('Name', domainName)
+
+ admin_port = int(adminListenPort)
+ ms_port = int(managedServerPort)
+ ms_count = int(managedCount)
+
+ # Create Admin Server
+ # =======================
+ print 'Creating Admin Server...'
+ cd('/Servers/AdminServer')
+ #set('ListenAddress', '%s-%s' % (domain_uid, admin_server_name_svc))
+ set('ListenPort', admin_port)
+ set('Name', adminName)
+
+ # Define the user password for weblogic
+ # =====================================
+ cd('/Security/' + domainName + '/User/weblogic')
+ set('Name', user)
+ set('Password', password)
+
+ # Create a cluster
+ # ======================
+ print 'Creating cluster...'
+ cd('/')
+ cl=create(clusterName, 'Cluster')
+
+ # Create managed servers
+ for index in range(0, ms_count):
+ cd('/')
+ msIndex = index+1
+ cd('/')
+ name = '%s%s' % (managedNameBase, msIndex)
+ create(name, 'Server')
+ cd('/Servers/%s/' % name )
+ print('managed server name is %s' % name);
+ set('ListenPort', ms_port)
+ set('NumOfRetriesBeforeMSIMode', 0)
+ set('RetryIntervalBeforeMSIMode', 1)
+ set('Cluster', clusterName)
+
+ # Create Node Manager
+ # =======================
+ print 'Creating Node Managers...'
+ for machine in self.MACHINES:
+ cd('/')
+ create(machine, 'Machine')
+ cd('Machine/' + machine)
+ create(machine, 'NodeManager')
+ cd('NodeManager/' + machine)
+ for param in self.MACHINES[machine]:
+ set(param, self.MACHINES[machine][param])
+
+
+ setOption('OverwriteDomain', 'true')
+ domainHome = self.domainParentDir + '/' + domainName
+ print 'Will create Base domain at ' + domainHome
+
+ print 'Writing base domain...'
+ writeDomain(domainHome)
+ closeTemplate()
+ print 'Base domain created at ' + domainHome
+ return domainHome
+
+
+ def extendDomain(self, domainHome, exposeAdminT3Channel, t3ChannelPublicAddress,
+ t3ChannelPort):
+ print 'Extending domain at ' + domainHome
+ readDomain(domainHome)
+ setOption('AppDir', self.domainParentDir + '/applications')
+
+ print 'ExposeAdminT3Channel %s with %s:%s ' % (exposeAdminT3Channel, t3ChannelPublicAddress, t3ChannelPort)
+ if 'true' == exposeAdminT3Channel:
+ self.enable_admin_channel(t3ChannelPublicAddress, t3ChannelPort)
+
+ print 'Applying JRF templates...'
+ for extensionTemplate in self.JRF_12213_TEMPLATES['extensionTemplates']:
+ addTemplate(self.replaceTokens(extensionTemplate))
+
+ print 'Extension Templates added'
+
+ print 'Preparing to update domain...'
+ updateDomain()
+ print 'Domain updated successfully'
+ closeDomain()
+ return
+
+
+ ###########################################################################
+ # Helper Methods #
+ ###########################################################################
+
+ def validateDirectory(self, dirName, create=False):
+ directory = os.path.realpath(dirName)
+ if not os.path.exists(directory):
+ if create:
+ os.makedirs(directory)
+ else:
+ message = 'Directory ' + directory + ' does not exist'
+ raise WLSTException(message)
+ elif not os.path.isdir(directory):
+ message = 'Directory ' + directory + ' is not a directory'
+ raise WLSTException(message)
+ return self.fixupPath(directory)
+
+
+ def fixupPath(self, path):
+ result = path
+ if path is not None:
+ result = path.replace('\\', '/')
+ return result
+
+
+ def replaceTokens(self, path):
+ result = path
+ if path is not None:
+ result = path.replace('@@ORACLE_HOME@@', oracleHome)
+ return result
+
+ def enable_admin_channel(self, admin_channel_address, admin_channel_port):
+ if admin_channel_address == None or admin_channel_port == 'None':
+ return
+ cd('/')
+ admin_server_name = get('AdminServerName')
+ print('setting admin server t3channel for ' + admin_server_name)
+ cd('/Servers/' + admin_server_name)
+ create('T3Channel', 'NetworkAccessPoint')
+ cd('/Servers/' + admin_server_name + '/NetworkAccessPoint/T3Channel')
+ set('ListenPort', int(admin_channel_port))
+ set('PublicPort', int(admin_channel_port))
+ set('PublicAddress', admin_channel_address)
+
+#############################
+# Entry point to the script #
+#############################
+
+def usage():
+ print sys.argv[0] + ' -oh -jh -parent -name ' + \
+ '-user -password ' + \
+ '-rcuDb -rcuPrefix -rcuSchemaPwd ' \
+ '-adminListenPort -adminName ' \
+ '-managedNameBase -managedServerPort -prodMode ' \
+ '-managedServerCount -clusterName ' \
+ '-exposeAdminT3Channel -t3ChannelPublicAddress ' \
+ '-t3ChannelPort '
+ sys.exit(0)
+
+# Uncomment for Debug only
+#print str(sys.argv[0]) + " called with the following sys.argv array:"
+#for index, arg in enumerate(sys.argv):
+# print "sys.argv[" + str(index) + "] = " + str(sys.argv[index])
+
+if len(sys.argv) < 16:
+ usage()
+
+#oracleHome will be passed by command line parameter -oh.
+oracleHome = None
+#javaHome will be passed by command line parameter -jh.
+javaHome = None
+#domainParentDir will be passed by command line parameter -parent.
+domainParentDir = None
+#domainUser is hard-coded to weblogic. You can change to other name of your choice. Command line paramter -user.
+domainUser = 'weblogic'
+#domainPassword will be passed by Command line parameter -password.
+domainPassword = None
+#rcuDb will be passed by command line parameter -rcuDb.
+rcuDb = None
+#change rcuSchemaPrefix to your infra schema prefix. Command line parameter -rcuPrefix.
+rcuSchemaPrefix = 'DEV12'
+#change rcuSchemaPassword to your infra schema password. Command line parameter -rcuSchemaPwd.
+rcuSchemaPassword = None
+exposeAdminT3Channel = None
+t3ChannelPort = None
+t3ChannelPublicAddress = None
+i = 1
+while i < len(sys.argv):
+ if sys.argv[i] == '-oh':
+ oracleHome = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-jh':
+ javaHome = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-parent':
+ domainParentDir = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-name':
+ domainName = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-user':
+ domainUser = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-password':
+ domainPassword = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-rcuDb':
+ rcuDb = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-rcuPrefix':
+ rcuSchemaPrefix = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-rcuSchemaPwd':
+ rcuSchemaPassword = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-adminListenPort':
+ adminListenPort = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-adminName':
+ adminName = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-managedNameBase':
+ managedNameBase = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-managedServerPort':
+ managedServerPort = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-prodMode':
+ prodMode = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-managedServerCount':
+ managedCount = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-clusterName':
+ clusterName = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-t3ChannelPublicAddress':
+ t3ChannelPublicAddress = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-t3ChannelPort':
+ t3ChannelPort = sys.argv[i + 1]
+ i += 2
+ elif sys.argv[i] == '-exposeAdminT3Channel':
+ exposeAdminT3Channel = sys.argv[i + 1]
+ i += 2
+ else:
+ print 'Unexpected argument switch at position ' + str(i) + ': ' + str(sys.argv[i])
+ usage()
+ sys.exit(1)
+
+provisioner = Infra12213Provisioner(oracleHome, javaHome, domainParentDir, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount, clusterName)
+provisioner.createInfraDomain(domainName, domainUser, domainPassword, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount,
+ clusterName, exposeAdminT3Channel, t3ChannelPublicAddress, t3ChannelPort)
diff --git a/OracleAccessManagement/kubernetes/common/domain-template.yaml b/OracleAccessManagement/kubernetes/common/domain-template.yaml
new file mode 100755
index 000000000..2d081de7d
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/common/domain-template.yaml
@@ -0,0 +1,119 @@
+# Copyright (c) 2017, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# This is an example of how to define a Domain resource.
+#
+apiVersion: "weblogic.oracle/v8"
+kind: Domain
+metadata:
+ name: %DOMAIN_UID%
+ namespace: %NAMESPACE%
+ labels:
+ weblogic.domainUID: %DOMAIN_UID%
+spec:
+ # The WebLogic Domain Home
+ domainHome: %DOMAIN_HOME%
+
+ # The domain home source type
+ # Set to PersistentVolume for domain-in-pv, Image for domain-in-image, or FromModel for model-in-image
+ domainHomeSourceType: %DOMAIN_HOME_SOURCE_TYPE%
+
+ # The WebLogic Server image that the Operator uses to start the domain
+ image: "%WEBLOGIC_IMAGE%"
+
+ # imagePullPolicy defaults to "Always" if image version is :latest
+ imagePullPolicy: "%WEBLOGIC_IMAGE_PULL_POLICY%"
+
+ # Identify which Secret contains the credentials for pulling an image
+ %WEBLOGIC_IMAGE_PULL_SECRET_PREFIX%imagePullSecrets:
+ %WEBLOGIC_IMAGE_PULL_SECRET_PREFIX%- name: %WEBLOGIC_IMAGE_PULL_SECRET_NAME%
+
+ # Identify which Secret contains the WebLogic Admin credentials (note that there is an example of
+ # how to create that Secret at the end of this file)
+ webLogicCredentialsSecret:
+ name: %WEBLOGIC_CREDENTIALS_SECRET_NAME%
+
+ # Whether to include the server out file into the pod's stdout, default is true
+ includeServerOutInPodLog: %INCLUDE_SERVER_OUT_IN_POD_LOG%
+
+ # Whether to enable log home
+ %LOG_HOME_ON_PV_PREFIX%logHomeEnabled: %LOG_HOME_ENABLED%
+
+ # Whether to write HTTP access log file to log home
+ %LOG_HOME_ON_PV_PREFIX%httpAccessLogInLogHome: %HTTP_ACCESS_LOG_IN_LOG_HOME%
+
+ # The in-pod location for domain log, server logs, server out, introspector out, and Node Manager log files
+ %LOG_HOME_ON_PV_PREFIX%logHome: %LOG_HOME%
+ # An (optional) in-pod location for data storage of default and custom file stores.
+ # If not specified or the value is either not set or empty (e.g. dataHome: "") then the
+ # data storage directories are determined from the WebLogic domain home configuration.
+ dataHome: "%DATA_HOME%"
+
+
+ # serverStartPolicy legal values are "NEVER", "IF_NEEDED", or "ADMIN_ONLY"
+ # This determines which WebLogic Servers the Operator will start up when it discovers this Domain
+ # - "NEVER" will not start any server in the domain
+ # - "ADMIN_ONLY" will start up only the administration server (no managed servers will be started)
+ # - "IF_NEEDED" will start all non-clustered servers, including the administration server and clustered servers up to the replica count
+ serverStartPolicy: "%SERVER_START_POLICY%"
+
+ serverPod:
+ # an (optional) list of environment variable to be set on the servers
+ env:
+ - name: JAVA_OPTIONS
+ value: "%JAVA_OPTIONS%"
+ - name: USER_MEM_ARGS
+ value: "-Djava.security.egd=file:/dev/./urandom -Xms256m -Xmx512m "
+ %OPTIONAL_SERVERPOD_RESOURCES%
+ %LOG_HOME_ON_PV_PREFIX%volumes:
+ %LOG_HOME_ON_PV_PREFIX%- name: weblogic-domain-storage-volume
+ %LOG_HOME_ON_PV_PREFIX% persistentVolumeClaim:
+ %LOG_HOME_ON_PV_PREFIX% claimName: %DOMAIN_PVC_NAME%
+ %LOG_HOME_ON_PV_PREFIX%volumeMounts:
+ %LOG_HOME_ON_PV_PREFIX%- mountPath: %DOMAIN_ROOT_DIR%
+ %LOG_HOME_ON_PV_PREFIX% name: weblogic-domain-storage-volume
+
+ # adminServer is used to configure the desired behavior for starting the administration server.
+ adminServer:
+ # serverStartState legal values are "RUNNING" or "ADMIN"
+ # "RUNNING" means the listed server will be started up to "RUNNING" mode
+ # "ADMIN" means the listed server will be start up to "ADMIN" mode
+ serverStartState: "RUNNING"
+ %EXPOSE_ANY_CHANNEL_PREFIX%adminService:
+ %EXPOSE_ANY_CHANNEL_PREFIX% channels:
+ # The Admin Server's NodePort
+ %EXPOSE_ADMIN_PORT_PREFIX% - channelName: default
+ %EXPOSE_ADMIN_PORT_PREFIX% nodePort: %ADMIN_NODE_PORT%
+ # Uncomment to export the T3Channel as a service
+ %EXPOSE_T3_CHANNEL_PREFIX% - channelName: T3Channel
+
+ # clusters is used to configure the desired behavior for starting member servers of a cluster.
+ # If you use this entry, then the rules will be applied to ALL servers that are members of the named clusters.
+ clusters:
+ - clusterName: %CLUSTER_NAME%
+ serverStartState: "RUNNING"
+ serverPod:
+ # Instructs Kubernetes scheduler to prefer nodes for new cluster members where there are not
+ # already members of the same cluster.
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: "weblogic.clusterName"
+ operator: In
+ values:
+ - $(CLUSTER_NAME)
+ topologyKey: "kubernetes.io/hostname"
+ replicas: %INITIAL_MANAGED_SERVER_REPLICAS%
+ # The number of managed servers to start for unlisted clusters
+ # replicas: 1
+
+ # Istio
+ %ISTIO_PREFIX%configuration:
+ %ISTIO_PREFIX% istio:
+ %ISTIO_PREFIX% enabled: %ISTIO_ENABLED%
+ %ISTIO_PREFIX% readinessPort: %ISTIO_READINESS_PORT%
+
diff --git a/OracleAccessManagement/kubernetes/common/jrf-domain-template.yaml b/OracleAccessManagement/kubernetes/common/jrf-domain-template.yaml
new file mode 100755
index 000000000..ccd35b84f
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/common/jrf-domain-template.yaml
@@ -0,0 +1,123 @@
+# Copyright (c) 2017, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# This is an example of how to define a Domain resource.
+#
+apiVersion: "weblogic.oracle/v8"
+kind: Domain
+metadata:
+ name: %DOMAIN_UID%
+ namespace: %NAMESPACE%
+ labels:
+ weblogic.domainUID: %DOMAIN_UID%
+spec:
+ # The WebLogic Domain Home
+ domainHome: %DOMAIN_HOME%
+
+ # The domain home source type
+ # Set to PersistentVolume for domain-in-pv, Image for domain-in-image, or FromModel for model-in-image
+ domainHomeSourceType: %DOMAIN_HOME_SOURCE_TYPE%
+
+ # The WebLogic Server image that the Operator uses to start the domain
+ image: "%WEBLOGIC_IMAGE%"
+
+ # imagePullPolicy defaults to "Always" if image version is :latest
+ imagePullPolicy: "%WEBLOGIC_IMAGE_PULL_POLICY%"
+
+ # Identify which Secret contains the credentials for pulling an image
+ %WEBLOGIC_IMAGE_PULL_SECRET_PREFIX%imagePullSecrets:
+ %WEBLOGIC_IMAGE_PULL_SECRET_PREFIX%- name: %WEBLOGIC_IMAGE_PULL_SECRET_NAME%
+
+ # Identify which Secret contains the WebLogic Admin credentials (note that there is an example of
+ # how to create that Secret at the end of this file)
+ webLogicCredentialsSecret:
+ name: %WEBLOGIC_CREDENTIALS_SECRET_NAME%
+
+ # Whether to include the server out file into the pod's stdout, default is true
+ includeServerOutInPodLog: %INCLUDE_SERVER_OUT_IN_POD_LOG%
+
+ # Whether to enable log home
+ %LOG_HOME_ON_PV_PREFIX%logHomeEnabled: %LOG_HOME_ENABLED%
+
+ # Whether to write HTTP access log file to log home
+ %LOG_HOME_ON_PV_PREFIX%httpAccessLogInLogHome: %HTTP_ACCESS_LOG_IN_LOG_HOME%
+
+ # The in-pod location for domain log, server logs, server out, introspector out, and Node Manager log files
+ %LOG_HOME_ON_PV_PREFIX%logHome: %LOG_HOME%
+ # An (optional) in-pod location for data storage of default and custom file stores.
+ # If not specified or the value is either not set or empty (e.g. dataHome: "") then the
+ # data storage directories are determined from the WebLogic domain home configuration.
+ dataHome: "%DATA_HOME%"
+
+ # serverStartPolicy legal values are "NEVER", "IF_NEEDED", or "ADMIN_ONLY"
+ # This determines which WebLogic Servers the Operator will start up when it discovers this Domain
+ # - "NEVER" will not start any server in the domain
+ # - "ADMIN_ONLY" will start up only the administration server (no managed servers will be started)
+ # - "IF_NEEDED" will start all non-clustered servers, including the administration server and clustered servers up to the replica count
+ serverStartPolicy: "%SERVER_START_POLICY%"
+
+ serverPod:
+ # an (optional) list of environment variable to be set on the servers
+ env:
+ - name: JAVA_OPTIONS
+ value: "%JAVA_OPTIONS%"
+ - name: USER_MEM_ARGS
+ value: "-Djava.security.egd=file:/dev/./urandom -Xms256m -Xmx1024m "
+ %OPTIONAL_SERVERPOD_RESOURCES%
+ %LOG_HOME_ON_PV_PREFIX%volumes:
+ %LOG_HOME_ON_PV_PREFIX%- name: weblogic-domain-storage-volume
+ %LOG_HOME_ON_PV_PREFIX% persistentVolumeClaim:
+ %LOG_HOME_ON_PV_PREFIX% claimName: %DOMAIN_PVC_NAME%
+ %LOG_HOME_ON_PV_PREFIX%volumeMounts:
+ %LOG_HOME_ON_PV_PREFIX%- mountPath: %DOMAIN_ROOT_DIR%
+ %LOG_HOME_ON_PV_PREFIX% name: weblogic-domain-storage-volume
+
+ # adminServer is used to configure the desired behavior for starting the administration server.
+ adminServer:
+ # serverStartState legal values are "RUNNING" or "ADMIN"
+ # "RUNNING" means the listed server will be started up to "RUNNING" mode
+ # "ADMIN" means the listed server will be start up to "ADMIN" mode
+ serverStartState: "RUNNING"
+ %EXPOSE_ANY_CHANNEL_PREFIX%adminService:
+ %EXPOSE_ANY_CHANNEL_PREFIX% channels:
+ # The Admin Server's NodePort
+ %EXPOSE_ADMIN_PORT_PREFIX% - channelName: default
+ %EXPOSE_ADMIN_PORT_PREFIX% nodePort: %ADMIN_NODE_PORT%
+ # Uncomment to export the T3Channel as a service
+ %EXPOSE_T3_CHANNEL_PREFIX% - channelName: T3Channel
+ serverPod:
+ # an (optional) list of environment variable to be set on the admin servers
+ env:
+ - name: USER_MEM_ARGS
+ value: "-Djava.security.egd=file:/dev/./urandom -Xms512m -Xmx1024m "
+
+ # clusters is used to configure the desired behavior for starting member servers of a cluster.
+ # If you use this entry, then the rules will be applied to ALL servers that are members of the named clusters.
+ clusters:
+ - clusterName: %CLUSTER_NAME%
+ serverStartState: "RUNNING"
+ serverPod:
+ # Instructs Kubernetes scheduler to prefer nodes for new cluster members where there are not
+ # already members of the same cluster.
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: "weblogic.clusterName"
+ operator: In
+ values:
+ - $(CLUSTER_NAME)
+ topologyKey: "kubernetes.io/hostname"
+ replicas: %INITIAL_MANAGED_SERVER_REPLICAS%
+ # The number of managed servers to start for unlisted clusters
+ # replicas: 1
+
+ # Istio
+ %ISTIO_PREFIX%configuration:
+ %ISTIO_PREFIX% istio:
+ %ISTIO_PREFIX% enabled: %ISTIO_ENABLED%
+ %ISTIO_PREFIX% readinessPort: %ISTIO_READINESS_PORT%
+
diff --git a/OracleAccessManagement/kubernetes/common/utility.sh b/OracleAccessManagement/kubernetes/common/utility.sh
new file mode 100755
index 000000000..aafc57021
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/common/utility.sh
@@ -0,0 +1,928 @@
+#!/usr/bin/env bash
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+#
+# Utility functions that are shared by multiple scripts
+#
+
+#
+# Function to exit and print an error message
+# $1 - text of message
+function fail {
+ printError $*
+ exit 1
+}
+
+# Function to print an error message
+function printError {
+ echo [ERROR] $*
+}
+
+# Function to see if there is more than 1 input file.
+# This could happen if the user has a properties file from
+# running wdt discover domain on a on-prem domain
+function checkInputFiles {
+ if [[ "${valuesInputFile}" =~ [,] ]] ; then
+ echo "Found a comma separated list of input files"
+ IFS=','
+ read -a temp <<< "${valuesInputFile}"
+
+ # We want to keep valuesInputFile pointing to the yaml since
+ # the validate function expects it.
+ local extension=$(echo "${temp[0]}" | sed 's/^.*\.//')
+ if [ ${extension} == 'yaml' ]; then
+ valuesInputFile=${temp[0]}
+ valuesInputFile1=${temp[1]}
+ else
+ valuesInputFile=${temp[1]}
+ valuesInputFile1=${temp[0]}
+ fi
+ fi
+}
+
+#
+# Function to parse a yaml file and generate the bash exports
+# $1 - Input filename
+# $2 - Output filename
+function parseYaml {
+ local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
+ sed -ne "s|^\($s\):|\1|" \
+ -e "s|^\($s\)\($w\)$s:$s[\"']\(.*\)[\"']$s\$|\1$fs\2$fs\3|p" \
+ -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 |
+ awk -F$fs '{
+ if (length($3) > 0) {
+ # javaOptions may contain tokens that are not allowed in export command
+ # we need to handle it differently.
+ if ($2=="javaOptions") {
+ printf("%s=%s\n", $2, $3);
+ } else {
+ printf("export %s=\"%s\"\n", $2, $3);
+ }
+ }
+ }' > $2
+}
+
+#
+# Function to parse a properties file and generate the bash exports
+# $1 - Input filename
+# $2 - Output filename
+function parseProperties {
+ while IFS='=' read -r key value
+ do
+ echo "export ${key}=\"${value}\"" >> $2
+ done < $1
+}
+
+#
+# Function to remove a file if it exists
+#
+function removeFileIfExists {
+ if [ -f $1 ]; then
+ rm $1
+ fi
+}
+
+#
+# Function to parse the common parameter inputs file
+#
+function parseCommonInputs {
+ exportValuesFile=$(mktemp /tmp/export-values-XXXXXXXXX.sh)
+ tmpFile=$(mktemp /tmp/javaoptions_tmp-XXXXXXXXX.dat)
+ parseYaml ${valuesInputFile} ${exportValuesFile}
+
+ if [ ! -z ${valuesInputFile1} ]; then
+ parseProperties ${valuesInputFile1} ${exportValuesFile}
+ fi
+
+ if [ ! -f ${exportValuesFile} ]; then
+ echo Unable to locate the parsed output of ${valuesInputFile}.
+ fail 'The file ${exportValuesFile} could not be found.'
+ fi
+
+ # Define the environment variables that will be used to fill in template values
+ echo Input parameters being used
+ cat ${exportValuesFile}
+ echo
+
+ # If we have 2 input files, we need to create a combined inputs file
+ # exportsValueFile contains all the properties already
+ # We just need to remove the term export from the file
+ if [ ! -z ${valuesInputFile1} ]; then
+ propsFile="domain.properties"
+ cat ${exportValuesFile} > ${propsFile}
+ sed -i 's/export //g' ${propsFile}
+ sed -i 's/"//g' ${propsFile}
+ valuesInputFile=${propsFile}
+ cat ${valuesInputFile}
+ fi
+
+ # javaOptions may contain tokens that are not allowed in export command
+ # we need to handle it differently.
+ # we set the javaOptions variable that can be used later
+ tmpStr=`grep "javaOptions" ${exportValuesFile}`
+ javaOptions=${tmpStr//"javaOptions="/}
+
+ # We exclude javaOptions from the exportValuesFile
+ grep -v "javaOptions" ${exportValuesFile} > ${tmpFile}
+ source ${tmpFile}
+
+ rm ${exportValuesFile} ${tmpFile}
+}
+
+#
+# Function to delete a kubernetes object
+# $1 object type
+# $2 object name
+# $3 yaml file
+function deleteK8sObj {
+ # If the yaml file does not exist yet, unable to do the delete
+ if [ ! -f $3 ]; then
+ fail "Unable to delete object type $1 with name $2 because file $3 does not exist"
+ fi
+
+ echo Checking if object type $1 with name $2 exists
+ K8SOBJ=`kubectl get $1 -n ${namespace} | grep $2 | wc | awk ' { print $1; }'`
+ if [ "${K8SOBJ}" = "1" ]; then
+ echo Deleting $2 using $3
+ kubectl delete -f $3
+ fi
+}
+
+#
+# Function to lowercase a value
+# $1 - value to convert to lowercase
+function toLower {
+ local lc=`echo $1 | tr "[:upper:]" "[:lower:]"`
+ echo "$lc"
+}
+
+#
+# Function to lowercase a value and make it a legal DNS1123 name
+# $1 - value to convert to lowercase
+function toDNS1123Legal {
+ local val=`echo $1 | tr "[:upper:]" "[:lower:]"`
+ val=${val//"_"/"-"}
+ echo "$val"
+}
+
+#
+# Check the state of a persistent volume.
+# $1 - name of volume
+# $2 - expected state of volume
+function checkPvState {
+
+ echo "Checking if the persistent volume ${1:?} is ${2:?}"
+ local pv_state=`kubectl get pv $1 -o jsonpath='{.status.phase}'`
+ attempts=0
+ while [ ! "$pv_state" = "$2" ] && [ ! $attempts -eq 10 ]; do
+ attempts=$((attempts + 1))
+ sleep 1
+ pv_state=`kubectl get pv $1 -o jsonpath='{.status.phase}'`
+ done
+ if [ "$pv_state" != "$2" ]; then
+ fail "The persistent volume state should be $2 but is $pv_state"
+ fi
+}
+
+#
+# Function to check if a persistent volume exists
+# $1 - name of volume
+function checkPvExists {
+
+ echo "Checking if the persistent volume ${1} exists"
+ PV_EXISTS=`kubectl get pv | grep ${1} | wc | awk ' { print $1; } '`
+ if [ "${PV_EXISTS}" = "1" ]; then
+ echo "The persistent volume ${1} already exists"
+ PV_EXISTS="true"
+ else
+ echo "The persistent volume ${1} does not exist"
+ PV_EXISTS="false"
+ fi
+}
+
+#
+# Function to check if a persistent volume claim exists
+# $1 - name of persistent volume claim
+# $2 - NameSpace
+function checkPvcExists {
+ echo "Checking if the persistent volume claim ${1} in NameSpace ${2} exists"
+ PVC_EXISTS=`kubectl get pvc -n ${2} | grep ${1} | wc | awk ' { print $1; } '`
+ if [ "${PVC_EXISTS}" = "1" ]; then
+ echo "The persistent volume claim ${1} already exists in NameSpace ${2}"
+ PVC_EXISTS="true"
+ else
+ echo "The persistent volume claim ${1} does not exist in NameSpace ${2}"
+ PVC_EXISTS="false"
+ fi
+}
+
+# Copy the inputs file from the command line into the output directory
+# for the domain/operator unless the output directory already has an
+# inputs file and the file is the same as the one from the commandline.
+# $1 the inputs file from the command line
+# $2 the file in the output directory that needs to be made the same as $1
+function copyInputsFileToOutputDirectory {
+ local from=$1
+ local to=$2
+ local doCopy="true"
+ if [ -f "${to}" ]; then
+ local difference=`diff ${from} ${to}`
+ if [ -z "${difference}" ]; then
+ # the output file already exists and is the same as the inputs file.
+ # don't make a copy.
+ doCopy="false"
+ fi
+ fi
+ if [ "${doCopy}" = "true" ]; then
+ cp ${from} ${to}
+ fi
+}
+
+#
+# Function to obtain the IP address of the kubernetes cluster. This information
+# is used to form the URL's for accessing services that were deployed.
+#
+function getKubernetesClusterIP {
+
+ # Get name of the current context
+ local CUR_CTX=`kubectl config current-context | awk ' { print $1; } '`
+
+ # Get the name of the current cluster
+ local CUR_CLUSTER_CMD="kubectl config view -o jsonpath='{.contexts[?(@.name == \"${CUR_CTX}\")].context.cluster}' | awk ' { print $1; } '"
+ local CUR_CLUSTER=`eval ${CUR_CLUSTER_CMD}`
+
+ # Get the server address for the current cluster
+ local SVR_ADDR_CMD="kubectl config view -o jsonpath='{.clusters[?(@.name == \"${CUR_CLUSTER}\")].cluster.server}' | awk ' { print $1; } '"
+ local SVR_ADDR=`eval ${SVR_ADDR_CMD}`
+
+ # Server address is expected to be of the form http://address:port. Delimit
+ # string on the colon to obtain the address.
+ local array=(${SVR_ADDR//:/ })
+ K8S_IP="${array[1]/\/\//}"
+
+}
+
+#
+# Function to set the serverPodResources variable for including into the generated
+# domain.yaml, base on the serverPod resource requests and limits input values,
+# if specified.
+# The serverPodResources variable remains unset if none of the input values are provided.
+#
+function buildServerPodResources {
+
+ if [ -n "${serverPodMemoryRequest}" ]; then
+ local memoryRequest=" memory\: \"${serverPodMemoryRequest}\"\n"
+ fi
+ if [ -n "${serverPodCpuRequest}" ]; then
+ local cpuRequest=" cpu\: \"${serverPodCpuRequest}\"\n"
+ fi
+ if [ -n "${memoryRequest}" ] || [ -n "${cpuRequest}" ]; then
+ local requests=" requests\: \n$memoryRequest $cpuRequest"
+ fi
+
+ if [ -n "${serverPodMemoryLimit}" ]; then
+ local memoryLimit=" memory\: \"${serverPodMemoryLimit}\"\n"
+ fi
+ if [ -n "${serverPodCpuLimit}" ]; then
+ local cpuLimit=" cpu\: \"${serverPodCpuLimit}\"\n"
+ fi
+ if [ -n "${memoryLimit}" ] || [ -n "${cpuLimit}" ]; then
+ local limits=" limits\: \n$memoryLimit $cpuLimit"
+ fi
+
+ if [ -n "${requests}" ] || [ -n "${limits}" ]; then
+ # build resources element and remove last '\n'
+ serverPodResources=$(echo "resources\:\n${requests}${limits}" | sed -e 's/\\n$//')
+ fi
+}
+
+#
+# Function to generate the properties and yaml files for creating a domain
+#
+function createFiles {
+
+ update=false
+ if [ "$#" == 1 ]; then
+ echo Trying to update the domain
+ update=true
+ fi
+
+ # Make sure the output directory has a copy of the inputs file.
+ # The user can either pre-create the output directory, put the inputs
+ # file there, and create the domain from it, or the user can put the
+ # inputs file some place else and let this script create the output directory
+ # (if needed) and copy the inputs file there.
+ echo createFiles - valuesInputFile is ${valuesInputFile}
+ copyInputsFileToOutputDirectory ${valuesInputFile} "${domainOutputDir}/create-domain-inputs.yaml"
+
+ if [ "${domainHomeInImage}" == "true" ]; then
+ if [ -z "${domainHomeImageBase}" ]; then
+ fail "Please specify domainHomeImageBase in your input YAML"
+ fi
+ else
+ if [ -z "${image}" ]; then
+ fail "Please specify image in your input YAML"
+ fi
+ fi
+
+ dcrOutput="${domainOutputDir}/domain.yaml"
+
+ domainName=${domainUID}
+
+ enabledPrefix="" # uncomment the feature
+ disabledPrefix="# " # comment out the feature
+
+ exposeAnyChannelPrefix="${disabledPrefix}"
+ if [ "${exposeAdminT3Channel}" = true ]; then
+ exposeAdminT3ChannelPrefix="${enabledPrefix}"
+ exposeAnyChannelPrefix="${enabledPrefix}"
+ # set t3PublicAddress if not set
+ if [ -z "${t3PublicAddress}" ]; then
+ getKubernetesClusterIP
+ t3PublicAddress="${K8S_IP}"
+ fi
+ else
+ exposeAdminT3ChannelPrefix="${disabledPrefix}"
+ fi
+
+ if [ "${exposeAdminNodePort}" = true ]; then
+ exposeAdminNodePortPrefix="${enabledPrefix}"
+ exposeAnyChannelPrefix="${enabledPrefix}"
+ else
+ exposeAdminNodePortPrefix="${disabledPrefix}"
+ fi
+
+ if [ "${istioEnabled}" == "true" ]; then
+ istioPrefix="${enabledPrefix}"
+ else
+ istioPrefix="${disabledPrefix}"
+ fi
+
+ # The FromModel, MII (model-in-image), and WDT_DOMAIN_TYPE updates in this script
+ # must remain even though they are not referenced by a sample. They're used by the
+ # Operator integration test code. If you're interested in MII,
+ # see './kubernetes/samples/scripts/create-weblogic-domain/model-in-image'.
+
+ # MII settings are used for model-in-image integration testing
+ if [ "${domainHomeSourceType}" == "FromModel" ]; then
+ miiPrefix="${enabledPrefix}"
+ else
+ miiPrefix="${disabledPrefix}"
+ fi
+
+ # MII settings are used for model-in-image integration testing
+ if [ -z "${miiConfigMap}" ]; then
+ miiConfigMapPrefix="${disabledPrefix}"
+ else
+ miiConfigMapPrefix="${enabledPrefix}"
+ fi
+
+ # For some parameters, use the default value if not defined.
+ if [ -z "${domainPVMountPath}" ]; then
+ domainPVMountPath="/shared"
+ fi
+
+ if [ -z "${logHome}" ]; then
+ logHome="${domainPVMountPath}/logs/${domainUID}"
+ fi
+
+ if [ -z "${httpAccessLogInLogHome}" ]; then
+ httpAccessLogInLogHome="true"
+ fi
+
+ if [ -z "${dataHome}" ]; then
+ dataHome=""
+ fi
+
+ if [ -z "${persistentVolumeClaimName}" ]; then
+ persistentVolumeClaimName="${domainUID}-weblogic-sample-pvc"
+ fi
+
+ if [ -z "${weblogicCredentialsSecretName}" ]; then
+ weblogicCredentialsSecretName="${domainUID}-weblogic-credentials"
+ fi
+
+ if [ "${domainHomeInImage}" == "true" ]; then
+ domainPropertiesOutput="${domainOutputDir}/domain.properties"
+ domainHome="${domainHome:-/u01/oracle/user_projects/domains/${domainName}}"
+
+ # Generate the properties file that will be used when creating the weblogic domain
+ echo Generating ${domainPropertiesOutput} from ${domainPropertiesInput}
+
+ cp ${domainPropertiesInput} ${domainPropertiesOutput}
+ sed -i -e "s:%DOMAIN_NAME%:${domainName}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%DOMAIN_HOME%:${domainHome}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%ADMIN_PORT%:${adminPort}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%ADMIN_SERVER_SSL_PORT%:${adminServerSSLPort}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%ADMIN_SERVER_NAME%:${adminServerName}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%MANAGED_SERVER_PORT%:${managedServerPort}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%MANAGED_SERVER_SSL_PORT%:${managedServerSSLPort}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%MANAGED_SERVER_NAME_BASE%:${managedServerNameBase}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%CONFIGURED_MANAGED_SERVER_COUNT%:${configuredManagedServerCount}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%CLUSTER_NAME%:${clusterName}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%SSL_ENABLED%:${sslEnabled}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%PRODUCTION_MODE_ENABLED%:${productionModeEnabled}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%CLUSTER_TYPE%:${clusterType}:g" ${domainPropertiesOutput}
+ sed -i -e "s;%JAVA_OPTIONS%;${javaOptions};g" ${domainPropertiesOutput}
+ sed -i -e "s:%T3_CHANNEL_PORT%:${t3ChannelPort}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%T3_PUBLIC_ADDRESS%:${t3PublicAddress}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%EXPOSE_T3_CHANNEL%:${exposeAdminT3Channel}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%FMW_DOMAIN_TYPE%:${fmwDomainType}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%WDT_DOMAIN_TYPE%:${wdtDomainType}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%ADMIN_USER_NAME%:${username}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%ADMIN_USER_PASS%:${password}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%RCU_SCHEMA_PREFIX%:${rcuSchemaPrefix}:g" ${domainPropertiesOutput}
+ sed -i -e "s:%RCU_SCHEMA_PASSWORD%:${rcuSchemaPassword}:g" ${domainPropertiesOutput}
+ sed -i -e "s|%RCU_DB_CONN_STRING%|${rcuDatabaseURL}|g" ${domainPropertiesOutput}
+
+ if [ -z "${image}" ]; then
+ # calculate the internal name to tag the generated image
+ defaultImageName="domain-home-in-image"
+ baseTag=${domainHomeImageBase#*:}
+ defaultImageName=${defaultImageName}:${baseTag:-"latest"}
+ sed -i -e "s|%IMAGE_NAME%|${defaultImageName}|g" ${domainPropertiesOutput}
+ export BUILD_IMAGE_TAG=${defaultImageName}
+ else
+ sed -i -e "s|%IMAGE_NAME%|${image}|g" ${domainPropertiesOutput}
+ export BUILD_IMAGE_TAG=${image}
+ fi
+ else
+ # we're in the domain in PV case
+
+ wdtVersion="${WDT_VERSION:-${wdtVersion}}"
+ httpsProxy="${https_proxy}"
+
+ createJobOutput="${domainOutputDir}/create-domain-job.yaml"
+ deleteJobOutput="${domainOutputDir}/delete-domain-job.yaml"
+
+ if [ -z "${domainHome}" ]; then
+ domainHome="${domainPVMountPath}/domains/${domainUID}"
+ fi
+
+ # Use the default value if not defined.
+ if [ -z "${createDomainScriptsMountPath}" ]; then
+ createDomainScriptsMountPath="/u01/weblogic"
+ fi
+
+ if [ "${update}" == "true" ]; then
+ createDomainScriptName="update-domain-job.sh"
+ elif [ -z "${createDomainScriptName}" ]; then
+ createDomainScriptName="create-domain-job.sh"
+ fi
+ echo createDomainScriptName is ${createDomainScriptName}
+
+ # Must escape the ':' value in image for sed to properly parse and replace
+ image=$(echo ${image} | sed -e "s/\:/\\\:/g")
+
+ # Generate the yaml to create the kubernetes job that will create the weblogic domain
+ echo Generating ${createJobOutput}
+
+ cp ${createJobInput} ${createJobOutput}
+ sed -i -e "s:%NAMESPACE%:$namespace:g" ${createJobOutput}
+ sed -i -e "s:%WEBLOGIC_CREDENTIALS_SECRET_NAME%:${weblogicCredentialsSecretName}:g" ${createJobOutput}
+ sed -i -e "s:%WEBLOGIC_IMAGE%:${image}:g" ${createJobOutput}
+ sed -i -e "s:%WEBLOGIC_IMAGE_PULL_POLICY%:${imagePullPolicy}:g" ${createJobOutput}
+ sed -i -e "s:%WEBLOGIC_IMAGE_PULL_SECRET_NAME%:${imagePullSecretName}:g" ${createJobOutput}
+ sed -i -e "s:%WEBLOGIC_IMAGE_PULL_SECRET_PREFIX%:${imagePullSecretPrefix}:g" ${createJobOutput}
+ sed -i -e "s:%DOMAIN_UID%:${domainUID}:g" ${createJobOutput}
+ sed -i -e "s:%DOMAIN_NAME%:${domainName}:g" ${createJobOutput}
+ sed -i -e "s:%DOMAIN_HOME%:${domainHome}:g" ${createJobOutput}
+ sed -i -e "s:%SSL_ENABLED%:${sslEnabled}:g" ${createJobOutput}
+ sed -i -e "s:%PRODUCTION_MODE_ENABLED%:${productionModeEnabled}:g" ${createJobOutput}
+ sed -i -e "s:%ADMIN_SERVER_NAME%:${adminServerName}:g" ${createJobOutput}
+ sed -i -e "s:%ADMIN_SERVER_NAME_SVC%:${adminServerNameSVC}:g" ${createJobOutput}
+ sed -i -e "s:%ADMIN_PORT%:${adminPort}:g" ${createJobOutput}
+ sed -i -e "s:%ADMIN_SERVER_SSL_PORT%:${adminServerSSLPort}:g" ${createJobOutput}
+ sed -i -e "s:%CONFIGURED_MANAGED_SERVER_COUNT%:${configuredManagedServerCount}:g" ${createJobOutput}
+ sed -i -e "s:%MANAGED_SERVER_NAME_BASE%:${managedServerNameBase}:g" ${createJobOutput}
+ sed -i -e "s:%MANAGED_SERVER_NAME_BASE_SVC%:${managedServerNameBaseSVC}:g" ${createJobOutput}
+ sed -i -e "s:%MANAGED_SERVER_PORT%:${managedServerPort}:g" ${createJobOutput}
+ sed -i -e "s:%MANAGED_SERVER_SSL_PORT%:${managedServerSSLPort}:g" ${createJobOutput}
+ sed -i -e "s:%T3_CHANNEL_PORT%:${t3ChannelPort}:g" ${createJobOutput}
+ sed -i -e "s:%T3_PUBLIC_ADDRESS%:${t3PublicAddress}:g" ${createJobOutput}
+ sed -i -e "s:%CLUSTER_NAME%:${clusterName}:g" ${createJobOutput}
+ sed -i -e "s:%CLUSTER_TYPE%:${clusterType}:g" ${createJobOutput}
+ sed -i -e "s:%DOMAIN_PVC_NAME%:${persistentVolumeClaimName}:g" ${createJobOutput}
+ sed -i -e "s:%DOMAIN_ROOT_DIR%:${domainPVMountPath}:g" ${createJobOutput}
+ sed -i -e "s:%CREATE_DOMAIN_SCRIPT_DIR%:${createDomainScriptsMountPath}:g" ${createJobOutput}
+ sed -i -e "s:%CREATE_DOMAIN_SCRIPT%:${createDomainScriptName}:g" ${createJobOutput}
+ # extra entries for FMW Infra domains
+ sed -i -e "s:%RCU_CREDENTIALS_SECRET_NAME%:${rcuCredentialsSecret}:g" ${createJobOutput}
+ sed -i -e "s:%CUSTOM_RCUPREFIX%:${rcuSchemaPrefix}:g" ${createJobOutput}
+ sed -i -e "s|%CUSTOM_CONNECTION_STRING%|${rcuDatabaseURL}|g" ${createJobOutput}
+ sed -i -e "s:%EXPOSE_T3_CHANNEL_PREFIX%:${exposeAdminT3Channel}:g" ${createJobOutput}
+ sed -i -e "s:%FRONTEND_HOST%:${frontEndHost}:g" ${createJobOutput}
+ sed -i -e "s:%FRONTEND_PORT%:${frontEndPort}:g" ${createJobOutput}
+ # entries for Istio
+ sed -i -e "s:%ISTIO_PREFIX%:${istioPrefix}:g" ${createJobOutput}
+ sed -i -e "s:%ISTIO_ENABLED%:${istioEnabled}:g" ${createJobOutput}
+ sed -i -e "s:%ISTIO_READINESS_PORT%:${istioReadinessPort}:g" ${createJobOutput}
+ sed -i -e "s:%WDT_VERSION%:${wdtVersion}:g" ${createJobOutput}
+ #sed -i -e "s|%DOMAIN_TYPE%|${domain_type}|g" ${createJobOutput}
+ sed -i -e "s|%PROXY_VAL%|${httpsProxy}|g" ${createJobOutput}
+
+ # Generate the yaml to create the kubernetes job that will delete the weblogic domain_home folder
+ echo Generating ${deleteJobOutput}
+
+ cp ${deleteJobInput} ${deleteJobOutput}
+ sed -i -e "s:%NAMESPACE%:$namespace:g" ${deleteJobOutput}
+ sed -i -e "s:%WEBLOGIC_IMAGE%:${image}:g" ${deleteJobOutput}
+ sed -i -e "s:%WEBLOGIC_IMAGE_PULL_POLICY%:${imagePullPolicy}:g" ${deleteJobOutput}
+ sed -i -e "s:%WEBLOGIC_CREDENTIALS_SECRET_NAME%:${weblogicCredentialsSecretName}:g" ${deleteJobOutput}
+ sed -i -e "s:%WEBLOGIC_IMAGE_PULL_SECRET_NAME%:${imagePullSecretName}:g" ${deleteJobOutput}
+ sed -i -e "s:%WEBLOGIC_IMAGE_PULL_SECRET_PREFIX%:${imagePullSecretPrefix}:g" ${deleteJobOutput}
+ sed -i -e "s:%DOMAIN_UID%:${domainUID}:g" ${deleteJobOutput}
+ sed -i -e "s:%DOMAIN_NAME%:${domainName}:g" ${deleteJobOutput}
+ sed -i -e "s:%DOMAIN_HOME%:${domainHome}:g" ${deleteJobOutput}
+ sed -i -e "s:%DOMAIN_PVC_NAME%:${persistentVolumeClaimName}:g" ${deleteJobOutput}
+ sed -i -e "s:%DOMAIN_ROOT_DIR%:${domainPVMountPath}:g" ${deleteJobOutput}
+ fi
+
+ if [ "${domainHomeSourceType}" == "FromModel" ]; then
+ echo domainHomeSourceType is FromModel
+ # leave domainHomeSourceType to FromModel
+ if [ "${logHomeOnPV}" == "true" ]; then
+ logHomeOnPVPrefix="${enabledPrefix}"
+ else
+ logHomeOnPVPrefix="${disabledPrefix}"
+ fi
+ elif [ "${domainHomeInImage}" == "true" ]; then
+ domainHomeSourceType="Image"
+ if [ "${logHomeOnPV}" == "true" ]; then
+ logHomeOnPVPrefix="${enabledPrefix}"
+ else
+ logHomeOnPVPrefix="${disabledPrefix}"
+ fi
+ else
+ domainHomeSourceType="PersistentVolume"
+ logHomeOnPVPrefix="${enabledPrefix}"
+ logHomeOnPV=true
+ fi
+
+ # Generate the yaml file for creating the domain resource
+ # We want to use wdt's extractDomainResource.sh to get the domain resource
+ # for domain on pv use case. For others, generate domain resource here
+
+ if [ "${domainHomeSourceType}" != "PersistentVolume" ] || [ "${wdtDomainType}" != "WLS" ] ||
+ [ "${useWdt}" != true ]; then
+ echo Generating ${dcrOutput}
+
+ cp ${dcrInput} ${dcrOutput}
+ sed -i -e "s:%DOMAIN_UID%:${domainUID}:g" ${dcrOutput}
+ sed -i -e "s:%NAMESPACE%:$namespace:g" ${dcrOutput}
+ sed -i -e "s:%DOMAIN_HOME%:${domainHome}:g" ${dcrOutput}
+ sed -i -e "s:%DOMAIN_HOME_SOURCE_TYPE%:${domainHomeSourceType}:g" ${dcrOutput}
+ sed -i -e "s:%WEBLOGIC_IMAGE_PULL_POLICY%:${imagePullPolicy}:g" ${dcrOutput}
+ sed -i -e "s:%WEBLOGIC_IMAGE_PULL_SECRET_PREFIX%:${imagePullSecretPrefix}:g" ${dcrOutput}
+ sed -i -e "s:%WEBLOGIC_IMAGE_PULL_SECRET_NAME%:${imagePullSecretName}:g" ${dcrOutput}
+ sed -i -e "s:%WEBLOGIC_CREDENTIALS_SECRET_NAME%:${weblogicCredentialsSecretName}:g" ${dcrOutput}
+ sed -i -e "s:%INCLUDE_SERVER_OUT_IN_POD_LOG%:${includeServerOutInPodLog}:g" ${dcrOutput}
+ sed -i -e "s:%LOG_HOME_ON_PV_PREFIX%:${logHomeOnPVPrefix}:g" ${dcrOutput}
+ sed -i -e "s:%LOG_HOME_ENABLED%:${logHomeOnPV}:g" ${dcrOutput}
+ sed -i -e "s:%LOG_HOME%:${logHome}:g" ${dcrOutput}
+ sed -i -e "s:%HTTP_ACCESS_LOG_IN_LOG_HOME%:${httpAccessLogInLogHome}:g" ${dcrOutput}
+ sed -i -e "s:%DATA_HOME%:${dataHome}:g" ${dcrOutput}
+ sed -i -e "s:%SERVER_START_POLICY%:${serverStartPolicy}:g" ${dcrOutput}
+ sed -i -e "s;%JAVA_OPTIONS%;${javaOptions};g" ${dcrOutput}
+ sed -i -e "s:%DOMAIN_PVC_NAME%:${persistentVolumeClaimName}:g" ${dcrOutput}
+ sed -i -e "s:%DOMAIN_ROOT_DIR%:${domainPVMountPath}:g" ${dcrOutput}
+
+ if [ "${istioEnabled}" == "true" ]; then
+ exposeAdminNodePortPrefix="${disabledPrefix}"
+ fi
+
+ sed -i -e "s:%EXPOSE_T3_CHANNEL_PREFIX%:${exposeAdminT3ChannelPrefix}:g" ${dcrOutput}
+ sed -i -e "s:%EXPOSE_ANY_CHANNEL_PREFIX%:${exposeAnyChannelPrefix}:g" ${dcrOutput}
+ sed -i -e "s:%EXPOSE_ADMIN_PORT_PREFIX%:${exposeAdminNodePortPrefix}:g" ${dcrOutput}
+ sed -i -e "s:%ADMIN_NODE_PORT%:${adminNodePort}:g" ${dcrOutput}
+ sed -i -e "s:%CLUSTER_NAME%:${clusterName}:g" ${dcrOutput}
+ sed -i -e "s:%INITIAL_MANAGED_SERVER_REPLICAS%:${initialManagedServerReplicas}:g" ${dcrOutput}
+ sed -i -e "s:%ISTIO_PREFIX%:${istioPrefix}:g" ${dcrOutput}
+ sed -i -e "s:%ISTIO_ENABLED%:${istioEnabled}:g" ${dcrOutput}
+ sed -i -e "s:%ISTIO_READINESS_PORT%:${istioReadinessPort}:g" ${dcrOutput}
+ # MII settings are used for model-in-image integration testing
+ sed -i -e "s:%MII_PREFIX%:${miiPrefix}:g" ${dcrOutput}
+ sed -i -e "s:%MII_CONFIG_MAP_PREFIX%:${miiConfigMapPrefix}:g" ${dcrOutput}
+ sed -i -e "s:%MII_CONFIG_MAP%:${miiConfigMap}:g" ${dcrOutput}
+ sed -i -e "s:%WDT_DOMAIN_TYPE%:${wdtDomainType}:g" ${dcrOutput}
+
+ buildServerPodResources
+ if [ -z "${serverPodResources}" ]; then
+ sed -i -e "/%OPTIONAL_SERVERPOD_RESOURCES%/d" ${dcrOutput}
+ else
+ if [[ $(uname) -eq "Darwin" ]]; then
+ serverPodResources=$(echo "${serverPodResources}" | sed -e 's/\\n/%NEWLINE%/g')
+ sed -i -e "s:%OPTIONAL_SERVERPOD_RESOURCES%:${serverPodResources}:g" ${dcrOutput}
+ sed -i -e $'s|%NEWLINE%|\\\n|g' ${dcrOutput}
+ else
+ sed -i -e "s:%OPTIONAL_SERVERPOD_RESOURCES%:${serverPodResources}:g" ${dcrOutput}
+ fi
+ fi
+
+ if [ "${domainHomeInImage}" == "true" ]; then
+
+ # now we know which image to use, update the domain yaml file
+ if [ -z $image ]; then
+ sed -i -e "s|%WEBLOGIC_IMAGE%|${defaultImageName}|g" ${dcrOutput}
+ else
+ sed -i -e "s|%WEBLOGIC_IMAGE%|${image}|g" ${dcrOutput}
+ fi
+ else
+ sed -i -e "s:%WEBLOGIC_IMAGE%:${image}:g" ${dcrOutput}
+ fi
+ fi
+
+ # Remove any "...yaml-e" and "...properties-e" files left over from running sed
+ rm -f ${domainOutputDir}/*.yaml-e
+ rm -f ${domainOutputDir}/*.properties-e
+
+}
+
+
+#
+# Function to markup the wdt model file
+#
+function updateModelFile {
+ # Update the wdt model file with kubernetes section
+ modelFile="${domainOutputDir}/tmp/wdt_model.yaml"
+ cat ${scriptDir}/wdt_k8s_model_template.yaml >> ${modelFile}
+
+ sed -i -e "s:%DOMAIN_UID%:${domainUID}:g" ${modelFile}
+ sed -i -e "s:%NAMESPACE%:$namespace:g" ${modelFile}
+ sed -i -e "s:%DOMAIN_HOME%:${domainHome}:g" ${modelFile}
+ sed -i -e "s:%DOMAIN_HOME_SOURCE_TYPE%:${domainHomeSourceType}:g" ${modelFile}
+ sed -i -e "s:%WEBLOGIC_IMAGE_PULL_POLICY%:${imagePullPolicy}:g" ${modelFile}
+ sed -i -e "s:%WEBLOGIC_IMAGE_PULL_SECRET_PREFIX%:${imagePullSecretPrefix}:g" ${modelFile}
+ sed -i -e "s:%WEBLOGIC_IMAGE_PULL_SECRET_NAME%:${imagePullSecretName}:g" ${modelFile}
+ sed -i -e "s:%WEBLOGIC_CREDENTIALS_SECRET_NAME%:${weblogicCredentialsSecretName}:g" ${modelFile}
+ sed -i -e "s:%INCLUDE_SERVER_OUT_IN_POD_LOG%:${includeServerOutInPodLog}:g" ${modelFile}
+ sed -i -e "s:%LOG_HOME_ON_PV_PREFIX%:${logHomeOnPVPrefix}:g" ${modelFile}
+ sed -i -e "s:%LOG_HOME_ENABLED%:${logHomeOnPV}:g" ${modelFile}
+ sed -i -e "s:%LOG_HOME%:${logHome}:g" ${modelFile}
+ sed -i -e "s:%HTTP_ACCESS_LOG_IN_LOG_HOME%:${httpAccessLogInLogHome}:g" ${modelFile}
+ sed -i -e "s:%DATA_HOME%:${dataHome}:g" ${modelFile}
+ sed -i -e "s:%SERVER_START_POLICY%:${serverStartPolicy}:g" ${modelFile}
+ sed -i -e "s;%JAVA_OPTIONS%;${javaOptions};g" ${modelFile}
+ sed -i -e "s:%DOMAIN_PVC_NAME%:${persistentVolumeClaimName}:g" ${modelFile}
+ sed -i -e "s:%DOMAIN_ROOT_DIR%:${domainPVMountPath}:g" ${modelFile}
+
+ if [ "${istioEnabled}" == "true" ]; then
+ exposeAdminNodePortPrefix="${disabledPrefix}"
+ fi
+
+ sed -i -e "s:%EXPOSE_T3_CHANNEL_PREFIX%:${exposeAdminT3ChannelPrefix}:g" ${modelFile}
+ sed -i -e "s:%EXPOSE_ANY_CHANNEL_PREFIX%:${exposeAnyChannelPrefix}:g" ${modelFile}
+ sed -i -e "s:%EXPOSE_ADMIN_PORT_PREFIX%:${exposeAdminNodePortPrefix}:g" ${modelFile}
+ sed -i -e "s:%ADMIN_NODE_PORT%:${adminNodePort}:g" ${modelFile}
+ sed -i -e "s:%CLUSTER_NAME%:${clusterName}:g" ${modelFile}
+ sed -i -e "s:%INITIAL_MANAGED_SERVER_REPLICAS%:${initialManagedServerReplicas}:g" ${modelFile}
+ sed -i -e "s:%ISTIO_PREFIX%:${istioPrefix}:g" ${modelFile}
+ sed -i -e "s:%ISTIO_ENABLED%:${istioEnabled}:g" ${modelFile}
+ sed -i -e "s:%ISTIO_READINESS_PORT%:${istioReadinessPort}:g" ${modelFile}
+ # MII settings are used for model-in-image integration testing
+ sed -i -e "s:%MII_PREFIX%:${miiPrefix}:g" ${modelFile}
+ sed -i -e "s:%MII_CONFIG_MAP_PREFIX%:${miiConfigMapPrefix}:g" ${modelFile}
+ sed -i -e "s:%MII_CONFIG_MAP%:${miiConfigMap}:g" ${modelFile}
+ sed -i -e "s:%WDT_DOMAIN_TYPE%:${wdtDomainType}:g" ${modelFile}
+
+ buildServerPodResources
+ if [ -z "${serverPodResources}" ]; then
+ sed -i -e "/%OPTIONAL_SERVERPOD_RESOURCES%/d" ${modelFile}
+ else
+ if [[ $(uname) -eq "Darwin" ]]; then
+ serverPodResources=$(echo "${serverPodResources}" | sed -e 's/\\n/%NEWLINE%/g')
+ sed -i -e "s:%OPTIONAL_SERVERPOD_RESOURCES%:${serverPodResources}:g" ${modelFile}
+ sed -i -e $'s|%NEWLINE%|\\\n|g' ${modelFile}
+ else
+ sed -i -e "s:%OPTIONAL_SERVERPOD_RESOURCES%:${serverPodResources}:g" ${modelFile}
+ fi
+ fi
+
+ sed -i -e "s:%WEBLOGIC_IMAGE%:${image}:g" ${modelFile}
+}
+
+#
+# Function to create the domain recource
+#
+function createDomainResource {
+ kubectl apply -f ${dcrOutput}
+
+ attempts=0
+ while [ "$DCR_AVAIL" != "1" ] && [ ! $attempts -eq 10 ]; do
+ attempts=$((attempts + 1))
+ sleep 1
+ DCR_AVAIL=`kubectl get domain ${domainUID} -n ${namespace} | grep ${domainUID} | wc | awk ' { print $1; } '`
+ done
+ if [ "${DCR_AVAIL}" != "1" ]; then
+ fail "The domain resource ${domainUID} was not found"
+ fi
+}
+
+#
+# Function to create a domain
+# $1 - boolean value indicating the location of the domain home
+# true means domain home in image
+# false means domain home on PV
+#
+function createDomain {
+ if [ "$#" != 1 ]; then
+ fail "The function must be called with domainHomeInImage parameter."
+ fi
+
+ domainHomeInImage="${1}"
+ if [ "true" != "${domainHomeInImage}" ] && [ "false" != "${domainHomeInImage}" ]; then
+ fail "The value of domainHomeInImage must be true or false: ${domainHomeInImage}"
+ fi
+
+ # Setup the environment for running this script and perform initial validation checks
+ initialize
+
+ # Generate files for creating the domain
+ createFiles
+
+ # Check that the domain secret exists and contains the required elements
+ validateDomainSecret
+
+ # Validate the domain's persistent volume claim
+ if [ "${doValidation}" == true ] && [ "${domainHomeInImage}" == false -o "${logHomeOnPV}" == true ]; then
+ validateDomainPVC
+ fi
+
+ # Create the WebLogic domain home
+ createDomainHome
+
+ if [ "${executeIt}" = true ]; then
+ createDomainResource
+ fi
+
+ # Print a summary
+ printSummary
+}
+
+#
+# Function to update a domain
+# $1 - boolean value indicating the location of the domain home
+# true means domain home in image
+# false means domain home on PV
+#
+function updateDomain {
+
+ domainHomeInImage="false"
+
+ # Setup the environment for running this script and perform initial validation checks
+ initialize
+
+ # Generate files for creating the domain
+ createFiles update
+
+ # Check that the domain secret exists and contains the required elements
+ validateDomainSecret
+
+ # Validate the domain's persistent volume claim
+ if [ "${doValidation}" == true ]; then
+ validateDomainPVC
+ fi
+
+ # Create the WebLogic domain home
+ updateDomainHome
+
+ if [ "${executeIt}" = true ]; then
+ createDomainResource
+ fi
+
+ # Print a summary
+ printSummary
+}
+
+# checks if a given pod in a NameSpace has been deleted
+function checkPodDelete(){
+
+ pod=$1
+ ns=$2
+ status="Terminating"
+
+ if [ -z ${1} ]; then
+ echo "No Pod name provided "
+ exit -1
+ fi
+
+ if [ -z ${2} ]; then
+ echo "No NameSpace provided "
+ exit -2
+ fi
+
+ echo "Checking Status for Pod [$pod] in namespace [${ns}]"
+ max=10
+ count=1
+ while [ $count -le $max ] ; do
+ sleep 5
+ pod=`kubectl get po/$1 -n ${ns} | grep -v NAME | awk '{print $1}'`
+ if [ -z ${pod} ]; then
+ status="Terminated"
+ echo "Pod [$1] removed from nameSpace [${ns}]"
+ break;
+ fi
+ count=`expr $count + 1`
+ echo "Pod [$pod] Status [${status}]"
+ done
+
+ if [ $count -gt $max ] ; then
+ echo "[ERROR] The Pod[$1] in NameSpace [$ns] could not be deleted in 50s";
+ exit 1
+ fi
+}
+
+# Checks if all container(s) in a pod are running state based on READY column
+#NAME READY STATUS RESTARTS AGE
+#domain1-adminserver 1/1 Running 0 4m
+
+function checkPodState(){
+
+ status="NotReady"
+ max=60
+ count=1
+
+ pod=$1
+ ns=$2
+ state=${3:-1/1}
+
+ echo "Checking Pod READY column for State [$state]"
+ pname=`kubectl get po -n ${ns} | grep -w ${pod} | awk '{print $1}'`
+ if [ -z ${pname} ]; then
+ echo "No such pod [$pod] exists in NameSpace [$ns] "
+ exit -1
+ fi
+
+ rcode=`kubectl get po ${pname} -n ${ns} | grep -w ${pod} | awk '{print $2}'`
+ [[ ${rcode} -eq "${state}" ]] && status="Ready"
+
+ while [ ${status} != "Ready" -a $count -le $max ] ; do
+ sleep 5
+ rcode=`kubectl get po/$pod -n ${ns} | grep -v NAME | awk '{print $2}'`
+ [[ ${rcode} -eq "1/1" ]] && status="Ready"
+ echo "Pod [$1] Status is ${status} Iter [$count/$max]"
+ count=`expr $count + 1`
+ done
+ if [ $count -gt $max ] ; then
+ echo "[ERROR] Unable to start the Pod [$pod] after 300s ";
+ exit 1
+ fi
+
+ pname=`kubectl get po -n ${ns} | grep -w ${pod} | awk '{print $1}'`
+ kubectl -n ${ns} get po ${pname}
+}
+
+# Checks if a pod is available in a given namespace
+function checkPod(){
+
+ max=20
+ count=1
+
+ pod=$1
+ ns=$2
+
+ pname=`kubectl get po -n ${ns} | grep -w ${pod} | awk '{print $1}'`
+ if [ -z ${pname} ]; then
+ echo "No such pod [$pod] exists in NameSpace [$ns]"
+ sleep 10
+ fi
+
+ rcode=`kubectl get po -n ${ns} | grep -w ${pod} | awk '{print $1}'`
+ if [ ! -z ${rcode} ]; then
+ echo "[$pod] already initialized .. "
+ return 0
+ fi
+
+ echo "The POD [${pod}] has not been initialized ..."
+ while [ -z ${rcode} ]; do
+ [[ $count -gt $max ]] && break
+ echo "Pod[$pod] is being initialized ..."
+ sleep 5
+ rcode=`kubectl get po -n ${ns} | grep $pod | awk '{print $1}'`
+ count=`expr $count + 1`
+ done
+
+ if [ $count -gt $max ] ; then
+ echo "[ERROR] Could not find Pod [$pod] after 120s";
+ exit 1
+ fi
+}
+
+# Checks if a service is available in a given namespace
+function checkService(){
+ svc=$1
+ ns=$2
+ startSecs=$SECONDS
+ maxWaitSecs=20
+ while [ -z "`kubectl get service -n ${ns} | grep -w ${svc}`" ]; do
+ if [ $((SECONDS - startSecs)) -lt $maxWaitSecs ]; then
+ echo "Service [$svc] not found after $((SECONDS - startSecs)) seconds, retrying ..."
+ sleep 5
+ else
+ echo "[Error] Could not find Service [$svc] after $((SECONDS - startSecs)) seconds"
+ exit 1
+ fi
+ done
+ echo "Service [$svc] found"
+}
diff --git a/OracleAccessManagement/kubernetes/common/validate.sh b/OracleAccessManagement/kubernetes/common/validate.sh
new file mode 100755
index 000000000..1a407a99a
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/common/validate.sh
@@ -0,0 +1,481 @@
+#!/usr/bin/env bash
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Description
+# Common validation functions shared by all other scripts that process inputs properties.
+#
+
+#
+# Function to note that a validate error has occurred
+#
+function validationError {
+ printError $*
+ validateErrors=true
+}
+
+#
+# Function to cause the script to fail if there were any validation errors
+#
+function failIfValidationErrors {
+ if [ "$validateErrors" = true ]; then
+ fail 'The errors listed above must be resolved before the script can continue'
+ fi
+}
+
+#
+# Function to validate that a list of required input parameters were specified
+#
+function validateInputParamsSpecified {
+ for p in $*; do
+ local name=$p
+ local val=${!name}
+ if [ -z "$val" ]; then
+ validationError "The ${name} parameter in ${valuesInputFile} is missing, null or empty"
+ fi
+ done
+}
+
+#
+# Function to validate that a list of input parameters have boolean values.
+# It assumes that validateInputParamsSpecified will also be called for these params.
+#
+function validateBooleanInputParamsSpecified {
+ validateInputParamsSpecified $*
+ for p in $*; do
+ local name=$p
+ local val=${!name}
+ if ! [ -z $val ]; then
+ if [ "true" != "$val" ] && [ "false" != "$val" ]; then
+ validationError "The value of $name must be true or false: $val"
+ fi
+ fi
+ done
+}
+
+#
+# Function to validate that a list of input parameters have integer values.
+#
+function validateIntegerInputParamsSpecified {
+ validateInputParamsSpecified $*
+ for p in $*; do
+ local name=$p
+ local val=${!name}
+ if ! [ -z $val ]; then
+ local intVal=""
+ printf -v intVal '%d' "$val" 2>/dev/null
+ if ! [ "${val}" == "${intVal}" ]; then
+ validationError "The value of $name must be an integer: $val"
+ fi
+ fi
+ done
+}
+
+#
+# Function to check if a value is lowercase
+# $1 - name of object being checked
+# $2 - value to check
+function validateLowerCase {
+ local lcVal=$(toLower $2)
+ if [ "$lcVal" != "$2" ]; then
+ validationError "The value of $1 must be lowercase: $2"
+ fi
+}
+
+#
+# Function to check if a value is lowercase and legal DNS name
+# $1 - name of object being checked
+# $2 - value to check
+function validateDNS1123LegalName {
+ local val=$(toDNS1123Legal $2)
+ if [ "$val" != "$2" ]; then
+ validationError "The value of $1 contains invalid charaters: $2"
+ fi
+}
+
+#
+# Function to validate the namespace
+#
+function validateNamespace {
+ validateLowerCase "namespace" ${namespace}
+}
+
+#
+# Function to validate the version of the inputs file
+#
+function validateVersion {
+ local requiredVersion=${requiredInputsVersion}
+ if [ "${version}" != "${requiredVersion}" ]; then
+ validationError "Invalid version: \"${version}\". Must be ${requiredVersion}."
+ fi
+}
+
+#
+# Function to ensure the domain uid is a legal DNS name
+#
+function validateDomainUid {
+ validateLowerCase "domainUID" ${domainUID}
+ validateDNS1123LegalName domainUID ${domainUID}
+}
+
+#
+# Function to ensure the namespace is lowercase
+#
+function validateNamespace {
+ validateLowerCase "namespace" ${namespace}
+}
+
+#
+# Create an instance of clusterName to be used in cases where a legal DNS name is required.
+#
+function validateClusterName {
+ clusterNameSVC=$(toDNS1123Legal $clusterName)
+}
+
+#
+# Create an instance of adminServerName to be used in cases where a legal DNS name is required.
+#
+function validateAdminServerName {
+ adminServerNameSVC=$(toDNS1123Legal $adminServerName)
+}
+
+#
+# Create an instance of adminServerName to be used in cases where a legal DNS name is required.
+#
+function validateManagedServerNameBase {
+ managedServerNameBaseSVC=$(toDNS1123Legal $managedServerNameBase)
+}
+
+#
+# Function to validate the secret name
+#
+function validateWeblogicCredentialsSecretName {
+ validateLowerCase "weblogicCredentialsSecretName" ${weblogicCredentialsSecretName}
+}
+
+#
+# Function to validate the weblogic image pull policy
+#
+function validateWeblogicImagePullPolicy {
+ if [ ! -z ${imagePullPolicy} ]; then
+ case ${imagePullPolicy} in
+ "IfNotPresent")
+ ;;
+ "Always")
+ ;;
+ "Never")
+ ;;
+ *)
+ validationError "Invalid value for imagePullPolicy: ${imagePullPolicy}. Valid values are IfNotPresent, Always, and Never."
+ ;;
+ esac
+ else
+ # Set the default
+ imagePullPolicy="IfNotPresent"
+ fi
+ failIfValidationErrors
+}
+
+#
+# Function to validate the fmwDomainType
+#
+function validateFmwDomainType {
+ if [ ! -z ${fmwDomainType} ]; then
+ case ${fmwDomainType} in
+ "JRF")
+ ;;
+ "RestrictedJRF")
+ ;;
+ *)
+ validationError "Invalid value for fmwDomainType: ${fmwDomainType}. Valid values are JRF or restrictedJRF."
+ ;;
+ esac
+ else
+ # Set the default
+ fmwDomainType="JRF"
+ fi
+ failIfValidationErrors
+}
+
+#
+# Function to validate the weblogic image pull secret name
+#
+function validateWeblogicImagePullSecretName {
+ if [ ! -z ${imagePullSecretName} ]; then
+ validateLowerCase imagePullSecretName ${imagePullSecretName}
+ imagePullSecretPrefix=""
+ if [ "${generateOnly}" = false ]; then
+ validateWeblogicImagePullSecret
+ fi
+ else
+ # Set name blank when not specified, and comment out the yaml
+ imagePullSecretName=""
+ imagePullSecretPrefix="#"
+ fi
+}
+
+#
+# Function to validate the weblogic image pull secret exists
+#
+function validateWeblogicImagePullSecret {
+ # The kubernetes secret for pulling images from a container registry is optional.
+ # If it was specified, make sure it exists.
+ validateSecretExists ${imagePullSecretName} ${namespace}
+ failIfValidationErrors
+}
+
+# try to execute kubectl to see whether kubectl is available
+function validateKubectlAvailable {
+ if ! [ -x "$(command -v kubectl)" ]; then
+ validationError "kubectl is not installed"
+ fi
+}
+
+# Function to validate the server start policy value
+#
+function validateServerStartPolicy {
+ validateInputParamsSpecified serverStartPolicy
+ if [ ! -z "${serverStartPolicy}" ]; then
+ case ${serverStartPolicy} in
+ "NEVER")
+ ;;
+ "ALWAYS")
+ ;;
+ "IF_NEEDED")
+ ;;
+ "ADMIN_ONLY")
+ ;;
+ *)
+ validationError "Invalid value for serverStartPolicy: ${serverStartPolicy}. Valid values are 'NEVER', 'ALWAYS', 'IF_NEEDED', and 'ADMIN_ONLY'."
+ ;;
+ esac
+ fi
+}
+
+#
+# Function to validate the weblogic domain storage reclaim policy
+#
+function validateWeblogicDomainStorageReclaimPolicy {
+ validateInputParamsSpecified weblogicDomainStorageReclaimPolicy
+ if [ ! -z "${weblogicDomainStorageReclaimPolicy}" ]; then
+ case ${weblogicDomainStorageReclaimPolicy} in
+ "Retain")
+ ;;
+ "Delete")
+ if [ "${weblogicDomainStoragePath:0:5}" != "/tmp/" ]; then
+ validationError "ERROR - Invalid value for weblogicDomainStorageReclaimPolicy ${weblogicDomainStorageReclaimPolicy} with weblogicDomainStoragePath ${weblogicDomainStoragePath} that is not /tmp/"
+ fi
+ ;;
+ "Recycle")
+ ;;
+ *)
+ validationError "Invalid value for weblogicDomainStorageReclaimPolicy: ${weblogicDomainStorageReclaimPolicy}. Valid values are Retain, Delete and Recycle."
+ ;;
+ esac
+ fi
+}
+
+#
+# Function to validate the weblogic domain storage type
+#
+function validateWeblogicDomainStorageType {
+ validateInputParamsSpecified weblogicDomainStorageType
+ if [ ! -z "${weblogicDomainStorageType}" ]; then
+ case ${weblogicDomainStorageType} in
+ "HOST_PATH")
+ ;;
+ "NFS")
+ validateInputParamsSpecified weblogicDomainStorageNFSServer
+ ;;
+ *)
+ validationError "Invalid value for weblogicDomainStorageType: ${weblogicDomainStorageType}. Valid values are HOST_PATH and NFS."
+ ;;
+ esac
+ fi
+}
+
+#
+# Function to validate the load balancer value
+#
+function validateLoadBalancer {
+ validateInputParamsSpecified loadBalancer
+ if [ ! -z "${loadBalancer}" ]; then
+ case ${loadBalancer} in
+ "TRAEFIK")
+ ;;
+ "APACHE")
+ ;;
+ "VOYAGER")
+ ;;
+ "NONE")
+ ;;
+ *)
+ validationError "Invalid value for loadBalancer: ${loadBalancer}. Valid values are APACHE, TRAEFIK, VOYAGER and NONE."
+ ;;
+ esac
+ fi
+}
+
+#
+# Function to validate a kubernetes secret exists
+# $1 - the name of the secret
+# $2 - namespace
+function validateSecretExists {
+ echo "Checking to see if the secret ${1} exists in namespace ${2}"
+ local SECRET=`kubectl get secret ${1} -n ${2} | grep ${1} | wc | awk ' { print $1; }'`
+ if [ "${SECRET}" != "1" ]; then
+ validationError "The secret ${1} was not found in namespace ${2}"
+ fi
+}
+
+#
+# Function to validate the domain secret
+#
+function validateDomainSecret {
+ # Verify the secret exists
+ validateSecretExists ${weblogicCredentialsSecretName} ${namespace}
+ failIfValidationErrors
+
+ # Verify the secret contains a username
+ SECRET=`kubectl get secret ${weblogicCredentialsSecretName} -n ${namespace} -o jsonpath='{.data}' | tr -d '"' | grep username: | wc | awk ' { print $1; }'`
+ if [ "${SECRET}" != "1" ]; then
+ validationError "The domain secret ${weblogicCredentialsSecretName} in namespace ${namespace} does contain a username"
+ fi
+
+ # Verify the secret contains a password
+ SECRET=`kubectl get secret ${weblogicCredentialsSecretName} -n ${namespace} -o jsonpath='{.data}' | tr -d '"'| grep password: | wc | awk ' { print $1; }'`
+ if [ "${SECRET}" != "1" ]; then
+ validationError "The domain secret ${weblogicCredentialsSecretName} in namespace ${namespace} does contain a password"
+ fi
+ failIfValidationErrors
+}
+
+#
+# function to validate if we will be using wdt or wlst to create the domain
+#
+function validateDomainFilesDir {
+ useWdt=true
+ if [ -z "${createDomainFilesDir}" ] || [ "${createDomainFilesDir}" == "wlst" ]; then
+ useWdt=false
+ fi
+}
+
+#
+# Function to validate the common input parameters
+#
+function validateCommonInputs {
+ sample_name=${1:-"other"}
+
+ # Parse the common inputs file
+ parseCommonInputs
+
+ validateInputParamsSpecified \
+ adminServerName \
+ domainUID \
+ clusterName \
+ managedServerNameBase \
+ namespace \
+ includeServerOutInPodLog \
+ version
+
+ validateIntegerInputParamsSpecified \
+ adminPort \
+ initialManagedServerReplicas \
+ managedServerPort \
+ t3ChannelPort \
+ adminNodePort
+
+ if [ ! "${sample_name}" == "fmw-domain-home-in-image" ]; then
+ validateIntegerInputParamsSpecified configuredManagedServerCount
+ fi
+
+ validateBooleanInputParamsSpecified \
+ productionModeEnabled \
+ exposeAdminT3Channel \
+ exposeAdminNodePort \
+ includeServerOutInPodLog
+
+ export requiredInputsVersion="create-weblogic-sample-domain-inputs-v1"
+ validateVersion
+
+ validateDomainUid
+ validateNamespace
+ validateAdminServerName
+ validateManagedServerNameBase
+ validateClusterName
+ validateWeblogicCredentialsSecretName
+ validateServerStartPolicy
+ validateWeblogicImagePullPolicy
+ validateWeblogicImagePullSecretName
+ validateFmwDomainType
+ validateDomainFilesDir
+ # Below three validate methods are used for MII integration testing
+ validateWdtDomainType
+ validateWdtModelFile
+ validateWdtModelPropertiesFile
+
+ failIfValidationErrors
+}
+
+#
+# Function to validate the domain's persistent volume claim has been created
+#
+function validateDomainPVC {
+ # Check if the persistent volume claim is already available
+ checkPvcExists ${persistentVolumeClaimName} ${namespace}
+ if [ "${PVC_EXISTS}" = "false" ]; then
+ validationError "The domain persistent volume claim ${persistentVolumeClaimName} does not exist in namespace ${namespace}"
+ fi
+ failIfValidationErrors
+}
+
+#
+# Function to validate the WDT model file exists
+# used for MII integration testing
+#
+function validateWdtModelFile {
+ # Check if the model file exists
+ if [ ! -z $wdtModelFile ]; then
+ if [ ! -f $wdtModelFile ]; then
+ validationError "The WDT model file ${wdtModelFile} does not exist"
+ fi
+ fi
+ failIfValidationErrors
+}
+
+#
+# Function to validate the WDT model property file exists
+# used for MII integration testing
+#
+function validateWdtModelPropertiesFile {
+ # Check if the model property file exists
+ if [ ! -z $wdtModelPropertiesFile ]; then
+ if [ ! -f $wdtModelPropertiesFile ]; then
+ validationError "The WDT model property file ${wdtModelPropertiesFile} does not exist"
+ fi
+ fi
+ failIfValidationErrors
+}
+
+# Function to validate the wdtDomainType
+# used for MII integration testing
+function validateWdtDomainType {
+ if [ ! -z ${wdtDomainType} ]; then
+ case ${wdtDomainType} in
+ "WLS")
+ ;;
+ "JRF")
+ ;;
+ "RestrictedJRF")
+ ;;
+ *)
+ validationError "Invalid value for wdtDomainType: ${wdtDomainType}. Valid values are WLS or JRF or restrictedJRF."
+ ;;
+ esac
+ else
+ # Set the default
+ wdtDomainType="WLS"
+ fi
+ failIfValidationErrors
+}
+
diff --git a/OracleAccessManagement/kubernetes/common/wdt-and-wit-utility.sh b/OracleAccessManagement/kubernetes/common/wdt-and-wit-utility.sh
new file mode 100755
index 000000000..aa9cc691c
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/common/wdt-and-wit-utility.sh
@@ -0,0 +1,439 @@
+#!/bin/bash
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Description:
+#
+# This script contains functions for installing WebLogic Deploy Tool (WDT) and
+# WebLogic Image Tool (WIT), and for running WDT.
+#
+#
+# Usage:
+#
+# Export customized values for the input shell environment variables as needed
+# before calling this script.
+#
+# Outputs:
+#
+# WDT install: WDT_DIR/weblogic-deploy/...
+#
+# Copy of wdt model: WDT_DIR/$(basename WDT_MODEL_FILE)
+# Copy of wdt vars: WDT_DIR/$(basename WDT_VAR_FILE)
+#
+# WDT logs: WDT_DIR/weblogic-deploy/logs/...
+# WDT stdout: WDT_DIR/createDomain.sh.out
+#
+# WebLogic domain home: DOMAIN_HOME_DIR
+# default: /shared/domains/
+#
+# Input environment variables:
+#
+# ORACLE_HOME Oracle home with a WebLogic install.
+# default: /u01/oracle
+#
+# DOMAIN_HOME_DIR Target location for generated domain.
+#
+# WDT_MODEL_FILE Full path to WDT model file.
+# default: the directory that contains this script
+# plus "/wdt_model.yaml"
+#
+# WDT_VAR_FILE Full path to WDT variable file (java properties format).
+# default: the directory that contains this script
+# plus "/create-domain-inputs.yaml"
+#
+# WDT_DIR Target location to install and run WDT, and to keep a copy of
+# $WDT_MODEL_FILE and $WDT_MODEL_VARS. Also the location
+# of WDT log files.
+# default: /shared/wdt
+#
+# WDT_VERSION WDT version to download.
+# default: LATEST
+#
+# WDT_INSTALL_ZIP_FILE Filename of WDT install zip.
+# default: weblogic-deploy.zip
+#
+# WDT_INSTALL_ZIP_URL URL for downloading WDT install zip
+# default: https://github.com/oracle/weblogic-deploy-tooling/releases/latest/download/$WDT_INSTALL_ZIP_FILE
+#
+# WIT_DIR Target location to install WIT
+# default: /shared/imagetool
+#
+# WIT_VERSION WIT version to download.
+# default: LATEST
+#
+# WIT_INSTALL_ZIP_FILE Filename of WIT install zip.
+# default: imagetool.zip
+#
+# WIT_INSTALL_ZIP_URL URL for downloading WIT install zip
+# default: https://github.com/oracle/weblogic-image-tool/releases/latest/download/$WIT_INSTALL_ZIP_FILE
+#
+
+
+# Initialize globals
+
+export ORACLE_HOME=${ORACLE_HOME:-/u01/oracle}
+
+SCRIPTPATH="$( cd "$(dirname "$0")" > /dev/null 2>&1 ; pwd -P )"
+WDT_MODEL_FILE=${WDT_MODEL_FILE:-"$SCRIPTPATH/wdt_model.yaml"}
+WDT_VAR_FILE=${WDT_VAR_FILE:-"$SCRIPTPATH/create-domain-inputs.yaml"}
+
+WDT_DIR=${WDT_DIR:-/shared/wdt}
+WDT_VERSION=${WDT_VERSION:-LATEST}
+
+WIT_DIR=${WIT_DIR:-/shared/imagetool}
+WIT_VERSION=${WIT_VERSION:-LATEST}
+
+DOMAIN_TYPE="${DOMAIN_TYPE:-WLS}"
+
+function download {
+ local fileUrl="${1}"
+
+ local curl_res=1
+ max=20
+ count=0
+ while [ $curl_res -ne 0 -a $count -lt $max ] ; do
+ sleep 1
+ count=`expr $count + 1`
+ for proxy in "${https_proxy}" "${https_proxy2}"; do
+ echo @@ "Info: Downloading $fileUrl with https_proxy=\"$proxy\""
+ https_proxy="${proxy}" \
+ curl --silent --show-error --connect-timeout 10 -O -L $fileUrl
+ curl_res=$?
+ [ $curl_res -eq 0 ] && break
+ done
+ done
+ if [ $curl_res -ne 0 ]; then
+ echo @@ "Error: Download failed."
+ return 1
+ fi
+}
+
+function run_wdt {
+ #
+ # Run WDT using WDT_VAR_FILE, WDT_MODEL_FILE, and ORACLE_HOME.
+ # Output:
+ # - result domain will be in DOMAIN_HOME_DIR
+ # - logging output is in $WDT_DIR/createDomain.sh.out and $WDT_DIR/weblogic-deploy/logs
+ # - WDT_VAR_FILE & WDT_MODEL_FILE will be copied to WDT_DIR.
+ #
+
+ local action="${1}"
+
+ # Input files and directories.
+
+ local inputs_orig="$WDT_VAR_FILE"
+ local model_orig="$WDT_MODEL_FILE"
+ local oracle_home="$ORACLE_HOME"
+ local domain_type="$DOMAIN_TYPE"
+ local wdt_bin_dir="$WDT_DIR/weblogic-deploy/bin"
+ local wdt_createDomain_script="$wdt_bin_dir/createDomain.sh"
+
+ if [ ${action} = "create" ]; then
+ local wdt_domain_script="$wdt_bin_dir/createDomain.sh"
+ else
+ local wdt_domain_script="$wdt_bin_dir/updateDomain.sh"
+ fi
+
+ local domain_home_dir="$DOMAIN_HOME_DIR"
+ if [ -z "${domain_home_dir}" ]; then
+ local domain_dir="/shared/domains"
+ local domain_uid=`egrep 'domainUID' $inputs_orig | awk '{print $2}'`
+ local domain_home_dir=$domain_dir/$domain_uid
+ fi
+
+ mkdir -p $domain_home_dir
+
+ # Output files and directories.
+
+ local inputs_final=$WDT_DIR/$(basename "$inputs_orig")
+ local model_final=$WDT_DIR/$(basename "$model_orig")
+ if [ ${action} = "create" ]; then
+ local out_file=$WDT_DIR/createDomain.sh.out
+ else
+ local out_file=$WDT_DIR/updateDomain.sh.out
+ fi
+ local wdt_log_dir="$WDT_DIR/weblogic-deploy/logs"
+
+ echo @@ "Info: About to run WDT ${wdt_domain_script}"
+
+ for directory in wdt_bin_dir SCRIPTPATH WDT_DIR oracle_home; do
+ if [ ! -d "${!directory}" ]; then
+ echo @@ "Error: Could not find ${directory} directory ${!directory}."
+ return 1
+ fi
+ done
+
+ for fil in inputs_orig model_orig wdt_createDomain_script; do
+ if [ ! -f "${!fil}" ]; then
+ echo @@ "Error: Could not find ${fil} file ${!fil}."
+ return 1
+ fi
+ done
+
+ cp $model_orig $model_final || return 1
+ cp $inputs_orig $inputs_final || return 1
+
+ local save_dir=`pwd`
+ cd $WDT_DIR || return 1
+
+ cmd="
+ $wdt_domain_script
+ -oracle_home $oracle_home
+ -domain_type $domain_type
+ -domain_home $domain_home_dir
+ -model_file $model_final
+ -variable_file $inputs_final
+ "
+
+ echo @@ "Info: About to run the following WDT command:"
+ echo "${cmd}"
+ echo @@ "Info: WDT output will be in $out_file and $wdt_log_dir"
+ eval $cmd > $out_file 2>&1
+ local wdt_res=$?
+
+ cd $save_dir
+
+ if [ $wdt_res -ne 0 ]; then
+ if [ ${action} = "create" ]; then
+ cat $WDT_DIR/createDomain.sh.out
+ echo @@ "Info: WDT createDomain.sh output is in $out_file and $wdt_log_dir"
+ echo @@ "Error: WDT createDomain.sh failed."
+ return 1
+ else
+ cat $WDT_DIR/updateDomain.sh.out
+ echo @@ "Info: WDT updateDomain.sh output is in $out_file and $wdt_log_dir"
+ echo @@ "Error: WDT updateDomain.sh failed."
+ return 1
+ fi
+ fi
+
+ cd $WDT_DIR || return 1
+
+ cmd="
+ $wdt_bin_dir/extractDomainResource.sh
+ -oracle_home $oracle_home
+ -domain_resource_file domain${action}.yaml
+ -domain_home $domain_home_dir
+ -model_file $model_final
+ -variable_file $inputs_final
+ "
+ echo @@ "Info: About to run the following WDT command:"
+ echo "${cmd}"
+ echo @@ "Info: WDT output will be in extract${action}.out and $wdt_log_dir"
+ eval $cmd > extract${action}.out 2>&1
+ local wdt_res=$?
+
+ cd $save_dir
+
+ if [ $wdt_res -ne 0 ]; then
+ cat $WDT_DIR/extract${action}.out
+ echo @@ "Info: WDT extractDomainResource output is in extract${action}.out and $wdt_log_dir"
+ echo @@ "Error: WDT createDomain.sh failed."
+ return 1
+ fi
+
+ if [ ${action} = "create" ]; then
+ # chmod -R g+w $domain_home_dir || return 1
+ echo @@ "Info: WDT createDomain.sh succeeded."
+ else
+ echo @@ "Info: WDT updateDomain.sh succeeded."
+ fi
+
+ return 0
+}
+
+function setup_wdt_shared_dir {
+ mkdir -p $WDT_DIR || return 1
+}
+
+#
+# Install Weblogic Server Deploy Tooling to ${WDT_DIR}
+#
+function install_wdt {
+
+ WDT_INSTALL_ZIP_FILE="${WDT_INSTALL_ZIP_FILE:-weblogic-deploy.zip}"
+
+ if [ "$WDT_VERSION" == "LATEST" ]; then
+ WDT_INSTALL_ZIP_URL=${WDT_INSTALL_ZIP_URL:-"https://github.com/oracle/weblogic-deploy-tooling/releases/latest/download/$WDT_INSTALL_ZIP_FILE"}
+ else
+ WDT_INSTALL_ZIP_URL=${WDT_INSTALL_ZIP_URL:-"https://github.com/oracle/weblogic-deploy-tooling/releases/download/release-$WDT_VERSION/$WDT_INSTALL_ZIP_FILE"}
+ fi
+
+ local save_dir=`pwd`
+ cd $WDT_DIR || return 1
+
+ echo @@ "Info: Downloading $WDT_INSTALL_ZIP_URL "
+ download $WDT_INSTALL_ZIP_URL || return 1
+
+ if [ ! -f $WDT_INSTALL_ZIP_FILE ]; then
+ cd $save_dir
+ echo @@ "Error: Download failed or $WDT_INSTALL_ZIP_FILE not found."
+ return 1
+ fi
+
+ echo @@ "Info: Archive downloaded to $WDT_DIR/$WDT_INSTALL_ZIP_FILE, about to unzip via 'jar xf'."
+
+ jar xf $WDT_INSTALL_ZIP_FILE
+ local jar_res=$?
+
+ cd $save_dir
+
+ if [ $jar_res -ne 0 ]; then
+ echo @@ "Error: Install failed while unzipping $WDT_DIR/$WDT_INSTALL_ZIP_FILE"
+ return $jar_res
+ fi
+
+ if [ ! -d "$WDT_DIR/weblogic-deploy/bin" ]; then
+ echo @@ "Error: Install failed: directory '$WDT_DIR/weblogic-deploy/bin' not found."
+ return 1
+ fi
+
+ chmod 775 $WDT_DIR/weblogic-deploy/bin/* || return 1
+
+ echo @@ "Info: Install succeeded, wdt install is in the $WDT_DIR/weblogic-deploy directory."
+ return 0
+}
+
+#
+# Install WebLogic Image Tool to ${WIT_DIR}. Used by install_wit_if_needed.
+# Do not call this function directory.
+#
+function install_wit {
+
+ WIT_INSTALL_ZIP_FILE="${WIT_INSTALL_ZIP_FILE:-imagetool.zip}"
+
+ if [ "$WIT_VERSION" == "LATEST" ]; then
+ WIT_INSTALL_ZIP_URL=${WDT_INSTALL_ZIP_URL:-"https://github.com/oracle/weblogic-image-tool/releases/latest/download/$WIT_INSTALL_ZIP_FILE"}
+ else
+ WIT_INSTALL_ZIP_URL=${WIT_INSTALL_ZIP_URL:-"https://github.com/oracle/weblogic-image-tool/releases/download/release-$WIT_VERSION/$WIT_INSTALL_ZIP_FILE"}
+ fi
+
+
+
+ local save_dir=`pwd`
+
+ echo @@ "imagetool.sh not found in ${imagetoolBinDir}. Installing imagetool..."
+
+ echo @@ "Info: Downloading $WIT_INSTALL_ZIP_URL "
+ download $WIT_INSTALL_ZIP_URL || return 1
+
+ if [ ! -f $WIT_INSTALL_ZIP_FILE ]; then
+ cd $save_dir
+ echo @@ "Error: Download failed or $WIT_INSTALL_ZIP_FILE not found."
+ return 1
+ fi
+ echo @@ "Info: Archive downloaded to $WIT_DIR/$WIT_INSTALL_ZIP_FILE, about to unzip via 'jar xf'."
+
+ jar xf $WIT_INSTALL_ZIP_FILE
+ local jar_res=$?
+
+ cd $save_dir
+
+ if [ $jar_res -ne 0 ]; then
+ echo @@ "Error: Install failed while unzipping $WIT_DIR/$WIT_INSTALL_ZIP_FILE"
+ return $jar_res
+ fi
+
+ if [ ! -d "$WIT_DIR/imagetool/bin" ]; then
+ echo @@ "Error: Install failed: directory '$WIT_DIR/imagetool/bin' not found."
+ return 1
+ fi
+
+ chmod 775 $WIT_DIR/imagetool/bin/* || return 1
+}
+
+#
+# Checks whether WebLogic Image Tool is already installed under ${WIT_DIR}, and install
+# it if not.
+#
+function install_wit_if_needed {
+
+ local save_dir=`pwd`
+
+ mkdir -p $WIT_DIR || return 1
+ cd $WIT_DIR || return 1
+
+ imagetoolBinDir=$WIT_DIR/imagetool/bin
+ if [ -f $imagetoolBinDir/imagetool.sh ]; then
+ echo @@ "Info: imagetool.sh already exist in ${imagetoolBinDir}. Skipping WIT installation."
+ else
+ install_wit
+ fi
+
+ export WLSIMG_CACHEDIR="$WIT_DIR/imagetool-cache"
+
+ # Check existing imageTool cache entry for WDT:
+ # - if there is already an entry, and the WDT installer file specified in the cache entry exists, skip WDT installation
+ # - if file in cache entry doesn't exist, delete cache entry, install WDT, and add WDT installer to cache
+ # - if entry does not exist, install WDT, and add WDT installer to cache
+ if [ "$WDT_VERSION" == "LATEST" ]; then
+ wdtCacheVersion="latest"
+ else
+ wdtCacheVersion=$WDT_VERSION
+ fi
+
+ local listItems=$( ${imagetoolBinDir}/imagetool.sh cache listItems | grep "wdt_${wdtCacheVersion}" )
+
+ if [ ! -z "$listItems" ]; then
+ local wdt_file_path_in_cache=$(echo $listItems | sed 's/.*=\(.*\)/\1/')
+ if [ -f "$wdt_file_path_in_cache" ]; then
+ skip_wdt_install=true
+ else
+ echo @@ "Info: imageTool cache contains an entry for WDT zip at $wdt_file_path_in_cache which does not exist. Removing from cache entry."
+ ${imagetoolBinDir}/imagetool.sh cache deleteEntry \
+ --key wdt_${wdtCacheVersion}
+ fi
+ fi
+
+ if [ -z "$skip_wdt_install" ]; then
+ echo @@ "Info: imageTool cache does not contain a valid entry for wdt_${wdtCacheVersion}. Installing WDT"
+ setup_wdt_shared_dir || return 1
+ install_wdt || return 1
+ ${imagetoolBinDir}/imagetool.sh cache addInstaller \
+ --type wdt \
+ --version $WDT_VERSION \
+ --path $WDT_DIR/$WDT_INSTALL_ZIP_FILE || return 1
+ else
+ echo @@ "Info: imageTool cache already contains entry ${listItems}. Skipping WDT installation."
+ fi
+
+ cd $save_dir
+
+ echo @@ "Info: Install succeeded, imagetool install is in the $WIT_DIR/imagetool directory."
+ return 0
+}
+
+function encrypt_model {
+ #
+ # run encryptModel.sh from WDT to encrypt model and properties files
+ #
+ local domainOutputDirFullPath=${1} # full path to directory where the model, encrypt file, and domain properties files are
+ local model_file=${2} # path to file containing encryption key relative to ${domainOutputDirFullPath}
+ local encrypt_key_file=${3} # path to file containing encryption key relative to ${domainOutputDirFullPath}
+ local domain_properties_file=${4} # path to domain properties file relative to ${domainOutputDirFullPath}
+ local oracle_home="$ORACLE_HOME"
+
+ echo @@ "Info: encrypt passwords in the variables file at ${domainOutputDirFullPath}/${domain_properties_file} using encryption key from create-domain.sh argument written to file: ${encrypt_key_file}"
+
+ cmd="
+ cat /shared/${encrypt_key_file} /shared/${encrypt_key_file} |
+ /wdt/bin/encryptModel.sh \
+ -oracle_home ${oracle_home} \
+ -model_file /shared/${model_file} \
+ -variable_file /shared/${domain_properties_file}
+ "
+ echo $cmd > ${domainOutputDirFullPath}/cmd.sh
+ chmod 755 ${domainOutputDirFullPath}/cmd.sh
+ echo @@ "Info: Encrypt Model: About to run the following command in container with image ${domainHomeImageBase}:"
+ cat ${domainOutputDirFullPath}/cmd.sh
+
+ chmod 766 ${domainOutputDirFullPath}/${domain_properties_file}
+ docker run -it --rm -v ${domainOutputDirFullPath}:/shared -v ${WDT_DIR}/weblogic-deploy:/wdt ${domainHomeImageBase} /bin/bash -c /shared/cmd.sh || return 1
+
+ # clean up the generated files
+ rm ${domainOutputDirFullPath}/cmd.sh
+
+ echo @@ "Info: encrypt_model Completed"
+}
+
+
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/clusterCreate_template.py b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/clusterCreate_template.py
similarity index 100%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/clusterCreate_template.py
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/clusterCreate_template.py
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/create-domain-job.sh b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/create-domain-job.sh
similarity index 100%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/create-domain-job.sh
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/create-domain-job.sh
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/createOAMDomain.py b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/createOAMDomain.py
similarity index 100%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/createOAMDomain.py
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/createOAMDomain.py
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/oamconfig.properties b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/oamconfig.properties
old mode 100644
new mode 100755
similarity index 99%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/oamconfig.properties
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/oamconfig.properties
index 76ed03a3a..d002e86d5
--- a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/oamconfig.properties
+++ b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/oamconfig.properties
@@ -3,7 +3,6 @@
#Below are only the sample values, please modify them as per your setup
-
# The name space where OAM servers are created
OAM_NAMESPACE='accessns'
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/oamconfig_modify.sh b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/oamconfig_modify.sh
similarity index 98%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/oamconfig_modify.sh
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/oamconfig_modify.sh
index b10309eea..f31ebf61f 100755
--- a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/oamconfig_modify.sh
+++ b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/oamconfig_modify.sh
@@ -102,6 +102,7 @@ sed -i -e "s:@OAP_SERVICEPORT@:$OAP_SERVICEPORT:g" $cur_dir/output/oamconfig_mod
cp $cur_dir/oamoap-service-template.yaml $cur_dir/output/oamoap-service.yaml
sed -i -e "s:@OAM_NAMESPACE@:$OAM_NAMESPACE:g" $cur_dir/output/oamoap-service.yaml
+sed -i -e "s:@DOMAINID@:$domainUID:g" $cur_dir/output/oamoap-service.yaml
kubectl create -f $cur_dir/output/oamoap-service.yaml
kubectl get services -n $OAM_NAMESPACE | grep NodePort
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/oamconfig_modify_template.xml b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/oamconfig_modify_template.xml
old mode 100644
new mode 100755
similarity index 100%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/oamconfig_modify_template.xml
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/oamconfig_modify_template.xml
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/oamoap-service-template.yaml b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/oamoap-service-template.yaml
old mode 100644
new mode 100755
similarity index 92%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/oamoap-service-template.yaml
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/oamoap-service-template.yaml
index abd01f888..20624427c
--- a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/oamoap-service-template.yaml
+++ b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/oamoap-service-template.yaml
@@ -4,7 +4,7 @@
kind: Service
apiVersion: v1
metadata:
- name: oamoap-service
+ name: @DOMAINID@-oamoap-service
namespace: @OAM_NAMESPACE@
spec:
type: NodePort
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/readme.txt b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/readme.txt
old mode 100644
new mode 100755
similarity index 100%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/readme.txt
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/readme.txt
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/utility.sh b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/utility.sh
similarity index 100%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/common/utility.sh
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/utility.sh
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/create-database/db-with-pv.yaml b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/create-database/db-with-pv.yaml
old mode 100644
new mode 100755
similarity index 100%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/create-database/db-with-pv.yaml
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/create-database/db-with-pv.yaml
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/create-database/db-without-pv.yaml b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/create-database/db-without-pv.yaml
old mode 100644
new mode 100755
similarity index 100%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/create-database/db-without-pv.yaml
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/create-database/db-without-pv.yaml
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/create-domain-inputs.yaml b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/create-domain-inputs.yaml
old mode 100644
new mode 100755
similarity index 100%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/create-domain-inputs.yaml
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/create-domain-inputs.yaml
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/create-domain-job-template.yaml b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/create-domain-job-template.yaml
old mode 100644
new mode 100755
similarity index 100%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/create-domain-job-template.yaml
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/create-domain-job-template.yaml
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/create-domain.sh b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/create-domain.sh
similarity index 96%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/create-domain.sh
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/create-domain.sh
index 3dec1fa51..578f9b211 100755
--- a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/create-domain.sh
+++ b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/create-domain.sh
@@ -25,11 +25,12 @@ source ${scriptDir}/../../common/utility.sh
source ${scriptDir}/../../common/validate.sh
function usage {
- echo usage: ${script} -o dir -i file [-e] [-v] [-h]
+ echo usage: ${script} -o dir -i file [-e] [-v] [-t] [-h]
echo " -i Parameter inputs file, must be specified."
echo " -o Output directory for the generated yaml files, must be specified."
echo " -e Also create the resources in the generated yaml files, optional."
echo " -v Validate the existence of persistentVolumeClaim, optional."
+ echo " -t Timeout (in seconds) for create domain job execution, optional."
echo " -h Help"
exit $1
}
@@ -39,7 +40,8 @@ function usage {
#
doValidation=false
executeIt=false
-while getopts "evhi:o:" opt; do
+timeout=600
+while getopts "evhi:o:t:" opt; do
case $opt in
i) valuesInputFile="${OPTARG}"
;;
@@ -49,6 +51,8 @@ while getopts "evhi:o:" opt; do
;;
e) executeIt=true
;;
+ t) timeout="${OPTARG}"
+ ;;
h) usage 0
;;
*) usage 1
@@ -70,6 +74,11 @@ if [ "${missingRequiredOption}" == "true" ]; then
usage 1
fi
+if [ -z ${timeout} ]; then
+ timeout=600
+fi
+
+
#
# Function to initialize and validate the output directory
# for the generated yaml files for this domain.
@@ -211,7 +220,7 @@ function createDomainHome {
# Update the "- $(CLUSTER_NAME)" in the affinity section to policy_cluster
sed -i "0,/- ${clusterName}/s//- policy_cluster/" ${dcrOutput}
sed -i -e "/- clusterName:/a ${PRECREATE_SERVICE}" ${dcrOutput}
- sed -i "0,/replicas: 2/ {0,/replicas: 2/ s/replicas: 2/replicas: 1/}" ${dcrOutput}
+ #sed -i "0,/replicas: 2/ {0,/replicas: 2/ s/replicas: 2/replicas: 1/}" ${dcrOutput}
fi
else
echo "domainType not defined. Setting it to oam by default"
@@ -224,7 +233,7 @@ function createDomainHome {
echo "Waiting for the job to complete..."
JOB_STATUS="0"
- max=20
+ max=`expr ${timeout} / 30`
count=0
while [ "$JOB_STATUS" != "Completed" -a $count -lt $max ] ; do
sleep 30
@@ -294,5 +303,3 @@ function printSummary {
# Perform the sequence of steps to create a domain
createDomain false
-
-
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/delete-domain-job-template.yaml b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/delete-domain-job-template.yaml
old mode 100644
new mode 100755
similarity index 100%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/delete-domain-job-template.yaml
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/delete-domain-job-template.yaml
diff --git a/OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/wlst/create-domain-script.sh b/OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/wlst/create-domain-script.sh
similarity index 100%
rename from OracleAccessManagement/kubernetes/3.0.1/create-access-domain/domain-home-on-pv/wlst/create-domain-script.sh
rename to OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/wlst/create-domain-script.sh
diff --git a/OracleAccessManagement/kubernetes/create-kubernetes-secrets/create-azure-storage-credentials-secret.sh b/OracleAccessManagement/kubernetes/create-kubernetes-secrets/create-azure-storage-credentials-secret.sh
new file mode 100755
index 000000000..8e6d3d947
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-kubernetes-secrets/create-azure-storage-credentials-secret.sh
@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Description
+# This sample script creates a Kubernetes secret for Azure Storage to use Azure file share on AKS.
+#
+# The following pre-requisites must be handled prior to running this script:
+# * The kubernetes namespace must already be created
+#
+
+script="${BASH_SOURCE[0]}"
+
+#
+# Function to exit and print an error message
+# $1 - text of message
+function fail {
+ echo [ERROR] $*
+ exit 1
+}
+
+# Try to execute kubectl to see whether kubectl is available
+function validateKubectlAvailable {
+ if ! [ -x "$(command -v kubectl)" ]; then
+ fail "kubectl is not installed"
+ fi
+}
+
+function usage {
+ echo usage: ${script} -c storageAccountName -k storageAccountKey [-s secretName] [-n namespace] [-h]
+ echo " -a storage account name, must be specified."
+ echo " -k storage account key, must be specified."
+ echo " -s secret name, optional. Use azure-secret if not specified."
+ echo " -n namespace, optional. Use the default namespace if not specified."
+ echo " -h Help"
+ exit $1
+}
+
+#
+# Parse the command line options
+#
+secretName=azure-secret
+namespace=default
+while getopts "ha:k:s:n:" opt; do
+ case $opt in
+ a) storageAccountName="${OPTARG}"
+ ;;
+ k) storageAccountKey="${OPTARG}"
+ ;;
+ s) secretName="${OPTARG}"
+ ;;
+ n) namespace="${OPTARG}"
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+if [ -z ${storageAccountName} ]; then
+ echo "${script}: -e must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ -z ${storageAccountKey} ]; then
+ echo "${script}: -p must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ "${missingRequiredOption}" == "true" ]; then
+ usage 1
+fi
+
+# check and see if the secret already exists
+result=`kubectl get secret ${secretName} -n ${namespace} --ignore-not-found=true | grep ${secretName} | wc | awk ' { print $1; }'`
+if [ "${result:=Error}" != "0" ]; then
+ fail "The secret ${secretName} already exists in namespace ${namespace}."
+fi
+
+# create the secret
+kubectl -n $namespace create secret generic $secretName \
+ --from-literal=azurestorageaccountname=$storageAccountName \
+ --from-literal=azurestorageaccountkey=$storageAccountKey
+
+# Verify the secret exists
+SECRET=`kubectl get secret ${secretName} -n ${namespace} | grep ${secretName} | wc | awk ' { print $1; }'`
+if [ "${SECRET}" != "1" ]; then
+ fail "The secret ${secretName} was not found in namespace ${namespace}"
+fi
+
+echo "The secret ${secretName} has been successfully created in the ${namespace} namespace."
diff --git a/OracleAccessManagement/kubernetes/create-kubernetes-secrets/create-docker-credentials-secret.sh b/OracleAccessManagement/kubernetes/create-kubernetes-secrets/create-docker-credentials-secret.sh
new file mode 100755
index 000000000..48f113b93
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-kubernetes-secrets/create-docker-credentials-secret.sh
@@ -0,0 +1,106 @@
+#!/usr/bin/env bash
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Description
+# This sample script creates a Kubernetes secret for container registry credentials for use with the WLS Operator on AKS.
+#
+# The following pre-requisites must be handled prior to running this script:
+# * The kubernetes namespace must already be created
+#
+
+script="${BASH_SOURCE[0]}"
+
+#
+# Function to exit and print an error message
+# $1 - text of message
+function fail {
+ echo [ERROR] $*
+ exit 1
+}
+
+# Try to execute kubectl to see whether kubectl is available
+function validateKubectlAvailable {
+ if ! [ -x "$(command -v kubectl)" ]; then
+ fail "kubectl is not installed"
+ fi
+}
+
+function usage {
+ echo usage: ${script} -e email -p password -u username [-s secretName] [-d dockerServer] [-n namespace] [-h]
+ echo " -e email, must be specified."
+ echo " -p password, must be specified."
+ echo " -u username, must be specified."
+ echo " -s secret name, optional, Use regcred if not specified."
+ echo " -d docker server, optional, Use docker.io if not specified."
+ echo " -n namespace, optional. Use the default namespace if not specified"
+ echo " -h Help"
+ exit $1
+}
+
+#
+# Parse the command line options
+#
+secretName=regcred
+namespace=default
+dockerServer=container-registry.oracle.com
+while getopts "he:p:u:n:d:s:d:" opt; do
+ case $opt in
+ e) email="${OPTARG}"
+ ;;
+ p) password="${OPTARG}"
+ ;;
+ u) username="${OPTARG}"
+ ;;
+ s) secretName="${OPTARG}"
+ ;;
+ d) dockerServer="${OPTARG}"
+ ;;
+ n) namespace="${OPTARG}"
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+if [ -z ${email} ]; then
+ echo "${script}: -e must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ -z ${password} ]; then
+ echo "${script}: -p must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ -z ${username} ]; then
+ echo "${script}: -u must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ "${missingRequiredOption}" == "true" ]; then
+ usage 1
+fi
+
+# check and see if the secret already exists
+result=`kubectl get secret ${secretName} -n ${namespace} --ignore-not-found=true | grep ${secretName} | wc | awk ' { print $1; }'`
+if [ "${result:=Error}" != "0" ]; then
+ fail "The secret ${secretName} already exists in namespace ${namespace}."
+fi
+
+# create the secret
+kubectl -n $namespace create secret docker-registry $secretName \
+ --docker-email=$email \
+ --docker-password=$password \
+ --docker-server=$dockerServer \
+ --docker-username=$username
+
+# Verify the secret exists
+SECRET=`kubectl get secret ${secretName} -n ${namespace} | grep ${secretName} | wc | awk ' { print $1; }'`
+if [ "${SECRET}" != "1" ]; then
+ fail "The secret ${secretName} was not found in namespace ${namespace}"
+fi
+
+echo "The secret ${secretName} has been successfully created in the ${namespace} namespace."
diff --git a/OracleAccessManagement/kubernetes/create-oracle-db-service/README.md b/OracleAccessManagement/kubernetes/create-oracle-db-service/README.md
new file mode 100755
index 000000000..7cb982e97
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-oracle-db-service/README.md
@@ -0,0 +1,76 @@
+# Managing Oracle Database Service for OracleAccessManagement
+
+The sample scripts in this directory demonstrate how to:
+* Start an Oracle Database (DB) service in a Kubernetes cluster.
+* Stop an Oracle DB service in a Kubernetes cluster.
+
+## Start an Oracle Database service in a Kubernetes cluster
+
+Use this script to create an Oracle Database service in a Kubernetes Namespace with the default credentials, in the Oracle Database Slim image.
+
+The script assumes that either the image, `container-registry.oracle.com/database/enterprise:12.2.0.1-slim`, is available in the Docker repository, or an `ImagePullSecret` is created for `container-registry.oracle.com`. To create a secret for accessing `container-registry.oracle.com`, see the script `create-image-pull-secret.sh`.
+
+```
+
+$ ./start-db-service.sh -h
+usage: ./start-db-service.sh -p -i -s -n [-h]
+ -i Oracle DB Image (optional)
+ (default: container-registry.oracle.com/database/enterprise:12.2.0.1-slim)
+ -p DB Service NodePort (optional)
+ (default: 30011, set to 'none' to deploy service without a NodePort)
+ -s DB Image PullSecret (optional)
+ (default: docker-store)
+ -n Configurable Kubernetes NameSpace for Oracle DB Service (optional)"
+ (default: default)
+ -h Help
+
+$ ./start-db-service.sh
+NodePort[30011] ImagePullSecret[docker-store] Image[container-registry.oracle.com/database/enterprise:12.2.0.1-slim]
+deployment.extensions/oracle-db created
+service/oracle-db created
+[oracle-db-54667dfd5f-76sxf] already initialized ..
+Checking Pod READY column for State [1/1]
+Pod [oracle-db-54667dfd5f-76sxf] Status is Ready Iter [1/60]
+NAME READY STATUS RESTARTS AGE
+oracle-db-54667dfd5f-76sxf 1/1 Running 0 8s
+NAME READY STATUS RESTARTS AGE
+oracle-db-54667dfd5f-76sxf 1/1 Running 0 8s
+NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+kubernetes ClusterIP 10.96.0.1 443/TCP 27d
+oracle-db NodePort 10.99.58.137 1521:30011/TCP 9s
+Oracle DB service is RUNNING with NodePort [30011]
+
+```
+
+For creating a OracleAccessManagement domain, you can use the database connection string, `oracle-db.default.svc.cluster.local:1521/devpdb.k8s`,as `rcuDatabaseURL` parameter in the `domain.input.yaml` file.
+
+Note: oracle-db.default.svc.cluster.local:1521/devpdb.k8s can be used as rcuDatabaseURL if the Oracle DB Service is started in `default` NameSpace. For custom NameSpace the URL need to be modified accrodingly e.g. oracle-db.[namespace].svc.cluster.local:1521/devpdb.k8s
+
+You can access the database through the NodePort outside of the Kubernetes cluster, using the URL `:30011/devpdb.k8s`.
+
+**Note**: To create a OracleAccessManagement domain image, the domain-in-image model needs a public database URL as an `rcuDatabaseURL` parameter.
+
+## Stop an Oracle Database service in a Kubernetes cluster
+
+Use this script to stop the Oracle Database service you created using the `start-db-service.sh` script.
+
+```
+$ ./stop-db-service.sh -h
+usage: stop-db-service.sh -n namespace [-h]
+ -n Kubernetes NameSpace for Oracle DB Service to be Stopped (optional)
+ (default: default)
+ -h Help
+
+Note: Here the NameSpace refers to the NameSpace used in start-db-service.sh
+
+$ ./stop-db-service.sh
+deployment.extensions "oracle-db" deleted
+service "oracle-db" deleted
+Checking Status for Pod [oracle-db-756f9b99fd-gvv46] in namesapce [default]
+Pod [oracle-db-756f9b99fd-gvv46] Status [Terminating]
+Pod [oracle-db-756f9b99fd-gvv46] Status [Terminating]
+Pod [oracle-db-756f9b99fd-gvv46] Status [Terminating]
+Error from server (NotFound): pods "oracle-db-756f9b99fd-gvv46" not found
+Pod [oracle-db-756f9b99fd-gvv46] removed from nameSpace [default]
+```
+
diff --git a/OracleAccessManagement/kubernetes/create-oracle-db-service/common/checkDbState.sh b/OracleAccessManagement/kubernetes/create-oracle-db-service/common/checkDbState.sh
new file mode 100755
index 000000000..9ce5aa3d3
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-oracle-db-service/common/checkDbState.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+logfile="/home/oracle/setup/log/setupDB.log"
+max=30
+counter=0
+while [ $counter -le ${max} ]
+do
+ grep "Done ! The database is ready for use ." $logfile
+ [[ $? == 0 ]] && break;
+ ((counter++))
+ echo "[$counter/${max}] Retrying for Oracle Database Availability..."
+ sleep 10
+done
+
+if [ $counter -gt ${max} ]; then
+ echo "[ERRORR] Oracle DB Service is not ready after [${max}] iterations ..."
+ exit -1
+fi
+
diff --git a/OracleAccessManagement/kubernetes/create-oracle-db-service/common/oracle.db.yaml b/OracleAccessManagement/kubernetes/create-oracle-db-service/common/oracle.db.yaml
new file mode 100755
index 000000000..4185471f3
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-oracle-db-service/common/oracle.db.yaml
@@ -0,0 +1,78 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+apiVersion: v1
+kind: Service
+metadata:
+ name: oracle-db
+ namespace: default
+spec:
+ ports:
+ - name: tns
+ port: 1521
+ protocol: TCP
+ targetPort: 1521
+ nodePort: 30011
+ selector:
+ app.kubernetes.io/instance: dev
+ app.kubernetes.io/name: oracle-db
+ sessionAffinity: None
+ type: NodePort
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: oracle-db
+ namespace: default
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: dev
+ app.kubernetes.io/name: oracle-db
+ strategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 1
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: dev
+ app.kubernetes.io/name: oracle-db
+ spec:
+ containers:
+ - env:
+ - name: DB_SID
+ value: devcdb
+ - name: DB_PDB
+ value: devpdb
+ - name: DB_DOMAIN
+ value: k8s
+ - name: DB_BUNDLE
+ value: basic
+ image: container-registry.oracle.com/database/enterprise:12.2.0.1-slim
+ imagePullPolicy: IfNotPresent
+ name: oracle-db
+ ports:
+ - containerPort: 1521
+ name: tns
+ protocol: TCP
+ resources:
+ limits:
+ cpu: "2"
+ memory: "6Gi"
+ ephemeral-storage: "8Gi"
+ requests:
+ cpu: 500m
+ ephemeral-storage: "6Gi"
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ dnsPolicy: ClusterFirst
+ restartPolicy: Always
+ schedulerName: default-scheduler
+ securityContext: {}
+ terminationGracePeriodSeconds: 30
+ imagePullSecrets:
+ - name: docker-store
+
diff --git a/OracleAccessManagement/kubernetes/create-oracle-db-service/create-image-pull-secret.sh b/OracleAccessManagement/kubernetes/create-oracle-db-service/create-image-pull-secret.sh
new file mode 100755
index 000000000..94a6e93bb
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-oracle-db-service/create-image-pull-secret.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Create ImagePullSecret to pull Oracle DB and OracleAccessManagement Image
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+
+function usage {
+ echo "usage: ${script} -u -p -e -s [-h]"
+ echo " -u Oracle Container Registry User Name (needed)"
+ echo " -p Oracle Container Registry Password (needed)"
+ echo " -e email (needed)"
+ echo " -s Generated Secret (optional) "
+ echo " (default: docker-store) "
+ echo " -h Help"
+ exit $1
+}
+
+while getopts ":u:p:s:e:" opt; do
+ case $opt in
+ u) username="${OPTARG}"
+ ;;
+ p) password="${OPTARG}"
+ ;;
+ e) email="${OPTARG}"
+ ;;
+ s) secert="${OPTARG}"
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+if [ -z ${username} ]; then
+ echo "${script}: -u must be specified."
+ usage 1
+fi
+
+if [ -z ${password} ]; then
+ echo "${script}: -p must be specified."
+ usage 1
+fi
+
+if [ -e ${email} ]; then
+ echo "${script}: -p must be specified."
+ usage 1
+fi
+
+if [ -z ${secret} ]; then
+ secret="docker-store"
+fi
+
+kubectl delete secret/${secret} --ignore-not-found
+echo "Creating ImagePullSecret on container-registry.oracle.com"
+kubectl create secret docker-registry ${secret} --docker-server=container-registry.oracle.com --docker-username=${username} --docker-password=${password} --docker-email=${email}
+
diff --git a/OracleAccessManagement/kubernetes/create-oracle-db-service/start-db-service.sh b/OracleAccessManagement/kubernetes/create-oracle-db-service/start-db-service.sh
new file mode 100755
index 000000000..9a522d4eb
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-oracle-db-service/start-db-service.sh
@@ -0,0 +1,113 @@
+#!/bin/bash
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Bring up Oracle DB Instance in [default] NameSpace with a NodePort Service
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/../common/utility.sh
+
+function usage {
+ echo "usage: ${script} -p -i -s -n [-h]"
+ echo " -i Oracle DB Image (optional)"
+ echo " (default: container-registry.oracle.com/database/enterprise:12.2.0.1-slim)"
+ echo " -p DB Service NodePort (optional)"
+ echo " (default: 30011, set to 'none' to deploy service without a NodePort)"
+ echo " -s DB Image PullSecret (optional)"
+ echo " (default: docker-store) "
+ echo " -n Configurable Kubernetes NameSpace for Oracle DB Service (optional)"
+ echo " (default: default) "
+ echo " -h Help"
+ exit $1
+}
+
+while getopts ":h:p:s:i:n:" opt; do
+ case $opt in
+ p) nodeport="${OPTARG}"
+ ;;
+ s) pullsecret="${OPTARG}"
+ ;;
+ i) dbimage="${OPTARG}"
+ ;;
+ n) namespace="${OPTARG}"
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+if [ -z ${nodeport} ]; then
+ nodeport=30011
+fi
+
+if [ -z ${pullsecret} ]; then
+ pullsecret="docker-store"
+fi
+
+if [ -z ${namespace} ]; then
+ namespace="default"
+fi
+
+echo "Checking Status for NameSpace [$namespace]"
+domns=`kubectl get ns ${namespace} | grep ${namespace} | awk '{print $1}'`
+if [ -z ${domns} ]; then
+ echo "Adding NameSpace[$namespace] to Kubernetes Cluster"
+ kubectl create namespace ${namespace}
+ sleep 5
+else
+ echo "Skipping the NameSpace[$namespace] Creation ..."
+fi
+
+if [ -z ${dbimage} ]; then
+ dbimage="container-registry.oracle.com/database/enterprise:12.2.0.1-slim"
+fi
+
+echo "NodePort[$nodeport] ImagePullSecret[$pullsecret] Image[${dbimage}] NameSpace[${namespace}]"
+
+# Modify ImagePullSecret and DatabaseImage based on input
+sed -i -e '$d' ${scriptDir}/common/oracle.db.yaml
+echo ' - name: docker-store' >> ${scriptDir}/common/oracle.db.yaml
+sed -i -e "s?name: docker-store?name: ${pullsecret}?g" ${scriptDir}/common/oracle.db.yaml
+sed -i -e "s?image:.*?image: ${dbimage}?g" ${scriptDir}/common/oracle.db.yaml
+sed -i -e "s?namespace:.*?namespace: ${namespace}?g" ${scriptDir}/common/oracle.db.yaml
+
+# Modify the NodePort based on input
+if [ "${nodeport}" = "none" ]; then
+ sed -i -e "s? nodePort:? #nodePort:?g" ${scriptDir}/common/oracle.db.yaml
+ sed -i -e "s? type:.*NodePort? #type: NodePort?g" ${scriptDir}/common/oracle.db.yaml
+else
+ sed -i -e "s?[#]*nodePort:.*?nodePort: ${nodeport}?g" ${scriptDir}/common/oracle.db.yaml
+ sed -i -e "s?[#]*type:.*NodePort?type: NodePort?g" ${scriptDir}/common/oracle.db.yaml # default type is ClusterIP
+fi
+
+kubectl delete service oracle-db -n ${namespace} --ignore-not-found
+kubectl apply -f ${scriptDir}/common/oracle.db.yaml
+
+dbpod=`kubectl get po -n ${namespace} | grep oracle-db | cut -f1 -d " " `
+
+checkPod ${dbpod} ${namespace}
+checkPodState ${dbpod} ${namespace} "1/1"
+checkService oracle-db ${namespace}
+
+kubectl get po -n ${namespace}
+kubectl get service -n ${namespace}
+
+kubectl cp ${scriptDir}/common/checkDbState.sh -n ${namespace} ${dbpod}:/home/oracle/
+kubectl exec -it ${dbpod} -n ${namespace} /bin/bash /home/oracle/checkDbState.sh
+if [ $? != 0 ]; then
+ echo "######################";
+ echo "[ERROR] Could not create Oracle DB Service, check the pod log for pod ${dbpod} in namespace ${namespace}";
+ echo "######################";
+ exit -3;
+fi
+
+if [ ! "${nodeport}" = "none" ]; then
+ echo "Oracle DB Service is RUNNING with NodePort [${nodeport}]"
+else
+ echo "Oracle DB Service is RUNNING and does not specify a public NodePort"
+fi
+echo "Oracle DB Service URL [oracle-db.${namespace}.svc.cluster.local:1521/devpdb.k8s]"
+
diff --git a/OracleAccessManagement/kubernetes/create-oracle-db-service/stop-db-service.sh b/OracleAccessManagement/kubernetes/create-oracle-db-service/stop-db-service.sh
new file mode 100755
index 000000000..7ab14928c
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-oracle-db-service/stop-db-service.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Drop the DB Service created by start-db-service.sh
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/../common/utility.sh
+
+function usage {
+ echo "usage: ${script} -n namespace [-h]"
+ echo " -n Kubernetes NameSpace for Oracle DB Service to be Stopped (optional)"
+ echo " (default: default) "
+ echo " -h Help"
+ exit $1
+}
+
+while getopts ":h:n:" opt; do
+ case $opt in
+ n) namespace="${OPTARG}"
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+
+if [ -z ${namespace} ]; then
+ namespace=default
+fi
+
+
+dbpod=`kubectl get po -n ${namespace} | grep oracle-db | cut -f1 -d " " `
+kubectl delete -f ${scriptDir}/common/oracle.db.yaml --ignore-not-found
+
+if [ -z ${dbpod} ]; then
+ echo "Couldn't find oracle-db pod in [${namespace}] namesapce"
+else
+ checkPodDelete ${dbpod} ${namespace}
+ kubectl delete svc/oracle-db -n ${namespace} --ignore-not-found
+fi
+
diff --git a/OracleAccessManagement/kubernetes/create-rcu-credentials/README.md b/OracleAccessManagement/kubernetes/create-rcu-credentials/README.md
new file mode 100755
index 000000000..843f53f8f
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-rcu-credentials/README.md
@@ -0,0 +1,56 @@
+# Creating RCU credentials for a OracleAccessManagement domain
+
+This sample demonstrates how to create a Kubernetes secret containing the
+RCU credentials for a OracleAccessManagement domain. The operator expects this secret to be
+named following the pattern `domainUID-rcu-credentials`, where `domainUID`
+is the unique identifier of the domain. It must be in the same namespace
+that the domain will run in.
+
+To use the sample, run the command:
+
+```
+$ ./create-rcu-credentials.sh \
+ -u username \
+ -p password \
+ -a sys_username \
+ -q sys_password \
+ -d domainUID \
+ -n namespace \
+ -s secretName
+```
+
+The parameters are as follows:
+
+```
+ -u username for schema owner (regular user), must be specified.
+ -p password for schema owner (regular user), must be specified.
+ -a username for SYSDBA user, must be specified.
+ -q password for SYSDBA user, must be specified.
+ -d domainUID, optional. The default value is accessinfra. If specified, the secret will be labeled with the domainUID unless the given value is an empty string.
+ -n namespace, optional. Use the accessns namespace if not specified.
+ -s secretName, optional. If not specified, the secret name will be determined based on the domainUID value.
+```
+
+This creates a `generic` secret containing the user name and password as literal values.
+
+You can check the secret with the `kubectl describe secret` command. An example is shown below,
+including the output:
+
+```
+$ kubectl -n accessns describe secret accessinfra-rcu-credentials -o yaml
+Name: accessinfra-rcu-credentials
+Namespace: accessns
+Labels: weblogic.domainName=accessinfra
+ weblogic.domainUID=accessinfra
+Annotations:
+
+Type: Opaque
+
+Data
+====
+password: 12 bytes
+sys_password: 12 bytes
+sys_username: 3 bytes
+username: 4 bytes
+```
+
diff --git a/OracleAccessManagement/kubernetes/create-rcu-credentials/create-rcu-credentials.sh b/OracleAccessManagement/kubernetes/create-rcu-credentials/create-rcu-credentials.sh
new file mode 100755
index 000000000..053af099e
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-rcu-credentials/create-rcu-credentials.sh
@@ -0,0 +1,139 @@
+#!/usr/bin/env bash
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Description
+# This sample script creates a Kubernetes secret for RCU credentials.
+#
+# The following pre-requisites must be handled prior to running this script:
+# * The kubernetes namespace must already be created
+#
+# Secret name determination
+# 1) secretName - if specified
+# 2) accessinfra-rcu-credentials - if secretName and domainUID are both not specified. This is the default out-of-the-box.
+# 3) -rcu-credentials - if secretName is not specified, and domainUID is specified.
+# 4) rcu-credentials - if secretName is not specified, and domainUID is specified as "".
+#
+# The generated secret will be labeled with
+# weblogic.domainUID=$domainUID
+# and
+# weblogic.domainName=$domainUID
+# Where the $domainUID is the value of the -d command line option, unless the value supplied is an empty String ""
+#
+
+script="${BASH_SOURCE[0]}"
+
+#
+# Function to exit and print an error message
+# $1 - text of message
+function fail {
+ echo [ERROR] $*
+ exit 1
+}
+
+# Try to execute kubectl to see whether kubectl is available
+function validateKubectlAvailable {
+ if ! [ -x "$(command -v kubectl)" ]; then
+ fail "kubectl is not installed"
+ fi
+}
+
+function usage {
+ echo usage: ${script} -u username -p password -a sysuser -q syspassword [-d domainUID] [-n namespace] [-s secretName] [-h]
+ echo " -u username for schema owner (regular user), must be specified."
+ echo " -p password for schema owner (regular user), must be specified."
+ echo " -a username for SYSDBA user, must be specified."
+ echo " -q password for SYSDBA user, must be specified."
+ echo " -d domainUID, optional. The default value is accessinfra. If specified, the secret will be labeled with the domainUID unless the given value is an empty string."
+ echo " -n namespace, optional. Use the accessns namespace if not specified"
+ echo " -s secretName, optional. If not specified, the secret name will be determined based on the domainUID value"
+ echo " -h Help"
+ exit $1
+}
+
+#
+# Parse the command line options
+#
+domainUID=accessinfra
+namespace=accessns
+while getopts "hu:p:n:d:s:q:a:" opt; do
+ case $opt in
+ u) username="${OPTARG}"
+ ;;
+ p) password="${OPTARG}"
+ ;;
+ a) sys_username="${OPTARG}"
+ ;;
+ q) sys_password="${OPTARG}"
+ ;;
+ n) namespace="${OPTARG}"
+ ;;
+ d) domainUID="${OPTARG}"
+ ;;
+ s) secretName="${OPTARG}"
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+if [ -z $secretName ]; then
+ if [ -z $domainUID ]; then
+ secretName=rcu-credentials
+ else
+ secretName=$domainUID-rcu-credentials
+ fi
+fi
+
+if [ -z ${username} ]; then
+ echo "${script}: -u must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ -z ${password} ]; then
+ echo "${script}: -p must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ -z ${sys_username} ]; then
+ echo "${script}: -s must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ -z ${sys_password} ]; then
+ echo "${script}: -q must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ "${missingRequiredOption}" == "true" ]; then
+ usage 1
+fi
+
+# check and see if the secret already exists
+result=`kubectl get secret ${secretName} -n ${namespace} --ignore-not-found=true | grep ${secretName} | wc | awk ' { print $1; }'`
+if [ "${result:=Error}" != "0" ]; then
+ fail "The secret ${secretName} already exists in namespace ${namespace}."
+fi
+
+# create the secret
+kubectl -n $namespace create secret generic $secretName \
+ --from-literal=username=$username \
+ --from-literal=password=$password \
+ --from-literal=sys_username=$sys_username \
+ --from-literal=sys_password=$sys_password
+
+# label the secret with domainUID if needed
+if [ ! -z $domainUID ]; then
+ kubectl label secret ${secretName} -n $namespace weblogic.domainUID=$domainUID weblogic.domainName=$domainUID
+fi
+
+# Verify the secret exists
+SECRET=`kubectl get secret ${secretName} -n ${namespace} | grep ${secretName} | wc | awk ' { print $1; }'`
+if [ "${SECRET}" != "1" ]; then
+ fail "The secret ${secretName} was not found in namespace ${namespace}"
+fi
+
+echo "The secret ${secretName} has been successfully created in the ${namespace} namespace."
+
diff --git a/OracleAccessManagement/kubernetes/create-rcu-schema/README.md b/OracleAccessManagement/kubernetes/create-rcu-schema/README.md
new file mode 100755
index 000000000..e17cd596e
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-rcu-schema/README.md
@@ -0,0 +1,219 @@
+# Managing RCU schema for a OracleAccessManagement domain
+
+The sample scripts in this directory demonstrate how to:
+* Create an RCU schema in the Oracle DB that will be used by a OracleAccessManagement domain.
+* Delete the RCU schema in the Oracle DB used by a OracleAccessManagement domain.
+
+## Start an Oracle Database service in a Kubernetes cluster
+
+Use the script ``samples/scripts/create-oracle-db-service/start-db-service.sh``
+
+For creating a OracleAccessManagement domain, you can use the Database connection string, `oracle-db.default.svc.cluster.local:1521/devpdb.k8s`, as an `rcuDatabaseURL` parameter in the `domain.input.yaml` file.
+
+You can access the Database through the NodePort outside of the Kubernetes cluster, using the URL `:30011/devpdb.k8s`.
+
+**Note**: To create a OracleAccessManagement domain image, the domain-in-image model needs a public Database URL as an `rcuDatabaseURL` parameter.
+
+
+## Create the RCU schema in the Oracle Database
+
+This script generates the RCU schema based `schemaPrefix` and `dburl`.
+
+The script assumes that either the image, `oracle/oam:12.2.1.4.0`, is available in the nodes or an `ImagePullSecret` is created to pull the image. To create a secret, see the script `create-image-pull-secret.sh`.
+
+```
+$ ./create-rcu-schema.sh -h
+usage: ./create-rcu-schema.sh -s -t -d -i -u -p -n -q -r -o -c [-h]
+ -s RCU Schema Prefix (required)
+ -t RCU Schema Type (optional)
+ (supported values: oam)
+ -d RCU Oracle Database URL (optional)
+ (default: oracle-db.default.svc.cluster.local:1521/devpdb.k8s)
+ -p OracleAccessManagement ImagePullSecret (optional)
+ (default: none)
+ -i OracleAccessManagement Image (optional)
+ (default: oracle/oam:12.2.1.4.0)
+ -u OracleAccessManagement ImagePullPolicy (optional)
+ (default: IfNotPresent)
+ -n Namespace for RCU pod (optional)
+ (default: default)
+ -q password for database SYSDBA user. (optional)
+ (default: Oradoc_db1)
+ -r password for all schema owner (regular user). (optional)
+ (default: Oradoc_db1)
+ -o Output directory for the generated YAML file. (optional)
+ (default: rcuoutput)
+ -c Comma-separated variables in the format variablename=value. (optional).
+ (default: none)
+ -h Help
+
+$ ./create-rcu-schema.sh -s domain1
+ImagePullSecret[none] Image[oracle/oam:12.2.1.4.0] dburl[oracle-db.default.svc.cluster.local:1521/devpdb.k8s] rcuType[fmw] customVariables[none]
+pod/rcu created
+[rcu] already initialized ..
+Checking Pod READY column for State [1/1]
+Pod [rcu] Status is Ready Iter [1/60]
+NAME READY STATUS RESTARTS AGE
+rcu 1/1 Running 0 6s
+NAME READY STATUS RESTARTS AGE
+rcu 1/1 Running 0 11s
+CLASSPATH=/u01/jdk/lib/tools.jar:/u01/oracle/wlserver/modules/features/wlst.wls.classpath.jar:
+
+PATH=/u01/oracle/wlserver/server/bin:/u01/oracle/wlserver/../oracle_common/modules/thirdparty/org.apache.ant/1.10.5.0.0/apache-ant-1.10.5/bin:/u01/jdk/jre/bin:/u01/jdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/u01/jdk/bin:/u01/oracle/oracle_common/common/bin:/u01/oracle/wlserver/common/bin:/u01/oracle:/u01/oracle/wlserver/../oracle_common/modules/org.apache.maven_3.2.5/bin
+
+Your environment has been set.
+Check if the DB Service is ready to accept request
+DB Connection String [oracle-db.default.svc.cluster.local:1521/devpdb.k8s], schemaPrefix [accessinfra] rcuType [fmw]
+
+**** Success!!! ****
+
+You can connect to the database in your app using:
+
+ java.util.Properties props = new java.util.Properties();
+ props.put("user", "sys as sysdba");
+ props.put("password", "Oradoc_db1");
+ java.sql.Driver d =
+ Class.forName("oracle.jdbc.OracleDriver").newInstance();
+ java.sql.Connection conn =
+ Driver.connect("sys as sysdba", props);
+Creating RCU Schema for OracleAccessManagement Domain ...
+Extra RCU Schema Component Choosen[]
+
+Processing command line ....
+
+Repository Creation Utility - Checking Prerequisites
+Checking Component Prerequisites
+Repository Creation Utility - Creating Tablespaces
+Validating and Creating Tablespaces
+Create tablespaces in the repository database
+Repository Creation Utility - Create
+Repository Create in progress.
+Executing pre create operations
+ Percent Complete: 20
+ Percent Complete: 20
+ .....
+ Percent Complete: 96
+ Percent Complete: 100
+ .....
+Executing post create operations
+
+Repository Creation Utility: Create - Completion Summary
+
+Database details:
+-----------------------------
+Host Name : oracle-db.default.svc.cluster.local
+Port : 1521
+Service Name : DEVPDB.K8S
+Connected As : sys
+Prefix for (prefixable) Schema Owners : DOMAIN1
+RCU Logfile : /tmp/RCU2020-05-01_14-35_1160633335/logs/rcu.log
+
+Component schemas created:
+-----------------------------
+Component Status Logfile
+
+Common Infrastructure Services Success /tmp/RCU2020-05-01_14-35_1160633335/logs/stb.log
+Oracle Platform Security Services Success /tmp/RCU2020-05-01_14-35_1160633335/logs/opss.log
+Audit Services Success /tmp/RCU2020-05-01_14-35_1160633335/logs/iau.log
+Audit Services Append Success /tmp/RCU2020-05-01_14-35_1160633335/logs/iau_append.log
+Audit Services Viewer Success /tmp/RCU2020-05-01_14-35_1160633335/logs/iau_viewer.log
+Metadata Services Success /tmp/RCU2020-05-01_14-35_1160633335/logs/mds.log
+WebLogic Services Success /tmp/RCU2020-05-01_14-35_1160633335/logs/wls.log
+
+Repository Creation Utility - Create : Operation Completed
+[INFO] Modify the domain.input.yaml to use [oracle-db.default.svc.cluster.local:1521/devpdb.k8s] as rcuDatabaseURL and [domain1] as rcuSchemaPrefix
+```
+
+## Drop the RCU schema from the Oracle Database
+
+Use this script to drop the RCU schema based `schemaPrefix` and `dburl`.
+
+```
+$ ./drop-rcu-schema.sh -h
+usage: ./drop-rcu-schema.sh -s -d -n -q -r [-h]
+ -s RCU Schema Prefix (required)
+ -t RCU Schema Type (optional)
+ (supported values: oam)
+ -d Oracle Database URL (optional)
+ (default: oracle-db.default.svc.cluster.local:1521/devpdb.k8s)
+ -n Namespace where RCU pod is deployed (optional)
+ (default: default)
+ -q password for database SYSDBA user. (optional)
+ (default: Oradoc_db1)
+ -r password for all schema owner (regular user). (optional)
+ (default: Oradoc_db1)
+ -c Comma-separated variables in the format variablename=value. (optional).
+ (default: none)
+ -h Help
+
+$ ./drop-rcu-schema.sh -s domain1
+CLASSPATH=/u01/jdk/lib/tools.jar:/u01/oracle/wlserver/modules/features/wlst.wls.classpath.jar:
+
+PATH=/u01/oracle/wlserver/server/bin:/u01/oracle/wlserver/../oracle_common/modules/thirdparty/org.apache.ant/1.10.5.0.0/apache-ant-1.10.5/bin:/u01/jdk/jre/bin:/u01/jdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/u01/jdk/bin:/u01/oracle/oracle_common/common/bin:/u01/oracle/wlserver/common/bin:/u01/oracle:/u01/oracle/wlserver/../oracle_common/modules/org.apache.maven_3.2.5/bin
+
+Your environment has been set.
+Check if the DB Service is ready to accept request
+DB Connection String [oracle-db.default.svc.cluster.local:1521/devpdb.k8s] schemaPrefix [domain1] rcuType[fmw]
+
+**** Success!!! ****
+
+You can connect to the database in your app using:
+
+ java.util.Properties props = new java.util.Properties();
+ props.put("user", "sys as sysdba");
+ props.put("password", "Oradoc_db1");
+ java.sql.Driver d =
+ Class.forName("oracle.jdbc.OracleDriver").newInstance();
+ java.sql.Connection conn =
+ Driver.connect("sys as sysdba", props);
+Dropping RCU Schema for OracleAccessManagement Domain ...
+Extra RCU Schema Component(s) Choosen[]
+
+Processing command line ....
+Repository Creation Utility - Checking Prerequisites
+Checking Global Prerequisites
+Repository Creation Utility - Checking Prerequisites
+Checking Component Prerequisites
+Repository Creation Utility - Drop
+Repository Drop in progress.
+ Percent Complete: 2
+ Percent Complete: 14
+ .....
+ Percent Complete: 99
+ Percent Complete: 100
+ .....
+
+Repository Creation Utility: Drop - Completion Summary
+
+Database details:
+-----------------------------
+Host Name : oracle-db.default.svc.cluster.local
+Port : 1521
+Service Name : DEVPDB.K8S
+Connected As : sys
+Prefix for (prefixable) Schema Owners : DOMAIN1
+RCU Logfile : /tmp/RCU2020-05-01_14-42_651700358/logs/rcu.log
+
+Component schemas dropped:
+-----------------------------
+Component Status Logfile
+
+Common Infrastructure Services Success /tmp/RCU2020-05-01_14-42_651700358/logs/stb.log
+Oracle Platform Security Services Success /tmp/RCU2020-05-01_14-42_651700358/logs/opss.log
+Audit Services Success /tmp/RCU2020-05-01_14-42_651700358/logs/iau.log
+Audit Services Append Success /tmp/RCU2020-05-01_14-42_651700358/logs/iau_append.log
+Audit Services Viewer Success /tmp/RCU2020-05-01_14-42_651700358/logs/iau_viewer.log
+Metadata Services Success /tmp/RCU2020-05-01_14-42_651700358/logs/mds.log
+WebLogic Services Success /tmp/RCU2020-05-01_14-42_651700358/logs/wls.log
+
+Repository Creation Utility - Drop : Operation Completed
+pod "rcu" deleted
+Checking Status for Pod [rcu] in namesapce [default]
+Error from server (NotFound): pods "rcu" not found
+Pod [rcu] removed from nameSpace [default]
+```
+
+## Stop an Oracle Database service in a Kubernetes cluster
+
+Use the script ``samples/scripts/create-oracle-db-service/stop-db-service.sh``
+
diff --git a/OracleAccessManagement/kubernetes/create-rcu-schema/common/createRepository.sh b/OracleAccessManagement/kubernetes/create-rcu-schema/common/createRepository.sh
new file mode 100755
index 000000000..fe91c1dcc
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-rcu-schema/common/createRepository.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+. /u01/oracle/wlserver/server/bin/setWLSEnv.sh
+
+echo "Check if the DB Service is ready to accept request "
+connectString=${1:-oracle-db.default.svc.cluster.local:1521/devpdb.k8s}
+schemaPrefix=${2:-accessinfra}
+rcuType=${3:-fmw}
+sysPassword=${4:-Oradoc_db1}
+customVariables=${5:-none}
+
+echo "DB Connection String [$connectString], schemaPrefix [${schemaPrefix}] rcuType [${rcuType}] customVariables [${customVariables}]"
+
+max=100
+counter=0
+while [ $counter -le ${max} ]
+do
+ java utils.dbping ORACLE_THIN "sys as sysdba" ${sysPassword} ${connectString} > dbping.err 2>&1
+ [[ $? == 0 ]] && break;
+ ((counter++))
+ echo "[$counter/${max}] Retrying the DB Connection ..."
+ sleep 10
+done
+
+if [ $counter -gt ${max} ]; then
+ echo "Error output from 'java utils.dbping ORACLE_THIN \"sys as sysdba\" SYSPASSWORD ${connectString}' from '$(pwd)/dbping.err':"
+ cat dbping.err
+ echo "[ERROR] Oracle DB Service is not ready after [${max}] iterations ..."
+ exit -1
+else
+ java utils.dbping ORACLE_THIN "sys as sysdba" ${sysPassword} ${connectString}
+fi
+
+if [ $customVariables != "none" ]; then
+ extVariables="-variables $customVariables"
+else
+ extVariables=""
+fi
+case $rcuType in
+
+oam)
+ extComponents="-component OAM"
+ echo "Creating RCU Schema for OracleAccessManagement Domain ..."
+ ;;
+ * )
+ echo "[ERROR] Unknown RCU Schema Type [$rcuType]"
+ echo "Supported values: oam"
+ exit -1
+ ;;
+esac
+
+echo "Extra RCU Schema Component Choosen[${extComponents}]"
+echo "Extra RCU Schema Variable Choosen[${extVariables}]"
+
+#Debug
+#export DISPLAY=0.0
+#/u01/oracle/oracle_common/bin/rcu -listComponents
+
+/u01/oracle/oracle_common/bin/rcu -silent -createRepository \
+ -databaseType ORACLE -connectString ${connectString} \
+ -dbUser sys -dbRole sysdba -useSamePasswordForAllSchemaUsers true \
+ -selectDependentsForComponents true \
+ -schemaPrefix ${schemaPrefix} ${extComponents} ${extVariables} \
+ -component MDS -component IAU -component IAU_APPEND -component IAU_VIEWER \
+ -component OPSS -component WLS -component STB < /u01/oracle/pwd.txt
+
diff --git a/OracleAccessManagement/kubernetes/create-rcu-schema/common/dropRepository.sh b/OracleAccessManagement/kubernetes/create-rcu-schema/common/dropRepository.sh
new file mode 100755
index 000000000..6b02d8804
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-rcu-schema/common/dropRepository.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+. /u01/oracle/wlserver/server/bin/setWLSEnv.sh
+
+echo "Check if the DB Service is ready to accept request "
+connectString=${1:-oracle-db.default.svc.cluster.local:1521/devpdb.k8s}
+schemaPrefix=${2:-accessinfra}
+rcuType=${3:-fmw}
+sysPassword=${4:-Oradoc_db1}
+customVariables=${5:-none}
+
+echo "DB Connection String [$connectString] schemaPrefix [${schemaPrefix}] rcuType[${rcuType}] customVariables[${customVariables}]"
+
+max=20
+counter=0
+while [ $counter -le ${max} ]
+do
+ java utils.dbping ORACLE_THIN "sys as sysdba" ${sysPassword} ${connectString} > dbping.err 2>&1
+ [[ $? == 0 ]] && break;
+ ((counter++))
+ echo "[$counter/${max}] Retrying the DB Connection ..."
+ sleep 10
+done
+
+if [ $counter -gt ${max} ]; then
+ echo "[ERROR] Oracle DB Service is not ready after [${max}] iterations ..."
+ exit -1
+else
+ java utils.dbping ORACLE_THIN "sys as sysdba" ${sysPassword} ${connectString}
+fi
+
+if [ $customVariables != "none" ]; then
+ extVariables="-variables $customVariables"
+else
+ extVariables=""
+fi
+
+case $rcuType in
+oam)
+ extComponents="-component OAM"
+ echo "Dropping RCU Schema for OracleAccessManagement Domain ..."
+ ;;
+ * )
+ echo "[ERROR] Unknown RCU Schema Type [$rcuType]"
+ echo "Supported values: oam"
+ exit -1
+ ;;
+esac
+
+echo "Extra RCU Schema Component(s) Choosen[${extComponents}]"
+echo "Extra RCU Schema Variable(s) Choosen[${extVariables}]"
+
+/u01/oracle/oracle_common/bin/rcu -silent -dropRepository \
+ -databaseType ORACLE -connectString ${connectString} \
+ -dbUser sys -dbRole sysdba \
+ -selectDependentsForComponents true \
+ -schemaPrefix ${schemaPrefix} ${extComponents} ${extVariables} \
+ -component MDS -component IAU -component IAU_APPEND -component IAU_VIEWER \
+ -component OPSS -component WLS -component STB < /u01/oracle/pwd.txt
+
diff --git a/OracleAccessManagement/kubernetes/create-rcu-schema/common/rcu.yaml b/OracleAccessManagement/kubernetes/create-rcu-schema/common/rcu.yaml
new file mode 100755
index 000000000..f10996c99
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-rcu-schema/common/rcu.yaml
@@ -0,0 +1,20 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+apiVersion: v1
+kind: Pod
+metadata:
+ labels:
+ run: rcu
+ name: rcu
+ namespace: default
+spec:
+ containers:
+ - args:
+ - sleep
+ - infinity
+ image: oracle/oam:12.2.1.4.0
+ imagePullPolicy: IfNotPresent
+ name: rcu
+ imagePullSecrets:
+ - name: docker-store
diff --git a/OracleAccessManagement/kubernetes/create-rcu-schema/common/template/rcu.yaml.template b/OracleAccessManagement/kubernetes/create-rcu-schema/common/template/rcu.yaml.template
new file mode 100755
index 000000000..7832ee662
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-rcu-schema/common/template/rcu.yaml.template
@@ -0,0 +1,22 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# This is a template for RCU Pod
+#
+apiVersion: v1
+kind: Pod
+metadata:
+ labels:
+ run: rcu
+ name: rcu
+ namespace: %NAMESPACE%
+spec:
+ containers:
+ - args:
+ - sleep
+ - infinity
+ image: oracle/oam:12.2.1.4.0
+ imagePullPolicy: %WEBLOGIC_IMAGE_PULL_POLICY%
+ name: rcu
+ %WEBLOGIC_IMAGE_PULL_SECRET_PREFIX%imagePullSecrets:
+ %WEBLOGIC_IMAGE_PULL_SECRET_PREFIX%- name: %WEBLOGIC_IMAGE_PULL_SECRET_NAME%
diff --git a/OracleAccessManagement/kubernetes/create-rcu-schema/create-image-pull-secret.sh b/OracleAccessManagement/kubernetes/create-rcu-schema/create-image-pull-secret.sh
new file mode 100755
index 000000000..006c90331
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-rcu-schema/create-image-pull-secret.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Create ImagePullSecret to pull Oracle DB and OracleAccessManagement Image
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+
+function usage {
+ echo "usage: ${script} -u -p -e -s [-h]"
+ echo " -u Oracle Container Registry User Name (needed)"
+ echo " -p Oracle Container Registry Password (needed)"
+ echo " -e email (needed)"
+ echo " -s Generated Secret (optional) "
+ echo " (default: docker-store) "
+ echo " -h Help"
+ exit $1
+}
+
+while getopts ":u:p:s:e:" opt; do
+ case $opt in
+ u) username="${OPTARG}"
+ ;;
+ p) password="${OPTARG}"
+ ;;
+ e) email="${OPTARG}"
+ ;;
+ s) secert="${OPTARG}"
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+if [ -z ${username} ]; then
+ echo "${script}: -u must be specified."
+ usage 1
+fi
+
+if [ -z ${password} ]; then
+ echo "${script}: -p must be specified."
+ usage 1
+fi
+
+if [ -e ${email} ]; then
+ echo "${script}: -p must be specified."
+ usage 1
+fi
+
+if [ -z ${secret} ]; then
+ secret="docker-store"
+fi
+
+kubectl delete secret/${secret} --ignore-not-found
+echo "Creating ImagePullSecret on container-registry.oracle.com"
+kubectl create secret docker-registry ${secret} --docker-server=container-registry.oracle.com --docker-username=${username} --docker-password=${password} --docker-email=${email}
diff --git a/OracleAccessManagement/kubernetes/create-rcu-schema/create-rcu-schema.sh b/OracleAccessManagement/kubernetes/create-rcu-schema/create-rcu-schema.sh
new file mode 100755
index 000000000..7e225c901
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-rcu-schema/create-rcu-schema.sh
@@ -0,0 +1,204 @@
+#!/bin/bash
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Configure RCU schema based on schemaPreifix and rcuDatabaseURL
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/../common/utility.sh
+
+function usage {
+ echo "usage: ${script} -s -t -d -i -u -p -n -q -r -o -c [-l] [-h] "
+ echo " -s RCU Schema Prefix (required)"
+ echo " -t RCU Schema Type (optional)"
+ echo " (supported values: oam)"
+ echo " -d RCU Oracle Database URL (optional) "
+ echo " (default: oracle-db.default.svc.cluster.local:1521/devpdb.k8s) "
+ echo " -p OracleAccessManagement ImagePullSecret (optional) "
+ echo " (default: none) "
+ echo " -i OracleAccessManagement Image (optional) "
+ echo " (default: oracle/oam:12.2.1.4.0) "
+ echo " -u OracleAccessManagement ImagePullPolicy (optional) "
+ echo " (default: IfNotPresent) "
+ echo " -n Namespace for RCU pod (optional)"
+ echo " (default: default)"
+ echo " -q password for database SYSDBA user. (optional)"
+ echo " (default: Oradoc_db1)"
+ echo " -r password for all schema owner (regular user). (optional)"
+ echo " (default: Oradoc_db1)"
+ echo " -o Output directory for the generated YAML file. (optional)"
+ echo " (default: rcuoutput)"
+ echo " -c Comma-separated custom variables in the format variablename=value. (optional)."
+ echo " (default: none)"
+ echo " -l Timeout limit in seconds. (optional)."
+ echo " (default: 300)"
+ echo " -h Help"
+ exit $1
+}
+
+# Checks if all container(s) in a pod are running state based on READY column using given timeout limit
+# NAME READY STATUS RESTARTS AGE
+# domain1-adminserver 1/1 Running 0 4m
+function checkPodStateUsingCustomTimeout(){
+
+ status="NotReady"
+ count=1
+
+ pod=$1
+ ns=$2
+ state=${3:-1/1}
+ timeoutLimit=${4:-300}
+ max=`expr ${timeoutLimit} / 5`
+
+ echo "Checking Pod READY column for State [$state]"
+ pname=`kubectl get po -n ${ns} | grep -w ${pod} | awk '{print $1}'`
+ if [ -z ${pname} ]; then
+ echo "No such pod [$pod] exists in NameSpace [$ns] "
+ exit -1
+ fi
+
+ rcode=`kubectl get po ${pname} -n ${ns} | grep -w ${pod} | awk '{print $2}'`
+ [[ ${rcode} -eq "${state}" ]] && status="Ready"
+
+ while [ ${status} != "Ready" -a $count -le $max ] ; do
+ sleep 5
+ rcode=`kubectl get po/$pod -n ${ns} | grep -v NAME | awk '{print $2}'`
+ [[ ${rcode} -eq "1/1" ]] && status="Ready"
+ echo "Pod [$1] Status is ${status} Iter [$count/$max]"
+ count=`expr $count + 1`
+ done
+ if [ $count -gt $max ] ; then
+ echo "[ERROR] Unable to start the Pod [$pod] after ${timeout}s ";
+ exit 1
+ fi
+
+ pname=`kubectl get po -n ${ns} | grep -w ${pod} | awk '{print $1}'`
+ kubectl -n ${ns} get po ${pname}
+}
+
+timeout=300
+
+while getopts ":h:s:d:p:i:t:n:q:r:o:u:c:l:" opt; do
+ case $opt in
+ s) schemaPrefix="${OPTARG}"
+ ;;
+ t) rcuType="${OPTARG}"
+ ;;
+ d) dburl="${OPTARG}"
+ ;;
+ p) pullsecret="${OPTARG}"
+ ;;
+ i) fmwimage="${OPTARG}"
+ ;;
+ n) namespace="${OPTARG}"
+ ;;
+ q) sysPassword="${OPTARG}"
+ ;;
+ r) schemaPassword="${OPTARG}"
+ ;;
+ o) rcuOutputDir="${OPTARG}"
+ ;;
+ u) imagePullPolicy="${OPTARG}"
+ ;;
+ c) customVariables="${OPTARG}"
+ ;;
+ l) timeout="${OPTARG}"
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+if [ -z ${schemaPrefix} ]; then
+ echo "${script}: -s must be specified."
+ usage 1
+fi
+
+if [ -z ${dburl} ]; then
+ dburl="oracle-db.default.svc.cluster.local:1521/devpdb.k8s"
+fi
+
+if [ -z ${rcuType} ]; then
+ rcuType="fmw"
+fi
+
+if [ -z ${pullsecret} ]; then
+ pullsecret="none"
+ pullsecretPrefix="#"
+fi
+
+if [ -z ${fmwimage} ]; then
+ fmwimage="oracle/oam:12.2.1.4.0"
+fi
+
+if [ -z ${imagePullPolicy} ]; then
+ imagePullPolicy="IfNotPresent"
+fi
+
+if [ -z ${namespace} ]; then
+ namespace="default"
+fi
+
+if [ -z ${sysPassword} ]; then
+ sysPassword="Oradoc_db1"
+fi
+
+if [ -z ${schemaPassword} ]; then
+ schemaPassword="Oradoc_db1"
+fi
+
+if [ -z ${rcuOutputDir} ]; then
+ rcuOutputDir="rcuoutput"
+fi
+
+if [ -z ${customVariables} ]; then
+ customVariables="none"
+fi
+
+if [ -z ${timeout} ]; then
+ timeout=300
+fi
+
+echo "ImagePullSecret[$pullsecret] Image[${fmwimage}] dburl[${dburl}] rcuType[${rcuType}] customVariables[${customVariables}]"
+
+mkdir -p ${rcuOutputDir}
+rcuYaml=${rcuOutputDir}/rcu.yaml
+rm -f ${rcuYaml}
+rcuYamlTemp=${scriptDir}/common/template/rcu.yaml.template
+cp $rcuYamlTemp $rcuYaml
+
+# Modify the ImagePullSecret based on input
+sed -i -e "s:%NAMESPACE%:${namespace}:g" $rcuYaml
+sed -i -e "s:%WEBLOGIC_IMAGE_PULL_POLICY%:${imagePullPolicy}:g" $rcuYaml
+sed -i -e "s:%WEBLOGIC_IMAGE_PULL_SECRET_NAME%:${pullsecret}:g" $rcuYaml
+sed -i -e "s:%WEBLOGIC_IMAGE_PULL_SECRET_PREFIX%:${pullsecretPrefix}:g" $rcuYaml
+sed -i -e "s?image:.*?image: ${fmwimage}?g" $rcuYaml
+kubectl apply -f $rcuYaml
+
+# Make sure the rcu deployment Pod is RUNNING
+checkPod rcu $namespace
+checkPodStateUsingCustomTimeout rcu $namespace "1/1" ${timeout}
+sleep 5
+kubectl get po/rcu -n $namespace
+
+# Generate the default password files for rcu command
+echo "$sysPassword" > pwd.txt
+echo "$schemaPassword" >> pwd.txt
+
+kubectl exec -n $namespace -i rcu -- bash -c 'cat > /u01/oracle/createRepository.sh' < ${scriptDir}/common/createRepository.sh
+kubectl exec -n $namespace -i rcu -- bash -c 'cat > /u01/oracle/pwd.txt' < pwd.txt
+rm -rf createRepository.sh pwd.txt
+
+kubectl exec -n $namespace -i rcu /bin/bash /u01/oracle/createRepository.sh ${dburl} ${schemaPrefix} ${rcuType} ${sysPassword} ${customVariables}
+if [ $? != 0 ]; then
+ echo "######################";
+ echo "[ERROR] Could not create the RCU Repository";
+ echo "######################";
+ exit -3;
+fi
+
+echo "[INFO] Modify the domain.input.yaml to use [$dburl] as rcuDatabaseURL and [${schemaPrefix}] as rcuSchemaPrefix "
+
diff --git a/OracleAccessManagement/kubernetes/create-rcu-schema/drop-rcu-schema.sh b/OracleAccessManagement/kubernetes/create-rcu-schema/drop-rcu-schema.sh
new file mode 100755
index 000000000..0f29946b7
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-rcu-schema/drop-rcu-schema.sh
@@ -0,0 +1,108 @@
+#!/bin/bash
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Drop the RCU schema based on schemaPreifix and Database URL
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/../common/utility.sh
+
+function usage {
+ echo "usage: ${script} -s -d -n -q -r -c [-h]"
+ echo " -s RCU Schema Prefix (required)"
+ echo " -t RCU Schema Type (optional)"
+ echo " (supported values: oam) "
+ echo " -d Oracle Database URL (optional)"
+ echo " (default: oracle-db.default.svc.cluster.local:1521/devpdb.k8s) "
+ echo " -n Namespace where RCU pod is deployed (optional)"
+ echo " (default: default) "
+ echo " -q password for database SYSDBA user. (optional)"
+ echo " (default: Oradoc_db1)"
+ echo " -r password for all schema owner (regular user). (optional)"
+ echo " (default: Oradoc_db1)"
+ echo " -c Comma-separated custom variables in the format variablename=value. (optional)."
+ echo " (default: none)"
+ echo " -h Help"
+ exit $1
+}
+
+while getopts ":h:s:d:t:n:q:r:c:" opt; do
+ case $opt in
+ s) schemaPrefix="${OPTARG}"
+ ;;
+ t) rcuType="${OPTARG}"
+ ;;
+ d) dburl="${OPTARG}"
+ ;;
+ n) namespace="${OPTARG}"
+ ;;
+ q) sysPassword="${OPTARG}"
+ ;;
+ r) schemaPassword="${OPTARG}"
+ ;;
+ c) customVariables="${OPTARG}"
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+if [ -z ${schemaPrefix} ]; then
+ echo "${script}: -s must be specified."
+ usage 1
+fi
+
+if [ -z ${dburl} ]; then
+ dburl="oracle-db.default.svc.cluster.local:1521/devpdb.k8s"
+fi
+
+if [ -z ${rcuType} ]; then
+ rcuType="fmw"
+fi
+
+if [ -z ${namespace} ]; then
+ namespace="default"
+fi
+
+if [ -z ${sysPassword} ]; then
+ sysPassword="Oradoc_db1"
+fi
+
+if [ -z ${schemaPassword} ]; then
+ schemaPassword="Oradoc_db1"
+fi
+
+if [ -z ${customVariables} ]; then
+ customVariables="none"
+fi
+
+rcupod=`kubectl get po -n ${namespace} | grep rcu | cut -f1 -d " " `
+if [ -z ${rcupod} ]; then
+ echo "RCU deployment pod not found in [$namespace] Namespace"
+ exit -2
+fi
+
+#fmwimage=`kubectl get pod/rcu -o jsonpath="{..image}"`
+echo "DB Connection String [$dbUrl], schemaPrefix [${schemaPrefix}] rcuType [${rcuType}] schemaProfileType [${customVariables}]"
+
+echo "${sysPassword}" > pwd.txt
+echo "${schemaPassword}" >> pwd.txt
+
+kubectl exec -n $namespace -i rcu -- bash -c 'cat > /u01/oracle/dropRepository.sh' < ${scriptDir}/common/dropRepository.sh
+kubectl exec -n $namespace -i rcu -- bash -c 'cat > /u01/oracle/pwd.txt' < pwd.txt
+rm -rf dropRepository.sh pwd.txt
+
+kubectl exec -n $namespace -i rcu /bin/bash /u01/oracle/dropRepository.sh ${dburl} ${schemaPrefix} ${rcuType} ${sysPassword} ${customVariables}
+if [ $? != 0 ]; then
+ echo "######################";
+ echo "[ERROR] Could not drop the RCU Repository based on dburl[${dburl}] schemaPrefix[${schemaPrefix}] ";
+ echo "######################";
+ exit -3;
+fi
+
+kubectl delete pod rcu -n ${namespace}
+checkPodDelete rcu ${namespace}
+
diff --git a/OracleAccessManagement/kubernetes/create-weblogic-domain-credentials/README.md b/OracleAccessManagement/kubernetes/create-weblogic-domain-credentials/README.md
new file mode 100755
index 000000000..5e4c6fb26
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-weblogic-domain-credentials/README.md
@@ -0,0 +1,50 @@
+# Creating credentials for a WebLogic domain
+
+This sample demonstrates how to create a Kubernetes secret containing the
+credentials for a WebLogic domain. The operator expects this secret to be
+named following the pattern `domainUID-weblogic-credentials`, where `domainUID`
+is the unique identifier of the domain. It must be in the same namespace
+that the domain will run in.
+
+To use the sample, run the command:
+
+```
+$ ./create-weblogic-credentials.sh -u username -p password -d domainUID -n namespace -s secretName
+```
+
+The parameters are as follows:
+
+```
+ -u user name, must be specified.
+ -p password, must be specified.
+ -d domainUID, optional. The default value is accessinfra. If specified, the secret will be labeled with the domainUID unless the given value is an empty string.
+ -n namespace, optional. Use the accessns namespace if not specified.
+ -s secretName, optional. If not specified, the secret name will be determined based on the domainUID value.
+```
+
+This creates a `generic` secret containing the user name and password as literal values.
+
+You can check the secret with the `kubectl get secret` command. An example is shown below,
+including the output:
+
+```
+$ kubectl -n accessns get secret accessinfra-weblogic-credentials -o yaml
+apiVersion: v1
+data:
+ password: d2VsY29tZTE=
+ username: d2VibG9naWM=
+kind: Secret
+metadata:
+ creationTimestamp: 2018-12-12T20:25:20Z
+ labels:
+ weblogic.domainName: accessinfra
+ weblogic.domainUID: accessinfra
+ name: accessinfra-weblogic-credentials
+ namespace: accessns
+ resourceVersion: "5680"
+ selfLink: /api/v1/namespaces/accessns/secrets/accessinfra-weblogic-credentials
+ uid: 0c2b3510-fe4c-11e8-994d-00001700101d
+type: Opaque
+
+```
+
diff --git a/OracleAccessManagement/kubernetes/create-weblogic-domain-credentials/create-weblogic-credentials.sh b/OracleAccessManagement/kubernetes/create-weblogic-domain-credentials/create-weblogic-credentials.sh
new file mode 100755
index 000000000..ad11f1853
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-weblogic-domain-credentials/create-weblogic-credentials.sh
@@ -0,0 +1,121 @@
+#!/usr/bin/env bash
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Description
+# This sample script creates a Kubernetes secret for WebLogic domain admin credentials.
+#
+# The following pre-requisites must be handled prior to running this script:
+# * The kubernetes namespace must already be created
+#
+# Secret name determination
+# 1) secretName - if specified
+# 2) accessinfra-weblogic-credentials - if secretName and domainUID are both not specified. This is the default out-of-the-box.
+# 3) -weblogic-credentials - if secretName is not specified, and domainUID is specified.
+# 4) weblogic-credentials - if secretName is not specified, and domainUID is specified as "".
+#
+# The generated secret will be labeled with
+# weblogic.domainUID=$domainUID
+# and
+# weblogic.domainName=$domainUID
+# Where the $domainUID is the value of the -d command line option, unless the value supplied is an empty String ""
+#
+
+script="${BASH_SOURCE[0]}"
+
+#
+# Function to exit and print an error message
+# $1 - text of message
+function fail {
+ echo [ERROR] $*
+ exit 1
+}
+
+# Try to execute kubectl to see whether kubectl is available
+function validateKubectlAvailable {
+ if ! [ -x "$(command -v kubectl)" ]; then
+ fail "kubectl is not installed"
+ fi
+}
+
+function usage {
+ echo usage: ${script} -u username -p password [-d domainUID] [-n namespace] [-s secretName] [-h]
+ echo " -u username, must be specified."
+ echo " -p password, must be specified."
+ echo " -d domainUID, optional. The default value is accessinfra. If specified, the secret will be labeled with the domainUID unless the given value is an empty string."
+ echo " -n namespace, optional. Use the accessns namespace if not specified"
+ echo " -s secretName, optional. If not specified, the secret name will be determined based on the domainUID value"
+ echo " -h Help"
+ exit $1
+}
+
+#
+# Parse the command line options
+#
+domainUID=accessinfra
+namespace=accessns
+while getopts "hu:p:n:d:s:" opt; do
+ case $opt in
+ u) username="${OPTARG}"
+ ;;
+ p) password="${OPTARG}"
+ ;;
+ n) namespace="${OPTARG}"
+ ;;
+ d) domainUID="${OPTARG}"
+ ;;
+ s) secretName="${OPTARG}"
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+if [ -z $secretName ]; then
+ if [ -z $domainUID ]; then
+ secretName=weblogic-credentials
+ else
+ secretName=$domainUID-weblogic-credentials
+ fi
+fi
+
+if [ -z ${username} ]; then
+ echo "${script}: -u must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ -z ${password} ]; then
+ echo "${script}: -p must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ "${missingRequiredOption}" == "true" ]; then
+ usage 1
+fi
+
+# check and see if the secret already exists
+result=`kubectl get secret ${secretName} -n ${namespace} --ignore-not-found=true | grep ${secretName} | wc | awk ' { print $1; }'`
+if [ "${result:=Error}" != "0" ]; then
+ fail "The secret ${secretName} already exists in namespace ${namespace}."
+fi
+
+# create the secret
+kubectl -n $namespace create secret generic $secretName \
+ --from-literal=username=$username \
+ --from-literal=password=$password
+
+# label the secret with domainUID if needed
+if [ ! -z $domainUID ]; then
+ kubectl label secret ${secretName} -n $namespace weblogic.domainUID=$domainUID weblogic.domainName=$domainUID
+fi
+
+# Verify the secret exists
+SECRET=`kubectl get secret ${secretName} -n ${namespace} | grep ${secretName} | wc | awk ' { print $1; }'`
+if [ "${SECRET}" != "1" ]; then
+ fail "The secret ${secretName} was not found in namespace ${namespace}"
+fi
+
+echo "The secret ${secretName} has been successfully created in the ${namespace} namespace."
+
diff --git a/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/README.md b/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/README.md
new file mode 100755
index 000000000..222519bd0
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/README.md
@@ -0,0 +1,222 @@
+# Sample persistent volume and persistent volume claim
+
+The sample scripts demonstrate the creation of a Kubernetes persistent volume (PV) and persistent volume claim (PVC), which can then be used in a domain resource as a persistent storage for the WebLogic domain home or log files.
+
+A PV and PVC can be shared by multiple WebLogic domains or dedicated to a particular domain.
+
+## Prerequisites
+
+Please read the [Persistent Volumes](../../../../site/persistent-volumes.md) guide before proceeding.
+
+## Using the scripts to create a PV and PVC
+
+Prior to running the `create-pv-pvc.sh` script, make a copy of the `create-pv-pvc-inputs.yaml` file, and uncomment and explicitly configure the `weblogicDomainStoragePath` property in the inputs file.
+
+Run the create script, pointing it at your inputs file and an output directory:
+
+```
+$ ./create-pv-pvc.sh \
+ -i create-pv-pvc-inputs.yaml \
+ -o /path/to/output-directory
+```
+
+The `create-pv-pvc.sh` script will create a subdirectory `pv-pvcs` under the given `/path/to/output-directory` directory. By default, the script generates two YAML files, namely `weblogic-sample-pv.yaml` and `weblogic-sample-pvc.yaml`, in the `/path/to/output-directory/pv-pvcs`. These two YAML files can be used to create the Kubernetes resources using the `kubectl create -f` command.
+
+```
+$ kubectl create -f accessinfra-domain-pv.yaml
+$ kubectl create -f accessinfra-domain-pvc.yaml
+
+```
+
+As a convenience, the script can optionally create the PV and PVC resources using the `-e` option.
+
+The usage of the create script is as follows:
+
+```
+$ sh create-pv-pvc.sh -h
+usage: create-pv-pvc.sh -i file -o dir [-e] [-h]
+ -i Parameter inputs file, must be specified.
+ -o Output directory for the generated yaml files, must be specified.
+ -e Also create the Kubernetes objects using the generated yaml files
+ -h Help
+```
+
+If you copy the sample scripts to a different location, make sure that you copy everything in the `/kubernetes/samples/scripts` directory together into the target directory, maintaining the original directory hierarchy.
+
+## Configuration parameters
+
+The PV and PVC creation inputs can be customized by editing the `create-pv-pvc-inputs.yaml` file.
+
+| Parameter | Definition | Default |
+| --- | --- | --- |
+| `domainUID` | ID of the domain resource to which the generated PV and PVC will be dedicated. Leave it empty if the PV and PVC are going to be shared by multiple domains. | no default |
+| `namespace` | Kubernetes namespace to create the PVC. | `default` |
+| `baseName` | Base name of the PV and PVC. The generated PV and PVC will be `-pv` and `-pvc` respectively. | `weblogic-sample` |
+| `weblogicDomainStoragePath` | Physical path of the storage for the PV. When `weblogicDomainStorageType` is set to `HOST_PATH`, this value should be set the to path to the domain storage on the Kubernetes host. When `weblogicDomainStorageType` is set to NFS, then `weblogicDomainStorageNFSServer` should be set to the IP address or name of the DNS server, and this value should be set to the exported path on that server. Note that the path where the domain is mounted in the WebLogic containers is not affected by this setting, that is determined when you create your domain. | no default |
+| `weblogicDomainStorageReclaimPolicy` | Kubernetes PVC policy for the persistent storage. The valid values are: `Retain`, `Delete`, and `Recycle`. | `Retain` |
+| `weblogicDomainStorageSize` | Total storage allocated for the PVC. | `10Gi` |
+| `weblogicDomainStorageType` | Type of storage. Legal values are `NFS` and `HOST_PATH`. If using `NFS`, `weblogicDomainStorageNFSServer` must be specified. | `HOST_PATH` |
+| `weblogicDomainStorageNFSServer`| Name or IP address of the NFS server. This setting only applies if `weblogicDomainStorateType` is `NFS`. | no default |
+
+## Shared versus dedicated PVC
+
+By default, the `domainUID` is left empty in the inputs file, which means the generated PV and PVC will not be associated with a particular domain, but can be shared by multiple domain resources in the same Kubernetes namespaces as the PV and PVC.
+
+For the use cases where dedicated PV and PVC are desired for a particular domain, the `domainUID` needs to be set in the `create-pv-pvc-inputs.yaml` file. The presence of a non-empty `domainUID` in the inputs file will cause the generated PV and PVC to be associated with the specified `domainUID`. The association includes that the names of the generated YAML files and the Kubernetes PV and PVC objects are decorated with the `domainUID`, and the PV and PVC objects are also labeled with the `domainUID`.
+
+## Verify the results
+
+The create script will verify that the PV and PVC were created, and will report a failure if there was any error. However, it may be desirable to manually verify the PV and PVC, even if just to gain familiarity with the various Kubernetes objects that were created by the script.
+
+### Generated YAML files with the default inputs
+
+The content of the generated `accessinfra-domain-pvc.yaml`:
+
+```
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: accessinfra-domain-pvc
+ namespace: default
+
+ storageClassName: accessinfra-domain-storage-class
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 10Gi
+```
+
+The content of the generated `accessinfra-domain-pv.yaml`:
+```
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: accessinfra-domain-pv
+ # labels:
+ # weblogic.domainUID:
+spec:
+ storageClassName: accessinfra-domain-storage-class
+ capacity:
+ storage: 10Gi
+ accessModes:
+ - ReadWriteMany
+ # Valid values are Retain, Delete or Recycle
+ persistentVolumeReclaimPolicy: Retain
+ hostPath:
+ # nfs:
+ # server: %SAMPLE_STORAGE_NFS_SERVER%
+ path: "/scratch/k8s_dir"
+
+```
+
+### Generated YAML files for dedicated PV and PVC
+
+The content of the generated `accessinfra-domain-pvc.yaml` when `domainUID` is set to `domain1`:
+
+```
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: accessinfra-domain-pvc
+ namespace: default
+ labels:
+ weblogic.domainUID: accessinfra
+spec:
+ storageClassName: accessinfra-domain-storage-class
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 10Gi
+```
+
+The content of the generated `accessinfra-domain-pv.yaml` when `domainUID` is set to `domain1`:
+```
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: accessinfra-domain-pv
+ labels:
+ weblogic.domainUID: accessinfra
+spec:
+ storageClassName: accessinfra-domain-storage-class
+ capacity:
+ storage: 10Gi
+ accessModes:
+ - ReadWriteMany
+ # Valid values are Retain, Delete or Recycle
+ persistentVolumeReclaimPolicy: Retain
+ hostPath:
+ # nfs:
+ # server: %SAMPLE_STORAGE_NFS_SERVER%
+ path: "/scratch/k8s_dir"
+```
+
+### Verify the PV and PVC objects
+
+You can use this command to verify the persistent volume was created, note that the `Status` field
+should have the value `Bound`, indicating the that persistent volume has been claimed:
+
+```
+$ kubectl describe pv accessinfra-domain-pv
+Name: accessinfra-domain-pv
+Annotations: pv.kubernetes.io/bound-by-controller=yes
+StorageClass: accessinfra-domain-storage-class
+Status: Bound
+Claim: default/accessinfra-domain-pvc
+Reclaim Policy: Retain
+Access Modes: RWX
+Capacity: 10Gi
+Message:
+Source:
+ Type: HostPath (bare host directory volume)
+ Path: /scratch/k8s_dir
+ HostPathType:
+Events:
+
+```
+
+You can use this command to verify the persistent volume claim was created:
+
+```
+$ kubectl describe pvc accessinfra-domain-pvc
+Name: accessinfra-domain-pvc
+Namespace: default
+StorageClass: accessinfra-domain-storage-class
+Status: Bound
+Volume: accessinfra-domain-pv
+Annotations: pv.kubernetes.io/bind-completed=yes
+ pv.kubernetes.io/bound-by-controller=yes
+Finalizers: []
+Capacity: 10Gi
+Access Modes: RWX
+Events:
+
+```
+
+## Troubleshooting
+
+* Message: `[ERROR] The weblogicDomainStoragePath parameter in kubernetes/samples/scripts/create-weblogic-domain-pv-pvc/create-pv-pvc-inputs.yaml is missing, null or empty`
+Edit the file and set the value of the field. This value must be a directory that is world writable.
+Optionally, follow these steps to tighten permissions on the named directory after you run the sample the first time:
+
+ * Become the root user.
+ * `ls -nd $value-of-weblogicDomainStoragePath`
+ * Note the values of the third and fourth field of the output.
+ * `chown $third-field:$fourth-field $value-of-weblogicDomainStoragePath`
+ * `chmod 755 $value-of-weblogicDomainStoragePath`
+ * Return to your normal user ID.
+
diff --git a/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/create-pv-pvc-inputs.yaml b/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/create-pv-pvc-inputs.yaml
new file mode 100755
index 000000000..1fa458b8b
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/create-pv-pvc-inputs.yaml
@@ -0,0 +1,44 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# The version of this inputs file. Do not modify.
+version: create-accessinfra-pv-pvc-inputs-v1
+
+# The base name of the pv and pvc
+baseName: domain
+
+# Unique ID identifying a domain.
+# If left empty, the generated pv can be shared by multiple domains
+# This ID must not contain an underscope ("_"), and must be lowercase and unique across all domains in a Kubernetes cluster.
+domainUID: accessinfra
+
+# Name of the namespace for the persistent volume claim
+namespace: accessns
+
+# Persistent volume type for the persistent storage.
+# The value must be 'HOST_PATH' or 'NFS'.
+# If using 'NFS', weblogicDomainStorageNFSServer must be specified.
+weblogicDomainStorageType: HOST_PATH
+
+# The server name or ip address of the NFS server to use for the persistent storage.
+# The following line must be uncomment and customized if weblogicDomainStorateType is NFS:
+#weblogicDomainStorageNFSServer: nfsServer
+
+# Physical path of the persistent storage.
+# When weblogicDomainStorageType is set to HOST_PATH, this value should be set the to path to the
+# domain storage on the Kubernetes host.
+# When weblogicDomainStorageType is set to NFS, then weblogicDomainStorageNFSServer should be set
+# to the IP address or name of the DNS server, and this value should be set to the exported path
+# on that server.
+# Note that the path where the domain is mounted in the WebLogic containers is not affected by this
+# setting, that is determined when you create your domain.
+# The following line must be uncomment and customized:
+weblogicDomainStoragePath: /scratch/k8s_dir
+
+# Reclaim policy of the persistent storage
+# The valid values are: 'Retain', 'Delete', and 'Recycle'
+weblogicDomainStorageReclaimPolicy: Retain
+
+# Total storage allocated to the persistent storage.
+weblogicDomainStorageSize: 10Gi
+
diff --git a/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/create-pv-pvc.sh b/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/create-pv-pvc.sh
new file mode 100755
index 000000000..ba3de3459
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/create-pv-pvc.sh
@@ -0,0 +1,267 @@
+#!/usr/bin/env bash
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Description
+# This sample script generates the Kubernetes yaml files for a persistent volume and persistent volume claim
+# that can be used by a domain custom resource.
+#
+# The creation inputs can be customized by editing create-pv-pvc-inputs.yaml
+#
+# The following pre-requisites must be handled prior to running this script:
+# * The Kubernetes namespace must already be created
+#
+
+# Initialize
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/../common/utility.sh
+source ${scriptDir}/../common/validate.sh
+
+function usage {
+ echo usage: ${script} -i file -o dir [-e] [-h]
+ echo " -i Parameter inputs file, must be specified."
+ echo " -o Output directory for the generated yaml files, must be specified."
+ echo " -e Also create the Kubernetes objects using the generated yaml files"
+ echo " -h Help"
+ exit $1
+}
+
+#
+# Parse the command line options
+#
+executeIt=false
+while getopts "ehi:o:" opt; do
+ case $opt in
+ i) valuesInputFile="${OPTARG}"
+ ;;
+ o) outputDir="${OPTARG}"
+ ;;
+ e) executeIt=true
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+if [ -z ${valuesInputFile} ]; then
+ echo "${script}: -i must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ -z ${outputDir} ]; then
+ echo "${script}: -o must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ "${missingRequiredOption}" == "true" ]; then
+ usage 1
+fi
+
+#
+# Function to initialize and validate the output directory
+# for the generated yaml files for this domain.
+#
+function initOutputDir {
+ pvOutputDir="$outputDir/pv-pvcs"
+
+ if [ -z ${domainUID} ]; then
+ pvOutput="${pvOutputDir}/${baseName}-pv.yaml"
+ pvcOutput="${pvOutputDir}/${baseName}-pvc.yaml"
+ persistentVolumeName=${baseName}-pv
+ persistentVolumeClaimName=${baseName}-pvc
+ else
+ pvOutput="${pvOutputDir}/${domainUID}-${baseName}-pv.yaml"
+ pvcOutput="${pvOutputDir}/${domainUID}-${baseName}-pvc.yaml"
+ persistentVolumeName=${domainUID}-${baseName}-pv
+ persistentVolumeClaimName=${domainUID}-${baseName}-pvc
+ fi
+ removeFileIfExists ${pvOutputDir}/{valuesInputFile}
+ removeFileIfExists ${pvOutputDir}/{pvOutput}
+ removeFileIfExists ${pvOutputDir}/{pvcOutput}
+ removeFileIfExists ${pvOutputDir}/create-pv-pvc-inputs.yaml
+}
+
+#
+# Function to setup the environment to run the create domain job
+#
+function initialize {
+
+ # Validate the required files exist
+ validateErrors=false
+
+ if [ -z "${valuesInputFile}" ]; then
+ validationError "You must use the -i option to specify the name of the inputs parameter file (a modified copy of kubernetes/samples/scripts/create-weblogic-domain-pv-pvc/create-pv-pvc-inputs.yaml)."
+ else
+ if [ ! -f ${valuesInputFile} ]; then
+ validationError "Unable to locate the input parameters file ${valuesInputFile}"
+ fi
+ fi
+
+ if [ -z "${outputDir}" ]; then
+ validationError "You must use the -o option to specify the name of an existing directory to store the generated yaml files in."
+ fi
+
+ domainPVInput="${scriptDir}/pv-template.yaml"
+ if [ ! -f ${domainPVInput} ]; then
+ validationError "The template file ${domainPVInput} for generating a persistent volume was not found"
+ fi
+
+ domainPVCInput="${scriptDir}/pvc-template.yaml"
+ if [ ! -f ${domainPVCInput} ]; then
+ validationError "The template file ${domainPVCInput} for generating a persistent volume claim was not found"
+ fi
+
+ failIfValidationErrors
+
+ # Parse the commonn inputs file
+ parseCommonInputs
+ validateInputParamsSpecified \
+ weblogicDomainStoragePath \
+ weblogicDomainStorageSize \
+ baseName \
+ namespace \
+ version
+
+ export requiredInputsVersion="create-weblogic-sample-domain-pv-pvc-inputs-v1"
+ validateDomainUid
+ validateNamespace
+ validateWeblogicDomainStorageType
+ validateWeblogicDomainStorageReclaimPolicy
+ initOutputDir
+ failIfValidationErrors
+}
+
+
+#
+# Function to generate the yaml files for creating a domain
+#
+function createYamlFiles {
+
+ # Create a directory for this domain's output files
+ mkdir -p ${pvOutputDir}
+
+ # Make sure the output directory has a copy of the inputs file.
+ # The user can either pre-create the output directory, put the inputs
+ # file there, and create the domain from it, or the user can put the
+ # inputs file some place else and let this script create the output directory
+ # (if needed) and copy the inputs file there.
+ copyInputsFileToOutputDirectory ${valuesInputFile} "${pvOutputDir}/create-pv-pvc-inputs.yaml"
+
+ enabledPrefix="" # uncomment the feature
+ disabledPrefix="# " # comment out the feature
+
+ echo Generating ${pvOutput}
+
+ cp ${domainPVInput} ${pvOutput}
+ if [ "${weblogicDomainStorageType}" == "NFS" ]; then
+ hostPathPrefix="${disabledPrefix}"
+ nfsPrefix="${enabledPrefix}"
+ sed -i -e "s:%SAMPLE_STORAGE_NFS_SERVER%:${weblogicDomainStorageNFSServer}:g" ${pvOutput}
+ else
+ hostPathPrefix="${enabledPrefix}"
+ nfsPrefix="${disabledPrefix}"
+ fi
+
+ sed -i -e "s:%NAMESPACE%:$namespace:g" ${pvOutput}
+ if [ -z ${domainUID} ]; then
+ domainUIDLabelPrefix="${disabledPrefix}"
+ separator=""
+ else
+ domainUIDLabelPrefix="${enabledPrefix}"
+ separator="-"
+ fi
+ sed -i -e "s:%DOMAIN_UID%:$domainUID:g" ${pvOutput}
+ sed -i -e "s:%SEPARATOR%:$separator:g" ${pvOutput}
+ sed -i -e "s:%DOMAIN_UID_LABEL_PREFIX%:${domainUIDLabelPrefix}:g" ${pvOutput}
+
+ sed -i -e "s:%BASE_NAME%:$baseName:g" ${pvOutput}
+ sed -i -e "s:%SAMPLE_STORAGE_PATH%:${weblogicDomainStoragePath}:g" ${pvOutput}
+ sed -i -e "s:%SAMPLE_STORAGE_RECLAIM_POLICY%:${weblogicDomainStorageReclaimPolicy}:g" ${pvOutput}
+ sed -i -e "s:%SAMPLE_STORAGE_SIZE%:${weblogicDomainStorageSize}:g" ${pvOutput}
+ sed -i -e "s:%HOST_PATH_PREFIX%:${hostPathPrefix}:g" ${pvOutput}
+ sed -i -e "s:%NFS_PREFIX%:${nfsPrefix}:g" ${pvOutput}
+
+ # Generate the yaml to create the persistent volume claim
+ echo Generating ${pvcOutput}
+
+ cp ${domainPVCInput} ${pvcOutput}
+ sed -i -e "s:%NAMESPACE%:$namespace:g" ${pvcOutput}
+ sed -i -e "s:%BASE_NAME%:${baseName}:g" ${pvcOutput}
+
+ sed -i -e "s:%DOMAIN_UID%:$domainUID:g" ${pvcOutput}
+ sed -i -e "s:%SEPARATOR%:$separator:g" ${pvcOutput}
+ sed -i -e "s:%DOMAIN_UID_LABEL_PREFIX%:${domainUIDLabelPrefix}:g" ${pvcOutput}
+
+ sed -i -e "s:%SAMPLE_STORAGE_SIZE%:${weblogicDomainStorageSize}:g" ${pvcOutput}
+
+ # Remove any "...yaml-e" files left over from running sed
+ rm -f ${pvOutputDir}/*.yaml-e
+}
+
+#
+# Function to create the domain's persistent volume
+#
+function createDomainPV {
+ # Check if the persistent volume is already available
+ checkPvExists ${persistentVolumeName}
+ if [ "${PV_EXISTS}" = "false" ]; then
+ echo Creating the persistent volume ${persistentVolumeName}
+ kubectl create -f ${pvOutput}
+ checkPvState ${persistentVolumeName} Available
+ fi
+}
+
+#
+# Function to create the domain's persistent volume claim
+# Must be called after createDomainPV since it relies on
+# createDomainPV defining persistentVolumeName
+#
+function createDomainPVC {
+ # Check if the persistent volume claim is already available
+ checkPvcExists ${persistentVolumeClaimName} ${namespace}
+ if [ "${PVC_EXISTS}" = "false" ]; then
+ echo Creating the persistent volume claim ${persistentVolumeClaimName}
+ kubectl create -f ${pvcOutput}
+ checkPvState ${persistentVolumeName} Bound
+ fi
+}
+
+#
+# Function to output to the console a summary of the work completed
+#
+function printSummary {
+ echo "The following files were generated:"
+ echo " ${pvOutput}"
+ echo " ${pvcOutput}"
+}
+
+#
+# Perform the following sequence of steps to create a domain
+#
+
+# Setup the environment for running this script and perform initial validation checks
+initialize
+
+# Generate the yaml files for creating the domain
+createYamlFiles
+
+# All done if the generate only option is true
+if [ "${executeIt}" = true ]; then
+
+ # Create the domain's persistent volume
+ createDomainPV
+
+ # Create the domain's persistent volume claim
+ createDomainPVC
+fi
+
+# Output a job summary
+printSummary
+
+echo
+echo Completed
+
+
diff --git a/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/pv-template.yaml b/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/pv-template.yaml
new file mode 100755
index 000000000..49e33a22f
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/pv-template.yaml
@@ -0,0 +1,21 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: %DOMAIN_UID%%SEPARATOR%%BASE_NAME%-pv
+ labels:
+ %DOMAIN_UID_LABEL_PREFIX%weblogic.domainUID: %DOMAIN_UID%
+spec:
+ storageClassName: %DOMAIN_UID%%SEPARATOR%%BASE_NAME%-storage-class
+ capacity:
+ storage: %SAMPLE_STORAGE_SIZE%
+ accessModes:
+ - ReadWriteMany
+ # Valid values are Retain, Delete or Recycle
+ persistentVolumeReclaimPolicy: %SAMPLE_STORAGE_RECLAIM_POLICY%
+ %HOST_PATH_PREFIX%hostPath:
+ %NFS_PREFIX%nfs:
+ %NFS_PREFIX%server: %SAMPLE_STORAGE_NFS_SERVER%
+ path: "%SAMPLE_STORAGE_PATH%"
diff --git a/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/pvc-template.yaml b/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/pvc-template.yaml
new file mode 100755
index 000000000..49e8d5afb
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/create-weblogic-domain-pv-pvc/pvc-template.yaml
@@ -0,0 +1,17 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: %DOMAIN_UID%%SEPARATOR%%BASE_NAME%-pvc
+ namespace: %NAMESPACE%
+ labels:
+ %DOMAIN_UID_LABEL_PREFIX%weblogic.domainUID: %DOMAIN_UID%
+spec:
+ storageClassName: %DOMAIN_UID%%SEPARATOR%%BASE_NAME%-storage-class
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: %SAMPLE_STORAGE_SIZE%
diff --git a/OracleAccessManagement/kubernetes/delete-domain/README.md b/OracleAccessManagement/kubernetes/delete-domain/README.md
new file mode 100755
index 000000000..800c7094a
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/delete-domain/README.md
@@ -0,0 +1,27 @@
+# Deleting domain resources created while executing the samples
+
+After running the sample, you will need to release domain resources that
+can then be used for other purposes. The script in this sample demonstrates one approach to releasing
+domain resources.
+
+## Using the script to delete domain resources
+
+```shell
+$ ./delete-weblogic-domain-resources.sh \
+ -d domain-uid[,domain-uid...] \
+ [-s max-seconds] \
+ [-t]
+```
+The required option `-d` takes `domain-uid` values (separated
+ by commas and no spaces) to identify the domain resources that should be deleted.
+
+To limit the amount of time spent on attempting to delete domain resources, use `-s`.
+The option must be followed by an integer that represents the total number of seconds
+that will be spent attempting to delete resources. The default number of seconds is 120.
+
+The optional option `-t` shows what the script will delete without executing the deletion.
+
+To see the help associated with the script:
+```shell
+$ ./delete-weblogic-domain-resources.sh -h
+```
diff --git a/OracleAccessManagement/kubernetes/delete-domain/delete-weblogic-domain-resources.sh b/OracleAccessManagement/kubernetes/delete-domain/delete-weblogic-domain-resources.sh
new file mode 100755
index 000000000..fd54d1ea0
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/delete-domain/delete-weblogic-domain-resources.sh
@@ -0,0 +1,283 @@
+#!/bin/bash
+# Copyright (c) 2019, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Description:
+# Use this script to delete all kubernetes resources associated
+# with a set of given domains. Alternatively, run the script
+# in a test mode to show what would be deleted without actually
+# performing the deletes.
+#
+# Usage:
+# See "function usage" below or call this script with no parameters.
+#
+
+script="${BASH_SOURCE[0]}"
+
+function usage {
+cat << EOF
+ Usage:
+
+ $(basename $0) -d domain-uid,domain-uid,... [-s max-seconds] [-t]
+ $(basename $0) -h
+
+ Perform a best-effort delete of the kubernetes resources for
+ the given domain(s), and retry until either max-seconds is reached
+ or all resources were deleted (default $default_maxwaitsecs seconds).
+
+ The domains can be specified as a comma-separated list of
+ domain-uids (no spaces). The domains can be located in any
+ kubernetes namespace.
+
+ Specify '-t' to run the script in a test mode which will
+ show kubernetes commands but not actually perform them.
+
+ The script runs in phases:
+
+ Phase 1: Set the serverStartPolicy of each domain to NEVER if
+ it's not already NEVER. This should cause each
+ domain's operator to initiate a controlled shutdown
+ of the domain. Immediately proceed to phase 2.
+
+ Phase 2: Wait up to half of max-seconds for WebLogic
+ Server pods to exit normally, and then proceed
+ to phase 3.
+
+ Phase 3: Periodically delete any remaining kubernetes resources
+ for the specified domains, including any pods
+ leftover from previous phases. Exit and fail if
+ max-seconds is exceeded and there are any leftover
+ kubernetes resources.
+
+ This script exits with a zero status on success, and a
+ non-zero status on failure.
+EOF
+}
+
+#
+# getDomainResources domain(s) outfilename
+#
+# Usage:
+# getDomainResources domainA,domainB,... outfilename
+#
+# Internal helper function
+#
+# File output is all domain related resources for the given domain uids, one per line,
+# in the form: 'kind name [-n namespace]'. For example:
+# PersistentVolumeClaim domain1-pv-claim -n default
+# PersistentVolume domain1-pv
+#
+function getDomainResources {
+ local domain_regex=''
+ LABEL_SELECTOR="weblogic.domainUID in ($1)"
+ IFS=',' read -ra UIDS <<< "$1"
+ for i in "${!UIDS[@]}"; do
+ if [ $i -gt 0 ]; then
+ domain_regex="$domain_regex|"
+ fi
+ domain_regex="$domain_regex^Domain ${UIDS[$i]} "
+ done
+
+ # clean the output file
+ if [ -e $2 ]; then
+ rm $2
+ fi
+
+ # first, let's get all namespaced types with -l $LABEL_SELECTOR
+ NAMESPACED_TYPES="pod,job,deploy,rs,service,pvc,ingress,cm,serviceaccount,role,rolebinding,secret"
+
+ kubectl get $NAMESPACED_TYPES \
+ -l "$LABEL_SELECTOR" \
+ -o=jsonpath='{range .items[*]}{.kind}{" "}{.metadata.name}{" -n "}{.metadata.namespace}{"\n"}{end}' \
+ --all-namespaces=true >> $2
+
+ # if domain crd exists, look for domains too:
+ kubectl get crd domains.weblogic.oracle > /dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ kubectl get domain \
+ -o=jsonpath='{range .items[*]}{.kind}{" "}{.metadata.name}{" -n "}{.metadata.namespace}{"\n"}{end}' \
+ --all-namespaces=true | egrep "$domain_regex" >> $2
+ fi
+
+ # now, get all non-namespaced types with -l $LABEL_SELECTOR
+
+ NOT_NAMESPACED_TYPES="pv,clusterroles,clusterrolebindings"
+
+ kubectl get $NOT_NAMESPACED_TYPES \
+ -l "$LABEL_SELECTOR" \
+ -o=jsonpath='{range .items[*]}{.kind}{" "}{.metadata.name}{"\n"}{end}' \
+ --all-namespaces=true >> $2
+}
+
+#
+# deleteDomains domain(s) maxwaitsecs
+#
+# Usage:
+# deleteDomains domainA,domainB,... maxwaitsecs
+#
+# Internal helper function
+# This function first sets the serverStartPolicy of each Domain to NEVER
+# and waits up to half of $2 for pods to 'self delete'. It then performs
+# a helm delete on $1, and finally it directly deletes
+# any remaining k8s resources for domain $1 (including any remaining pods)
+# and retries these direct deletes up to $2 seconds.
+#
+# If global $test_mode is true, it shows candidate actions but doesn't
+# actually perform them
+#
+function deleteDomains {
+
+ if [ "$test_mode" = "true" ]; then
+ echo @@ Test mode! Displaying commands for deleting kubernetes resources with label weblogic.domainUID \'$1\' without actually deleting them.
+ else
+ echo @@ Deleting kubernetes resources with label weblogic.domainUID \'$1\'.
+ fi
+
+ local maxwaitsecs=${2:-$default_maxwaitsecs}
+ local tempfile="/tmp/$(basename $0).tmp.$$" # == /tmp/[script-file-name].tmp.[pid]
+ local mstart=`date +%s`
+ local phase=1
+
+ while : ; do
+ # get all k8s resources with matching domain-uid labels and put them in $tempfile
+ getDomainResources $1 $tempfile
+
+ # get a count of all k8s resources with matching domain-uid labels
+ local allcount=`wc -l $tempfile | awk '{ print $1 }'`
+
+ # get a count of all WLS pods (any pod with a matching domain-uid label that doesn't have 'traefik' or 'apache' embedded in its name)
+ local podcount=`grep "^Pod" $tempfile | grep -v traefik | grep -v apache | wc -l | awk '{ print $1 }'`
+
+ local mnow=`date +%s`
+
+ echo @@ $allcount resources remaining after $((mnow - mstart)) seconds, including $podcount WebLogic Server pods. Max wait is $maxwaitsecs seconds.
+
+ # Exit if all k8s resources deleted or max wait seconds exceeded.
+
+ if [ $allcount -eq 0 ]; then
+ echo @@ Success.
+ rm -f $tempfile
+ exit 0
+ elif [ $((mnow - mstart)) -gt $maxwaitsecs ]; then
+ echo @@ Error! Max wait of $maxwaitsecs seconds exceeded with $allcount resources remaining, including $podcount WebLogic Server pods. Giving up. Remaining resources:
+ cat $tempfile
+ rm -f $tempfile
+ exit $allcount
+ fi
+
+ # In phase 1, set the serverStartPolicy of each domain to NEVER and then immediately
+ # proceed to phase 2. If there are no domains or WLS pods, we also immediately go to phase 2.
+
+ if [ $phase -eq 1 ]; then
+ phase=2
+ if [ $podcount -gt 0 ]; then
+ echo @@ "Setting serverStartPolicy to NEVER on each domain (this should cause operator(s) to initiate a controlled shutdown of the domain's pods.)"
+ cat $tempfile | grep "^Domain" | while read line; do
+ local name="`echo $line | awk '{ print $2 }'`"
+ local namespace="`echo $line | awk '{ print $4 }'`"
+ if [ "$test_mode" = "true" ]; then
+ echo "kubectl patch domain $name -n $namespace -p '{\"spec\":{\"serverStartPolicy\":\"NEVER\"}}' --type merge"
+ else
+ kubectl patch domain $name -n $namespace -p '{"spec":{"serverStartPolicy":"NEVER"}}' --type merge
+ fi
+ done
+ fi
+ fi
+
+ # In phase 2, wait for the WLS pod count to go down to 0 for at most half
+ # of 'maxwaitsecs'. Otherwise proceed immediately to phase 3.
+
+ if [ $phase -eq 2 ]; then
+ if [ $podcount -eq 0 ]; then
+ echo @@ All pods shutdown, about to directly delete remaining resources.
+ phase=3
+ elif [ $((mnow - mstart)) -gt $((maxwaitsecs / 2)) ]; then
+ echo @@ Warning! $podcount WebLogic Server pods remaining but wait time exceeds half of max wait seconds. About to directly delete all remaining resources, including the leftover pods.
+ phase=3
+ else
+ echo @@ "Waiting for operator to shutdown pods (will wait for no more than half of max wait seconds before directly deleting them)."
+ sleep 3
+ continue
+ fi
+ fi
+
+ # In phase 3, directly delete remaining k8s resources for the given domainUids
+ # (including any leftover WLS pods from previous phases).
+
+ # for each namespace with leftover resources, try delete them
+ cat $tempfile | awk '{ print $4 }' | grep -v "^$" | sort -u | while read line; do
+ if [ "$test_mode" = "true" ]; then
+ echo kubectl -n $line delete $NAMESPACED_TYPES -l "$LABEL_SELECTOR"
+ else
+ kubectl -n $line delete $NAMESPACED_TYPES -l "$LABEL_SELECTOR"
+ fi
+ done
+
+ # if there are any non-namespaced types left, try delete them
+ local no_namespace_count=`grep -c -v " -n " $tempfile`
+ if [ ! "$no_namespace_count" = "0" ]; then
+ if [ "$test_mode" = "true" ]; then
+ echo kubectl delete $NOT_NAMESPACED_TYPES -l "$LABEL_SELECTOR"
+ else
+ kubectl delete $NOT_NAMESPACED_TYPES -l "$LABEL_SELECTOR"
+ fi
+ fi
+
+ # Delete domains, if any
+ cat $tempfile | grep "^Domain " | while read line; do
+ if [ "$test_mode" = "true" ]; then
+ echo kubectl delete $line
+ else
+ kubectl delete $line
+ fi
+ done
+
+ sleep 3
+ done
+}
+
+# main entry point
+
+# default when to stop retrying (override via command line)
+default_maxwaitsecs=120
+
+# optional test mode that lists what would be deleted without
+# actually deleting (override via command line)
+test_mode=false
+
+domains=""
+
+# parse command line options
+while getopts ":d:s:th" opt; do
+ case $opt in
+ d) domains="${OPTARG}"
+ ;;
+
+ s) maxwaitsecs="${OPTARG}"
+ ;;
+
+ t) test_mode="true"
+ ;;
+
+ h) usage
+ exit 0
+ ;;
+
+ *) usage
+ exit 9999
+ ;;
+ esac
+done
+
+if [ "$domains" = "" ]; then
+ usage
+ exit 9999
+fi
+
+if [ ! -x "$(command -v kubectl)" ]; then
+ echo "@@ Error! kubectl is not installed."
+ exit 9999
+fi
+
+deleteDomains "${domains}" "${maxwaitsecs:-$default_maxwaitsecs}"
+
diff --git a/OracleAccessManagement/kubernetes/domain-lifecycle/README.md b/OracleAccessManagement/kubernetes/domain-lifecycle/README.md
new file mode 100755
index 000000000..0eeab95d5
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/domain-lifecycle/README.md
@@ -0,0 +1,186 @@
+### Domain life cycle sample scripts
+
+The operator provides sample scripts to start up or shut down a specific Managed Server or cluster in a deployed domain, or the entire deployed domain.
+
+**Note**: Prior to running these scripts, you must have previously created and deployed the domain. These scripts make use of [jq](https://stedolan.github.io/jq/) for processing JSON. You must have `jq 1.5 or higher` installed in order to run these scripts. See the installation options on the [jq downlod](https://stedolan.github.io/jq/download/) page.
+
+These scripts can be helpful when scripting the life cycle of a WebLogic Server domain. For information on how to start, stop, restart, and scale WebLogic Server instances in your domain, see [Domain Life Cycle](https://oracle.github.io/weblogic-kubernetes-operator/userguide/managing-domains/domain-lifecycle).
+
+#### Scripts to start and stop a WebLogic Server
+The `startServer.sh` script starts a WebLogic Server in a domain. For clustered Managed Servers, either it increases the `spec.clusters[].replicas` value for the Managed Server's cluster by `1` or updates the `spec.managedServers[].serverStartPolicy` attribute of the domain resource or both as necessary. For the Administration Server, it updates the value of the `spec.adminServer.serverStartPolicy` attribute of the domain resource. For non-clustered Managed Servers, it updates the `spec.managedServers[].serverStartPolicy` attribute of the domain resource. The script provides an option to keep the `spec.clusters[].replicas` value constant for clustered servers. See the script `usage` information by using the `-h` option.
+
+Use the following command to start the server either by increasing the replica count or by updating the server start policy:
+```
+$ startServer.sh -d domain1 -n weblogic-domain-1 -s managed-server1
+[INFO] Updating replica count for cluster 'cluster-1' to 1.
+domain.weblogic.oracle/domain1 patched
+[INFO] Successfully updated replica count for cluster 'cluster-1' to 1.
+```
+
+Use the following command to start the server without increasing the replica count:
+```
+$ startServer.sh -d domain1 -n weblogic-domain-1 -s managed-server2 -k
+[INFO] Patching start policy for 'managed-server2' to 'ALWAYS'.
+domain.weblogic.oracle/domain1 patched
+[INFO] Successfully patched server 'managed-server2' with 'ALWAYS' start policy.
+```
+
+The `stopServer.sh` script shuts down a running WebLogic Server in a domain. For clustered Managed Servers, either it decreases the `spec.clusters[].replicas` value for the Managed Server's cluster by `1` or updates the `spec.managedServers[].serverStartPolicy` attribute of the domain resource or both as necessary. For the Administration Server, it updates the value of the `spec.adminServer.serverStartPolicy` attribute of the domain resource. For non-clustered Managed Servers, it updates the `spec.managedServers[].serverStartPolicy` attribute of the domain resource. The script provides an option to keep the `spec.clusters[].replicas` value constant for clustered servers. See the script `usage` information by using the `-h` option.
+
+Use the following command to stop the server either by decreasing the replica count or by updating the server start policy:
+```
+$ stopServer.sh -d domain1 -n weblogic-domain-1 -s managed-server1
+[INFO] Updating replica count for cluster cluster-1 to 0.
+domain.weblogic.oracle/domain1 patched
+[INFO] Successfully updated replica count for cluster 'cluster-1' to 0.
+```
+
+Use the following command to stop the server without decreasing the replica count:
+```
+$ stopServer.sh -d domain1 -n weblogic-domain-1 -s managed-server2 -k
+[INFO] Unsetting the current start policy 'ALWAYS' for 'managed-server2'.
+domain.weblogic.oracle/domain1 patched
+[INFO] Successfully unset policy 'ALWAYS'.
+```
+
+### Scripts to start and stop a cluster
+
+The `startCluster.sh` script starts a cluster by patching the `spec.clusters[].serverStartPolicy` attribute of the domain resource to `IF_NEEDED`. The operator will start the WebLogic Server instance Pods that are part of the cluster after the `serverStartPolicy` attribute is updated to `IF_NEEDED`. See the script `usage` information by using the `-h` option.
+```
+$ startCluster.sh -d domain1 -n weblogic-domain-1 -c cluster-1
+[INFO]Patching start policy of cluster 'cluster-1' from 'NEVER' to 'IF_NEEDED'.
+domain.weblogic.oracle/domain1 patched
+[INFO] Successfully patched cluster 'cluster-1' with 'IF_NEEDED' start policy!.
+```
+The `stopCluster.sh` script shuts down a cluster by patching the `spec.clusters[].serverStartPolicy` attribute of the domain resource to `NEVER`. The operator will shut down the WebLogic Server instance Pods that are part of the cluster after the `serverStartPolicy` attribute is updated to `NEVER`. See the script `usage` information by using the `-h` option.
+```
+$ stopCluster.sh -d domain1 -n weblogic-domain-1 -c cluster-1
+[INFO] Patching start policy of cluster 'cluster-1' from 'IF_NEEDED' to 'NEVER'.
+domain.weblogic.oracle/domain1 patched
+[INFO] Successfully patched cluster 'cluster-1' with 'NEVER' start policy!
+```
+### Scripts to start and stop a domain
+The `startDomain.sh` script starts a deployed domain by patching the `spec.serverStartPolicy` attribute of the domain resource to `IF_NEEDED`. The operator will start the WebLogic Server instance Pods that are part of the domain after the `spec.serverStartPolicy` attribute of the domain resource is updated to `IF_NEEDED`. See the script `usage` information by using the `-h` option.
+```
+$ startDomain.sh -d domain1 -n weblogic-domain-1
+[INFO] Patching domain 'domain1' from serverStartPolicy='NEVER' to 'IF_NEEDED'.
+domain.weblogic.oracle/domain1 patched
+[INFO] Successfully patched domain 'domain1' in namespace 'weblogic-domain-1' with 'IF_NEEDED' start policy!
+```
+
+The `stopDomain.sh` script shuts down a domain by patching the `spec.serverStartPolicy` attribute of the domain resource to `NEVER`. The operator will shut down the WebLogic Server instance Pods that are part of the domain after the `spec.serverStartPolicy` attribute is updated to `NEVER`. See the script `usage` information by using the `-h` option.
+```
+$ stopDomain.sh -d domain1 -n weblogic-domain-1
+[INFO] Patching domain 'domain1' in namespace 'weblogic-domain-1' from serverStartPolicy='IF_NEEDED' to 'NEVER'.
+domain.weblogic.oracle/domain1 patched
+[INFO] Successfully patched domain 'domain1' in namespace 'weblogic-domain-1' with 'NEVER' start policy!
+```
+
+### Script to scale a WebLogic cluster
+
+The `scaleCluster.sh` script scales a WebLogic cluster by patching the `spec.clusters[].replicas` attribute of the domain resource to the specified value. The operator will perform the scaling operation for the WebLogic cluster based on the specified value of the `replicas` attribute after its value is updated. See the script `usage` information by using the `-h` option.
+```
+$ scaleCluster.sh -d domain1 -n weblogic-domain-1 -c cluster-1 -r 3
+[2021-02-26T19:04:14.335000Z][INFO] Patching replicas for cluster 'cluster-1' to '3'.
+domain.weblogic.oracle/domain1 patched
+[2021-02-26T19:04:14.466000Z][INFO] Successfully patched replicas for cluster 'cluster-1'!
+```
+
+### Script to view the status of a WebLogic cluster
+
+The `clusterStatus.sh` script can be used to view the status of a WebLogic cluster in the WebLogic domain managed by the operator. The WebLogic Cluster Status contains information about the minimum, maximum, goal, current, and ready replica count for a WebLogic cluster. This script displays a table containing the status for WebLogic clusters in one or more domains across one or more namespaces. See the script `usage` information by using the `-h` option.
+
+Use the following command to view the status of all WebLogic clusters in all domains across all namespaces.
+```shell
+$ clusterStatus.sh
+
+WebLogic Cluster Status -n "" -d "" -c "":
+
+namespace domain cluster min max goal current ready
+--------- ------ ------- --- --- ---- ------- -----
+ns-kvmt mii-domain1 cluster-1 1 5 5 5 5
+weblogic-domain-1 domain1 cluster-1 0 4 2 2 2
+weblogic-domain-1 domain1 cluster-2 0 4 0 0 0
+```
+
+Use the following command to view the status of all WebLogic clusters in 'domain1' in 'weblogic-domain-1' namespace.
+```
+$ clusterStatus.sh -d domain1 -n weblogic-domain-1
+
+WebLogic Cluster Status -n "weblogic-domain-1" -d "domain1" -c "":
+
+namespace domain cluster min max goal current ready
+--------- ------ ------- --- --- ---- ------- -----
+weblogic-domain-1 domain1 cluster-1 0 4 2 2 2
+weblogic-domain-1 domain1 cluster-2 0 4 0 0 0
+```
+
+### Scripts to initiate a rolling restart of a WebLogic domain or cluster
+
+The `rollDomain.sh` script can be used to initiate a rolling restart of the WebLogic Server Pods in a domain managed by the operator. Similarly, the `rollCluster.sh` script can be used to initiate a rolling restart of the WebLogic Server Pods belonging to a WebLogic cluster in a domain managed by the operator.
+
+The `rollDomain.sh` script updates the value of the `spec.restartVersion` attribute of the domain resource. Then, the operator will do a rolling restart of the Server Pods in the WebLogic domain after the value of the `spec.restartVersion` is updated. You can provide the new value for `spec.restartVersion` as a parameter to the script or the script will automatically generate a new value to trigger the rolling restart. See the script `usage` information by using the `-h` option.
+
+```
+$ rollDomain.sh -d domain1 -n weblogic-domain-1
+[2021-03-24T04:01:19.733000Z][INFO] Patching restartVersion for domain 'domain1' to '1'.
+domain.weblogic.oracle/domain1 patched
+[2021-03-24T04:01:19.850000Z][INFO] Successfully patched restartVersion for domain 'domain1'!
+```
+
+Use the following command to roll the Server Pods in a WebLogic domain with a specific `restartVersion`:
+```
+$ rollDomain.sh -r v1 -d domain1 -n weblogic-domain-1
+[2021-03-24T13:43:47.586000Z][INFO] Patching restartVersion for domain 'domain1' to 'v1'.
+domain.weblogic.oracle/domain1 patched
+[2021-03-24T13:43:47.708000Z][INFO] Successfully patched restartVersion for domain 'domain1'!
+```
+
+The `rollCluster.sh` script updates the value of the `spec.clusters[].restartVersion` attribute of the domain resource. Then, the operator will do a rolling restart of the WebLogic cluster Server Pods after the value of the `spec.clusters[].restartVersion` is updated. You can provide the new value of the `restartVersion` as a parameter to the script or the script will automatically generate a new value to trigger the rolling restart. See the script `usage` information by using the `-h` option.
+
+```
+$ rollCluster.sh -c cluster-1 -d domain1 -n weblogic-domain-1
+[2021-03-24T04:03:27.521000Z][INFO] Patching restartVersion for cluster 'cluster-1' to '2'.
+domain.weblogic.oracle/domain1 patched
+[2021-03-24T04:03:27.669000Z][INFO] Successfully patched restartVersion for cluster 'cluster-1'!
+```
+
+Use the following command to roll the WebLogic Cluster Servers with a specific `restartVersion`:
+```
+$ rollCluster.sh -r v2 -c cluster-1 -d domain1 -n weblogic-domain-1
+[2021-03-24T13:46:16.833000Z][INFO] Patching restartVersion for cluster 'cluster-1' to 'v2'.
+domain.weblogic.oracle/domain1 patched
+[2021-03-24T13:46:16.975000Z][INFO] Successfully patched restartVersion for cluster 'cluster-1'!
+```
+
+### Scripts to restart a WebLogic Server in a domain
+The `restartServer.sh` script can be used to restart a WebLogic Server in a domain. This script restarts the Server by deleting the Server Pod for the WebLogic Server instance.
+```
+$ restartServer.sh -s managed-server1 -d domain1 -n weblogic-domain-1
+[2021-03-24T22:20:22.498000Z][INFO] Initiating restart of 'managed-server1' by deleting server pod 'domain1-managed-server1'.
+[2021-03-24T22:20:37.614000Z][INFO] Server restart succeeded !
+```
+
+### Scripts to explicitly initiate introspection of a WebLogic domain
+
+The `introspectDomain.sh` script can be used to rerun a WebLogic domain's introspect job by explicitly initiating the introspection. This script updates the value of the `spec.introspectVersion` attribute of the domain resource. The resulting behavior depends on your domain home source type and other factors, see [Initiating introspection](https://oracle.github.io/weblogic-kubernetes-operator/userguide/managing-domains/domain-lifecycle/introspection/#initiating-introspection) for details. You can provide the new value of the `introspectVersion` as a parameter to the script or the script will automatically generate a new value to trigger the introspection. See the script `usage` information by using the `-h` option.
+
+Use the following command to rerun a domain's introspect job with the `introspectVersion` value generated by the script.
+```
+$ introspectDomain.sh -d domain1 -n weblogic-domain-1
+[2021-03-24T21:37:55.989000Z][INFO] Patching introspectVersion for domain 'domain1' to '1'.
+domain.weblogic.oracle/domain1 patched
+[2021-03-24T21:37:56.110000Z][INFO] Successfully patched introspectVersion for domain 'domain1'!
+```
+
+Use the following command to rerun a domain's introspect job with a specific `introspectVersion` value.
+```
+$ introspectDomain.sh -i v1 -d domain1 -n weblogic-domain-1
+[2021-03-24T21:38:34.369000Z][INFO] Patching introspectVersion for domain 'domain1' to 'v1'.
+domain.weblogic.oracle/domain1 patched
+[2021-03-24T21:38:34.488000Z][INFO] Successfully patched introspectVersion for domain 'domain1'!
+```
+
+### Watching the Pods after executing life cycle scripts
+
+After executing the lifecycle scripts described above for a domain or a cluster or a Server, you can manually run the `kubectl -n MYNS get pods --watch=true --show-labels` command to watch the effect of running the scripts and monitor the status and labels of various Pods. You will need to do 'Ctrl-C' to stop watching the Pods and exit.
diff --git a/OracleAccessManagement/kubernetes/domain-lifecycle/clusterStatus.sh b/OracleAccessManagement/kubernetes/domain-lifecycle/clusterStatus.sh
new file mode 100755
index 000000000..8bfeb45f3
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/domain-lifecycle/clusterStatus.sh
@@ -0,0 +1,130 @@
+# !/bin/sh
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+set -eu
+set -o pipefail
+
+function usage() {
+cat< ${kubernetesCli} patch domain ${domainUid} \
+ -n ${domainNamespace} --type=merge --patch \"${patchJson}\""
+ fi
+ ${kubernetesCli} patch domain ${domainUid} -n ${domainNamespace} --type=merge --patch "${patchJson}"
+}
+
+# timestamp
+# purpose: echo timestamp in the form yyyy-mm-ddThh:mm:ss.nnnnnnZ
+# example: 2018-10-01T14:00:00.000001Z
+function timestamp() {
+ local timestamp="`date --utc '+%Y-%m-%dT%H:%M:%S.%NZ' 2>&1`"
+ if [ ! "${timestamp/illegal/xyz}" = "${timestamp}" ]; then
+ # old shell versions don't support %N or --utc
+ timestamp="`date -u '+%Y-%m-%dT%H:%M:%S.000000Z' 2>&1`"
+ fi
+ echo "${timestamp}"
+}
+
+#
+# Function to note that a validate error has occurred
+#
+function validationError {
+ printError $*
+ validateErrors=true
+}
+
+#
+# Function to cause the script to fail if there were any validation errors
+#
+function failIfValidationErrors {
+ if [ "$validateErrors" = true ]; then
+ printError 'The errors listed above must be resolved before the script can continue. Please see usage information below.'
+ usage 1
+ fi
+}
+
+#
+# Function to lowercase a value and make it a legal DNS1123 name
+# $1 - value to convert to DNS legal name
+# $2 - return value containing DNS legal name.
+function toDNS1123Legal {
+ local name=$1
+ local __result=$2
+ local val=`echo "${name}" | tr "[:upper:]" "[:lower:]"`
+ val=${val//"_"/"-"}
+ eval $__result="'$val'"
+}
+
diff --git a/OracleAccessManagement/kubernetes/domain-lifecycle/introspectDomain.sh b/OracleAccessManagement/kubernetes/domain-lifecycle/introspectDomain.sh
new file mode 100755
index 000000000..120eccec7
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/domain-lifecycle/introspectDomain.sh
@@ -0,0 +1,105 @@
+# !/bin/sh
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/helper.sh
+if [ "${debug}" == "true" ]; then set -x; fi;
+
+function usage() {
+
+ cat << EOF
+
+ This script initiates introspection of a WebLogic domain by updating
+ the value of 'spec.introspectVersion' attribute of the domain resource.
+
+ Usage:
+
+ $(basename $0) [-n mynamespace] [-d mydomainuid] [-i introspectVersion] [-m kubecli]
+
+ -d : Domain unique-id. Default is 'sample-domain1'.
+
+ -n : Domain namespace. Default is 'sample-domain1-ns'.
+
+ -i : Introspect version. If this parameter is not provided,
+ then the script will generate the 'introspectVersion' by
+ incrementing the existing value. If the 'spec.introspectVersion'
+ doesn't exist or its value is non-numeric, then the script
+ will set the 'spec.introspectVersion' value to '1'.
+
+ -m : Kubernetes command line interface. Default is 'kubectl'
+ if KUBERNETES_CLI env variable is not set. Otherwise
+ the default is the value of KUBERNETES_CLI env variable.
+
+ -v : Enables verbose mode. Default is 'false'.
+
+ -h : This help.
+
+EOF
+exit $1
+}
+
+kubernetesCli=${KUBERNETES_CLI:-kubectl}
+clusterName=""
+domainUid="sample-domain1"
+domainNamespace="sample-domain1-ns"
+verboseMode=false
+patchJson=""
+introspectVersion=""
+
+while getopts "vc:n:m:d:i:h" opt; do
+ case $opt in
+ n) domainNamespace="${OPTARG}"
+ ;;
+ d) domainUid="${OPTARG}"
+ ;;
+ i) introspectVersion="${OPTARG}"
+ ;;
+ m) kubernetesCli="${OPTARG}"
+ ;;
+ v) verboseMode=true;
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+set -eu
+
+#
+# Function to perform validations, read files and initialize workspace
+#
+function initialize {
+
+ validateErrors=false
+
+ validateKubernetesCliAvailable
+ validateJqAvailable
+
+ failIfValidationErrors
+}
+
+initialize
+
+# Get the domain in json format
+domainJson=$(${kubernetesCli} get domain ${domainUid} -n ${domainNamespace} -o json --ignore-not-found)
+if [ -z "${domainJson}" ]; then
+ printError "Unable to get domain resource for domain '${domainUid}' in namespace '${domainNamespace}'. Please make sure the 'domain_uid' and 'namespace' specified by the '-d' and '-n' arguments are correct. Exiting."
+ exit 1
+fi
+
+# if the introspectVersion is not provided, generate the value of introspectVersion
+if [ -z "${introspectVersion}" ]; then
+ generateDomainIntrospectVersion "${domainJson}" introspectVersion
+fi
+
+printInfo "Patching introspectVersion for domain '${domainUid}' to '${introspectVersion}'."
+createPatchJsonToUpdateDomainIntrospectVersion "${introspectVersion}" patchJson
+
+executePatchCommand "${kubernetesCli}" "${domainUid}" "${domainNamespace}" "${patchJson}" "${verboseMode}"
+
+printInfo "Successfully patched introspectVersion for domain '${domainUid}'!"
diff --git a/OracleAccessManagement/kubernetes/domain-lifecycle/restartServer.sh b/OracleAccessManagement/kubernetes/domain-lifecycle/restartServer.sh
new file mode 100755
index 000000000..0c7405aba
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/domain-lifecycle/restartServer.sh
@@ -0,0 +1,106 @@
+# !/bin/sh
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/helper.sh
+if [ "${debug}" == "true" ]; then set -x; fi;
+set -eu
+
+function usage() {
+
+ cat << EOF
+
+ This script restarts a running WebLogic server in a domain by deleting the server pod.
+
+ Usage:
+
+ $(basename $0) -s myserver [-n mynamespace] [-d mydomainuid] [-m kubecli]
+
+ -s : The WebLogic server name (not the pod name).
+ This parameter is required.
+
+ -d : Domain unique-id. Default is 'sample-domain1'.
+
+ -n : Domain namespace. Default is 'sample-domain1-ns'.
+
+ -m : Kubernetes command line interface. Default is 'kubectl'
+ if KUBERNETES_CLI env variable is not set. Otherwise the
+ default is the value of KUBERNETES_CLI env variable.
+
+ -h : This help.
+
+EOF
+exit $1
+}
+
+kubernetesCli=${KUBERNETES_CLI:-kubectl}
+serverName=""
+clusterName=""
+domainUid="sample-domain1"
+domainNamespace="sample-domain1-ns"
+podName=""
+legalDNSPodName=""
+
+while getopts "s:m:n:d:h" opt; do
+ case $opt in
+ s) serverName="${OPTARG}"
+ ;;
+ n) domainNamespace="${OPTARG}"
+ ;;
+ m) kubernetesCli="${OPTARG}"
+ ;;
+ d) domainUid="${OPTARG}"
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+#
+# Function to perform validations, read files and initialize workspace
+#
+function initialize {
+
+ validateErrors=false
+
+ validateKubernetesCliAvailable
+ validateJqAvailable
+
+ # Validate that server name parameter is specified.
+ if [ -z "${serverName}" ]; then
+ validationError "Please specify the server name using '-s' parameter e.g. '-s managed-server1'."
+ fi
+
+ failIfValidationErrors
+}
+
+initialize
+
+# Get the domain in json format
+domainJson=$(${kubernetesCli} get domain ${domainUid} -n ${domainNamespace} -o json --ignore-not-found)
+if [ -z "${domainJson}" ]; then
+ printError "Unable to get domain resource for domain '${domainUid}' in namespace '${domainNamespace}'. Please make sure the 'domain_uid' and 'namespace' specified by the '-d' and '-n' arguments are correct. Exiting."
+ exit 1
+fi
+
+# Validate that specified server is either part of a cluster or is an independent managed server
+validateServerAndFindCluster "${domainUid}" "${domainNamespace}" "${serverName}" isValidServer clusterName isAdminServer
+if [ "${isValidServer}" != 'true' ]; then
+ printError "Server ${serverName} is not part of any cluster and it's not an independent managed server. Please make sure that server name specified is correct."
+ exit 1
+fi
+
+podName=${domainUid}-${serverName}
+toDNS1123Legal ${podName} legalDNSPodName
+printInfo "Initiating restart of '${serverName}' by deleting server pod '${legalDNSPodName}'."
+result=$(${kubernetesCli} -n ${domainNamespace} delete pod ${legalDNSPodName} --ignore-not-found)
+if [ -z "${result}" ]; then
+ printError "Server '${serverName}' is not running."
+else
+ printInfo "Server restart succeeded !"
+fi
diff --git a/OracleAccessManagement/kubernetes/domain-lifecycle/rollCluster.sh b/OracleAccessManagement/kubernetes/domain-lifecycle/rollCluster.sh
new file mode 100755
index 000000000..858e41706
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/domain-lifecycle/rollCluster.sh
@@ -0,0 +1,123 @@
+# !/bin/sh
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/helper.sh
+if [ "${debug}" == "true" ]; then set -x; fi;
+
+function usage() {
+
+ cat << EOF
+
+ This script initiates a rolling restart of the WebLogic cluster server pods in a domain by updating
+ the value of the 'spec.clusters[].restartVersion' attribute of the domain resource.
+
+ Usage:
+
+ $(basename $0) -c mycluster [-n mynamespace] [-d mydomainuid] [-r restartVersion] [-m kubecli]
+
+ -c : Cluster name (required parameter).
+
+ -d : Domain unique-id. Default is 'sample-domain1'.
+
+ -n : Domain namespace. Default is 'sample-domain1-ns'.
+
+ -r : Restart version. If this parameter is not provided,
+ then the script will generate the 'restartVersion'
+ value of the cluster by incrementing the existing
+ value. If the 'restartVersion' value doesn't exist
+ for the cluster then it will use the incremented value of
+ domain 'restartVersion'. If the domain 'restartVersion' also
+ doesn't exist or effective value is non-numeric, then
+ the script will set the 'restartVersion' value to '1'.
+
+ -m : Kubernetes command line interface. Default is 'kubectl'
+ if KUBERNETES_CLI env variable is not set. Otherwise
+ the default is the value of the KUBERNETES_CLI env variable.
+
+ -v : Enables verbose mode. Default is 'false'.
+
+ -h : This help.
+
+EOF
+exit $1
+}
+
+kubernetesCli=${KUBERNETES_CLI:-kubectl}
+clusterName=""
+domainUid="sample-domain1"
+domainNamespace="sample-domain1-ns"
+verboseMode=false
+patchJson=""
+restartVersion=""
+
+while getopts "vc:n:m:d:r:h" opt; do
+ case $opt in
+ c) clusterName="${OPTARG}"
+ ;;
+ n) domainNamespace="${OPTARG}"
+ ;;
+ d) domainUid="${OPTARG}"
+ ;;
+ r) restartVersion="${OPTARG}"
+ ;;
+ m) kubernetesCli="${OPTARG}"
+ ;;
+ v) verboseMode=true;
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+set -eu
+
+#
+# Function to perform validations, read files and initialize workspace
+#
+function initialize {
+
+ validateErrors=false
+
+ validateKubernetesCliAvailable
+ validateJqAvailable
+
+ if [ -z "${clusterName}" ]; then
+ validationError "Please specify cluster name using '-c' parameter e.g. '-c cluster-1'."
+ fi
+
+ failIfValidationErrors
+}
+
+initialize
+
+# Get the domain in json format
+domainJson=$(${kubernetesCli} get domain ${domainUid} -n ${domainNamespace} -o json --ignore-not-found)
+if [ -z "${domainJson}" ]; then
+ printError "Unable to get domain resource for domain '${domainUid}' in namespace '${domainNamespace}'. Please make sure the 'domain_uid' and 'namespace' specified by the '-d' and '-n' arguments are correct. Exiting."
+ exit 1
+fi
+
+isValidCluster=""
+validateClusterName "${domainUid}" "${domainNamespace}" "${clusterName}" isValidCluster
+if [ "${isValidCluster}" != 'true' ]; then
+ printError "cluster ${clusterName} is not part of domain ${domainUid} in namespace ${domainNamespace}. Please make sure that cluster name is correct."
+ exit 1
+fi
+
+# if the restartVersion is not provided, generate the value of restartVersion
+if [ -z "${restartVersion}" ]; then
+ generateClusterRestartVersion "${domainJson}" "${clusterName}" restartVersion
+fi
+
+printInfo "Patching restartVersion for cluster '${clusterName}' to '${restartVersion}'."
+createPatchJsonToUpdateClusterRestartVersion "${domainJson}" "${clusterName}" "${restartVersion}" patchJson
+
+executePatchCommand "${kubernetesCli}" "${domainUid}" "${domainNamespace}" "${patchJson}" "${verboseMode}"
+
+printInfo "Successfully patched restartVersion for cluster '${clusterName}'!"
diff --git a/OracleAccessManagement/kubernetes/domain-lifecycle/rollDomain.sh b/OracleAccessManagement/kubernetes/domain-lifecycle/rollDomain.sh
new file mode 100755
index 000000000..4c821d8c8
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/domain-lifecycle/rollDomain.sh
@@ -0,0 +1,105 @@
+# !/bin/sh
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/helper.sh
+if [ "${debug}" == "true" ]; then set -x; fi;
+
+function usage() {
+
+ cat << EOF
+
+ This script initiates a rolling restart of pods in a WebLogic domain by updating
+ the value of the 'spec.restartVersion' attribute of the domain resource.
+
+ Usage:
+
+ $(basename $0) [-n mynamespace] [-d mydomainuid] [-r restartVersion] [-m kubecli]
+
+ -d : Domain unique-id. Default is 'sample-domain1'.
+
+ -n : Domain namespace. Default is 'sample-domain1-ns'.
+
+ -r : Restart version. If this parameter is not provided,
+ then the script will generate the 'restartVersion' by
+ incrementing the existing value. If the 'spec.restartVersion'
+ doesn't exist or its value is non-numeric, then the script
+ will set the 'spec.restartVersion' value to '1'.
+
+ -m : Kubernetes command line interface. Default is 'kubectl'
+ if KUBERNETES_CLI env variable is not set. Otherwise
+ the default is the value of the KUBERNETES_CLI env variable.
+
+ -v : Enables verbose mode. Default is 'false'.
+
+ -h : This help.
+
+EOF
+exit $1
+}
+
+kubernetesCli=${KUBERNETES_CLI:-kubectl}
+clusterName=""
+domainUid="sample-domain1"
+domainNamespace="sample-domain1-ns"
+verboseMode=false
+patchJson=""
+restartVersion=""
+
+while getopts "vc:n:m:d:r:h" opt; do
+ case $opt in
+ n) domainNamespace="${OPTARG}"
+ ;;
+ d) domainUid="${OPTARG}"
+ ;;
+ r) restartVersion="${OPTARG}"
+ ;;
+ m) kubernetesCli="${OPTARG}"
+ ;;
+ v) verboseMode=true;
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+set -eu
+
+#
+# Function to perform validations, read files and initialize workspace
+#
+function initialize {
+
+ validateErrors=false
+
+ validateKubernetesCliAvailable
+ validateJqAvailable
+
+ failIfValidationErrors
+}
+
+initialize
+
+# Get the domain in json format
+domainJson=$(${kubernetesCli} get domain ${domainUid} -n ${domainNamespace} -o json --ignore-not-found)
+if [ -z "${domainJson}" ]; then
+ printError "Unable to get domain resource for domain '${domainUid}' in namespace '${domainNamespace}'. Please make sure the 'domain_uid' and 'namespace' specified by the '-d' and '-n' arguments are correct. Exiting."
+ exit 1
+fi
+
+# if the restartVersion is not provided, generate the value of restartVersion
+if [ -z "${restartVersion}" ]; then
+ generateDomainRestartVersion "${domainJson}" restartVersion
+fi
+
+printInfo "Patching restartVersion for domain '${domainUid}' to '${restartVersion}'."
+createPatchJsonToUpdateDomainRestartVersion "${restartVersion}" patchJson
+
+executePatchCommand "${kubernetesCli}" "${domainUid}" "${domainNamespace}" "${patchJson}" "${verboseMode}"
+
+printInfo "Successfully patched restartVersion for domain '${domainUid}'!"
diff --git a/OracleAccessManagement/kubernetes/domain-lifecycle/scaleCluster.sh b/OracleAccessManagement/kubernetes/domain-lifecycle/scaleCluster.sh
new file mode 100755
index 000000000..947dd871c
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/domain-lifecycle/scaleCluster.sh
@@ -0,0 +1,122 @@
+# !/bin/sh
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/helper.sh
+if [ "${debug}" == "true" ]; then set -x; fi;
+
+function usage() {
+
+ cat << EOF
+
+ This script scales a WebLogic cluster in a domain by patching the
+ 'spec.clusters[].replicas' attribute of the domain
+ resource. This change will cause the operator to perform a scaling
+ operation for the WebLogic cluster based on the value of replica count.
+
+ Usage:
+
+ $(basename $0) -c mycluster -r replicas [-n mynamespace] [-d mydomainuid] [-m kubecli]
+
+ -c : Cluster name parameter is required.
+
+ -r : Replica count, parameter is required.
+
+ -d : Domain unique-id. Default is 'sample-domain1'.
+
+ -n : Domain namespace. Default is 'sample-domain1-ns'.
+
+ -m : Kubernetes command line interface. Default is 'kubectl' if KUBERNETES_CLI env
+ variable is not set. Otherwise default is the value of KUBERNETES_CLI env variable.
+
+ -v : Enables verbose mode. Default is 'false'.
+
+ -h : This help.
+
+EOF
+exit $1
+}
+
+kubernetesCli=${KUBERNETES_CLI:-kubectl}
+clusterName=""
+domainUid="sample-domain1"
+domainNamespace="sample-domain1-ns"
+verboseMode=false
+patchJson=""
+replicas=""
+
+while getopts "vc:n:m:d:r:h" opt; do
+ case $opt in
+ c) clusterName="${OPTARG}"
+ ;;
+ n) domainNamespace="${OPTARG}"
+ ;;
+ d) domainUid="${OPTARG}"
+ ;;
+ r) replicas="${OPTARG}"
+ ;;
+ m) kubernetesCli="${OPTARG}"
+ ;;
+ v) verboseMode=true;
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+set -eu
+
+#
+# Function to perform validations, read files and initialize workspace
+#
+function initialize {
+
+ validateErrors=false
+
+ validateKubernetesCliAvailable
+ validateJqAvailable
+
+ if [ -z "${clusterName}" ]; then
+ validationError "Please specify cluster name using '-c' parameter e.g. '-c cluster-1'."
+ fi
+
+ if [ -z "${replicas}" ]; then
+ validationError "Please specify replica count using '-r' parameter e.g. '-r 3'."
+ fi
+
+ failIfValidationErrors
+}
+
+initialize
+
+# Get the domain in json format
+domainJson=$(${kubernetesCli} get domain ${domainUid} -n ${domainNamespace} -o json --ignore-not-found)
+if [ -z "${domainJson}" ]; then
+ printError "Unable to get domain resource for domain '${domainUid}' in namespace '${domainNamespace}'. Please make sure the 'domain_uid' and 'namespace' specified by the '-d' and '-n' arguments are correct. Exiting."
+ exit 1
+fi
+
+isValidCluster=""
+validateClusterName "${domainUid}" "${domainNamespace}" "${clusterName}" isValidCluster
+if [ "${isValidCluster}" != 'true' ]; then
+ printError "cluster ${clusterName} is not part of domain ${domainUid} in namespace ${domainNamespace}. Please make sure that cluster name is correct."
+ exit 1
+fi
+
+isReplicasInAllowedRange "${domainJson}" "${clusterName}" "${replicas}" replicasInAllowedRange range
+if [ "${replicasInAllowedRange}" == 'false' ]; then
+ printError "Replicas value is not in the allowed range of ${range}. Exiting."
+ exit 1
+fi
+
+printInfo "Patching replicas for cluster '${clusterName}' to '${replicas}'."
+createPatchJsonToUpdateReplicas "${domainJson}" "${clusterName}" "${replicas}" patchJson
+
+executePatchCommand "${kubernetesCli}" "${domainUid}" "${domainNamespace}" "${patchJson}" "${verboseMode}"
+
+printInfo "Successfully patched replicas for cluster '${clusterName}'!"
diff --git a/OracleAccessManagement/kubernetes/domain-lifecycle/startCluster.sh b/OracleAccessManagement/kubernetes/domain-lifecycle/startCluster.sh
new file mode 100755
index 000000000..5c8bf034c
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/domain-lifecycle/startCluster.sh
@@ -0,0 +1,129 @@
+# !/bin/sh
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/helper.sh
+if [ "${debug}" == "true" ]; then set -x; fi;
+
+function usage() {
+
+ cat << EOF
+
+ This script starts a WebLogic cluster in a domain by patching
+ 'spec.clusters[].serverStartPolicy' attribute of the domain
+ resource to 'IF_NEEDED'. This change will cause the operator to initiate
+ startup of cluster's WebLogic server instance pods if the pods are not
+ already running and the spec.replicas or
+ 'spec.clusters[].serverStartPolicy' is set higher than zero.
+
+ Usage:
+
+ $(basename $0) -c mycluster [-n mynamespace] [-d mydomainuid] [-m kubecli]
+
+ -c : Cluster name (required parameter).
+
+ -d : Domain unique-id. Default is 'sample-domain1'.
+
+ -n : Domain namespace. Default is 'sample-domain1-ns'.
+
+ -m : Kubernetes command line interface. Default is 'kubectl' if KUBERNETES_CLI env
+ variable is not set. Otherwise default is the value of KUBERNETES_CLI env variable.
+
+ -v : Enables verbose mode. Default is 'false'.
+
+ -h : This help.
+
+EOF
+exit $1
+}
+
+set -eu
+
+kubernetesCli=${KUBERNETES_CLI:-kubectl}
+clusterName=""
+domainUid="sample-domain1"
+domainNamespace="sample-domain1-ns"
+verboseMode=false
+patchJson=""
+
+while getopts "vc:n:m:d:h" opt; do
+ case $opt in
+ c) clusterName="${OPTARG}"
+ ;;
+ n) domainNamespace="${OPTARG}"
+ ;;
+ d) domainUid="${OPTARG}"
+ ;;
+ m) kubernetesCli="${OPTARG}"
+ ;;
+ v) verboseMode=true;
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+#
+# Function to perform validations, read files and initialize workspace
+#
+function initialize {
+
+ validateErrors=false
+
+ validateKubernetesCliAvailable
+ validateJqAvailable
+
+ if [ -z "${clusterName}" ]; then
+ validationError "Please specify cluster name using '-c' parameter e.g. '-c cluster-1'."
+ fi
+
+ failIfValidationErrors
+
+}
+
+initialize
+
+# Get the domain in json format
+domainJson=$(${kubernetesCli} get domain ${domainUid} -n ${domainNamespace} -o json --ignore-not-found)
+if [ -z "${domainJson}" ]; then
+ printError "Unable to get domain resource for domain '${domainUid}' in namespace '${domainNamespace}'. Please make sure the 'domain_uid' and 'namespace' specified by the '-d' and '-n' arguments are correct. Exiting."
+ exit 1
+fi
+
+isValidCluster=""
+validateClusterName "${domainUid}" "${domainNamespace}" "${clusterName}" isValidCluster
+if [ "${isValidCluster}" != 'true' ]; then
+ printError "cluster ${clusterName} is not part of domain ${domainUid} in namespace ${domainNamespace}. Please make sure that cluster name is correct."
+ exit 1
+fi
+
+getDomainPolicy "${domainJson}" domainStartPolicy
+# Fail if effective start policy of domain is NEVER or ADMIN_ONLY
+if [[ "${domainStartPolicy}" == 'NEVER' || "${domainStartPolicy}" == 'ADMIN_ONLY' ]]; then
+ printError "Cannot start cluster '${clusterName}', the domain is configured with a 'spec.serverStartPolicy' attribute on the domain resource of 'NEVER' or 'ADMIN_ONLY'."
+ exit 1
+fi
+
+# Get server start policy for this cluster
+getClusterPolicy "${domainJson}" "${clusterName}" startPolicy
+if [ -z "${startPolicy}" ]; then
+ startPolicy=${domainStartPolicy}
+fi
+
+if [ "${startPolicy}" == 'IF_NEEDED' ]; then
+ printInfo "No changes needed, exiting. The cluster '${clusterName}' is already started or starting. The effective value of 'spec.clusters[?(clusterName=\"${clusterName}\"].serverStartPolicy' attribute on the domain resource is 'IF_NEEDED'."
+ exit 0
+fi
+
+# Set policy value to IF_NEEDED
+printInfo "Patching start policy of cluster '${clusterName}' from '${startPolicy}' to 'IF_NEEDED'."
+createPatchJsonToUpdateClusterPolicy "${domainJson}" "${clusterName}" "IF_NEEDED" patchJson
+
+executePatchCommand "${kubernetesCli}" "${domainUid}" "${domainNamespace}" "${patchJson}" "${verboseMode}"
+
+printInfo "Successfully patched cluster '${clusterName}' with 'IF_NEEDED' start policy!."
diff --git a/OracleAccessManagement/kubernetes/domain-lifecycle/startDomain.sh b/OracleAccessManagement/kubernetes/domain-lifecycle/startDomain.sh
new file mode 100755
index 000000000..fea9cbbe5
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/domain-lifecycle/startDomain.sh
@@ -0,0 +1,97 @@
+# !/bin/sh
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/helper.sh
+
+function usage() {
+
+ cat << EOF
+
+ This script starts a deployed WebLogic domain by patching 'spec.serverStartPolicy'
+ attribute of the domain resource to 'IF_NEEDED'. This change will cause the operator
+ to initiate startup of domain's WebLogic server instance pods if the pods are not
+ already running.
+
+ Usage:
+
+ $(basename $0) [-n mynamespace] [-d mydomainuid] [-m kubecli]
+
+ -d : Domain unique-id. Default is 'sample-domain1'.
+
+ -n : Domain namespace. Default is 'sample-domain1-ns'.
+
+ -m : Kubernetes command line interface. Default is 'kubectl' if KUBERNETES_CLI env
+ variable is not set. Otherwise default is the value of KUBERNETES_CLI env variable.
+
+ -v : Enables verbose mode. Default is 'false'.
+
+ -h : This help.
+
+EOF
+exit $1
+}
+
+kubernetesCli=${KUBERNETES_CLI:-kubectl}
+domainUid="sample-domain1"
+domainNamespace="sample-domain1-ns"
+verboseMode=false
+
+while getopts "vn:d:m:h" opt; do
+ case $opt in
+ n) domainNamespace="${OPTARG}"
+ ;;
+ d) domainUid="${OPTARG}"
+ ;;
+ m) kubernetesCli="${OPTARG}"
+ ;;
+ v) verboseMode=true;
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+
+set -eu
+set -o pipefail
+
+function initialize {
+
+ validateErrors=false
+
+ validateKubernetesCliAvailable
+ validateJqAvailable
+
+ failIfValidationErrors
+}
+
+initialize
+
+# Get the domain in json format
+domainJson=$(${kubernetesCli} get domain ${domainUid} -n ${domainNamespace} -o json --ignore-not-found)
+
+if [ -z "${domainJson}" ]; then
+ printError "Domain resource for domain '${domainUid}' not found in namespace '${domainNamespace}'. Exiting."
+ exit 1
+fi
+
+getDomainPolicy "${domainJson}" serverStartPolicy
+
+if [ "${serverStartPolicy}" == 'IF_NEEDED' ]; then
+ printInfo "No changes needed, exiting. The domain '${domainUid}' is already started or starting. The effective value of 'spec.serverStartPolicy' attribute on the domain resource is 'IF_NEEDED'."
+ exit 0
+fi
+
+printInfo "Patching domain '${domainUid}' from serverStartPolicy='${serverStartPolicy}' to 'IF_NEEDED'."
+
+createPatchJsonToUpdateDomainPolicy "IF_NEEDED" patchJson
+
+executePatchCommand "${kubernetesCli}" "${domainUid}" "${domainNamespace}" "${patchJson}" "${verboseMode}"
+
+printInfo "Successfully patched domain '${domainUid}' in namespace '${domainNamespace}' with 'IF_NEEDED' start policy!"
diff --git a/OracleAccessManagement/kubernetes/domain-lifecycle/startServer.sh b/OracleAccessManagement/kubernetes/domain-lifecycle/startServer.sh
new file mode 100755
index 000000000..37b120d71
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/domain-lifecycle/startServer.sh
@@ -0,0 +1,242 @@
+# !/bin/sh
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+# This script starts a WebLogic managed server in a domain.
+# Internal code notes :-
+# - If server start policy is ALWAYS or policy is IF_NEEDED and the server is selected
+# to start based on the replica count, it means that server is already started or is
+# in the process of starting. In this case, script exits without making any changes.
+#
+# - If start policy of servers parent cluster or domain is 'NEVER', script
+# fails as server can't be started.
+#
+# - If server is part of a cluster and keep_replica_constant option is false (the default)
+# and the effective start policy of the server is IF_NEEDED and increasing replica count
+# will naturally start the server, the script increases the replica count.
+#
+# - If server is part of a cluster and keep_replica_constant option is false (the default)
+# and unsetting policy and increasing the replica count will start this server, script
+# unsets the policy and increases replica count. For e.g. if replica count is 1 and
+# start policy of server2 is NEVER, unsetting policy and increasing replica count will
+# start server2.
+#
+# - If option to keep replica count constant ('-k') is selected and unsetting start policy
+# will naturally start the server, script will unset the policy. For e.g. if replica count
+# is 2 and start policy of server2 is NEVER, unsetting policy will start server2.
+#
+# - If above conditions are not true, it implies that either start policy is NEVER or policy
+# is IF_NEEDED but server is not next in the order to start. In this case, script sets start
+# policy to ALWAYS. For e.g. replica count is 3 and server10 needs to start. The script also
+# increments the replica count by default. If option to keep replica count constant ('-k')
+# is selected, it only sets the start policy to ALWAYS.
+#
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/helper.sh
+if [ "${debug}" == "true" ]; then set -x; fi;
+set -eu
+
+function usage() {
+
+ cat << EOF
+
+ This script starts a WebLogic server in a domain. For the managed servers, it either
+ increases the value of 'spec.clusters[].replicas' by '1' or updates the
+ 'spec.managedServers[].serverStartPolicy' attribute of the domain
+ resource or both as necessary for starting the server. For the administration server, it
+ updates the value of 'spec.adminServer.serverStartPolicy' attribute of the domain resource.
+ The 'spec.clusters[].replicas' value can be kept constant by using '-k' option.
+ Please see README.md for more details.
+
+ Usage:
+
+ $(basename $0) -s myserver [-n mynamespace] [-d mydomainuid] [-k] [-m kubecli] [-v]
+
+ -s : The WebLogic server name (not the pod name).
+ This parameter is required.
+
+ -d : Domain unique-id. Default is 'sample-domain1'.
+
+ -n : Domain namespace. Default is 'sample-domain1-ns'.
+
+ -k : Keep replica count constant for the clustered servers. The default behavior
+ is to increment the replica count for the clustered servers. This parameter
+ is ignored for the administration and non-clustered managed servers.
+
+ -m : Kubernetes command line interface. Default is 'kubectl' if KUBERNETES_CLI env
+ variable is not set. Otherwise default is the value of KUBERNETES_CLI env variable.
+
+ -v : Enables verbose mode. Default is 'false'.
+
+ -h : This help.
+
+EOF
+exit $1
+}
+
+kubernetesCli=${KUBERNETES_CLI:-kubectl}
+serverName=""
+clusterName=""
+domainUid="sample-domain1"
+domainNamespace="sample-domain1-ns"
+keepReplicaConstant=false
+verboseMode=false
+withReplicas="CONSTANT"
+withPolicy="CONSTANT"
+managedServerPolicy=""
+effectivePolicy=""
+isValidServer=""
+patchJson=""
+serverStarted=""
+startsByPolicyUnset=""
+startsByReplicaIncreaseAndPolicyUnset=""
+isAdminServer=false
+
+while getopts "vkd:n:m:s:h" opt; do
+ case $opt in
+ s) serverName="${OPTARG}"
+ ;;
+ n) domainNamespace="${OPTARG}"
+ ;;
+ d) domainUid="${OPTARG}"
+ ;;
+ k) keepReplicaConstant=true;
+ ;;
+ m) kubernetesCli="${OPTARG}"
+ ;;
+ v) verboseMode=true;
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+#
+# Function to perform validations, read files and initialize workspace
+#
+function initialize {
+
+ # Validate the required files exist
+ validateErrors=false
+
+ validateKubernetesCliAvailable
+ validateJqAvailable
+
+ # Validate that server name parameter is specified.
+ if [ -z "${serverName}" ]; then
+ validationError "Please specify a server name using '-s' parameter e.g. '-s managed-server1'."
+ fi
+
+ failIfValidationErrors
+}
+
+initialize
+
+# Get the domain in json format
+domainJson=$(${kubernetesCli} get domain ${domainUid} -n ${domainNamespace} -o json --ignore-not-found)
+if [ -z "${domainJson}" ]; then
+ printError "Unable to get domain resource for domain '${domainUid}' in namespace '${domainNamespace}'. Please make sure the 'domain_uid' and 'namespace' specified by the '-d' and '-n' arguments are correct. Exiting."
+ exit 1
+fi
+
+# Validate that specified server is either part of a cluster or is an independent managed server
+validateServerAndFindCluster "${domainUid}" "${domainNamespace}" "${serverName}" isValidServer clusterName isAdminServer
+if [ "${isValidServer}" != 'true' ]; then
+ printError "Server ${serverName} is not part of any cluster and it's not an independent managed server. Please make sure that server name specified is correct."
+ exit 1
+fi
+
+getClusterPolicy "${domainJson}" "${clusterName}" clusterPolicy
+if [ "${clusterPolicy}" == 'NEVER' ]; then
+ printError "Cannot start server '${serverName}', the server's parent cluster '.spec.clusters[?(clusterName=\"${clusterName}\"].serverStartPolicy' in the domain resource is set to 'NEVER'."
+ exit 1
+fi
+
+getDomainPolicy "${domainJson}" domainPolicy
+if [ "${domainPolicy}" == 'NEVER' ] || [[ "${domainPolicy}" == 'ADMIN_ONLY' && "${isAdminServer}" != 'true' ]]; then
+ printError "Cannot start server '${serverName}', the .spec.serverStartPolicy in the domain resource is set to 'NEVER' or 'ADMIN_ONLY'."
+ exit 1
+fi
+
+getEffectivePolicy "${domainJson}" "${serverName}" "${clusterName}" effectivePolicy
+if [ "${isAdminServer}" == 'true' ]; then
+ getEffectiveAdminPolicy "${domainJson}" effectivePolicy
+ if [[ "${effectivePolicy}" == "IF_NEEDED" || "${effectivePolicy}" == "ALWAYS" ]]; then
+ printInfo "No changes needed, exiting. Server should be already starting or started because effective sever start policy is '${effectivePolicy}'."
+ exit 0
+ fi
+fi
+
+if [ -n "${clusterName}" ]; then
+ # Server is part of a cluster, check currently started servers
+ checkStartedServers "${domainJson}" "${serverName}" "${clusterName}" "${withReplicas}" "${withPolicy}" serverStarted
+ if [[ ${effectivePolicy} == "IF_NEEDED" && ${serverStarted} == "true" ]]; then
+ printInfo "No changes needed, exiting. The server should be already started or it's in the process of starting. The start policy for server ${serverName} is ${effectivePolicy} and server is chosen to be started based on current replica count."
+ exit 0
+ elif [[ "${effectivePolicy}" == "ALWAYS" && ${serverStarted} == "true" ]]; then
+ printInfo "No changes needed, exiting. The server should be already started or it's in the process of starting. The start policy for server ${serverName} is ${effectivePolicy}."
+ exit 0
+ fi
+else
+ # Server is an independent managed server.
+ if [[ "${effectivePolicy}" == "ALWAYS" || "${effectivePolicy}" == "IF_NEEDED" ]]; then
+ printInfo "No changes needed, exiting. The server should be already started or it's in the process of starting. The start policy for server ${serverName} is ${effectivePolicy}."
+ exit 0
+ fi
+fi
+
+getServerPolicy "${domainJson}" "${serverName}" managedServerPolicy
+createServerStartPolicyPatch "${domainJson}" "${serverName}" "ALWAYS" alwaysStartPolicyPatch
+
+# if server is part of a cluster and replica count will increase
+if [[ -n ${clusterName} && "${keepReplicaConstant}" != 'true' ]]; then
+ #check if server starts by increasing replicas and unsetting policy
+ withReplicas="INCREASED"
+ withPolicy="UNSET"
+ checkStartedServers "${domainJson}" "${serverName}" "${clusterName}" "${withReplicas}" "${withPolicy}" startsByReplicaIncreaseAndPolicyUnset
+ createReplicaPatch "${domainJson}" "${clusterName}" "INCREMENT" incrementReplicaPatch replicaCount
+ if [[ -n ${managedServerPolicy} && ${startsByReplicaIncreaseAndPolicyUnset} == "true" ]]; then
+ # Server starts by increasing replicas and policy unset, increment and unset
+ printInfo "Unsetting the current start policy '${managedServerPolicy}' for '${serverName}' and incrementing replica count ${replicaCount}."
+ createPatchJsonToUnsetPolicyAndUpdateReplica "${domainJson}" "${serverName}" "${incrementReplicaPatch}" patchJson
+ elif [[ -z ${managedServerPolicy} && ${startsByReplicaIncreaseAndPolicyUnset} == "true" ]]; then
+ # Start policy is not set, server starts by increasing replicas based on effective policy, increment replicas
+ printInfo "Updating replica count for cluster '${clusterName}' to ${replicaCount}."
+ createPatchJsonToUpdateReplica "${incrementReplicaPatch}" patchJson
+ else
+ # Patch server policy to always and increment replicas
+ printInfo "Patching start policy of server '${serverName}' from '${effectivePolicy}' to 'ALWAYS' and \
+incrementing replica count for cluster '${clusterName}' to ${replicaCount}."
+ createPatchJsonToUpdateReplicaAndPolicy "${incrementReplicaPatch}" "${alwaysStartPolicyPatch}" patchJson
+ fi
+elif [[ -n ${clusterName} && "${keepReplicaConstant}" == 'true' ]]; then
+ # Replica count needs to stay constant, check if server starts by unsetting policy
+ withReplicas="CONSTANT"
+ withPolicy="UNSET"
+ checkStartedServers "${domainJson}" "${serverName}" "${clusterName}" "${withReplicas}" "${withPolicy}" startsByPolicyUnset
+ if [[ "${effectivePolicy}" == "NEVER" && ${startsByPolicyUnset} == "true" ]]; then
+ # Server starts by unsetting policy, unset policy
+ printInfo "Unsetting the current start policy '${effectivePolicy}' for '${serverName}'."
+ createPatchJsonToUnsetPolicy "${domainJson}" "${serverName}" patchJson
+ else
+ # Patch server policy to always
+ printInfo "Patching start policy for '${serverName}' to 'ALWAYS'."
+ createPatchJsonToUpdatePolicy "${alwaysStartPolicyPatch}" patchJson
+ fi
+elif [ "${isAdminServer}" == 'true' ]; then
+ printInfo "Patching start policy of '${serverName}' from '${effectivePolicy}' to 'IF_NEEDED'."
+ createPatchJsonToUpdateAdminPolicy "${domainJson}" "IF_NEEDED" patchJson
+else
+ # Server is an independent managed server
+ printInfo "Unsetting the current start policy '${effectivePolicy}' for '${serverName}'."
+ createPatchJsonToUnsetPolicy "${domainJson}" "${serverName}" patchJson
+fi
+
+executePatchCommand "${kubernetesCli}" "${domainUid}" "${domainNamespace}" "${patchJson}" "${verboseMode}"
+
+printInfo "Patch command succeeded !"
diff --git a/OracleAccessManagement/kubernetes/domain-lifecycle/stopCluster.sh b/OracleAccessManagement/kubernetes/domain-lifecycle/stopCluster.sh
new file mode 100755
index 000000000..6e0410932
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/domain-lifecycle/stopCluster.sh
@@ -0,0 +1,119 @@
+# !/bin/sh
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/helper.sh
+if [ "${debug}" == "true" ]; then set -x; fi;
+
+function usage() {
+
+ cat << EOF
+
+ This script stops a WebLogic cluster in a domain by patching
+ 'spec.clusters[].serverStartPolicy' attribute of the domain
+ resource to 'NEVER'. This change will cause the operator to initiate shutdown
+ of cluster's WebLogic server instance pods if the pods are running.
+
+ Usage:
+
+ $(basename $0) -c mycluster [-n mynamespace] [-d mydomainuid] [-m kubecli]
+
+ -c : Cluster name (required parameter).
+
+ -d : Domain unique-id. Default is 'sample-domain1'.
+
+ -n : Domain namespace. Default is 'sample-domain1-ns'.
+
+ -m : Kubernetes command line interface. Default is 'kubectl' if KUBERNETES_CLI env
+ variable is not set. Otherwise default is the value of KUBERNETES_CLI env variable.
+
+ -v : Enables verbose mode. Default is 'false'.
+
+ -h : This help.
+
+EOF
+exit $1
+}
+
+kubernetesCli=${KUBERNETES_CLI:-kubectl}
+clusterName=""
+domainUid="sample-domain1"
+domainNamespace="sample-domain1-ns"
+verboseMode=false
+patchJson=""
+
+while getopts "vc:n:m:d:h" opt; do
+ case $opt in
+ c) clusterName="${OPTARG}"
+ ;;
+ n) domainNamespace="${OPTARG}"
+ ;;
+ d) domainUid="${OPTARG}"
+ ;;
+ m) kubernetesCli="${OPTARG}"
+ ;;
+ v) verboseMode=true;
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+set -eu
+
+#
+# Function to perform validations, read files and initialize workspace
+#
+function initialize {
+
+ validateErrors=false
+
+ validateKubernetesCliAvailable
+ validateJqAvailable
+
+ if [ -z "${clusterName}" ]; then
+ validationError "Please specify cluster name using '-c' parameter e.g. '-c cluster-1'."
+ fi
+
+ failIfValidationErrors
+}
+
+initialize
+
+# Get the domain in json format
+domainJson=$(${kubernetesCli} get domain ${domainUid} -n ${domainNamespace} -o json --ignore-not-found)
+if [ -z "${domainJson}" ]; then
+ printError "Unable to get domain resource for domain '${domainUid}' in namespace '${domainNamespace}'. Please make sure the 'domain_uid' and 'namespace' specified by the '-d' and '-n' arguments are correct. Exiting."
+ exit 1
+fi
+
+isValidCluster=""
+validateClusterName "${domainUid}" "${domainNamespace}" "${clusterName}" isValidCluster
+if [ "${isValidCluster}" != 'true' ]; then
+ printError "cluster ${clusterName} is not part of domain ${domainUid} in namespace ${domainNamespace}. Please make sure that cluster name is correct."
+ exit 1
+fi
+
+# Get server start policy for this server
+getClusterPolicy "${domainJson}" "${clusterName}" startPolicy
+if [ -z "${startPolicy}" ]; then
+ getDomainPolicy "${domainJson}" startPolicy
+fi
+
+if [[ "${startPolicy}" == 'NEVER' || "${startPolicy}" == 'ADMIN_ONLY' ]]; then
+ printInfo "No changes needed, exiting. The cluster '${clusterName}' is already stopped or stopping. The effective value of spec.clusters[?(clusterName="${clusterName}"].serverStartPolicy attribute on the domain resource is 'NEVER' or 'ADMIN_ONLY'."
+ exit 0
+fi
+
+# Set policy value to NEVER
+printInfo "Patching start policy of cluster '${clusterName}' from '${startPolicy}' to 'NEVER'."
+createPatchJsonToUpdateClusterPolicy "${domainJson}" "${clusterName}" "NEVER" patchJson
+
+executePatchCommand "${kubernetesCli}" "${domainUid}" "${domainNamespace}" "${patchJson}" "${verboseMode}"
+
+printInfo "Successfully patched cluster '${clusterName}' with 'NEVER' start policy!"
diff --git a/OracleAccessManagement/kubernetes/domain-lifecycle/stopDomain.sh b/OracleAccessManagement/kubernetes/domain-lifecycle/stopDomain.sh
new file mode 100755
index 000000000..d62f6b280
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/domain-lifecycle/stopDomain.sh
@@ -0,0 +1,95 @@
+# !/bin/sh
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/helper.sh
+
+function usage() {
+
+ cat << EOF
+
+ This script stops a deployed WebLogic domain by patching
+ 'spec.serverStartPolicy' attribute of domain resource to 'NEVER'.
+ This change will cause the operator to initiate shutdown of the
+ domain's WebLogic server instance pods if the pods are running.
+
+ Usage:
+
+ $(basename $0) [-n mynamespace] [-d mydomainuid] [-m kubecli]
+
+ -d : Domain unique-id. Default is 'sample-domain1'.
+
+ -n : Domain namespace. Default is 'sample-domain1-ns'.
+
+ -m : Kubernetes command line interface. Default is 'kubectl' if KUBERNETES_CLI env
+ variable is not set. Otherwise default is the value of KUBERNETES_CLI env variable.
+
+ -v : Enables verbose mode. Default is 'false'.
+
+ -h : This help.
+
+EOF
+exit $1
+}
+
+kubernetesCli=${KUBERNETES_CLI:-kubectl}
+domainUid="sample-domain1"
+domainNamespace="sample-domain1-ns"
+verboseMode=false
+
+while getopts "vn:d:m:h" opt; do
+ case $opt in
+ n) domainNamespace="${OPTARG}"
+ ;;
+ d) domainUid="${OPTARG}"
+ ;;
+ m) kubernetesCli="${OPTARG}"
+ ;;
+ v) verboseMode=true;
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+set -eu
+set -o pipefail
+
+function initialize {
+
+ validateErrors=false
+
+ validateKubernetesCliAvailable
+ validateJqAvailable
+ failIfValidationErrors
+}
+
+initialize
+
+# Get the domain in json format
+domainJson=$(${kubernetesCli} get domain ${domainUid} -n ${domainNamespace} -o json --ignore-not-found)
+
+if [ -z "${domainJson}" ]; then
+ printError "Domain resource for domain '${domainUid}' not found in namespace '${domainNamespace}'. Exiting."
+ exit 1
+fi
+
+getDomainPolicy "${domainJson}" serverStartPolicy
+
+if [ "${serverStartPolicy}" == 'NEVER' ]; then
+ printInfo "No changes needed, exiting. The domain '${domainUid}' is already stopped or stopping. The value of 'spec.serverStartPolicy' attribute on the domain resource is 'NEVER'."
+ exit 0
+fi
+
+printInfo "Patching domain '${domainUid}' in namespace '${domainNamespace}' from serverStartPolicy='${serverStartPolicy}' to 'NEVER'."
+
+createPatchJsonToUpdateDomainPolicy "NEVER" patchJson
+
+executePatchCommand "${kubernetesCli}" "${domainUid}" "${domainNamespace}" "${patchJson}" "${verboseMode}"
+
+printInfo "Successfully patched domain '${domainUid}' in namespace '${domainNamespace}' with 'NEVER' start policy!"
diff --git a/OracleAccessManagement/kubernetes/domain-lifecycle/stopServer.sh b/OracleAccessManagement/kubernetes/domain-lifecycle/stopServer.sh
new file mode 100755
index 000000000..ec35b4d97
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/domain-lifecycle/stopServer.sh
@@ -0,0 +1,248 @@
+# !/bin/sh
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+# This script stops a WebLogic managed server in a domain.
+# Internal code notes :-
+# - If server start policy is NEVER or policy is IF_NEEDED and the server is not
+# selected to start based on the replica count, it means that server is already
+# stopped or is in the process of stopping. In this case, script exits without
+# making any changes.
+#
+# - If server is part of a cluster and keep_replica_constant option is false (the default)
+# and the effective start policy of the server is IF_NEEDED and decreasing replica count
+# will naturally stop the server, the script decreases the replica count.
+#
+# - If server is part of a cluster and keep_replica_constant option is false (the default)
+# and unsetting policy and decreasing the replica count will stop the server, script
+# unsets the policy and decreases replica count. For e.g. if replica count is 2 and
+# start policy of server2 is ALWAYS, unsetting policy and decreasing replica count will
+# stop server2.
+#
+# - If option to keep replica count constant ('-k') is selected and unsetting start policy
+# will naturally stop the server, script will unset the policy. For e.g. if replica count
+# is 1 and start policy of server2 is ALWAYS, unsetting policy will stop server2.
+#
+# - If above conditions are not true, it implies that server policy is IF_NEEDED and server
+# is selected to start. In this case, script sets start policy to NEVER. For e.g. replica
+# count is 2 and server1 needs to be stopped. The script also decrements the replica count
+# by default. If option to keep replica count constant ('-k') is selected, it only sets the
+# start policy to NEVER.
+#
+
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/helper.sh
+if [ "${debug}" == "true" ]; then set -x; fi;
+set -eu
+
+function usage() {
+
+ cat << EOF
+
+ This script stops a running WebLogic server in a domain. For managed servers, it either
+ decreases the value of 'spec.clusters[].replicas' or updates the
+ 'spec.managedServers[].serverStartPolicy' attribute of the domain
+ resource or both as necessary to stop the server. For the administration server, it updates
+ the value of 'spec.adminServer.serverStartPolicy' attribute of the domain resource. The
+ 'spec.clusters[].replicas' value can be kept constant by using '-k' option.
+ Please see README.md for more details.
+
+ Usage:
+
+ $(basename $0) -s myserver [-n mynamespace] [-d mydomainuid] [-k] [-m kubecli] [-v]
+
+ -s : The WebLogic server name (not the pod name).
+ This parameter is required.
+
+ -d : Domain unique-id. Default is 'sample-domain1'.
+
+ -n : Domain namespace. Default is 'sample-domain1-ns'.
+
+ -k : Keep replica count constant for the clustered servers. The default behavior
+ is to decrement the replica count for the clustered servers. This parameter
+ is ignored for the administration and non-clustered managed servers.
+
+ -m : Kubernetes command line interface. Default is 'kubectl' if KUBERNETES_CLI env
+ variable is not set. Otherwise default is the value of KUBERNETES_CLI env variable.
+
+ -v : Enables verbose mode. Default is 'false'.
+
+ -h : This help.
+
+EOF
+exit $1
+}
+
+kubernetesCli=${KUBERNETES_CLI:-kubectl}
+serverName=""
+clusterName=""
+domainUid="sample-domain1"
+domainNamespace="sample-domain1-ns"
+keepReplicaConstant=false
+verboseMode=false
+serverStartPolicy=NEVER
+serverStarted=""
+effectivePolicy=""
+managedServerPolicy=""
+stoppedWhenAlwaysPolicyReset=""
+replicasEqualsMinReplicas=""
+withReplicas="CONSTANT"
+withPolicy="CONSTANT"
+patchJson=""
+isAdminServer=false
+
+while getopts "vks:m:n:d:h" opt; do
+ case $opt in
+ s) serverName="${OPTARG}"
+ ;;
+ n) domainNamespace="${OPTARG}"
+ ;;
+ m) kubernetesCli="${OPTARG}"
+ ;;
+ d) domainUid="${OPTARG}"
+ ;;
+ k) keepReplicaConstant=true;
+ ;;
+ v) verboseMode=true;
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+#
+# Function to perform validations, read files and initialize workspace
+#
+function initialize {
+
+ validateErrors=false
+
+ validateKubernetesCliAvailable
+ validateJqAvailable
+
+ # Validate that server name parameter is specified.
+ if [ -z "${serverName}" ]; then
+ validationError "Please specify the server name using '-s' parameter e.g. '-s managed-server1'."
+ fi
+
+ failIfValidationErrors
+}
+
+initialize
+
+# Get the domain in json format
+domainJson=$(${kubernetesCli} get domain ${domainUid} -n ${domainNamespace} -o json --ignore-not-found)
+if [ -z "${domainJson}" ]; then
+ printError "Unable to get domain resource for domain '${domainUid}' in namespace '${domainNamespace}'. Please make sure the 'domain_uid' and 'namespace' specified by the '-d' and '-n' arguments are correct. Exiting."
+ exit 1
+fi
+
+# Validate that specified server is either part of a cluster or is an independent managed server
+validateServerAndFindCluster "${domainUid}" "${domainNamespace}" "${serverName}" isValidServer clusterName isAdminServer
+if [ "${isValidServer}" != 'true' ]; then
+ printError "Server ${serverName} is not part of any cluster and it's not an independent managed server. Please make sure that server name specified is correct."
+ exit 1
+fi
+
+getEffectivePolicy "${domainJson}" "${serverName}" "${clusterName}" effectivePolicy
+if [ "${isAdminServer}" == 'true' ]; then
+ getEffectiveAdminPolicy "${domainJson}" effectivePolicy
+ if [ "${effectivePolicy}" == "NEVER" ]; then
+ printInfo "No changes needed, exiting. Server should be already stopping or stopped because effective sever start policy is 'NEVER'."
+ exit 0
+ fi
+fi
+
+if [ -n "${clusterName}" ]; then
+ # Server is part of a cluster, check currently started servers
+ checkStartedServers "${domainJson}" "${serverName}" "${clusterName}" "${withReplicas}" "${withPolicy}" serverStarted
+ if [[ "${effectivePolicy}" == "NEVER" || "${effectivePolicy}" == "ADMIN_ONLY" || "${serverStarted}" != "true" ]]; then
+ printInfo "No changes needed, exiting. Server should be already stopping or stopped. This is either because of the sever start policy or server is chosen to be stopped based on current replica count."
+ exit 0
+ fi
+else
+ # Server is an independent managed server.
+ if [ "${effectivePolicy}" == "NEVER" ] || [[ "${effectivePolicy}" == "ADMIN_ONLY" && "${isAdminServer}" != 'true' ]]; then
+ printInfo "No changes needed, exiting. Server should be already stopping or stopped because effective sever start policy is 'NEVER' or 'ADMIN_ONLY'."
+ exit 0
+ fi
+fi
+
+if [[ -n "${clusterName}" && "${keepReplicaConstant}" == 'false' ]]; then
+ # check if replica count can decrease below current value
+ isReplicaCountEqualToMinReplicas "${domainJson}" "${clusterName}" replicasEqualsMinReplicas
+ if [ "${replicasEqualsMinReplicas}" == 'true' ]; then
+ printInfo "Not decreasing the replica count value: it is at its minimum. \
+ (See 'domain.spec.allowReplicasBelowMinDynClusterSize' and \
+ 'domain.status.clusters[].minimumReplicas' for details)."
+ keepReplicaConstant=true
+ fi
+fi
+
+# Create server start policy patch with NEVER value
+createServerStartPolicyPatch "${domainJson}" "${serverName}" "${serverStartPolicy}" neverStartPolicyPatch
+getServerPolicy "${domainJson}" "${serverName}" managedServerPolicy
+if [ -n "${managedServerPolicy}" ]; then
+ effectivePolicy=${managedServerPolicy}
+fi
+if [[ -n "${clusterName}" && "${effectivePolicy}" == "ALWAYS" ]]; then
+ # Server is part of a cluster and start policy is ALWAYS.
+ withReplicas="CONSTANT"
+ withPolicy="UNSET"
+ checkStartedServers "${domainJson}" "${serverName}" "${clusterName}" "${withReplicas}" "${withPolicy}" startedWhenAlwaysPolicyReset
+fi
+
+if [[ -n "${clusterName}" && "${keepReplicaConstant}" != 'true' ]]; then
+ # server is part of a cluster and replica count will decrease
+ withReplicas="DECREASED"
+ withPolicy="UNSET"
+ checkStartedServers "${domainJson}" "${serverName}" "${clusterName}" "${withReplicas}" "${withPolicy}" startedWhenRelicaReducedAndPolicyReset
+ createReplicaPatch "${domainJson}" "${clusterName}" "DECREMENT" replicaPatch replicaCount
+
+ if [[ -n ${managedServerPolicy} && "${startedWhenRelicaReducedAndPolicyReset}" != "true" ]]; then
+ # Server shuts down by unsetting start policy and decrementing replica count, unset and decrement
+ printInfo "Unsetting the current start policy '${managedServerPolicy}' for '${serverName}' \
+ and decrementing replica count to ${replicaCount}."
+ createPatchJsonToUnsetPolicyAndUpdateReplica "${domainJson}" "${serverName}" "${replicaPatch}" patchJson
+ elif [[ -z ${managedServerPolicy} && "${startedWhenRelicaReducedAndPolicyReset}" != "true" ]]; then
+ # Start policy is not set, server shuts down by decrementing replica count, decrement replicas
+ printInfo "Updating replica count for cluster ${clusterName} to ${replicaCount}."
+ createPatchJsonToUpdateReplica "${replicaPatch}" patchJson
+ elif [[ ${managedServerPolicy} == "ALWAYS" && "${startedWhenAlwaysPolicyReset}" != "true" ]]; then
+ # Server shuts down by unsetting the start policy, unset and decrement replicas
+ printInfo "Unsetting the current start policy '${managedServerPolicy}' for '${serverName}' \
+ and decrementing replica count to ${replicaCount}."
+ createPatchJsonToUnsetPolicyAndUpdateReplica "${domainJson}" "${serverName}" "${replicaPatch}" patchJson
+ else
+ # Patch server start policy to NEVER and decrement replica count
+ printInfo "Patching start policy of server '${serverName}' from '${effectivePolicy}' to 'NEVER' \
+ and decrementing replica count for cluster '${clusterName}' to ${replicaCount}."
+ createPatchJsonToUpdateReplicaAndPolicy "${replicaPatch}" "${neverStartPolicyPatch}" patchJson
+ fi
+elif [[ -n ${clusterName} && "${keepReplicaConstant}" == 'true' ]]; then
+ # Server is part of a cluster and replica count needs to stay constant
+ if [[ ${managedServerPolicy} == "ALWAYS" && "${startedWhenAlwaysPolicyReset}" != "true" ]]; then
+ # Server start policy is AlWAYS and server shuts down by unsetting the policy, unset policy
+ printInfo "Unsetting the current start policy '${effectivePolicy}' for '${serverName}'."
+ createPatchJsonToUnsetPolicy "${domainJson}" "${serverName}" patchJson
+ else
+ # Patch server start policy to NEVER
+ printInfo "Patching start policy of '${serverName}' from '${effectivePolicy}' to 'NEVER'."
+ createPatchJsonToUpdatePolicy "${neverStartPolicyPatch}" patchJson
+ fi
+elif [ "${isAdminServer}" == 'true' ]; then
+ printInfo "Patching start policy of '${serverName}' from '${effectivePolicy}' to 'NEVER'."
+ createPatchJsonToUpdateAdminPolicy "${domainJson}" "${serverStartPolicy}" patchJson
+else
+ # Server is an independent managed server, patch server start policy to NEVER
+ printInfo "Patching start policy of '${serverName}' from '${effectivePolicy}' to 'NEVER'."
+ createPatchJsonToUpdatePolicy "${neverStartPolicyPatch}" patchJson
+fi
+
+executePatchCommand "${kubernetesCli}" "${domainUid}" "${domainNamespace}" "${patchJson}" "${verboseMode}"
+
+printInfo "Patch command succeeded !"
diff --git a/OracleAccessManagement/kubernetes/elasticsearch-and-kibana/README.md b/OracleAccessManagement/kubernetes/elasticsearch-and-kibana/README.md
new file mode 100755
index 000000000..bd62bcc56
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/elasticsearch-and-kibana/README.md
@@ -0,0 +1,31 @@
+# Sample to deploy Elasticsearch and Kibana
+
+
+When you install the WebLogic operator Helm chart, you can set
+`elkIntegrationEnabled` to `true` in your `values.yaml` file to tell the operator to send the contents of the operator's logs to Elasticsearch.
+
+Typically, you would have already configured Elasticsearch and Kibana in the
+Kubernetes cluster, and also would have specified `elasticSearchHost` and `elasticSearchPort` in your `values.yaml` file to point to where Elasticsearch is already running.
+
+This sample configures the Elasticsearch and Kibana deployments and services.
+It's useful for trying out the operator in a Kubernetes cluster that doesn't already
+have them configured.
+
+It runs the Elastic Stack on the same host and port that the operator's Helm chart defaults
+to, therefore, you only need to set `elkIntegrationEnabled` to `true` in your
+`values.yaml` file.
+
+To control Elasticsearch memory parameters (Heap allocation and Enabling/Disabling swapping) please open the file `elasticsearch_and_kibana.yaml`, search for env variables of the elasticsearch container and change the values of the following.
+
+* ES_JAVA_OPTS: value may contain for example -Xms512m -Xmx512m to lower the default memory usage (please be aware that this value is only applicable for demo purpose and it is not the one recommended by Elasticsearch itself)
+* bootstrap.memory_lock: value may contain true (enables the usage of mlockall to try to lock the process address space into RAM, preventing any Elasticsearch memory from being swapped out) or false (disables the usage of mlockall to try to lock the process address space into RAM, preventing any Elasticsearch memory from being swapped out).
+
+To install Elasticsearch and Kibana, use:
+```shell
+$ kubectl apply -f kubernetes/samples/scripts/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
+```
+
+To remove them, use:
+```shell
+$ kubectl delete -f kubernetes/samples/scripts/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
+```
diff --git a/OracleAccessManagement/kubernetes/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml b/OracleAccessManagement/kubernetes/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
new file mode 100755
index 000000000..97b0b9186
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
@@ -0,0 +1,117 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# When a user installs the WebLogic operator Helm chart, the user can set
+# elkIntegrationEnabled to true in their values.yaml to tell the operator to send the
+# contents of the operator's log to Elasticsearch.
+#
+# Typically, a user would have already configured Elasticsearch and Kibana in the
+# Kubernetes cluster, and also would specify elasticSearchHost and elasticSearchPort
+# in their values.yaml file to point to where Elasticsearch is already running.
+#
+# This sample configures the Elasticsearch and Kibana deployments and services.
+# It's useful for trying out the operator in a Kubernetes cluster that doesn't already
+# have them configured.
+#
+# It runs Elasticstack on the same host and port that the operator's Helm chart defaults
+# to, therefore, the customer only needs to set elkIntegrationEnabled to true in their
+# values.yaml file.
+#
+# To configure them, use:
+# kubectl apply -f kubernetes/samples/scripts/elasticsearch_and_kibana.yaml
+#
+# To remove them, use:
+# kubectl delete -f kubernetes/samples/scripts/elasticsearch_and_kibana.yaml
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: "default"
+ name: "elasticsearch"
+ labels:
+ app: "elasticsearch"
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: "elasticsearch"
+ template:
+ metadata:
+ labels:
+ app: "elasticsearch"
+ spec:
+ initContainers:
+ - name: set-vm-max-map-count
+ image: busybox
+ imagePullPolicy: IfNotPresent
+ command: ['sysctl', '-w', 'vm.max_map_count=262144']
+ securityContext:
+ privileged: true
+ containers:
+ - name: "elasticsearch"
+ image: "elasticsearch:6.8.0"
+ ports:
+ - containerPort: 9200
+ - containerPort: 9300
+ env:
+ - name: ES_JAVA_OPTS
+ value: -Xms1024m -Xmx1024m
+
+---
+kind: "Service"
+apiVersion: "v1"
+metadata:
+ namespace: "default"
+ name: "elasticsearch"
+spec:
+ ports:
+ - name: "http"
+ protocol: "TCP"
+ port: 9200
+ targetPort: 9200
+ - name: "https"
+ protocol: "TCP"
+ port: 9300
+ targetPort: 9300
+ selector:
+ app: "elasticsearch"
+
+---
+apiVersion: "apps/v1"
+kind: "Deployment"
+metadata:
+ namespace: "default"
+ name: "kibana"
+ labels:
+ app: "kibana"
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: "kibana"
+ template:
+ metadata:
+ labels:
+ app: "kibana"
+ spec:
+ containers:
+ - name: "kibana"
+ image: "kibana:6.8.0"
+ ports:
+ - containerPort: 5601
+
+---
+apiVersion: "v1"
+kind: "Service"
+metadata:
+ namespace: "default"
+ name: "kibana"
+ labels:
+ app: "kibana"
+spec:
+ type: "NodePort"
+ ports:
+ - port: 5601
+ selector:
+ app: "kibana"
diff --git a/OracleAccessManagement/kubernetes/3.0.1/grafana/weblogic_dashboard.json b/OracleAccessManagement/kubernetes/grafana/weblogic_dashboard.json
old mode 100644
new mode 100755
similarity index 100%
rename from OracleAccessManagement/kubernetes/3.0.1/grafana/weblogic_dashboard.json
rename to OracleAccessManagement/kubernetes/grafana/weblogic_dashboard.json
diff --git a/OracleAccessManagement/kubernetes/logging-services/logstash/README.md b/OracleAccessManagement/kubernetes/logging-services/logstash/README.md
new file mode 100755
index 000000000..72572c557
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/logging-services/logstash/README.md
@@ -0,0 +1,59 @@
+## Publish OracleAccessManagement server and diagnostics logs into Elasticsearch
+
+## Prerequisites
+See [here](https://oracle.github.io/weblogic-kubernetes-operator/samples/simple/elastic-stack/) for the steps to integrate Elasticsearch for the WebLogic Kubernetes operator.
+
+Before deploying the WebLogic Kubernetes operator edit `values.yaml` in weblogic-kubernetes-operator/kubernetes/charts/weblogic-operator/ to enable elastic search integration.
+Configure the following variables:
+```bash
+# elkIntegrationEnabled specifies whether or not ELK integration is enabled.
+elkIntegrationEnabled: true
+# logStashImage specifies the docker image containing logstash.
+# This parameter is ignored if 'elkIntegrationEnabled' is false.
+logStashImage: "logstash:6.6.0"
+
+# elasticSearchHost specifies the hostname of where Elasticsearch is running.
+# This parameter is ignored if 'elkIntegrationEnabled' is false.
+elasticSearchHost: "elasticsearch.default.svc.cluster.local"
+
+# elasticSearchPort specifies the port number of where Elasticsearch is running.
+# This parameter is ignored if 'elkIntegrationEnabled' is false.
+elasticSearchPort: 9200
+```
+Deployment of WebLogic Kubernetes operator with above changes, will create an additional logstash container as sidecar. This logstash container will push the operator logs to the configured Elasticsearch server.
+
+### WebLogic Server logs
+
+The WebLogic server logs or diagnostics logs can be pushed to Elasticsearch server using logstash pod. The logstash pod should have access to the shared domain home or the log location. The persistent volume of the domain home can be used in the logstash pod.
+
+### Create the logstash pod
+
+1. Get Domain home persistence volume claim details
+Get the persistent volume details of the domain home of the WebLogic server(s).
+
+ ```bash
+ $ kubectl get pvc -n accessns
+ ```
+
+1. Create logstash configuration.
+Create logstash configuration file. The logstash configuration file can be loaded from a volume.
+ ```bash
+ $ kubectl cp logstash.conf accessns/accessinfra-adminserver:/u01/oracle/user_projects/domains --namespace accessns
+ ```
+
+ You can use sample logstash configuration file generated to push server and diagnostic logs of all servers available at DOMAIN_HOME/servers//logs/-diagnostic.log
+
+1. Copy the logstash.conf into say /u01/oracle/user_projects/domains so that it can be used for logstash deployment, using Administration Server pod
+
+1. Create deployment YAML for logstash pod.
+You can use sample logstash.yaml file generated to create deployment for logstash pod. The mounted persistent volume of the domain home will provide access to the WebLogic server logs to logstash pod.
+Make sure to point the logstash configuration file to correct location and also correct domain home persistence volume claim.
+
+1. Deploy logstash to start publish logs to Elasticsearch:
+
+ ```bash
+ $ kubectl create -f logstash.yaml
+ ```
+
+1. Now, you can view the diagnostics logs using Kibana with index pattern `logstash-*`.
+
diff --git a/OracleAccessManagement/kubernetes/logging-services/logstash/logstash.conf b/OracleAccessManagement/kubernetes/logging-services/logstash/logstash.conf
new file mode 100755
index 000000000..37567b0a2
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/logging-services/logstash/logstash.conf
@@ -0,0 +1,25 @@
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+input {
+ file {
+ path => "/u01/oracle/user_projects/domains/accessinfra/servers/**/logs/*-diagnostic.log"
+ start_position => beginning
+ }
+ file {
+ path => "/u01/oracle/user_projects/domains/logs/accessinfra/*.log"
+ start_position => beginning
+ }
+}
+
+filter {
+ grok {
+ match => [ "message", "<%{DATA:log_timestamp}> <%{WORD:log_level}> <%{WORD:thread}> <%{HOSTNAME:hostname}> <%{HOSTNAME:servername}> <%{DATA:timer}> <<%{DATA:kernel}>> <> <%{DATA:uuid}> <%{NUMBER:timestamp}> <%{DATA:misc}> <%{DATA:log_number}> <%{DATA:log_message}>" ]
+ }
+}
+output {
+ elasticsearch {
+ hosts => ["elasticsearch.default.svc.cluster.local:9200"]
+ }
+}
diff --git a/OracleAccessManagement/kubernetes/logging-services/logstash/logstash.yaml b/OracleAccessManagement/kubernetes/logging-services/logstash/logstash.yaml
new file mode 100755
index 000000000..5a7d449b0
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/logging-services/logstash/logstash.yaml
@@ -0,0 +1,39 @@
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: logstash
+ namespace: accessns
+spec:
+ selector:
+ matchLabels:
+ app: logstash
+ template: # create pods using pod definition in this template
+ metadata:
+ labels:
+ app: logstash
+ spec:
+ volumes:
+ - name: domain-storage-volume
+ persistentVolumeClaim:
+ claimName: domain-pvc
+ - name: shared-logs
+ emptyDir: {}
+ containers:
+ - name: logstash
+ image: logstash:6.6.0
+ command: ["/bin/sh"]
+ args: ["/usr/share/logstash/bin/logstash", "-f", "/u01/oracle/user_projects/domains/logstash.conf"]
+ imagePullPolicy: IfNotPresent
+ volumeMounts:
+ - mountPath: /u01/oracle/user_projects
+ name: domain-storage-volume
+ - name: shared-logs
+ mountPath: /shared-logs
+ ports:
+ - containerPort: 5044
+ name: logstash
+
diff --git a/OracleAccessManagement/kubernetes/logging-services/weblogic-logging-exporter/README.md b/OracleAccessManagement/kubernetes/logging-services/weblogic-logging-exporter/README.md
new file mode 100755
index 000000000..9389d3827
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/logging-services/weblogic-logging-exporter/README.md
@@ -0,0 +1,131 @@
+## Publish WebLogic Server logs into Elasticsearch
+
+The WebLogic Logging Exporter adds a log event handler to WebLogic Server, such that WebLogic Server logs can be integrated into Elastic Stack in Kubernetes directly, by using the Elasticsearch REST API.
+
+## Prerequisite
+
+This document assumes that you have already deployed Elasticsearch/Kibana environment. If you have not, please use a sample/demo deployment of Elasticsearch/Kibana from WebLogic Kubernetes operator.
+
+To deploy Elasticsearch and Kibana on the Kubernetes cluster:
+```bash
+$ kubectl create -f https://raw.githubusercontent.com/oracle/weblogic-kubernetes-operator/master/kubernetes/samples/scripts/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
+```
+
+Follow these steps to setup WebLogic Logging Exporter in a WebLogic operator environment and push the WebLogic server logs to Elasticsearch/Kibana
+
+1. Download WebLogic logging exporter binaries
+
+ The WebLogic logging exporter pre-built binaries are available in the github releases page: [Release 1.0.1](https://github.com/oracle/weblogic-logging-exporter/releases)
+
+ ```bash
+ $ wget https://github.com/oracle/weblogic-logging-exporter/releases/download/v1.0.1/weblogic-logging-exporter.jar
+ ```
+
+ Download weblogic-logging-exporter.jar from the github release link above. Also download dependency jar - snakeyaml-1.27.jar from Maven Central.
+
+ ```bash
+ $ wget -O snakeyaml-1.27.jar https://search.maven.org/remotecontent?filepath=org/yaml/snakeyaml/1.27/snakeyaml-1.27.jar
+ ```
+1. Copy JAR files into the Kubernetes WebLogic Administration Server Pod
+
+ Copy weblogic-logging-exporter.jar and snakeyaml-1.27.jar to the domain home folder in the Administration server pod.
+
+ ```bash
+ $ kubectl cp weblogic-logging-exporter.jar accessns/accessinfra-adminserver:/u01/oracle/user_projects/domains/accessinfra/
+ $ kubectl cp snakeyaml-1.27.jar accessns/accessinfra-adminserver:/u01/oracle/user_projects/domains/accessinfra/
+ ```
+
+1. Add a startup class to the domain configuration
+
+ In this step, we configure weblogic-logging-exporter JAR as a startup class in the WebLogic servers where we intend to collect the logs.
+
+ a) In the Administration Console, navigate to `Environment` then `Startup and Shutdown classes` in the main menu.
+
+ b) Add a new Startup class. You may choose any descriptive name and the class name must be `weblogic.logging.exporter.Startup`.
+
+ c) Target the startup class to each server that you want to export logs from.
+
+ You can verify this by checking for the update in your config.xml which should be similar to this example:
+
+ ```bash
+
+ LoggingExporterStartupClass
+ AdminServer
+ weblogic.logging.exporter.Startup
+
+ ```
+
+1. Update WebLogic Server CLASS Path.
+
+ In this step, we set the class path for weblogic-logging-exporter and its dependencies.
+
+ a) Copy setDomainEnv.sh from the pod to local folder.
+ ```bash
+ $ kubectl cp accessns/accessinfra-adminserver:/u01/oracle/user_projects/domains/accessinfra/bin/setDomainEnv.sh setDomainEnv.sh
+ ```
+ b) Modify setDomainEnv.sh to update the Server Class path.
+ ```bash
+ CLASSPATH=/u01/oracle/user_projects/domains/accessinfra/weblogic-logging-exporter.jar:/u01/oracle/user_projects/domains/accessinfra/snakeyaml-1.27.jar:${CLASSPATH}
+ export CLASSPATH
+ ```
+
+ c) Copy back the modified setDomainEnv.sh to the pod.
+ ```bash
+ $ kubectl cp setDomainEnv.sh accessns/accessinfra-adminserver:/u01/oracle/user_projects/domains/accessinfra/bin/setDomainEnv.sh
+ ```
+
+1. Create configuration file for the WebLogic Logging Exporter.
+Copy WebLogicLoggingExporter.yaml to the domain folder in the WebLogic server pod. YAML specifies the elasticsearch server host and port number.
+ ```bash
+ $ kubectl cp WebLogicLoggingExporter.yaml accessns/accessinfra-adminserver:/u01/oracle/user_projects/domains/accessinfra/config/
+ ```
+
+1. Restart WebLogic Servers
+
+ Now we can restart the WebLogic servers for the weblogic-logging-exporter to get loaded in the servers.
+
+ To restart the servers, use stopDomain.sh and startDomain.sh scripts from https://github.com/oracle/weblogic-kubernetes-operator/tree/master/kubernetes/samples/scripts/domain-lifecycle
+
+ The stopDomain.sh script shuts down a domain by patching the `spec.serverStartPolicy` attribute of the domain resource to `NEVER`. The operator will shut down the WebLogic Server instance Pods that are part of the domain after the `spec.serverStartPolicy` attribute is updated to `NEVER`. See the script usage information by using the -h option.
+
+ ```bash
+ $ stopDomain.sh -d accessinfra -n accessns
+ ```
+ Sample output:
+ ```bash
+ [INFO] Patching domain 'accessinfra' in namespace 'accessns' from serverStartPolicy='IF_NEEDED' to 'NEVER'.
+ domain.weblogic.oracle/accessinfra patched
+ [INFO] Successfully patched domain 'accessinfra' in namespace 'accessns' with 'NEVER' start policy!
+ ```
+
+ Verify servers by checking the pod status.
+ ```bash
+ $ kubectl get pods -n accessns
+ ```
+
+ After all the servers are shutdown, run startDomain.sh script to start again.
+
+ The startDomain.sh script starts a deployed domain by patching the `spec.serverStartPolicy` attribute of the domain resource to `IF_NEEDED`. The operator will start the WebLogic Server instance Pods that are part of the domain after the `spec.serverStartPolicy` attribute of the domain resource is updated to `IF_NEEDED`. See the script usage information by using the -h option.
+
+ ```bash
+ $ startDomain.sh -d accessinfra -n accessns
+ ```
+ Sample output:
+ ```bash
+ [INFO] Patching domain 'accessinfra' from serverStartPolicy='NEVER' to 'IF_NEEDED'.
+ domain.weblogic.oracle/accessinfra patched
+ [INFO] Successfully patched domain 'accessinfra' in namespace 'accessns' with 'IF_NEEDED' start policy!
+ ```
+
+ Verify servers by checking the pod status. Pod status will be RUNNING.
+ ```bash
+ $ kubectl get pods -n accessns
+ ```
+ In the server logs, you will be able to see the weblogic-logging-exporter class being called.
+
+1. Create an index pattern in Kibana
+
+ We need to create an index pattern in Kibana for the logs to be available in the dashboard.
+
+ Create an index pattern `wls*` in `Kibana` > `Management`. After the server starts, you will be able to see the log data from the WebLogic servers in the Kibana dashboard,
+
diff --git a/OracleAccessManagement/kubernetes/logging-services/weblogic-logging-exporter/WebLogicLoggingExporter.yaml b/OracleAccessManagement/kubernetes/logging-services/weblogic-logging-exporter/WebLogicLoggingExporter.yaml
new file mode 100755
index 000000000..08ee215d8
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/logging-services/weblogic-logging-exporter/WebLogicLoggingExporter.yaml
@@ -0,0 +1,13 @@
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+weblogicLoggingIndexName: wls
+publishHost: elasticsearch.default.svc.cluster.local
+publishPort: 9200
+domainUID: accessinfra
+weblogicLoggingExporterEnabled: true
+weblogicLoggingExporterSeverity: Notice
+weblogicLoggingExporterBulkSize: 1
+
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/README.md b/OracleAccessManagement/kubernetes/monitoring-service/README.md
new file mode 100755
index 000000000..41938d9f1
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/README.md
@@ -0,0 +1,120 @@
+## Monitor the OracleAccessManagement instance using Prometheus and Grafana
+Using the `WebLogic Monitoring Exporter` you can scrape runtime information from a running OracleAccessManagement instance and monitor them using Prometheus and Grafana.
+
+### Prerequisites
+
+- Have Docker and a Kubernetes cluster running and have `kubectl` installed and configured.
+- Have Helm installed.
+- An OracleAccessManagement domain deployed by `weblogic-operator` is running in the Kubernetes cluster.
+
+### Prepare to use the setup monitoring script
+
+The sample scripts for setup monitoring for OracleAccessManagement domain are available at `${WORKDIR}/monitoring-service`.
+
+You must edit `monitoring-inputs.yaml`(or a copy of it) to provide the details of your domain. Refer to the configuration parameters below to understand the information that you must provide in this file.
+
+#### Configuration parameters
+
+The following parameters can be provided in the inputs file.
+
+| Parameter | Description | Default |
+| --- | --- | --- |
+| `domainUID` | domainUID of the OracleAccessManagement domain. | `accessinfra` |
+| `domainNamespace` | Kubernetes namespace of the OracleAccessManagement domain. | `accessns` |
+| `setupKubePrometheusStack` | Boolean value indicating whether kube-prometheus-stack (Prometheus, Grafana and Alertmanager) to be installed | `true` |
+| `additionalParamForKubePrometheusStack` | The script install's kube-prometheus-stack with `service.type` as NodePort and values for `service.nodePort` as per the parameters defined in `monitoring-inputs.yaml`. Use `additionalParamForKubePrometheusStack` parameter to further configure with additional parameters as per [values.yaml](https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml). Sample value to disable NodeExporter, Prometheus-Operator TLS support and Admission webhook support for PrometheusRules resources is `--set nodeExporter.enabled=false --set prometheusOperator.tls.enabled=false --set prometheusOperator.admissionWebhooks.enabled=false`| |
+| `monitoringNamespace` | Kubernetes namespace for monitoring setup. | `monitoring` |
+| `adminServerName` | Name of the Administration Server. | `AdminServer` |
+| `adminServerPort` | Port number for the Administration Server inside the Kubernetes cluster. | `7001` |
+| `oamClusterName` | Name of the oamCluster. | `oam_cluster` |
+| `oamManagedServerPort` | Port number of the managed servers in the oamCluster. | `14100` |
+| `wlsMonitoringExporterTooamCluster` | Boolean value indicating whether to deploy WebLogic Monitoring Exporter to oamCluster. | `false` |
+| `policyClusterName` | Name of the policyCluster. | `policy_cluster` |
+| `policyManagedServerPort` | Port number of the managed servers in the policyCluster. | `15100` |
+| `wlsMonitoringExporterTopolicyCluster` | Boolean value indicating whether to deploy WebLogic Monitoring Exporter to policyCluster. | `false` |
+| `exposeMonitoringNodePort` | Boolean value indicating if the Monitoring Services (Prometheus, Grafana and Alertmanager) is exposed outside of the Kubernetes cluster. | `false` |
+| `prometheusNodePort` | Port number of the Prometheus outside the Kubernetes cluster. | `32101` |
+| `grafanaNodePort` | Port number of the Grafana outside the Kubernetes cluster. | `32100` |
+| `alertmanagerNodePort` | Port number of the Alertmanager outside the Kubernetes cluster. | `32102` |
+| `weblogicCredentialsSecretName` | Name of the Kubernetes secret which has Administration Server’s user name and password. | `accessinfra-domain-credentials` |
+
+Note that the values specified in the `monitoring-inputs.yaml` file will be used to install kube-prometheus-stack (Prometheus, Grafana and Alertmanager) and deploying WebLogic Monitoring Exporter into the OracleAccessManagement domain. Hence make the domain specific values to be same as that used during domain creation.
+
+### Run the setup monitoring script
+
+Update the values in `monitoring-inputs.yaml` as per your requirement and run the `setup-monitoring.sh` script, specifying your inputs file:
+
+```bash
+$ cd ${WORKDIR}/monitoring-service
+$ ./setup-monitoring.sh \
+ -i monitoring-inputs.yaml
+```
+The script will perform the following steps:
+
+- Helm install `prometheus-community/kube-prometheus-stack` of version "16.5.0" if `setupKubePrometheusStack` is set to `true`.
+- Deploys WebLogic Monitoring Exporter to Administration Server.
+- Deploys WebLogic Monitoring Exporter to `oamCluster` if `wlsMonitoringExporterTooamCluster` is set to `true`.
+- Exposes the Monitoring Services (Prometheus at `32101`, Grafana at `32100` and Alertmanager at `32102`) outside of the Kubernetes cluster if `exposeMonitoringNodePort` is set to `true`.
+- Imports the WebLogic Server Grafana Dashboard if `setupKubePrometheusStack` is set to `true`.
+- Deploys WebLogic Monitoring Exporter to Administration Server.
+- Deploys WebLogic Monitoring Exporter to `policyCluster` if `wlsMonitoringExporterTopolicyCluster` is set to `true`.
+- Exposes the Monitoring Services (Prometheus at `32101`, Grafana at `32100` and Alertmanager at `32102`) outside of the Kubernetes cluster if `exposeMonitoringNodePort` is set to `true`.
+- Imports the WebLogic Server Grafana Dashboard if `setupKubePrometheusStack` is set to `true`.
+
+### Verify the results
+The setup monitoring script will report failure if there was any error. However, verify that required resources were created by the script.
+
+#### Verify the kube-prometheus-stack
+
+To confirm that `prometheus-community/kube-prometheus-stack` was installed when `setupKubePrometheusStack` is set to `true`, run the following command:
+
+```bash
+$ helm ls -n
+```
+Replace with value for Kubernetes namespace used for monitoring.
+
+Sample output:
+```bash
+$ helm ls -n monitoring
+NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
+monitoring monitoring 1 2021-06-18 12:58:35.177221969 +0000 UTC deployed kube-prometheus-stack-16.5.0 0.48.0
+$
+```
+
+#### Verify the Prometheus, Grafana and Alertmanager setup
+
+When `exposeMonitoringNodePort` was set to `true`, verify that monitoring services are accessible outside of the Kubernetes cluster:
+
+- `32100` is the external port for Grafana and with credentials `admin:admin`
+- `32101` is the external port for Prometheus
+- `32102` is the external port for Alertmanager
+
+#### Verify the service discovery of WebLogic Monitoring Exporter
+
+Verify whether prometheus is able to discover wls-exporter and collect the metrics:
+
+1. Access the Prometheus dashboard at http://mycompany.com:32101/
+
+1. Navigate to Status to see the Service Discovery details.
+
+1. Verify that wls-exporter is listed in the discovered services.
+
+#### Verify the WebLogic Server dashoard
+
+You can access the Grafana dashboard at http://mycompany.com:32100/.
+
+1. Log in to Grafana dashboard with username: `admin` and password: `admin`.
+
+1. Navigate to "WebLogic Server Dashboard" under General and verify.
+
+### Delete the monitoring setup
+
+To delete the monitoring setup created by [Run the setup monitoring script](#run-the-setup-monitoring-script), run the below command:
+
+```bash
+$ cd ${WORKDIR}/monitoring-service
+$ ./delete-monitoring.sh \
+ -i monitoring-inputs.yaml
+```
+
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/config/config.yml.template b/OracleAccessManagement/kubernetes/monitoring-service/config/config.yml.template
new file mode 100755
index 000000000..792f64d27
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/config/config.yml.template
@@ -0,0 +1,64 @@
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+metricsNameSnakeCase: true
+restPort: %PORT%
+queries:
+- key: name
+ keyName: location
+ prefix: wls_server_
+ applicationRuntimes:
+ key: name
+ keyName: app
+ componentRuntimes:
+ prefix: wls_webapp_config_
+ type: WebAppComponentRuntime
+ key: name
+ values: [deploymentState, contextRoot, sourceInfo, openSessionsHighCount, openSessionsCurrentCount, sessionsOpenedTotalCount, sessionCookieMaxAgeSecs, sessionInvalidationIntervalSecs, sessionTimeoutSecs, singleThreadedServletPoolSize, sessionIDLength, servletReloadCheckSecs, jSPPageCheckSecs]
+ servlets:
+ prefix: wls_servlet_
+ key: servletName
+
+- JVMRuntime:
+ prefix: wls_jvm_
+ key: name
+
+- executeQueueRuntimes:
+ prefix: wls_socketmuxer_
+ key: name
+ values: [pendingRequestCurrentCount]
+
+- workManagerRuntimes:
+ prefix: wls_workmanager_
+ key: name
+ values: [stuckThreadCount, pendingRequests, completedRequests]
+
+- threadPoolRuntime:
+ prefix: wls_threadpool_
+ key: name
+ values: [executeThreadTotalCount, queueLength, stuckThreadCount, hoggingThreadCount]
+
+- JMSRuntime:
+ key: name
+ keyName: jmsruntime
+ prefix: wls_jmsruntime_
+ JMSServers:
+ prefix: wls_jms_
+ key: name
+ keyName: jmsserver
+ destinations:
+ prefix: wls_jms_dest_
+ key: name
+ keyName: destination
+
+- persistentStoreRuntimes:
+ prefix: wls_persistentstore_
+ key: name
+- JDBCServiceRuntime:
+ JDBCDataSourceRuntimeMBeans:
+ prefix: wls_datasource_
+ key: name
+- JTARuntime:
+ prefix: wls_jta_
+ key: name
+
diff --git a/OracleIdentityGovernance/kubernetes/3.0.1/weblogic_dashboard.json b/OracleAccessManagement/kubernetes/monitoring-service/config/weblogic-server-dashboard-import.json
old mode 100644
new mode 100755
similarity index 100%
rename from OracleIdentityGovernance/kubernetes/3.0.1/weblogic_dashboard.json
rename to OracleAccessManagement/kubernetes/monitoring-service/config/weblogic-server-dashboard-import.json
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/config/weblogic-server-dashboard.json b/OracleAccessManagement/kubernetes/monitoring-service/config/weblogic-server-dashboard.json
new file mode 100644
index 000000000..23961d230
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/config/weblogic-server-dashboard.json
@@ -0,0 +1,3315 @@
+{
+ "dashboard": {
+ "__inputs": [],
+ "__requires": [
+ {
+ "type": "grafana",
+ "id": "grafana",
+ "name": "Grafana",
+ "version": "5.2.4"
+ },
+ {
+ "type": "panel",
+ "id": "graph",
+ "name": "Graph",
+ "version": "5.0.0"
+ },
+ {
+ "type": "panel",
+ "id": "singlestat",
+ "name": "Singlestat",
+ "version": "5.0.0"
+ },
+ {
+ "type": "panel",
+ "id": "table",
+ "name": "Table",
+ "version": "5.0.0"
+ }
+ ],
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "-- Grafana --",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": true,
+ "gnetId": null,
+ "graphTooltip": 0,
+ "id": null,
+ "iteration": 1563266678971,
+ "links": [],
+ "panels": [
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 32,
+ "panels": [],
+ "title": "Servers",
+ "type": "row"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "decimals": 0,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 13,
+ "x": 0,
+ "y": 1
+ },
+ "hideTimeOverride": true,
+ "id": 16,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "count(count (wls_jvm_uptime{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\"}) by (name))",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{weblogic_serverName}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Running Servers",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "avg"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 11,
+ "x": 13,
+ "y": 1
+ },
+ "id": 23,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "count(count(wls_webapp_config_deployment_state{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\"}) by (app))",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Deployed Applications",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "avg"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": true,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "decimals": 1,
+ "description": "",
+ "format": "percent",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 6,
+ "x": 0,
+ "y": 4
+ },
+ "hideTimeOverride": true,
+ "id": 104,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": "serverName",
+ "repeatDirection": "v",
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "weblogic_serverName",
+ "targets": [
+ {
+ "expr": "wls_server_activation_time{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\",weblogic_serverName=\"$serverName\"}",
+ "format": "table",
+ "hide": false,
+ "instant": true,
+ "interval": "10s",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "50,80",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Server Name",
+ "type": "singlestat",
+ "valueFontSize": "50%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "",
+ "value": ""
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": true,
+ "colors": [
+ "#56A64B",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 4,
+ "x": 6,
+ "y": 4
+ },
+ "id": 84,
+ "interval": "",
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": "serverName",
+ "repeatDirection": "v",
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "wls_server_state_val{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=\"$serverName\"}",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Server Status",
+ "type": "singlestat",
+ "valueFontSize": "50%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "SHUTDOWN",
+ "value": "0"
+ },
+ {
+ "op": "=",
+ "text": "STARTING",
+ "value": "1"
+ },
+ {
+ "op": "=",
+ "text": "RUNNING",
+ "value": "2"
+ },
+ {
+ "op": "=",
+ "text": "STANDBY",
+ "value": "3"
+ },
+ {
+ "op": "=",
+ "text": "FAILED",
+ "value": "8"
+ },
+ {
+ "op": "=",
+ "text": "FAILED",
+ "value": "17"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": true,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "decimals": 1,
+ "description": "",
+ "format": "percent",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 4,
+ "x": 10,
+ "y": 4
+ },
+ "hideTimeOverride": true,
+ "id": 27,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": "serverName",
+ "repeatDirection": "v",
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "instance",
+ "targets": [
+ {
+ "expr": "100 - wls_jvm_heap_free_percent{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=\"$serverName\"}",
+ "format": "time_series",
+ "hide": false,
+ "instant": true,
+ "interval": "10s",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "50,80",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Heap Usage",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "",
+ "value": ""
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorPostfix": false,
+ "colorValue": true,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "decimals": 1,
+ "description": "",
+ "format": "ms",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 5,
+ "x": 14,
+ "y": 4
+ },
+ "hideTimeOverride": true,
+ "id": 91,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": "serverName",
+ "repeatDirection": "v",
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "instance",
+ "targets": [
+ {
+ "expr": "wls_jvm_uptime{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=\"$serverName\"}",
+ "format": "time_series",
+ "hide": false,
+ "instant": true,
+ "interval": "10s",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "50,80",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Running Time",
+ "type": "singlestat",
+ "valueFontSize": "50%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "",
+ "value": ""
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorPostfix": false,
+ "colorValue": true,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": "$datasource",
+ "decimals": 0,
+ "description": "",
+ "format": "short",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 5,
+ "x": 19,
+ "y": 4
+ },
+ "hideTimeOverride": true,
+ "id": 96,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": "serverName",
+ "repeatDirection": "v",
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "instance",
+ "targets": [
+ {
+ "expr": "wls_server_open_sockets_current_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=\"$serverName\"}",
+ "format": "time_series",
+ "hide": false,
+ "instant": true,
+ "interval": "10s",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "50,80",
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Open Sockets",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "",
+ "value": ""
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "aliasColors": {
+ " heap free managed-server-1": "super-light-green",
+ " heap free managed-server-2": "dark-green",
+ "heap size managed-server-1 ": "super-light-red",
+ "heap size managed-server-2 ": "dark-red"
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 10,
+ "w": 24,
+ "x": 0,
+ "y": 7
+ },
+ "id": 12,
+ "legend": {
+ "alignAsTable": true,
+ "avg": true,
+ "current": true,
+ "max": true,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "wls_jvm_heap_free_current{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": " Heap Free ({{weblogic_serverName}})",
+ "refId": "B"
+ },
+ {
+ "expr": "wls_jvm_heap_size_current{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}",
+ "format": "time_series",
+ "instant": false,
+ "intervalFactor": 1,
+ "legendFormat": "Heap Size ({{weblogic_serverName}})",
+ "refId": "A"
+ },
+ {
+ "expr": "wls_jvm_heap_size_max{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}",
+ "format": "time_series",
+ "hide": true,
+ "intervalFactor": 1,
+ "legendFormat": "Heap Max ({{weblogic_serverName}})",
+ "refId": "C"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "JVM Heap",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "decbytes",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {
+ " heap free managed-server-1": "super-light-green",
+ " heap free managed-server-2": "dark-green",
+ "heap size managed-server-1 ": "super-light-red",
+ "heap size managed-server-2 ": "dark-red"
+ },
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 17
+ },
+ "id": 21,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "wls_jvm_process_cpu_load{weblogic_domainUID=~\"$domainName\", weblogic_clusterName=~\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"} * 100",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": " {{weblogic_serverName}}",
+ "refId": "B"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "CPU Load",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "percent",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 12,
+ "y": 17
+ },
+ "id": 10,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "wls_threadpool_execute_thread_total_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "Total Threads ({{weblogic_serverName}})",
+ "refId": "A"
+ },
+ {
+ "expr": "wls_threadpool_stuck_thread_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "Stuck Threads ({{weblogic_serverName}})",
+ "refId": "D"
+ },
+ {
+ "expr": "wls_threadpool_queue_length{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}",
+ "format": "time_series",
+ "hide": true,
+ "intervalFactor": 1,
+ "legendFormat": "queue",
+ "refId": "C"
+ },
+ {
+ "expr": "wls_threadpool_hogging_thread_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}",
+ "format": "time_series",
+ "hide": true,
+ "intervalFactor": 1,
+ "legendFormat": "hogging",
+ "refId": "B"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Thread Pool",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 24
+ },
+ "id": 35,
+ "panels": [
+ {
+ "columns": [],
+ "datasource": "$datasource",
+ "fontSize": "100%",
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 0,
+ "y": 28
+ },
+ "hideTimeOverride": true,
+ "id": 126,
+ "links": [],
+ "pageSize": null,
+ "scroll": true,
+ "showHeader": true,
+ "sort": {
+ "col": 13,
+ "desc": true
+ },
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Webapp",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "mappingType": 1,
+ "pattern": "app",
+ "thresholds": [],
+ "type": "string",
+ "unit": "short"
+ },
+ {
+ "alias": "Total Sessions",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [],
+ "type": "hidden",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "topk($topN,sum(wls_webapp_config_sessions_opened_total_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (app))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "B"
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Total Sessions (top $topN)",
+ "transform": "table",
+ "type": "table"
+ },
+ {
+ "columns": [],
+ "datasource": "$datasource",
+ "fontSize": "100%",
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 8,
+ "y": 28
+ },
+ "hideTimeOverride": true,
+ "id": 136,
+ "links": [],
+ "pageSize": null,
+ "scroll": true,
+ "showHeader": true,
+ "sort": {
+ "col": 13,
+ "desc": true
+ },
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Webapp",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "mappingType": 1,
+ "pattern": "app",
+ "thresholds": [],
+ "type": "string",
+ "unit": "short"
+ },
+ {
+ "alias": "Total Requests",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [],
+ "type": "hidden",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "topk($topN,sum(wls_servlet_invocation_total_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (app))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "B"
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Total Requests (top $topN)",
+ "transform": "table",
+ "type": "table"
+ },
+ {
+ "columns": [],
+ "datasource": "$datasource",
+ "fontSize": "100%",
+ "gridPos": {
+ "h": 7,
+ "w": 8,
+ "x": 16,
+ "y": 28
+ },
+ "hideTimeOverride": true,
+ "id": 134,
+ "links": [],
+ "pageSize": null,
+ "scroll": true,
+ "showHeader": true,
+ "sort": {
+ "col": 13,
+ "desc": true
+ },
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Webapp",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "mappingType": 1,
+ "pattern": "app",
+ "thresholds": [],
+ "type": "string",
+ "unit": "short"
+ },
+ {
+ "alias": "Total Time",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value",
+ "thresholds": [],
+ "type": "number",
+ "unit": "ms"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [],
+ "type": "hidden",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "topk($topN,sum(wls_servlet_execution_time_total{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (app))",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "B"
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Total Execution Time (top $topN)",
+ "transform": "table",
+ "type": "table"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 8,
+ "w": 12,
+ "x": 0,
+ "y": 35
+ },
+ "id": 14,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(wls_webapp_config_open_sessions_current_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (app)",
+ "format": "time_series",
+ "interval": "",
+ "intervalFactor": 1,
+ "legendFormat": "{{app}}",
+ "refId": "A"
+ },
+ {
+ "expr": "",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "refId": "B"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Current Sessions ",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 8,
+ "w": 12,
+ "x": 12,
+ "y": 35
+ },
+ "id": 128,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": false
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": " sum(irate(wls_webapp_config_sessions_opened_total_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}[5m])) by (app)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{app}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Session Rate ",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": 0,
+ "format": "short",
+ "label": "per second",
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 43
+ },
+ "id": 132,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "(sum(wls_servlet_execution_time_average{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (app)) / (count(wls_servlet_execution_time_average{weblogic_domainUID=\"domain1\", weblogic_clusterName=\"cluster-1\"}) by (app))",
+ "format": "time_series",
+ "interval": "",
+ "intervalFactor": 1,
+ "legendFormat": "{{app}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Execution Time per Request ",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "ms",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 12,
+ "y": 43
+ },
+ "id": 138,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": false
+ },
+ "lines": false,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(wls_servlet_invocation_total_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}[5m])) by (app)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{app}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Request Rate ",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": 0,
+ "format": "short",
+ "label": "per second",
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ }
+ ],
+ "title": "Web Applications",
+ "type": "row"
+ },
+ {
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 25
+ },
+ "id": 43,
+ "panels": [
+ {
+ "columns": [],
+ "datasource": "$datasource",
+ "fontSize": "100%",
+ "gridPos": {
+ "h": 4,
+ "w": 24,
+ "x": 0,
+ "y": 29
+ },
+ "hideTimeOverride": true,
+ "id": 111,
+ "links": [],
+ "pageSize": null,
+ "scroll": true,
+ "showHeader": true,
+ "sort": {
+ "col": 0,
+ "desc": true
+ },
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Server",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "mappingType": 1,
+ "pattern": "weblogic_serverName",
+ "thresholds": [],
+ "type": "string",
+ "unit": "short"
+ },
+ {
+ "alias": "Name",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "mappingType": 1,
+ "pattern": "name",
+ "thresholds": [],
+ "type": "string",
+ "unit": "short"
+ },
+ {
+ "alias": "Active Connections",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #A",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Current Capacity",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #C",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Total Connections",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #D",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Total Connections",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #D",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [],
+ "type": "hidden",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(wls_datasource_curr_capacity{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (weblogic_serverName,name)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "C"
+ },
+ {
+ "expr": "sum(wls_datasource_active_connections_current_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (weblogic_serverName,name)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "A"
+ },
+ {
+ "expr": "sum(wls_datasource_connections_total_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (weblogic_serverName,name)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "D"
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Overview",
+ "transform": "table",
+ "type": "table"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 8,
+ "w": 13,
+ "x": 0,
+ "y": 33
+ },
+ "id": 50,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "wls_datasource_active_connections_current_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": " {{name}} @ {{weblogic_serverName}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Active Connections",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": 0,
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 8,
+ "w": 11,
+ "x": 13,
+ "y": 33
+ },
+ "id": 71,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "irate(wls_datasource_connections_total_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}[5m])",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": " {{name}} @ {{weblogic_serverName}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Connection Rate",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": 0,
+ "format": "short",
+ "label": "per second",
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 9,
+ "w": 11,
+ "x": 0,
+ "y": 41
+ },
+ "id": 46,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "wls_datasource_waiting_for_connection_current_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": " {{name}} @ {{weblogic_serverName}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Pending Connection Requests",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": 0,
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 9,
+ "w": 13,
+ "x": 11,
+ "y": 41
+ },
+ "id": 73,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "wls_datasource_connection_delay_time{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": " {{name}} @ {{weblogic_serverName}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Average Connection Delay Time",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": 0,
+ "format": "ms",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ }
+ ],
+ "title": "Data Sources",
+ "type": "row"
+ },
+ {
+ "collapsed": true,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 26
+ },
+ "id": 40,
+ "panels": [
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 6,
+ "w": 12,
+ "x": 0,
+ "y": 30
+ },
+ "id": 145,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(wls_jmsruntime_connections_current_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (weblogic_serverName)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{weblogic_serverName}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "JMS Connections",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": 0,
+ "format": "short",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 6,
+ "w": 12,
+ "x": 12,
+ "y": 30
+ },
+ "id": 147,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(wls_jmsruntime_connections_total_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}[5m])) by (weblogic_serverName)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{weblogic_serverName}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "JMS Connection Rate",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": null,
+ "format": "short",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "columns": [],
+ "datasource": "$datasource",
+ "fontSize": "100%",
+ "gridPos": {
+ "h": 4,
+ "w": 24,
+ "x": 0,
+ "y": 36
+ },
+ "hideTimeOverride": true,
+ "id": 113,
+ "links": [],
+ "pageSize": null,
+ "scroll": true,
+ "showHeader": true,
+ "sort": {
+ "col": 0,
+ "desc": true
+ },
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Name",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "mappingType": 1,
+ "pattern": "jmsserver",
+ "thresholds": [],
+ "type": "string",
+ "unit": "short"
+ },
+ {
+ "alias": "Current Dests",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #B",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Total Msgs",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #A",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Total Bytes",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #D",
+ "thresholds": [],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Total Dests",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #E",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [],
+ "type": "hidden",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(wls_jms_destinations_current_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (jmsserver)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "B"
+ },
+ {
+ "expr": "sum(wls_jms_messages_received_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (jmsserver)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "A"
+ },
+ {
+ "expr": "sum(wls_jms_bytes_received_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (jmsserver)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "D"
+ },
+ {
+ "expr": "sum(wls_jms_destinations_total_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (jmsserver)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "E"
+ },
+ {
+ "expr": "sum(wls_jms_destinations_current_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (jmsserver)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "F"
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "JMSServer Overview",
+ "transform": "table",
+ "type": "table"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 40
+ },
+ "id": 54,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": false,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(wls_jms_messages_current_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (jmsserver)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "Current ({{jmsserver}})",
+ "refId": "A"
+ },
+ {
+ "expr": "sum(wls_jms_messages_pending_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (jmsserver)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "Pending ({{jmsserver}})",
+ "refId": "B"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Messages",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": 0,
+ "format": "short",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 12,
+ "y": 40
+ },
+ "id": 56,
+ "legend": {
+ "alignAsTable": false,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(wls_jms_bytes_current_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (jmsserver)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "Current ({{jmsserver}})",
+ "refId": "A"
+ },
+ {
+ "expr": "sum(wls_jms_bytes_pending_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (jmsserver)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "Pending ({{jmsserver}})",
+ "refId": "B"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Bytes",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": 0,
+ "format": "short",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 0,
+ "y": 47
+ },
+ "id": 58,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(wls_jms_messages_received_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}[5m])) by (jmsserver)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{jmsserver}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Received Message Rate ",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": null,
+ "format": "short",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": true,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": "$datasource",
+ "fill": 1,
+ "gridPos": {
+ "h": 7,
+ "w": 12,
+ "x": 12,
+ "y": 47
+ },
+ "id": 117,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "links": [],
+ "nullPointMode": "null",
+ "paceLength": 10,
+ "percentage": false,
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "sum(irate(wls_jms_bytes_received_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}[5m])) by (jmsserver)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "{{jmsserver}}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeRegions": [],
+ "timeShift": null,
+ "title": "Received Byte Rate",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": null,
+ "format": "short",
+ "label": "",
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "columns": [],
+ "datasource": "$datasource",
+ "fontSize": "100%",
+ "gridPos": {
+ "h": 5,
+ "w": 24,
+ "x": 0,
+ "y": 54
+ },
+ "hideTimeOverride": true,
+ "id": 119,
+ "links": [],
+ "pageSize": null,
+ "scroll": true,
+ "showHeader": true,
+ "sort": {
+ "col": 3,
+ "desc": false
+ },
+ "styles": [
+ {
+ "alias": "Time",
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "pattern": "Time",
+ "type": "hidden"
+ },
+ {
+ "alias": "Destination",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 2,
+ "mappingType": 1,
+ "pattern": "destination",
+ "thresholds": [],
+ "type": "string",
+ "unit": "short"
+ },
+ {
+ "alias": "Current Consumers",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #A",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Current Msgs",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #B",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Pending Msgs",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #C",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Currrent Bytes",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #D",
+ "thresholds": [],
+ "type": "number",
+ "unit": "bytes"
+ },
+ {
+ "alias": "Pending Bytes",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #E",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Total Msgs",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #F",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "Total Bytes",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "dateFormat": "YYYY-MM-DD HH:mm:ss",
+ "decimals": 0,
+ "mappingType": 1,
+ "pattern": "Value #G",
+ "thresholds": [],
+ "type": "number",
+ "unit": "short"
+ },
+ {
+ "alias": "",
+ "colorMode": null,
+ "colors": [
+ "rgba(245, 54, 54, 0.9)",
+ "rgba(237, 129, 40, 0.89)",
+ "rgba(50, 172, 45, 0.97)"
+ ],
+ "decimals": 2,
+ "pattern": "/.*/",
+ "thresholds": [],
+ "type": "hidden",
+ "unit": "short"
+ }
+ ],
+ "targets": [
+ {
+ "expr": "sum(wls_jms_dest_consumers_current_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (destination)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "A"
+ },
+ {
+ "expr": "sum(wls_jms_dest_messages_current_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (destination)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "B"
+ },
+ {
+ "expr": "sum(wls_jms_dest_messages_pending_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (destination)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "C"
+ },
+ {
+ "expr": "sum(wls_jms_dest_bytes_current_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (destination)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "D"
+ },
+ {
+ "expr": "sum(wls_jms_dest_bytes_pending_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (destination)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "E"
+ },
+ {
+ "expr": "sum(wls_jms_dest_messages_received_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (destination)",
+ "format": "table",
+ "instant": true,
+ "interval": "",
+ "intervalFactor": 1,
+ "refId": "F"
+ },
+ {
+ "expr": "sum(wls_jms_dest_bytes_received_count{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\", weblogic_serverName=~\"${serverName:regex}\"}) by (destination)",
+ "format": "table",
+ "instant": true,
+ "intervalFactor": 1,
+ "refId": "G"
+ }
+ ],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Destinations Overview",
+ "transform": "table",
+ "type": "table"
+ }
+ ],
+ "title": "JMS Services",
+ "type": "row"
+ }
+ ],
+ "refresh": false,
+ "schemaVersion": 16,
+ "style": "dark",
+ "tags": [],
+ "templating": {
+ "list": [
+ {
+ "current": {
+ "text": "prometheus",
+ "value": "prometheus"
+ },
+ "hide": 0,
+ "label": null,
+ "name": "datasource",
+ "options": [],
+ "query": "prometheus",
+ "refresh": 1,
+ "regex": "",
+ "type": "datasource"
+ },
+ {
+ "allValue": null,
+ "current": {},
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": "Domain",
+ "multi": false,
+ "name": "domainName",
+ "options": [],
+ "query": "label_values(weblogic_domainUID)",
+ "refresh": 1,
+ "regex": "",
+ "sort": 2,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {},
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": false,
+ "label": "Cluster",
+ "multi": false,
+ "name": "clusterName",
+ "options": [],
+ "query": "label_values(wls_jvm_uptime{weblogic_domainUID=\"$domainName\"},weblogic_clusterName)",
+ "refresh": 1,
+ "regex": "",
+ "sort": 2,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {},
+ "datasource": "$datasource",
+ "hide": 0,
+ "includeAll": true,
+ "label": "Server",
+ "multi": true,
+ "name": "serverName",
+ "options": [],
+ "query": "label_values(wls_jvm_uptime{weblogic_domainUID=\"$domainName\", weblogic_clusterName=\"$clusterName\"},weblogic_serverName)",
+ "refresh": 1,
+ "regex": "",
+ "sort": 2,
+ "tagValuesQuery": "",
+ "tags": [],
+ "tagsQuery": "",
+ "type": "query",
+ "useTags": false
+ },
+ {
+ "allValue": null,
+ "current": {
+ "selected": false,
+ "tags": [],
+ "text": "5",
+ "value": "5"
+ },
+ "hide": 0,
+ "includeAll": false,
+ "label": "Top N",
+ "multi": false,
+ "name": "topN",
+ "options": [
+ {
+ "selected": false,
+ "text": "3",
+ "value": "3"
+ },
+ {
+ "selected": true,
+ "text": "5",
+ "value": "5"
+ },
+ {
+ "selected": false,
+ "text": "7",
+ "value": "7"
+ },
+ {
+ "selected": false,
+ "text": "10",
+ "value": "10"
+ }
+ ],
+ "query": "3, 5, 7, 10",
+ "skipUrlSync": false,
+ "type": "custom"
+ }
+ ]
+ },
+ "time": {
+ "from": "now-30m",
+ "to": "now"
+ },
+ "timepicker": {
+ "hidden": false,
+ "refresh_intervals": [
+ "5s",
+ "10s",
+ "30s",
+ "1m",
+ "5m",
+ "15m",
+ "30m",
+ "1h",
+ "2h",
+ "1d"
+ ],
+ "time_options": [
+ "5m",
+ "15m",
+ "1h",
+ "6h",
+ "12h",
+ "24h",
+ "2d",
+ "7d",
+ "30d"
+ ]
+ },
+ "timezone": "",
+ "title": "WebLogic Server Dashboard",
+ "uid": "5yUwzbZWz",
+ "version": 6
+ }
+}
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/config/weblogic.xml b/OracleAccessManagement/kubernetes/monitoring-service/config/weblogic.xml
new file mode 100755
index 000000000..c4e2df0c5
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/config/weblogic.xml
@@ -0,0 +1,18 @@
+
+
+
+ wls-exporter
+
+
+ com.google.gson.*
+ javax.inject.*
+ org.apache.commons.*
+ org.apache.http.*
+ org.glassfish.hk2.*
+ org.jvnet.hk2.*
+ org.jvnet.tiger_types.*
+ org.yaml.snakeyaml.*
+
+
+
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/delete-monitoring.sh b/OracleAccessManagement/kubernetes/monitoring-service/delete-monitoring.sh
new file mode 100755
index 000000000..b676e9b40
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/delete-monitoring.sh
@@ -0,0 +1,122 @@
+#!/bin/bash
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# delete-monitoring.sh
+
+# Initialize
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+OLD_PWD=`pwd`
+
+
+#
+## Function to exit and print an error message
+## $1 - text of message
+function fail {
+ printError $*
+ exit 1
+}
+
+# Function to print an error message
+function removeFileIfExists {
+ echo "input is $1"
+ if [ -f $1 ]; then
+ rm -f $1
+ fi
+}
+
+function exitIfError {
+ if [ "$1" != "0" ]; then
+ echo "$2"
+ exit $1
+ fi
+}
+#
+# Function to parse a yaml file and generate the bash exports
+# $1 - Input filename
+# $2 - Output filename
+function parseYaml {
+ local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
+ sed -ne "s|^\($s\):|\1|" \
+ -e "s|^\($s\)\($w\)$s:$s[\"']\(.*\)[\"']$s\$|\1$fs\2$fs\3|p" \
+ -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 |
+ awk -F$fs '{
+ if (length($3) > 0) {
+ # javaOptions may contain tokens that are not allowed in export command
+ # we need to handle it differently.
+ if ($2=="javaOptions") {
+ printf("%s=%s\n", $2, $3);
+ } else {
+ printf("export %s=\"%s\"\n", $2, $3);
+ }
+ }
+ }' > $2
+}
+
+function usage {
+ echo usage: ${script} -i file [-v] [-h]
+ echo " -i Parameter inputs file, must be specified."
+ echo " -h Help"
+ exit $1
+}
+
+
+function deleteKubePrometheusStack {
+ helm delete ${monitoringNamespace} --namespace ${monitoringNamespace}
+}
+
+#Parse the inputs
+while getopts "hi:" opt; do
+ case $opt in
+ i) valuesInputFile="${OPTARG}"
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+if [ -z ${valuesInputFile} ]; then
+ echo "${script}: -i must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ "${missingRequiredOption}" == "true" ]; then
+ usage 1
+fi
+
+if [ ! -f ${valuesInputFile} ]; then
+ echo "Unable to locate the input parameters file ${valuesInputFile}"
+ fail 'The error listed above must be resolved before the script can continue'
+fi
+
+exportValuesFile=$(mktemp /tmp/export-values-XXXXXXXXX.sh)
+parseYaml ${valuesInputFile} ${exportValuesFile}
+
+
+source ${exportValuesFile}
+rm ${exportValuesFile}
+
+# Setting up the WebLogic Monitoring Exporter
+
+echo "Undeploy WebLogic Monitoring Exporter started"
+serviceMonitor=${scriptDir}/manifests/wls-exporter-ServiceMonitor.yaml
+kubectl delete --ignore-not-found=true -f ${serviceMonitor}
+script=${scriptDir}/scripts/undeploy-weblogic-monitoring-exporter.sh
+sh ${script}
+if [ "$?" != "0" ]; then
+ echo "ERROR: $script failed."
+ echo "Undeploy WebLogic Monitoring Exporter completed with errors. Review the logs and rerun"
+else
+ echo "Undeploy WebLogic Monitoring Exporter completed."
+fi
+
+if [ "${setupKubePrometheusStack}" = "true" ]; then
+ echo "Deleting Prometheus and grafana started"
+ deleteKubePrometheusStack
+ echo "Deleting Prometheus and grafana completed"
+fi
+cd $OLD_PWD
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/manifests/prometheus-roleBinding-domain-namespace.yaml b/OracleAccessManagement/kubernetes/monitoring-service/manifests/prometheus-roleBinding-domain-namespace.yaml
new file mode 100755
index 000000000..e37b9830f
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/manifests/prometheus-roleBinding-domain-namespace.yaml
@@ -0,0 +1,20 @@
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+apiVersion: rbac.authorization.k8s.io/v1
+items:
+- apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+ name: prometheus-k8s
+ namespace: oamns
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: prometheus-k8s
+ subjects:
+ - kind: ServiceAccount
+ name: prometheus-k8s
+ namespace: monitoring
+kind: RoleBindingList
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/manifests/prometheus-roleSpecific-domain-namespace.yaml b/OracleAccessManagement/kubernetes/monitoring-service/manifests/prometheus-roleSpecific-domain-namespace.yaml
new file mode 100755
index 000000000..a881c8647
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/manifests/prometheus-roleSpecific-domain-namespace.yaml
@@ -0,0 +1,23 @@
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+apiVersion: rbac.authorization.k8s.io/v1
+items:
+- apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+ name: prometheus-k8s
+ namespace: oamns
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ - endpoints
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+kind: RoleList
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml b/OracleAccessManagement/kubernetes/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml
new file mode 100755
index 000000000..be289f234
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml
@@ -0,0 +1,44 @@
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+apiVersion: v1
+kind: Secret
+metadata:
+ name: basic-auth
+ namespace: oamns
+data:
+ password: d2VsY29tZTE=
+ user: d2VibG9naWM=
+type: Opaque
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: wls-exporter
+ namespace: oamns
+ labels:
+ k8s-app: wls-exporter
+ release: monitoring
+spec:
+ namespaceSelector:
+ matchNames:
+ - oamns
+ selector:
+ matchLabels:
+ weblogic.domainName: accessdomain
+ endpoints:
+ - basicAuth:
+ password:
+ name: basic-auth
+ key: password
+ username:
+ name: basic-auth
+ key: user
+ port: default
+ relabelings:
+ - action: labelmap
+ regex: __meta_kubernetes_service_label_(.+)
+ interval: 10s
+ honorLabels: true
+ path: /wls-exporter/metrics
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml.template b/OracleAccessManagement/kubernetes/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml.template
new file mode 100755
index 000000000..87d9e4088
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml.template
@@ -0,0 +1,44 @@
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+apiVersion: v1
+kind: Secret
+metadata:
+ name: basic-auth
+ namespace: accessns
+data:
+ password: %PASSWORD%
+ user: %USERNAME%
+type: Opaque
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: wls-exporter
+ namespace: accessns
+ labels:
+ k8s-app: wls-exporter
+ release: monitoring
+spec:
+ namespaceSelector:
+ matchNames:
+ - accessns
+ selector:
+ matchLabels:
+ weblogic.domainName: accessinfra
+ endpoints:
+ - basicAuth:
+ password:
+ name: basic-auth
+ key: password
+ username:
+ name: basic-auth
+ key: user
+ port: default
+ relabelings:
+ - action: labelmap
+ regex: __meta_kubernetes_service_label_(.+)
+ interval: 10s
+ honorLabels: true
+ path: /wls-exporter/metrics
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/monitoring-inputs.yaml b/OracleAccessManagement/kubernetes/monitoring-service/monitoring-inputs.yaml
new file mode 100755
index 000000000..dd2386588
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/monitoring-inputs.yaml
@@ -0,0 +1,65 @@
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# The version of this inputs file. Do not modify.
+version: create-accessdomain-monitoring-inputs-v1
+
+# Unique ID identifying your domain.
+# This ID must not contain an underscope ("_"), and must be lowercase and unique across all domains in a Kubernetes cluster.
+domainUID: accessdomain
+
+# Name of the domain namespace
+domainNamespace: oamns
+
+# Boolean value indicating whether to install kube-prometheus-stack
+setupKubePrometheusStack: true
+
+# Additional parameters for helm install kube-prometheus-stack
+# Refer https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml for additional parameters
+# Sample :
+# additionalParamForKubePrometheusStack: --set nodeExporter.enabled=false --set prometheusOperator.tls.enabled=false --set prometheusOperator.admissionWebhooks.enabled=false
+additionalParamForKubePrometheusStack:
+
+# Name of the monitoring namespace
+monitoringNamespace: monitoring
+
+# Name of the Admin Server
+adminServerName: AdminServer
+#
+# Port number for admin server
+adminServerPort: 7001
+
+# Cluster name
+oamClusterName: oam_cluster
+
+# Port number for managed server
+oamManagedServerPort: 14100
+
+# WebLogic Monitoring Exporter to Cluster
+wlsMonitoringExporterTooamCluster: true
+
+# Cluster name
+policyClusterName: policy_cluster
+
+# Port number for managed server
+policyManagedServerPort: 15100
+
+# WebLogic Monitoring Exporter to Cluster
+wlsMonitoringExporterTopolicyCluster: true
+
+
+# Boolean to indicate if the adminNodePort will be exposed
+exposeMonitoringNodePort: true
+
+# NodePort to expose Prometheus
+prometheusNodePort: 32101
+
+# NodePort to expose Grafana
+grafanaNodePort: 32100
+
+# NodePort to expose Alertmanager
+alertmanagerNodePort: 32102
+
+# Name of the Kubernetes secret for the Admin Server's username and password
+weblogicCredentialsSecretName: accessdomain-domain-credentials
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/scripts/deploy-weblogic-monitoring-exporter.py b/OracleAccessManagement/kubernetes/monitoring-service/scripts/deploy-weblogic-monitoring-exporter.py
new file mode 100755
index 000000000..24f9f8334
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/scripts/deploy-weblogic-monitoring-exporter.py
@@ -0,0 +1,105 @@
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+import sys
+#=======================================================
+# Function for fresh plain deployment
+#=======================================================
+def newDeploy(appName,target):
+ try:
+ print 'Deploying .........'
+ deploy(appName,'/u01/oracle/wls-exporter-deploy/'+appName+'.war', target, upload="true",remote="true")
+ startApplication(appName)
+ except Exception, ex:
+ print ex.toString()
+
+#========================================================
+# Main program here...
+# Target you can change as per your need
+#========================================================
+
+def usage():
+ argsList = ' -domainName -adminServerName -adminURL -username -password '
+ argsList=argsList + ' -oamClusterName ' + ' -wlsMonitoringExporterTooamCluster '
+ argsList=argsList + ' -policyClusterName ' + ' -wlsMonitoringExporterTopolicyCluster '
+ print sys.argv[0] + argsList
+ sys.exit(0)
+
+if len(sys.argv) < 1:
+ usage()
+
+# domainName will be passed by command line parameter -domainName.
+domainName = "accessdomain"
+
+# adminServerName will be passed by command line parameter -adminServerName
+adminServerName = "AdminServer"
+
+# adminURL will be passed by command line parameter -adminURL
+adminURL = "accessdomain-adminserver:7001"
+
+# oamClusterName will be passed by command line parameter -oamClusterName
+oamClusterName = "oam_cluster"
+
+# wlsMonitoringExporterTooamCluster will be passed by command line parameter -wlsMonitoringExporterTooamCluster
+wlsMonitoringExporterTooamCluster = "true"
+
+
+# policyClusterName will be passed by command line parameter -policyClusterName
+policyClusterName = "policy_cluster"
+
+# wlsMonitoringExporterTopolicyCluster will be passed by command line parameter -wlsMonitoringExporterTopolicyCluster
+wlsMonitoringExporterTopolicyCluster = "true"
+
+# username will be passed by command line parameter -username
+username = "weblogic"
+
+# password will be passed by command line parameter -password
+password = "welcome1"
+
+i=1
+while i < len(sys.argv):
+ if sys.argv[i] == '-domainName':
+ domainName = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-adminServerName':
+ adminServerName = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-adminURL':
+ adminURL = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-username':
+ username = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-password':
+ password = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-oamClusterName':
+ oamClusterName = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-wlsMonitoringExporterTooamCluster':
+ wlsMonitoringExporterTooamCluster = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-policyClusterName':
+ policyClusterName = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-wlsMonitoringExporterTopolicyCluster':
+ wlsMonitoringExporterTopolicyCluster = sys.argv[i+1]
+ i += 2
+ else:
+ print 'Unexpected argument switch at position ' + str(i) + ': ' + str(sys.argv[i])
+ usage()
+ sys.exit(1)
+
+# Deployment
+connect(username, password, 't3://' + adminURL)
+cd('AppDeployments')
+newDeploy('wls-exporter-adminserver',adminServerName)
+if 'true' == wlsMonitoringExporterTooamCluster:
+ newDeploy('wls-exporter-oam',oamClusterName)
+
+if 'true' == wlsMonitoringExporterTopolicyCluster:
+ newDeploy('wls-exporter-policy',policyClusterName)
+
+disconnect()
+exit()
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/scripts/deploy-weblogic-monitoring-exporter.sh b/OracleAccessManagement/kubernetes/monitoring-service/scripts/deploy-weblogic-monitoring-exporter.sh
new file mode 100755
index 000000000..21bfa7a80
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/scripts/deploy-weblogic-monitoring-exporter.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Initialize
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+warDir=$PWD
+source ${scriptDir}/utils.sh
+
+# Setting default values
+initialize
+# Function to lowercase a value and make it a legal DNS1123 name
+# $1 - value to convert to lowercase
+function toDNS1123Legal {
+ local val=`echo $1 | tr "[:upper:]" "[:lower:]"`
+ val=${val//"_"/"-"}
+ echo "$val"
+}
+
+# username and password from Kubernetes secret
+username=`kubectl get secrets ${weblogicCredentialsSecretName} -n ${domainNamespace} -o=jsonpath='{.data.username}'|base64 --decode`
+password=`kubectl get secrets ${weblogicCredentialsSecretName} -n ${domainNamespace} -o=jsonpath='{.data.password}'|base64 --decode`
+
+adminServerPodName="${domainUID}-$(toDNS1123Legal ${adminServerName})"
+
+InputParameterList=" -domainName ${domainUID} -adminServerName ${adminServerName} -adminURL ${adminServerPodName}:${adminServerPort} -username ${username} -password ${password}"
+InputParameterList="${InputParameterList} -oamClusterName ${oamClusterName} -wlsMonitoringExporterTooamCluster ${wlsMonitoringExporterTooamCluster}"
+InputParameterList="${InputParameterList} -policyClusterName ${policyClusterName} -wlsMonitoringExporterTopolicyCluster ${wlsMonitoringExporterTopolicyCluster}"
+
+echo "Deploying WebLogic Monitoring Exporter with domainNamespace[$domainNamespace], domainUID[$domainUID], adminServerPodName[$adminServerPodName]"
+. $scriptDir/get-wls-exporter.sh
+kubectl cp $scriptDir/wls-exporter-deploy ${domainNamespace}/${adminServerPodName}:/u01/oracle
+kubectl cp $scriptDir/deploy-weblogic-monitoring-exporter.py ${domainNamespace}/${adminServerPodName}:/u01/oracle/wls-exporter-deploy
+EXEC_DEPLOY="kubectl exec -it -n ${domainNamespace} ${adminServerPodName} -- /u01/oracle/oracle_common/common/bin/wlst.sh /u01/oracle/wls-exporter-deploy/deploy-weblogic-monitoring-exporter.py ${InputParameterList}"
+eval ${EXEC_DEPLOY}
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/scripts/get-wls-exporter.sh b/OracleAccessManagement/kubernetes/monitoring-service/scripts/get-wls-exporter.sh
new file mode 100755
index 000000000..3f880f8e7
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/scripts/get-wls-exporter.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Initialize
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/utils.sh
+warDir=$scriptDir/../bin
+mkdir -p $warDir
+curl -L -o $warDir/wls-exporter.war https://github.com/oracle/weblogic-monitoring-exporter/releases/download/v2.0.0/wls-exporter.war
+mkdir -p $scriptDir/wls-exporter-deploy
+echo "created $scriptDir/wls-exporter-deploy dir"
+
+function update_wls_exporter_war {
+ servername=$1
+ port=$2
+ tmp_dir=$(mktemp -d -t ci-XXXXXXXXXX)
+ echo "created $tmp_dir"
+ mkdir -p $tmp_dir/WEB-INF
+ cp $scriptDir/../config/config.yml.template $tmp_dir/config.yml
+ cp $scriptDir/../config/weblogic.xml $tmp_dir/WEB-INF/weblogic.xml
+ cp $warDir/wls-exporter.war $tmp_dir/wls-exporter.war
+
+ sed -i -e "s:%PORT%:${port}:g" $tmp_dir/config.yml
+ pushd $tmp_dir
+ echo "in temp dir"
+ zip wls-exporter.war WEB-INF/weblogic.xml
+ zip wls-exporter.war config.yml
+
+ cp wls-exporter.war ${scriptDir}/wls-exporter-deploy/wls-exporter-${servername}.war
+ popd
+}
+
+initialize
+
+update_wls_exporter_war adminserver ${adminServerPort}
+if [[ ${wlsMonitoringExporterTooamCluster} == "true" ]];
+then
+ update_wls_exporter_war oam ${oamManagedServerPort}
+fi
+if [[ ${wlsMonitoringExporterTopolicyCluster} == "true" ]];
+then
+ update_wls_exporter_war policy ${policyManagedServerPort}
+fi
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/scripts/undeploy-weblogic-monitoring-exporter.py b/OracleAccessManagement/kubernetes/monitoring-service/scripts/undeploy-weblogic-monitoring-exporter.py
new file mode 100755
index 000000000..b06988469
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/scripts/undeploy-weblogic-monitoring-exporter.py
@@ -0,0 +1,103 @@
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+import sys
+#=======================================================
+# Function for undeployment
+#=======================================================
+def unDeploy(appName,target):
+ print 'Undeploying .........'
+ try:
+ stopApplication(appName)
+ undeploy(appName, target)
+ except Exception, ex:
+ print ex.toString()
+
+#========================================================
+# Main program here...
+# Target you can change as per your need
+#========================================================
+def usage():
+ argsList = ' -domainName -adminServerName -adminURL -username -password '
+ argsList=argsList + ' -oamClusterName ' + ' -wlsMonitoringExporterTooamCluster '
+ argsList=argsList + ' -policyClusterName ' + ' -wlsMonitoringExporterTopolicyCluster '
+ print sys.argv[0] + argsList
+ sys.exit(0)
+
+if len(sys.argv) < 1:
+ usage()
+
+# domainName will be passed by command line parameter -domainName.
+domainName = "accessdomain"
+
+# adminServerName will be passed by command line parameter -adminServerName
+adminServerName = "AdminServer"
+
+# adminURL will be passed by command line parameter -adminURL
+adminURL = "accessdomain-adminserver:7001"
+
+# oamClusterName will be passed by command line parameter -oamClusterName
+oamClusterName = "oam_cluster"
+
+# wlsMonitoringExporterTooamCluster will be passed by command line parameter -wlsMonitoringExporterTooamCluster
+wlsMonitoringExporterTooamCluster = "true"
+# policyClusterName will be passed by command line parameter -policyClusterName
+policyClusterName = "policy_cluster"
+
+# wlsMonitoringExporterTopolicyCluster will be passed by command line parameter -wlsMonitoringExporterTopolicyCluster
+wlsMonitoringExporterTopolicyCluster = "true"
+
+# username will be passed by command line parameter -username
+username = "weblogic"
+
+# password will be passed by command line parameter -password
+password = "welcome1"
+
+
+i=1
+while i < len(sys.argv):
+ if sys.argv[i] == '-domainName':
+ domainName = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-adminServerName':
+ adminServerName = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-adminURL':
+ adminURL = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-username':
+ username = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-password':
+ password = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-oamClusterName':
+ oamClusterName = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-wlsMonitoringExporterTooamCluster':
+ wlsMonitoringExporterTooamCluster = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-policyClusterName':
+ policyClusterName = sys.argv[i+1]
+ i += 2
+ elif sys.argv[i] == '-wlsMonitoringExporterTopolicyCluster':
+ wlsMonitoringExporterTopolicyCluster = sys.argv[i+1]
+ i += 2
+
+ else:
+ print 'Unexpected argument switch at position ' + str(i) + ': ' + str(sys.argv[i])
+ usage()
+ sys.exit(1)
+
+# Undeploy
+connect(username, password, 't3://' + adminURL)
+unDeploy('wls-exporter-adminserver',adminServerName)
+if 'true' == wlsMonitoringExporterTooamCluster:
+ unDeploy('wls-exporter-oam',oamClusterName)
+
+if 'true' == wlsMonitoringExporterTopolicyCluster:
+ unDeploy('wls-exporter-policy',policyClusterName)
+
+disconnect()
+exit()
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/scripts/undeploy-weblogic-monitoring-exporter.sh b/OracleAccessManagement/kubernetes/monitoring-service/scripts/undeploy-weblogic-monitoring-exporter.sh
new file mode 100755
index 000000000..33cdf72dc
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/scripts/undeploy-weblogic-monitoring-exporter.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Initialize
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+source ${scriptDir}/utils.sh
+
+# Function to lowercase a value and make it a legal DNS1123 name
+# $1 - value to convert to lowercase
+function toDNS1123Legal {
+ local val=`echo $1 | tr "[:upper:]" "[:lower:]"`
+ val=${val//"_"/"-"}
+ echo "$val"
+}
+
+initialize
+
+# username and password from Kubernetes secret
+username=`kubectl get secrets ${weblogicCredentialsSecretName} -n ${domainNamespace} -o=jsonpath='{.data.username}'|base64 --decode`
+password=`kubectl get secrets ${weblogicCredentialsSecretName} -n ${domainNamespace} -o=jsonpath='{.data.password}'|base64 --decode`
+
+adminServerPodName="${domainUID}-$(toDNS1123Legal ${adminServerName})"
+
+InputParameterList="-domainName ${domainUID} -adminServerName ${adminServerName} -adminURL ${adminServerPodName}:${adminServerPort} -username ${username} -password ${password}"
+InputParameterList="${InputParameterList} -oamClusterName ${oamClusterName} -wlsMonitoringExporterTooamCluster ${wlsMonitoringExporterTooamCluster}"
+InputParameterList="${InputParameterList} -policyClusterName ${policyClusterName} -wlsMonitoringExporterTopolicyCluster ${wlsMonitoringExporterTopolicyCluster}"
+
+# Copy weblogic monitoring exporter jars for deployment
+echo "Undeploying WebLogic Monitoring Exporter: domainNamespace[$domainNamespace], domainUID[$domainUID], adminServerPodName[$adminServerPodName]"
+
+kubectl cp $scriptDir/undeploy-weblogic-monitoring-exporter.py ${domainNamespace}/${adminServerPodName}:/u01/oracle/undeploy-weblogic-monitoring-exporter.py
+EXEC_UNDEPLOY="kubectl exec -it -n ${domainNamespace} ${adminServerPodName} -- /u01/oracle/oracle_common/common/bin/wlst.sh /u01/oracle/undeploy-weblogic-monitoring-exporter.py ${InputParameterList}"
+eval ${EXEC_UNDEPLOY}
+
+# Cleanup the local wars
+rm -rf ${scriptDir}/wls-exporter-deploy
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/scripts/utils.sh b/OracleAccessManagement/kubernetes/monitoring-service/scripts/utils.sh
new file mode 100755
index 000000000..b3799563b
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/scripts/utils.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+
+function initialize {
+ if [ -z ${domainNamespace} ]; then
+ echo "domainNamespace is empty, setting to default oamns"
+ domainNamespace="oamns"
+ fi
+
+ if [ -z ${domainUID} ]; then
+ echo "domainUID is empty, setting to default accessdomain"
+ domainUID="accessdomain"
+ fi
+
+ if [ -z ${weblogicCredentialsSecretName} ]; then
+ echo "weblogicCredentialsSecretName is empty, setting to default \"accessdomain-domain-credentials\""
+ weblogicCredentialsSecretName="accessdomain-domain-credentials"
+ fi
+
+ if [ -z ${adminServerName} ]; then
+ echo "adminServerName is empty, setting to default \"AdminServer\""
+ adminServerName="AdminServer"
+ fi
+
+ if [ -z ${adminServerPort} ]; then
+ echo "adminServerPort is empty, setting to default \"7001\""
+ adminServerPort="7001"
+ fi
+
+ if [ -z ${oamClusterName} ]; then
+ echo "oamClusterName is empty, setting to default \"oam_cluster\""
+ oamClusterName="oam_cluster"
+ fi
+
+ if [ -z ${oamManagedServerPort} ]; then
+ echo "oamManagedServerPort is empty, setting to default \"14100\""
+ oamManagedServerPort="14100"
+ fi
+
+ if [ -z ${wlsMonitoringExporterTooamCluster} ]; then
+ echo "wlsMonitoringExporterTooamCluster is empty, setting to default \"false\""
+ wlsMonitoringExporterTooamCluster="true"
+ fi
+ if [ -z ${policyClusterName} ]; then
+ echo "policyClusterName is empty, setting to default \"policy_cluster\""
+ policyClusterName="policy_cluster"
+ fi
+
+ if [ -z ${policyManagedServerPort} ]; then
+ echo "policyManagedServerPort is empty, setting to default \"15100\""
+ policyManagedServerPort="15100"
+ fi
+
+ if [ -z ${wlsMonitoringExporterTopolicyCluster} ]; then
+ echo "wlsMonitoringExporterTopolicyCluster is empty, setting to default \"false\""
+ wlsMonitoringExporterTopolicyCluster="true"
+ fi
+}
+
diff --git a/OracleAccessManagement/kubernetes/monitoring-service/setup-monitoring.sh b/OracleAccessManagement/kubernetes/monitoring-service/setup-monitoring.sh
new file mode 100755
index 000000000..c36b4bb82
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/monitoring-service/setup-monitoring.sh
@@ -0,0 +1,192 @@
+#!/bin/bash
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# setup-monitoring.sh
+
+# Initialize
+script="${BASH_SOURCE[0]}"
+scriptDir="$( cd "$( dirname "${script}" )" && pwd )"
+OLD_PWD=`pwd`
+
+
+
+#
+# Function to exit and print an error message
+# $1 - text of message
+function fail {
+ printError $*
+ exit 1
+}
+
+# Function to print an error message
+function printError {
+ echo [ERROR] $*
+}
+
+
+#
+# Function to remove a file if it exists
+#
+function removeFileIfExists {
+ echo "input is $1"
+ if [ -f $1 ]; then
+ rm -f $1
+ fi
+}
+
+function exitIfError {
+ if [ "$1" != "0" ]; then
+ echo "$2"
+ exit $1
+ fi
+}
+
+#
+# Function to parse a yaml file and generate the bash exports
+# $1 - Input filename
+# $2 - Output filename
+function parseYaml {
+ local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
+ sed -ne "s|^\($s\):|\1|" \
+ -e "s|^\($s\)\($w\)$s:$s[\"']\(.*\)[\"']$s\$|\1$fs\2$fs\3|p" \
+ -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 |
+ awk -F$fs '{
+ if (length($3) > 0) {
+ # javaOptions may contain tokens that are not allowed in export command
+ # we need to handle it differently.
+ if ($2=="javaOptions") {
+ printf("%s=%s\n", $2, $3);
+ } else {
+ printf("export %s=\"%s\"\n", $2, $3);
+ }
+ }
+ }' > $2
+}
+
+function usage {
+ echo usage: ${script} -i file [-v] [-h]
+ echo " -i Parameter inputs file, must be specified."
+ echo " -h Help"
+ exit $1
+}
+
+function installKubePrometheusStack {
+ helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+ helm repo update
+ echo "Setup prometheus-community/kube-prometheus-stack in progress"
+ if [ ${exposeMonitoringNodePort} == "true" ]; then
+
+ helm install ${monitoringNamespace} prometheus-community/kube-prometheus-stack \
+ --namespace ${monitoringNamespace} \
+ --set prometheus.service.type=NodePort --set prometheus.service.nodePort=${prometheusNodePort} \
+ --set alertmanager.service.type=NodePort --set alertmanager.service.nodePort=${alertmanagerNodePort} \
+ --set grafana.adminPassword=admin --set grafana.service.type=NodePort --set grafana.service.nodePort=${grafanaNodePort} \
+ --version "16.5.0" ${additionalParamForKubePrometheusStack} \
+ --atomic --wait
+ else
+ helm install ${monitoringNamespace} prometheus-community/kube-prometheus-stack \
+ --namespace ${monitoringNamespace} \
+ --set grafana.adminPassword=admin \
+ --version "16.5.0" ${additionalParamForKubePrometheusStack} \
+ --atomic --wait
+ fi
+ exitIfError $? "ERROR: prometheus-community/kube-prometheus-stack install failed."
+}
+#Parse the inputs
+while getopts "hi:" opt; do
+ case $opt in
+ i) valuesInputFile="${OPTARG}"
+ ;;
+ h) usage 0
+ ;;
+ *) usage 1
+ ;;
+ esac
+done
+
+if [ -z ${valuesInputFile} ]; then
+ echo "${script}: -i must be specified."
+ missingRequiredOption="true"
+fi
+
+if [ "${missingRequiredOption}" == "true" ]; then
+ usage 1
+fi
+
+if [ ! -f ${valuesInputFile} ]; then
+ echo "Unable to locate the input parameters file ${valuesInputFile}"
+ fail 'The error listed above must be resolved before the script can continue'
+fi
+
+
+exportValuesFile=$(mktemp /tmp/export-values-XXXXXXXXX.sh)
+parseYaml ${valuesInputFile} ${exportValuesFile}
+
+
+source ${exportValuesFile}
+rm ${exportValuesFile}
+
+
+if [ "${setupKubePrometheusStack}" = "true" ]; then
+ if test "$(kubectl get namespace ${monitoringNamespace} --ignore-not-found | wc -l)" = 0; then
+ echo "The namespace ${monitoringNamespace} for install prometheus-community/kube-prometheus-stack does not exist. Creating the namespace ${monitoringNamespace}"
+ kubectl create namespace ${monitoringNamespace}
+ fi
+ echo -e "Monitoring setup in ${monitoringNamespace} in progress\n"
+
+ # Create the namespace and CRDs, and then wait for them to be availble before creating the remaining resources
+ kubectl label nodes --all kubernetes.io/os=linux --overwrite=true
+
+ echo "Setup prometheus-community/kube-prometheus-stack started"
+ installKubePrometheusStack
+ cd $OLD_PWD
+
+ echo "Setup prometheus-community/kube-prometheus-stack completed"
+fi
+
+username=`kubectl get secrets ${weblogicCredentialsSecretName} -n ${domainNamespace} -o=jsonpath='{.data.username}'|base64 --decode`
+password=`kubectl get secrets ${weblogicCredentialsSecretName} -n ${domainNamespace} -o=jsonpath='{.data.password}'|base64 --decode`
+
+# Setting up the WebLogic Monitoring Exporter
+echo "Deploy WebLogic Monitoring Exporter started"
+script=${scriptDir}/scripts/deploy-weblogic-monitoring-exporter.sh
+sh ${script}
+exitIfError $? "ERROR: $script failed."
+echo "Deploy WebLogic Monitoring Exporter completed"
+
+
+# Deploy servicemonitors
+serviceMonitor=${scriptDir}/manifests/wls-exporter-ServiceMonitor.yaml
+cp "${serviceMonitor}.template" "${serviceMonitor}"
+sed -i -e "s/release: monitoring/release: ${monitoringNamespace}/g" ${serviceMonitor}
+sed -i -e "s/user: %USERNAME%/user: `echo -n $username|base64 -w0`/g" ${serviceMonitor}
+sed -i -e "s/password: %PASSWORD%/password: `echo -n $password|base64 -w0`/g" ${serviceMonitor}
+sed -i -e "s/namespace:.*/namespace: ${domainNamespace}/g" ${serviceMonitor}
+sed -i -e "s/weblogic.domainName:.*/weblogic.domainName: ${domainUID}/g" ${serviceMonitor}
+sed -i -e "$!N;s/matchNames:\n -.*/matchNames:\n - ${domainNamespace}/g;P;D" ${serviceMonitor}
+
+kubectl apply -f ${serviceMonitor}
+
+if [ "${setupKubePrometheusStack}" = "true" ]; then
+ # Deploying WebLogic Server Grafana Dashboard
+ echo "Deploying WebLogic Server Grafana Dashboard...."
+ grafanaEndpointIP=$(kubectl get endpoints ${monitoringNamespace}-grafana -n ${monitoringNamespace} -o=jsonpath="{.subsets[].addresses[].ip}")
+ grafanaEndpointPort=$(kubectl get endpoints ${monitoringNamespace}-grafana -n ${monitoringNamespace} -o=jsonpath="{.subsets[].ports[].port}")
+ grafanaEndpoint="${grafanaEndpointIP}:${grafanaEndpointPort}"
+ curl --noproxy "*" -X POST -H "Content-Type: application/json" -d @config/weblogic-server-dashboard.json http://admin:admin@${grafanaEndpoint}/api/dashboards/db
+ echo ""
+ echo "Deployed WebLogic Server Grafana Dashboard successfully"
+ echo ""
+ if [ ${exposeMonitoringNodePort} == "true" ]; then
+ echo "Grafana is available at NodePort: ${grafanaNodePort}"
+ echo "Prometheus is available at NodePort: ${prometheusNodePort}"
+ echo "Altermanager is available at NodePort: ${alertmanagerNodePort}"
+ echo "=============================================================="
+ fi
+else
+ echo "Please import config/weblogic-server-dashboard.json manually into Grafana"
+fi
+
+echo ""
+
diff --git a/OracleAccessManagement/kubernetes/rest/README.md b/OracleAccessManagement/kubernetes/rest/README.md
new file mode 100755
index 000000000..f0e09b088
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/rest/README.md
@@ -0,0 +1,38 @@
+# Sample to create certificates and keys for the operator
+
+When a user enables the operator's external REST API (by setting
+`externalRestEnabled` to `true` when installing the operator Helm chart), the user needs
+to provide the certificate and private key for api's SSL identity too (by creating a
+`tls secret` before the installation of the operator helm chart).
+
+This sample script generates a self-signed certificate and private key that can be used
+for the operator's external REST api when experimenting with the operator. They should
+not be used in a production environment.
+
+The syntax of the script is:
+```shell
+$ kubernetes/samples/scripts/rest/generate-external-rest-identity.sh -n [-s ]
+```
+
+Where `` lists the subject alternative names to put into the generated self-signed
+certificate for the external WebLogic Operator REST HTTPS interface, should match
+the namespace where the operator will be installed, and optionally the secret name, which defaults
+to `weblogic-operator-external-rest-identity`. Each must be prefaced
+by `DNS:` (for a name) or `IP:` (for an address), for example:
+```
+DNS:myhost,DNS:localhost,IP:127.0.0.1
+```
+
+You should include the addresses of all masters and load balancers in this list. The certificate
+cannot be conveniently changed after installation of the operator.
+
+The script creates the secret in the weblogic-operator namespace with the self-signed
+certificate and private key
+
+Example usage:
+```shell
+$ generate-external-rest-identity.sh IP:127.0.0.1 -n weblogic-operator > my_values.yaml
+$ echo "externalRestEnabled: true" >> my_values.yaml
+ ...
+$ helm install my_operator kubernetes/charts/weblogic-operator --namespace my_operator-ns --values my_values.yaml --wait
+```
diff --git a/OracleAccessManagement/kubernetes/rest/generate-external-rest-identity.sh b/OracleAccessManagement/kubernetes/rest/generate-external-rest-identity.sh
new file mode 100755
index 000000000..e645d3925
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/rest/generate-external-rest-identity.sh
@@ -0,0 +1,200 @@
+#!/usr/bin/env bash
+# Copyright (c) 2017, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# When the customer enables the operator's external REST api (by setting
+# externalRestEnabled to true when installing the operator helm chart), the customer needs
+# to provide the certificate and private key for api's SSL identity too (by creating a
+# tls secret before the installation of the operator helm chart).
+#
+# This sample script generates a self-signed certificate and private key that can be used
+# for the operator's external REST api when experimenting with the operator. They should
+# not be used in a production environment.
+#
+# The sytax of the script is:
+#
+# kubernetes/samples/scripts/rest/generate-external-rest-identity.sh -a -n
+#
+# Where lists the subject alternative names to put into the generated self-signed
+# certificate for the external WebLogic Operator REST https interface, for example:
+#
+# DNS:myhost,DNS:localhost,IP:127.0.0.1
+#
+# You should include the addresses of all masters and load balancers in this list. The certificate
+# cannot be conveniently changed after installation of the operator.
+#
+# The script creates the secret in the weblogic-operator namespace with the self-signed
+# certificate and private key
+#
+# Example usage:
+# generate-external-rest-identity.sh -a IP:127.0.0.1 -n weblogic-operator > my_values.yaml
+# echo "externalRestEnabled: true" >> my_values.yaml
+# ...
+# helm install my_operator kubernetes/charts/weblogic-operator --namespace my_operator-ns --values my_values.yaml --wait
+usage(){
+cat < -n
+Options:
+-a SANS Required, the SANs for the certificate
+-n NAMESPACE Required, the namespace where the secret will be created.
+-s SECRET_NAME Optional, the name of the kubernetes secret. Default is: weblogic-operator-external-rest-identity.
+-h, --help Display this help text.
+EOF
+exit 1
+}
+
+if [ ! -x "$(command -v keytool)" ]; then
+ echo "Can't find keytool. Please add it to the path."
+ exit 1
+fi
+
+if [ ! -x "$(command -v openssl)" ]; then
+ echo "Can't find openssl. Please add it to the path."
+ exit 1
+fi
+
+if [ ! -x "$(command -v base64)" ]; then
+ echo "Can't find base64. Please add it to the path."
+ exit 1
+fi
+
+TEMP_DIR=`mktemp -d`
+if [ $? -ne 0 ]; then
+ echo "$0: Can't create temp directory."
+ exit 1
+fi
+
+if [ -z $TEMP_DIR ]; then
+ echo "Can't create temp directory."
+ exit 1
+fi
+
+function cleanup {
+ rm -r $TEMP_DIR
+ if [[ $SUCCEEDED != "true" ]]; then
+ exit 1
+ fi
+}
+
+set -e
+#set -x
+
+trap "cleanup" EXIT
+
+SECRET_NAME="weblogic-operator-external-rest-identity"
+
+while [ $# -gt 0 ]
+ do
+ key="$1"
+ case $key in
+ -a)
+ shift # past argument
+ if [ $# -eq 0 ] || [ ${1:0:1} == "-" ]; then echo "SANs is required and is missing"; usage; fi
+ SANS=$1
+ shift # past value
+ ;;
+ -n)
+ shift # past argument
+ if [ $# -eq 0 ] || [ ${1:0:1} == "-" ]; then echo "Namespace is required and is missing"; usage; fi
+ NAMESPACE=$1
+ shift # past value
+ ;;
+ -s)
+ shift # past argument
+ if [ $# -eq 0 ] || [ ${1:0:1} == "-" ]; then echo "Invalid secret name $1"; usage; fi
+ SECRET_NAME=$1
+ shift # past value
+ ;;
+ -h)
+ shift # past argument
+ ;;
+ *)
+ SANS=$1
+ shift # past argument
+ ;;
+ esac
+done
+
+if [ -z "$SANS" ]
+then
+ 1>&2
+ echo "SANs is required and is missing"
+ usage
+fi
+
+if [ -z "$NAMESPACE" ]
+then
+ 1>&2
+ echo "Namespace is required and is missing"
+ usage
+fi
+
+DAYS_VALID="3650"
+TEMP_PW="temp_password"
+OP_PREFIX="weblogic-operator"
+OP_ALIAS="${OP_PREFIX}-alias"
+OP_JKS="${TEMP_DIR}/${OP_PREFIX}.jks"
+OP_PKCS12="${TEMP_DIR}/${OP_PREFIX}.p12"
+OP_CSR="${TEMP_DIR}/${OP_PREFIX}.csr"
+OP_CERT_PEM="${TEMP_DIR}/${OP_PREFIX}.cert.pem"
+OP_KEY_PEM="${TEMP_DIR}/${OP_PREFIX}.key.pem"
+
+# generate a keypair for the operator's REST service, putting it in a keystore
+keytool \
+ -genkey \
+ -keystore ${OP_JKS} \
+ -alias ${OP_ALIAS} \
+ -storepass ${TEMP_PW} \
+ -keypass ${TEMP_PW} \
+ -keysize 2048 \
+ -keyalg RSA \
+ -validity ${DAYS_VALID} \
+ -dname "CN=weblogic-operator" \
+ -ext KU=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement \
+ -ext SAN="${SANS}" \
+2> /dev/null
+
+# extract the cert to a pem file
+keytool \
+ -exportcert \
+ -keystore ${OP_JKS} \
+ -storepass ${TEMP_PW} \
+ -alias ${OP_ALIAS} \
+ -rfc \
+> ${OP_CERT_PEM} 2> /dev/null
+
+# convert the keystore to a pkcs12 file
+keytool \
+ -importkeystore \
+ -srckeystore ${OP_JKS} \
+ -srcstorepass ${TEMP_PW} \
+ -destkeystore ${OP_PKCS12} \
+ -srcstorepass ${TEMP_PW} \
+ -deststorepass ${TEMP_PW} \
+ -deststoretype PKCS12 \
+2> /dev/null
+
+# extract the private key from the pkcs12 file to a pem file
+openssl \
+ pkcs12 \
+ -in ${OP_PKCS12} \
+ -passin pass:${TEMP_PW} \
+ -nodes \
+ -nocerts \
+ -out ${OP_KEY_PEM} \
+2> /dev/null
+
+set +e
+# Check if namespace exist
+kubectl get namespace $NAMESPACE >/dev/null 2>/dev/null
+if [ $? -eq 1 ]; then
+ echo "Namespace $NAMESPACE does not exist"
+ exit 1
+fi
+kubectl get secret $SECRET_NAME -n $NAMESPACE >/dev/null 2>/dev/null
+if [ $? -eq 1 ]; then
+ kubectl create secret tls "$SECRET_NAME" --cert=${OP_CERT_PEM} --key=${OP_KEY_PEM} -n $NAMESPACE >/dev/null
+fi
+echo "externalRestIdentitySecret: $SECRET_NAME"
+
+SUCCEEDED=true
diff --git a/OracleAccessManagement/kubernetes/scaling/scalingAction.sh b/OracleAccessManagement/kubernetes/scaling/scalingAction.sh
new file mode 100755
index 000000000..0da098e68
--- /dev/null
+++ b/OracleAccessManagement/kubernetes/scaling/scalingAction.sh
@@ -0,0 +1,504 @@
+#!/bin/bash
+# Copyright (c) 2017, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# script parameters
+scaling_action=""
+wls_domain_uid=""
+wls_cluster_name=""
+wls_domain_namespace="default"
+operator_service_name="internal-weblogic-operator-svc"
+operator_namespace="weblogic-operator"
+operator_service_account="weblogic-operator"
+scaling_size=1
+access_token=""
+no_op=""
+kubernetes_master="https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}"
+log_file_name="scalingAction.log"
+
+# timestamp
+# purpose: echo timestamp in the form yyyy-mm-ddThh:mm:ss.nnnnnnZ
+# example: 2018-10-01T14:00:00.000001Z
+function timestamp() {
+ local timestamp="`date --utc '+%Y-%m-%dT%H:%M:%S.%NZ' 2>&1`"
+ if [ ! "${timestamp/illegal/xyz}" = "${timestamp}" ]; then
+ # old shell versions don't support %N or --utc
+ timestamp="`date -u '+%Y-%m-%dT%H:%M:%S.000000Z' 2>&1`"
+ fi
+ echo "${timestamp}"
+}
+
+function trace() {
+ echo "@[$(timestamp)][$wls_domain_namespace][$wls_domain_uid][$wls_cluster_name][INFO]" "$@" >> ${log_file_name}
+}
+
+function print_usage() {
+ echo "Usage: scalingAction.sh --action=[scaleUp | scaleDown] --domain_uid= --cluster_name= [--kubernetes_master=https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}] [--access_token=] [--wls_domain_namespace=default] [--operator_namespace=weblogic-operator] [--operator_service_name=weblogic-operator] [--scaling_size=1] [--no_op]"
+ echo " where"
+ echo " action - scaleUp or scaleDown"
+ echo " domain_uid - WebLogic Domain Unique Identifier"
+ echo " cluster_name - WebLogic Cluster Name"
+ echo " kubernetes_master - Kubernetes master URL, default=https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}"
+ echo " access_token - Service Account Bearer token for authentication and authorization for access to REST Resources"
+ echo " wls_domain_namespace - Kubernetes name space WebLogic Domain is defined in, default=default"
+ echo " operator_service_name - WebLogic Operator Service name, default=internal-weblogic-operator-svc"
+ echo " operator_service_account - Kubernetes Service Account for WebLogic Operator, default=weblogic-operator"
+ echo " operator_namespace - WebLogic Operator Namespace, default=weblogic-operator"
+ echo " scaling_size - number of WebLogic server instances by which to scale up or down, default=1"
+ echo " no_op - if specified, returns without doing anything. For use by unit test to include methods in the script"
+ exit 1
+}
+
+# Retrieve WebLogic Operator Service Account Token for Authorization
+function initialize_access_token() {
+ if [ -z "$access_token" ]
+ then
+ access_token=`cat /var/run/secrets/kubernetes.io/serviceaccount/token`
+ fi
+}
+
+function logScalingParameters() {
+ trace "scaling_action: $scaling_action"
+ trace "wls_domain_uid: $wls_domain_uid"
+ trace "wls_cluster_name: $wls_cluster_name"
+ trace "wls_domain_namespace: $wls_domain_namespace"
+ trace "operator_service_name: $operator_service_name"
+ trace "operator_service_account: $operator_service_account"
+ trace "operator_namespace: $operator_namespace"
+ trace "scaling_size: $scaling_size"
+}
+
+function jq_available() {
+ if [ -x "$(command -v jq)" ] && [ -z "$DONT_USE_JQ" ]; then
+ return;
+ fi
+ false
+}
+
+# Query WebLogic Operator Service Port
+function get_operator_internal_rest_port() {
+ local STATUS=$(curl \
+ -v \
+ --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
+ -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
+ -X GET $kubernetes_master/api/v1/namespaces/$operator_namespace/services/$operator_service_name/status)
+ if [ $? -ne 0 ]
+ then
+ trace "Failed to retrieve status of $operator_service_name in name space: $operator_namespace"
+ trace "STATUS: $STATUS"
+ exit 1
+ fi
+
+ local port
+ if jq_available; then
+ local extractPortCmd="(.spec.ports[] | select (.name == \"rest\") | .port)"
+ port=$(echo "${STATUS}" | jq "${extractPortCmd}" 2>> ${log_file_name})
+ else
+cat > cmds-$$.py << INPUT
+import sys, json
+for i in json.load(sys.stdin)["spec"]["ports"]:
+ if i["name"] == "rest":
+ print(i["port"])
+INPUT
+port=$(echo "${STATUS}" | python cmds-$$.py 2>> ${log_file_name})
+ fi
+ echo "$port"
+}
+
+# Retrieve the api version of the deployed Custom Resource Domain
+function get_domain_api_version() {
+ # Retrieve Custom Resource Definition for WebLogic domain
+ local APIS=$(curl \
+ -v \
+ --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
+ -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
+ -X GET \
+ $kubernetes_master/apis)
+ if [ $? -ne 0 ]
+ then
+ trace "Failed to retrieve list of APIs from Kubernetes cluster"
+ trace "APIS: $APIS"
+ exit 1
+ fi
+
+# Find domain version
+ local domain_api_version
+ if jq_available; then
+ local extractVersionCmd="(.groups[] | select (.name == \"weblogic.oracle\") | .preferredVersion.version)"
+ domain_api_version=$(echo "${APIS}" | jq -r "${extractVersionCmd}" 2>> ${log_file_name})
+ else
+cat > cmds-$$.py << INPUT
+import sys, json
+for i in json.load(sys.stdin)["groups"]:
+ if i["name"] == "weblogic.oracle":
+ print(i["preferredVersion"]["version"])
+INPUT
+domain_api_version=`echo ${APIS} | python cmds-$$.py 2>> ${log_file_name}`
+ fi
+ echo "$domain_api_version"
+}
+
+# Retrieve Custom Resource Domain
+function get_custom_resource_domain() {
+ local DOMAIN=$(curl \
+ -v \
+ --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
+ -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
+ $kubernetes_master/apis/weblogic.oracle/$domain_api_version/namespaces/$wls_domain_namespace/domains/$wls_domain_uid)
+ if [ $? -ne 0 ]; then
+ trace "Failed to retrieve WebLogic Domain Custom Resource Definition"
+ exit 1
+ fi
+ echo "$DOMAIN"
+}
+
+# Verify if cluster is defined in clusters of the Custom Resource Domain
+# args:
+# $1 Custom Resource Domain
+function is_defined_in_clusters() {
+ local DOMAIN="$1"
+ local in_cluster_startup="False"
+
+ if jq_available; then
+ local inClusterStartupCmd="(.spec.clusters[] | select (.clusterName == \"${wls_cluster_name}\"))"
+ local clusterDefinedInCRD=$(echo "${DOMAIN}" | jq "${inClusterStartupCmd}" 2>> ${log_file_name})
+ if [ "${clusterDefinedInCRD}" != "" ]; then
+ in_cluster_startup="True"
+ fi
+ else
+cat > cmds-$$.py << INPUT
+import sys, json
+outer_loop_must_break = False
+for j in json.load(sys.stdin)["spec"]["clusters"]:
+ if j["clusterName"] == "$wls_cluster_name":
+ outer_loop_must_break = True
+ print (True)
+ break
+if outer_loop_must_break == False:
+ print (False)
+INPUT
+in_cluster_startup=`echo ${DOMAIN} | python cmds-$$.py 2>> ${log_file_name}`
+ fi
+ echo "$in_cluster_startup"
+}
+
+# Gets the current replica count of the cluster
+# args:
+# $1 Custom Resource Domain
+function get_num_ms_in_cluster() {
+ local DOMAIN="$1"
+ local num_ms
+ if jq_available; then
+ local numManagedServersCmd="(.spec.clusters[] | select (.clusterName == \"${wls_cluster_name}\") | .replicas)"
+ num_ms=$(echo "${DOMAIN}" | jq "${numManagedServersCmd}" 2>> ${log_file_name})
+ else
+cat > cmds-$$.py << INPUT
+import sys, json
+for j in json.load(sys.stdin)["spec"]["clusters"]:
+ if j["clusterName"] == "$wls_cluster_name":
+ print (j["replicas"])
+INPUT
+ num_ms=`echo ${DOMAIN} | python cmds-$$.py 2>> ${log_file_name}`
+ fi
+
+ if [ "${num_ms}" == "null" ] || [ "${num_ms}" == '' ] ; then
+ num_ms=0
+ fi
+
+ echo "$num_ms"
+}
+
+# Gets the replica count at the Domain level
+# args:
+# $1 Custom Resource Domain
+function get_num_ms_domain_scope() {
+ local DOMAIN="$1"
+ local num_ms
+ if jq_available; then
+ num_ms=$(echo "${DOMAIN}" | jq -r '.spec.replicas' 2>> ${log_file_name})
+ else
+cat > cmds-$$.py << INPUT
+import sys, json
+print (json.load(sys.stdin)["spec"]["replicas"])
+INPUT
+ num_ms=`echo ${DOMAIN} | python cmds-$$.py 2>> ${log_file_name}`
+ fi
+
+ if [ "${num_ms}" == "null" ] || [ "${num_ms}" == '' ] ; then
+ # if not defined then default to 0
+ num_ms=0
+ fi
+
+ echo "$num_ms"
+}
+
+#
+# Function to get minimum replica count for cluster
+# $1 - Domain resource in json format
+# $2 - Name of the cluster
+# $3 - Return value containing minimum replica count
+#
+function get_min_replicas {
+ local domainJson=$1
+ local clusterName=$2
+ local __result=$3
+
+ eval $__result=0
+ if jq_available; then
+ minReplicaCmd="(.status.clusters[] | select (.clusterName == \"${clusterName}\")) \
+ | .minimumReplicas"
+ minReplicas=$(echo ${domainJson} | jq "${minReplicaCmd}" 2>> ${log_file_name})
+ else
+cat > cmds-$$.py << INPUT
+import sys, json
+for j in json.load(sys.stdin)["status"]["clusters"]:
+ if j["clusterName"] == "$clusterName":
+ print (j["minimumReplicas"])
+INPUT
+ minReplicas=`echo ${DOMAIN} | python cmds-$$.py 2>> ${log_file_name}`
+ fi
+ eval $__result=${minReplicas}
+}
+
+# Get the current replica count for the WLS cluster if defined in the CRD's Cluster
+# configuration. If WLS cluster is not defined in the CRD then return the Domain
+# scoped replica value, if present. Returns replica count = 0 if no replica count found.
+# args:
+# $1 "True" if WLS cluster configuration defined in CRD, "False" otherwise
+# $2 Custom Resource Domain
+function get_replica_count() {
+ local in_cluster_startup="$1"
+ local DOMAIN="$2"
+ local num_ms
+ if [ "$in_cluster_startup" == "True" ]
+ then
+ trace "$wls_cluster_name defined in clusters"
+ num_ms=$(get_num_ms_in_cluster "$DOMAIN")
+ else
+ trace "$wls_cluster_name NOT defined in clusters"
+ num_ms=$(get_num_ms_domain_scope "$DOMAIN")
+ fi
+
+ get_min_replicas "${DOMAIN}" "${wls_cluster_name}" minReplicas
+ if [[ "${num_ms}" -lt "${minReplicas}" ]]; then
+ # Reset managed server count to minimum replicas
+ num_ms=${minReplicas}
+ fi
+
+ echo "$num_ms"
+}
+
+# Determine the nuber of managed servers to scale
+# args:
+# $1 scaling action (scaleUp or scaleDown)
+# $2 current replica count
+# $3 scaling increment value
+function calculate_new_ms_count() {
+ local scaling_action="$1"
+ local current_replica_count="$2"
+ local scaling_size="$3"
+ local new_ms
+ if [ "$scaling_action" == "scaleUp" ];
+ then
+ # Scale up by specified scaling size
+ # shellcheck disable=SC2004
+ new_ms=$(($current_replica_count + $scaling_size))
+ else
+ # Scale down by specified scaling size
+ new_ms=$(($current_replica_count - $scaling_size))
+ fi
+ echo "$new_ms"
+}
+
+# Verify if requested managed server scaling count is less than the configured
+# minimum replica count for the cluster.
+# args:
+# $1 Managed server count
+# $2 Custom Resource Domain
+# $3 Cluster name
+function verify_minimum_ms_count_for_cluster() {
+ local new_ms="$1"
+ local domainJson="$2"
+ local clusterName="$3"
+ # check if replica count is less than minimum replicas
+ get_min_replicas "${domainJson}" "${clusterName}" minReplicas
+ if [ "${new_ms}" -lt "${minReplicas}" ]; then
+ trace "Scaling request to new managed server count $new_ms is less than configured minimum \
+ replica count $minReplicas"
+ exit 1
+ fi
+}
+
+# Create the REST endpoint CA certificate in PEM format
+# args:
+# $1 certificate file name to create
+function create_ssl_certificate_file() {
+ local pem_filename="$1"
+ if [ ${INTERNAL_OPERATOR_CERT} ];
+ then
+ echo ${INTERNAL_OPERATOR_CERT} | base64 --decode > $pem_filename
+ else
+ trace "Operator Cert File not found"
+ exit 1
+ fi
+}
+
+# Create request body for scaling request
+# args:
+# $1 replica count
+function get_request_body() {
+local new_ms="$1"
+local request_body=$(cat <
+WebLogicHost ${WEBLOGIC_HOST}
+WebLogicPort ${WEBLOGIC_PORT}
+
+
+# Directive for weblogic admin Console deployed on Weblogic Admin Server
+
+SetHandler weblogic-handler
+WebLogicHost domain1-admin-server
+WebLogicPort ${WEBLOGIC_PORT}
+
+
+# Directive for all application deployed on weblogic cluster with a prepath defined by LOCATION variable
+# For example, if the LOCAITON is set to '/weblogic', all applications deployed on the cluster can be accessed via
+# http://myhost:myport/weblogic/application_end_url
+# where 'myhost' is the IP of the machine that runs the Apache web tier, and
+# 'myport' is the port that the Apache web tier is publicly exposed to.
+# Note that LOCATION cannot be set to '/' unless this is the only Location module configured.
+
+WLSRequest On
+WebLogicCluster domain1-cluster-cluster-1:8001
+PathTrim /weblogic1
+
+
+# Directive for all application deployed on weblogic cluster with a prepath defined by LOCATION2 variable
+# For example, if the LOCAITON2 is set to '/weblogic2', all applications deployed on the cluster can be accessed via
+# http://myhost:myport/weblogic2/application_end_url
+# where 'myhost' is the IP of the machine that runs the Apache web tier, and
+# 'myport' is the port that the Apache webt ier is publicly exposed to.
+
+WLSRequest On
+WebLogicCluster domain2-cluster-cluster-1:8021
+PathTrim /weblogic2
+
+```
+
+* Create a PV / PVC (pv-claim-name) that can be used to store the `custom_mod_wl_apache.conf`. Refer to the [Sample for creating a PV or PVC](/kubernetes/samples/scripts/create-weblogic-domain-pv-pvc/README.md).
+
+## 5. Prepare your own certificate and private key
+In production, Oracle strongly recommends that you provide your own certificates. Run the following commands to generate your own certificate and private key using `openssl`.
+
+```shell
+$ cd kubernetes/samples/charts/apache-samples/custom-sample
+$ export VIRTUAL_HOST_NAME=apache-sample-host
+$ export SSL_CERT_FILE=apache-sample.crt
+$ export SSL_CERT_KEY_FILE=apache-sample.key
+$ sh certgen.sh
+```
+
+## 6. Prepare the input values for the Apache webtier Helm chart
+Run the following commands to prepare the input value file for the Apache webtier Helm chart.
+
+```shell
+$ base64 -i ${SSL_CERT_FILE} | tr -d '\n'
+$ base64 -i ${SSL_CERT_KEY_FILE} | tr -d '\n'
+$ touch input.yaml
+```
+Edit the input parameters file, `input.yaml`. The file content is similar to below.
+
+```yaml
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# Use this to provide your own Apache webtier configuration as needed; simply define this
+# Persistence Volume which contains your own custom_mod_wl_apache.conf file.
+persistentVolumeClaimName:
+
+# The VirtualHostName of the Apache HTTP server. It is used to enable custom SSL configuration.
+virtualHostName: apache-sample-host
+
+# The customer supplied certificate to use for Apache webtier SSL configuration.
+# The value must be a string containing a base64 encoded certificate. Run following command to get it.
+# base64 -i ${SSL_CERT_FILE} | tr -d '\n'
+customCert:
+
+# The customer supplied private key to use for Apache webtier SSL configuration.
+# The value must be a string containing a base64 encoded key. Run following command to get it.
+# base64 -i ${SSL_KEY_FILE} | tr -d '\n'
+customKey:
+```
+
+## 7. Install the Apache webtier Helm chart
+The Apache webtier Helm chart is located in the `kubernetes/samples/charts/apache-webtier` directory. Install the Apache webtier Helm chart to the `apache-sample` namespace with the specified input parameters:
+
+```shell
+$ cd kubernetes/samples/charts
+$ helm install my-release --values apache-samples/custom-sample/input.yaml --namespace apache-sample apache-webtier
+```
+
+## 8. Run the sample application
+Now you can send requests to different WebLogic domains with the unique entry point of Apache with different paths. Alternatively, you can access the URLs in a web browser.
+```shell
+$ curl --silent http://${HOSTNAME}:30305/weblogic1/testwebapp/
+$ curl --silent http://${HOSTNAME}:30305/weblogic2/testwebapp/
+```
+Also, you can use SSL URLs to send requests to different WebLogic domains. Access the SSL URL via the `curl` command or a web browser.
+```shell
+$ curl -k --silent https://${HOSTNAME}:30443/weblogic1/testwebapp/
+$ curl -k --silent https://${HOSTNAME}:30443/weblogic2/testwebapp/
+```
+
+## 9. Uninstall the Apache webtier
+```shell
+$ helm uninstall my-release --namespace apache-sample
+```
diff --git a/OracleIdentityGovernance/kubernetes/charts/apache-samples/custom-sample/certgen.sh b/OracleIdentityGovernance/kubernetes/charts/apache-samples/custom-sample/certgen.sh
new file mode 100755
index 000000000..20dd9fa51
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/apache-samples/custom-sample/certgen.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# Since: June, 2018
+# Author: dongbo.xiao@oracle.com
+# Description: script to start Apache HTTP Server
+#
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+
+# Generated configuration file
+CONFIG_FILE="config.txt"
+
+cat > $CONFIG_FILE <<-EOF
+[req]
+default_bits = 2048
+prompt = no
+default_md = sha256
+req_extensions=v3_req
+extensions=v3_req
+distinguished_name = dn
+
+[dn]
+C = US
+ST = CA
+L = Redwood Shores
+O = Oracle Corporation
+OU = Apache HTTP Server With Plugin
+CN = $VIRTUAL_HOST_NAME
+
+[v3_req]
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = $VIRTUAL_HOST_NAME
+DNS.2 = $VIRTUAL_HOST_NAME.cloud.oracle.com
+DNS.3 = *.$VIRTUAL_HOST_NAME
+DNS.4 = localhost
+EOF
+
+echo "Generating certs for $VIRTUAL_HOST_NAME"
+
+# Generate our Private Key, CSR and Certificate
+# Use SHA-2 as SHA-1 is unsupported from Jan 1, 2017
+
+openssl req -x509 -newkey rsa:2048 -sha256 -nodes -keyout "$SSL_CERT_KEY_FILE" -days 3650 -out "$SSL_CERT_FILE" -config "$CONFIG_FILE"
+
+# OPTIONAL - write an info to see the details of the generated crt
+openssl x509 -noout -fingerprint -text < "$SSL_CERT_FILE" > "$SSL_CERT_FILE.info"
+# Protect the key
+chmod 400 "$SSL_CERT_KEY_FILE"
+chmod 400 "$SSL_CERT_FILE.info"
diff --git a/OracleIdentityGovernance/kubernetes/charts/apache-samples/custom-sample/custom_mod_wl_apache.conf b/OracleIdentityGovernance/kubernetes/charts/apache-samples/custom-sample/custom_mod_wl_apache.conf
new file mode 100755
index 000000000..8a2d05f0d
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/apache-samples/custom-sample/custom_mod_wl_apache.conf
@@ -0,0 +1,37 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+
+WebLogicHost ${WEBLOGIC_HOST}
+WebLogicPort ${WEBLOGIC_PORT}
+
+
+# Directive for weblogic admin Console deployed on Weblogic Admin Server
+
+SetHandler weblogic-handler
+WebLogicHost domain1-admin-server
+WebLogicPort ${WEBLOGIC_PORT}
+
+
+# Directive for all application deployed on weblogic cluster with a prepath defined by LOCATION variable
+# For example, if the LOCAITON is set to '/weblogic', all applications deployed on the cluster can be accessed via
+# http://myhost:myport/weblogic/application_end_url
+# where 'myhost' is the IP of the machine that runs the Apache web tier, and
+# 'myport' is the port that the Apache web tier is publicly exposed to.
+# Note that LOCATION cannot be set to '/' unless this is the only Location module configured.
+
+WLSRequest On
+WebLogicCluster domain1-cluster-cluster-1:8001
+PathTrim /weblogic1
+
+
+# Directive for all application deployed on weblogic cluster with a prepath defined by LOCATION2 variable
+# For example, if the LOCAITON2 is set to '/weblogic2', all applications deployed on the cluster can be accessed via
+# http://myhost:myport/weblogic2/application_end_url
+# where 'myhost' is the IP of the machine that runs the Apache web tier, and
+# 'myport' is the port that the Apache webt ier is publicly exposed to.
+
+WLSRequest On
+WebLogicCluster domain2-cluster-cluster-1:8021
+PathTrim /weblogic2
+
diff --git a/OracleIdentityGovernance/kubernetes/charts/apache-samples/custom-sample/input.yaml b/OracleIdentityGovernance/kubernetes/charts/apache-samples/custom-sample/input.yaml
new file mode 100755
index 000000000..95eaec6e9
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/apache-samples/custom-sample/input.yaml
@@ -0,0 +1,28 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# Use this to provide your own Apache webtier configuration as needed; simply define the
+# Persistence Volume which contains your own custom_mod_wl_apache.conf file and provide the Persistence Volume Claim Name
+persistentVolumeClaimName:
+
+# imagePullSecrets contains an optional list of Kubernetes secrets, that are needed
+# to access the registry containing the apache webtier image.
+# If no secrets are required, then omit this property.
+#
+# Example : a secret is needed, and has been stored in 'my-apache-webtier-secret'
+#
+# imagePullSecrets:
+# - name: my-apache-webtier-secret
+
+# The VirtualHostName of the Apache HTTP server. It is used to enable custom SSL configuration.
+virtualHostName: apache-sample-host
+
+# The customer supplied certificate to use for Apache webtier SSL configuration.
+# The value must be a string containing a base64 encoded certificate. Run following command to get it.
+# base64 -i ${SSL_CERT_FILE} | tr -d '\n'
+customCert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxakNDQXBJQ0NRQ0w2Q2JwRWZ6QnB6QU5CZ2txaGtpRzl3MEJBUXNGQURDQmxqRUxNQWtHQTFVRUJoTUMKVlZNeEN6QUpCZ05WQkFnTUFrTkJNUmN3RlFZRFZRUUhEQTVTWldSM2IyOWtJRk5vYjNKbGN6RWJNQmtHQTFVRQpDZ3dTVDNKaFkyeGxJRU52Y25CdmNtRjBhVzl1TVNjd0pRWURWUVFMREI1QmNHRmphR1VnU0ZSVVVDQlRaWEoyClpYSWdWMmwwYUNCUWJIVm5hVzR4R3pBWkJnTlZCQU1NRW1Gd1lXTm9aUzF6WVcxd2JHVXRhRzl6ZERBZUZ3MHgKT0RFeE1UUXhOVEF3TURGYUZ3MHlPREV4TVRFeE5UQXdNREZhTUlHV01Rc3dDUVlEVlFRR0V3SlZVekVMTUFrRwpBMVVFQ0F3Q1EwRXhGekFWQmdOVkJBY01EbEpsWkhkdmIyUWdVMmh2Y21Wek1Sc3dHUVlEVlFRS0RCSlBjbUZqCmJHVWdRMjl5Y0c5eVlYUnBiMjR4SnpBbEJnTlZCQXNNSGtGd1lXTm9aU0JJVkZSUUlGTmxjblpsY2lCWGFYUm8KSUZCc2RXZHBiakViTUJrR0ExVUVBd3dTWVhCaFkyaGxMWE5oYlhCc1pTMW9iM04wTUlJQklqQU5CZ2txaGtpRwo5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBeXBVWjEzV3ltcUVnSUZOVTZDa2E0SkFqMXFNemZ4T2FjTklNClVKRE9zZUtqdjNOYmpJb0szQTArcE9lRDNPOXBNcUVxM3F5ZWlCTUtnVEQwREhZNS9HQldjeEUvdUJyWk0rQzgKcnl3RVk5QTl5Y1drZ3h4NUFqSFM1ZnRLMFhpQU9OZWdnUnV0RTBTTnRmbmY3T0FwaStzU0k1RlBzT2V2ZWZGVgoybjJHUDg0bHNDTTZ3Y3FLcXRKeStwOC94VEJKdW1MY2RoL1daYktGTDd5YzFGSzdUNXdPVTB3eS9nZ1lVOUVvCk9tT3M3MENQWmloSkNrc1hrd1d0Q0JISEEwWGJPMXpYM1VZdnRpeGMwb2U3aFltd29zZnlQWU1raC9hL2pWYzEKWkhac25wQXZiWTZrVEoyY1dBa1hyS0srVmc5ZGJrWGVPY0FFTnNHazIvcXFxVGNOV1FJREFRQUJNQTBHQ1NxRwpTSWIzRFFFQkN3VUFBNElCQVFDQXZZNzBHVzBTM1V4d01mUHJGYTZvOFJxS3FNSDlCRE9lZ29zZGc5Nm9QakZnClgzRGJjblU5U0QxTzAyZUhNb0RTRldiNFlsK3dwZk9zUDFKekdQTERQcXV0RWRuVjRsbUJlbG15Q09xb0F4R0gKRW1vZGNUSWVxQXBnVDNEaHR1NW90UW4zZTdGaGNRRHhDelN6SldkUTRJTFh4SExsTVBkeHpRN1NwTzVySERGeAo0eEd6dkNHRkMwSlhBZ2w4dFhvR3dUYkpDR1hxYWV2cUIrNXVLY1NpSUo2M2dhQk1USytjUmF5MkR4L1dwcEdBClZWTnJsTWs4TEVQT1VSN2RZMm0xT3RaU1hCckdib3QwQjNEUG9yRkNpeVF5Q20vd0FYMFk0Z0hiMlNmcitOeFoKQkppb2VXajZ6ZGFvU3dPZkwxd2taWlJjVGtlZlZyZXdVRjZRQ3BCcAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+
+# The customer supplied private key to use for Apache webtier SSL configuration.
+# The value must be a string containing a base64 encoded key. Run following command to get it.
+# base64 -i ${SSL_KEY_FILE} | tr -d '\n'
+customKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRREtsUm5YZGJLYW9TQWcKVTFUb0tScmdrQ1BXb3pOL0U1cHcwZ3hRa002eDRxTy9jMXVNaWdyY0RUNms1NFBjNzJreW9TcmVySjZJRXdxQgpNUFFNZGpuOFlGWnpFVCs0R3RrejRMeXZMQVJqMEQzSnhhU0RISGtDTWRMbCswclJlSUE0MTZDQkc2MFRSSTIxCitkL3M0Q21MNnhJamtVK3c1Njk1OFZYYWZZWS96aVd3SXpyQnlvcXEwbkw2bnovRk1FbTZZdHgySDlabHNvVXYKdkp6VVVydFBuQTVUVERMK0NCaFQwU2c2WTZ6dlFJOW1LRWtLU3hlVEJhMElFY2NEUmRzN1hOZmRSaSsyTEZ6UwpoN3VGaWJDaXgvSTlneVNIOXIrTlZ6VmtkbXlla0M5dGpxUk1uWnhZQ1Jlc29yNVdEMTF1UmQ0NXdBUTJ3YVRiCitxcXBOdzFaQWdNQkFBRUNnZ0VCQUtPKzR4VnFHRVN1aWxZMnBVSEd2K2ZWK25IcWxweFh6eFQwWTJuWHNvck0KZzhralNGT1AzUGxEWjJoSmppZE9DUDBZa3B0TWNoUFJPRU4ydXowN2J1RlZTV3RXL09jbUpIeXZZalJCWXdiKwo4b0tlVTd4NmprRTgzcGh3aDJoTGUzRDJzZERKK3hyQTViNjZ5OG9lNHRZcTJ3Mk96aGhUSFY1MnVRdVRQS2xpCjJpSHNYQzIwT1dMSmRuMGU1a0IycTJhV3JJaUJBVzI1Y0JyRDQ5MWFyTDh0emJQOWM4eUUyWUdNM1FKaUFtbkYKNUxZUElzZFdVczJYNEhscWtUM0d6ZEVxNUtzV0pzdjN5QUkxOVJ4eXAwZXd1ditTN3hsRjdIZGlhbnR6ZUp4WAp3MnRWbHpjb1BVQVhoVHIxS0N1UDNCT3BQVXNvMG9oaDNzRFVXamVVWUNVQ2dZRUE3L25QYTE5ckpKUExJOFZiCllhQ2pEKzhTR0FvVWZwSDdRTVFyT2RzR0RkcWRKa2VlNEJ0RDBITUEzL1lLVGFUK0JvRVZmQ2czSWpZVWpmeGcKSkp0VWlJVlcya0RsMU5NY0xXaldINExPaFErQlRGbWcvbFlkc2puMW9FbUJ1Rk1NYWF0ejNGdmZscFRCekg4cwpwMHFyL0hJYTFTbllBckVTUXZUVk9MMVhtcThDZ1lFQTJCd1V6NmpQdVVGR3ZKS3RxWTZVbE9yYm05WXFyYVdDCjlhQ3ZBTDFHZ0Q1U1FEcGRVZnl3MVlWdm9hUU9DWHBOL0Z5UHZCdFF2TzYrbHp0MjVTcmMwZk0weHI3d3ZHRmEKSW5FcmlSOXAvMXdXU01yaWFXZitKaE81NENneFZ0alBXZm1pOVNhc0pqOE1jZVk0cUNCNUVJLzM1cjVaa3lFRQozeEhzcEUxVnVuY0NnWUJLYXBveXZzVTM4NGprRDloMW50M1NIQjN0VEhyc2dSSjhGQmtmZU5jWXhybEMzS1RjCjlEZUVWWlZvM2lCMTBYdGd3dmpKcHFMcVBnRUR3c2FCczVWMFBIMGhjMHlTUWVFVUI5V1dzZmFlOXA3dThVQm0KZm9mNDg5WkNuV2pYb3hGUFYzYTNWOW92RlBSQUdSUGMwT0FpaWJQZWRIcGk0MHc1YlRrTnZsR0RTd0tCZ1FESApubWk2eUR2WDZ5dmowN2tGL2VYUkNIK0NHdm1oSEZremVoRXNwYWtSbkg5dFJId2UxMEtnZUhqODNnVDVURGZzCis3THBGbklsa29JS1A2czdVN1JWV2tsTnErSENvRW9adGw5NGNjUC9WSmhnOU1iZWhtaUQwNFRHUVZvUjFvTHgKb1YyZEJQUFBBRDRHbDVtTjh6RGcwNXN4VUhKOUxPckxBa3VNR01NdlVRS0JnQ2RUUGgwVHRwODNUUVZFZnR3bwpuSGVuSEQzMkhrZkR0MTV4Wk84NVZGcTlONVg2MjB2amZKNkNyVnloS1RISllUREs1N2owQ3Z2STBFTksxNytpCi9yaXgwVlFNMTBIMFFuTkZlb0pmS0VITHhXb2czSHVBSVZxTEg4NmJwcytmb25nOCtuMGgvbk5NZUZNYjdSNUMKdmFHNEVkc0VHV0hZS2FiL2lzRlowUVU0Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
diff --git a/OracleIdentityGovernance/kubernetes/charts/apache-samples/default-sample/README.md b/OracleIdentityGovernance/kubernetes/charts/apache-samples/default-sample/README.md
new file mode 100755
index 000000000..806bab5c9
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/apache-samples/default-sample/README.md
@@ -0,0 +1,39 @@
+# Apache load balancer default sample
+In this sample, we will configure the Apache webtier as a load balancer for a WebLogic domain using the default configuration. We will demonstrate how to use the Apache webtier to handle traffic to a backend WebLogic domain.
+
+## 1. Create a WebLogic domain
+We need to prepare a backend domain for load balancing by the Apache webtier. Refer to the [sample](/kubernetes/samples/scripts/create-weblogic-domain/domain-home-on-pv/README.md), to create a WebLogic domain. Keep the default values for the following configuration parameters:
+- namespace: `default`
+- domainUID: `domain1`
+- clusterName: `cluster-1`
+- adminServerName: `admin-server`
+- adminPort: `7001`
+- managedServerPort: `8001`
+
+After the domain is successfully created, deploy the sample web application, `testwebapp.war`, on the domain cluster using the WLS Administration Console. The sample web application is located in the `kubernetes/samples/charts/application` directory.
+
+## 2. Build the Apache webtier Docker image
+Refer to the [sample](https://github.com/oracle/docker-images/tree/master/OracleWebLogic/samples/12213-webtier-apache), to build the Apache webtier Docker image.
+
+## 3. Install the Apache webtier with a Helm chart
+The Apache webtier Helm chart [is located here](../../apache-webtier/README.md).
+Install the Apache webtier Helm chart into the default namespace with the default settings:
+```shell
+$ cd kubernetes/samples/charts
+$ helm install my-release apache-webtier
+```
+
+## 4. Run the sample application
+Now you can send request to the WebLogic domain with the unique entry point of Apache. Alternatively, you can access the URL in a web browser.
+```shell
+$ curl --silent http://${HOSTNAME}:30305/weblogic/testwebapp/
+```
+You can also use an SSL URL to send requests to the WebLogic domain. Access the SSL URL via the `curl` command or a web browser.
+```shell
+$ curl -k --silent https://${HOSTNAME}:30443/weblogic/testwebapp/
+```
+
+## 5. Uninstall the Apache webtier
+```shell
+$ helm uninstall my-release
+```
diff --git a/OracleIdentityGovernance/kubernetes/charts/apache-webtier/Chart.yaml b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/Chart.yaml
new file mode 100755
index 000000000..413b8ba2d
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/Chart.yaml
@@ -0,0 +1,20 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+apiVersion: v1
+name: apache-webtier
+version: 1.0.0
+appVersion: 12.2.1.3
+description: Chart for Apache HTTP Server
+keywords:
+- apache
+- http
+- https
+- load balance
+- proxy
+home: https://httpd.apache.org
+sources:
+- https://github.com/oracle/weblogic-kubernetes-operator/tree/master/kubernetes/samples/charts/apache-webtier
+maintainers:
+- name: Oracle
+engine: gotpl
diff --git a/OracleIdentityGovernance/kubernetes/charts/apache-webtier/README.md b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/README.md
new file mode 100755
index 000000000..2be875dd3
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/README.md
@@ -0,0 +1,92 @@
+# Apache webtier Helm chart
+
+This Helm chart bootstraps an Apache HTTP Server deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+The chart depends on the Docker image for the Apache HTTP Server with Oracle WebLogic Server Proxy Plugin (supported versions 12.2.1.3.0 and 12.2.1.4.0). See the details in [Apache HTTP Server with Oracle WebLogic Server Proxy Plugin on Docker](https://github.com/oracle/docker-images/tree/master/OracleWebLogic/samples/12213-webtier-apache).
+
+## Prerequisites
+
+You will need to build a Docker image with the Apache webtier in it using the sample provided [here](https://github.com/oracle/docker-images/tree/master/OracleWebLogic/samples/12213-webtier-apache)
+in order to use this load balancer.
+
+## Installing the Chart
+To install the chart with the release name `my-release`:
+```shell
+$ helm install my-release apache-webtier
+```
+The command deploys the Apache HTTP Server on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete `my-release`:
+
+```shell
+$ helm uninstall my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the Apache webtier chart and their default values.
+
+
+| Parameter | Description | Default |
+| -----------------------------------| ------------------------------------------------------------- | ----------------------|
+| `image` | Apache webtier Docker image | `oracle/apache:12.2.1.3` |
+| `imagePullPolicy` | Image pull policy for the Apache webtier Docker image | `IfNotPresent` |
+| `imagePullSecrets` | Image pull Secrets required to access the registry containing the Apache webtier Docker image| ``|
+| `persistentVolumeClaimName` | Persistence Volume Claim name Apache webtier | `` |
+| `createRBAC` | Boolean indicating if RBAC resources should be created | `true` |
+| `httpNodePort` | Node port to expose for HTTP access | `30305` |
+| `httpsNodePort` | Node port to expose for HTTPS access | `30443` |
+| `virtualHostName` | The `VirtualHostName` of the Apache HTTP Server | `` |
+| `customCert` | The customer supplied certificate | `` |
+| `customKey` | The customer supplied private key | `` |
+| `domainUID` | Unique ID identifying a domain | `domain1` |
+| `clusterName` | Cluster name | `cluster-1` |
+| `adminServerName` | Name of the Administration Server | `admin-server` |
+| `adminPort` | Port number for Administration Server | `7001` |
+| `managedServerPort` | Port number for each Managed Server | `8001` |
+| `location` | Prepath for all applications deployed on the WebLogic cluster | `/weblogic` |
+| `useNonPriviledgedPorts` | Configuration of Apache webtier on NonPriviledgedPort | `false` |
+
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:
+
+```shell
+$ helm install my-release --set persistentVolumeClaimName=webtier-apache-pvc apache-webtier
+```
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while
+installing the chart. For example:
+
+```shell
+$ helm install my-release --values values.yaml apache-webtier
+```
+## useNonPriviledgedPorts
+By default, the chart will install the Apache webtier on PriviledgedPort (port 80). Set the flag `useNonPriviledgedPorts=true` to enable the Apache webtier to listen on port `8080`
+
+
+## RBAC
+By default, the chart will install the recommended RBAC roles and role bindings.
+
+Set the flag `--authorization-mode=RBAC` on the API server. See the following document for how to enable [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/).
+
+To determine if your cluster supports RBAC, run the following command:
+
+```shell
+$ kubectl api-versions | grep rbac
+```
+
+If the output contains "beta", you may install the chart with RBAC enabled.
+
+### Disable RBAC role/rolebinding creation
+
+To disable the creation of RBAC resources (on clusters with RBAC). Do the following:
+
+```shell
+$ helm install my-release apache-webtier --set createRBAC=false
+```
diff --git a/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/_helpers.tpl b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/_helpers.tpl
new file mode 100755
index 000000000..c7999d287
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/_helpers.tpl
@@ -0,0 +1,25 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "apache.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "apache.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "apache.serviceAccountName" -}}
+{{- printf "%s-%s" .Release.Name .Chart.Name | trunc 63 -}}
+{{- end -}}
diff --git a/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/cluster-role-binding.yaml b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/cluster-role-binding.yaml
new file mode 100755
index 000000000..188e54d1a
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/cluster-role-binding.yaml
@@ -0,0 +1,17 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{ if .Values.createRBAC }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "apache.fullname" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "apache.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "apache.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+{{ end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/cluster-role.yaml b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/cluster-role.yaml
new file mode 100755
index 000000000..449a87664
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/cluster-role.yaml
@@ -0,0 +1,29 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{ if .Values.createRBAC }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "apache.fullname" . }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ - services
+ - endpoints
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - extensions
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+{{ end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/deployment.yaml b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/deployment.yaml
new file mode 100755
index 000000000..cd7b07ad3
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/deployment.yaml
@@ -0,0 +1,106 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: {{ template "apache.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "apache.fullname" . }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ template "apache.fullname" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ template "apache.fullname" . }}
+ spec:
+ serviceAccountName: {{ template "apache.serviceAccountName" . }}
+ terminationGracePeriodSeconds: 60
+{{- if or (and (.Values.virtualHostName) (.Values.customCert)) (.Values.persistentVolumeClaimName) }}
+ volumes:
+{{- end }}
+{{- if and (.Values.virtualHostName) (.Values.customCert) }}
+ - name: serving-cert
+ secret:
+ defaultMode: 420
+ secretName: {{ template "apache.fullname" . }}-cert
+{{- end }}
+{{- if .Values.persistentVolumeClaimName }}
+ - name: {{ template "apache.fullname" . }}
+ persistentVolumeClaim:
+ claimName: {{ .Values.persistentVolumeClaimName | quote }}
+{{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{ .Values.imagePullSecrets | toYaml }}
+ {{- end }}
+ containers:
+ - name: {{ template "apache.fullname" . }}
+ image: {{ .Values.image | quote }}
+ imagePullPolicy: {{ .Values.imagePullPolicy | quote }}
+{{- if or (and (.Values.virtualHostName) (.Values.customCert)) (.Values.persistentVolumeClaimName) }}
+ volumeMounts:
+{{- end }}
+{{- if and (.Values.virtualHostName) (.Values.customCert) }}
+ - name: serving-cert
+ mountPath: "/var/serving-cert"
+{{- end }}
+{{- if .Values.persistentVolumeClaimName }}
+ - name: {{ template "apache.fullname" . }}
+ mountPath: "/config"
+{{- end }}
+{{- if or (not (.Values.persistentVolumeClaimName)) (.Values.virtualHostName) }}
+ env:
+{{- end }}
+{{- if .Values.useNonPriviledgedPorts }}
+ - name: NonPriviledgedPorts
+ value: "true"
+{{- end }}
+{{- if not (.Values.persistentVolumeClaimName) }}
+ - name: WEBLOGIC_CLUSTER
+ value: "{{ .Values.domainUID | replace "_" "-" | lower }}-cluster-{{ .Values.clusterName | replace "_" "-" | lower }}:{{ .Values.managedServerPort }}"
+ - name: LOCATION
+ value: {{ .Values.location | quote }}
+ - name: WEBLOGIC_HOST
+ value: "{{ .Values.domainUID | replace "_" "-" | lower }}-{{ .Values.adminServerName | replace "_" "-" | lower }}"
+ - name: WEBLOGIC_PORT
+ value: {{ .Values.adminPort | quote }}
+{{- end }}
+{{- if .Values.virtualHostName }}
+ - name: VIRTUAL_HOST_NAME
+ value: {{ .Values.virtualHostName | quote }}
+{{- if .Values.customCert }}
+ - name: SSL_CERT_FILE
+ value: "/var/serving-cert/tls.crt"
+ - name: SSL_CERT_KEY_FILE
+ value: "/var/serving-cert/tls.key"
+{{- end }}
+{{- end }}
+ readinessProbe:
+ tcpSocket:
+{{- if .Values.useNonPriviledgedPorts }}
+ port: 8080
+{{- else }}
+ port: 80
+{{- end }}
+ failureThreshold: 1
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 2
+ livenessProbe:
+ tcpSocket:
+{{- if .Values.useNonPriviledgedPorts }}
+ port: 8080
+{{- else }}
+ port: 80
+{{- end }}
+ failureThreshold: 3
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 2
diff --git a/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/secret.yaml b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/secret.yaml
new file mode 100755
index 000000000..bb716f50b
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/secret.yaml
@@ -0,0 +1,14 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{ if .Values.customCert }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "apache.fullname" . }}-cert
+ namespace: {{ .Release.Namespace | quote }}
+type: Opaque
+data:
+ tls.crt: {{ .Values.customCert | quote }}
+ tls.key: {{ .Values.customKey | quote }}
+{{ end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/service-account.yaml b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/service-account.yaml
new file mode 100755
index 000000000..f76d46aec
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/service-account.yaml
@@ -0,0 +1,8 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "apache.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/service.yaml b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/service.yaml
new file mode 100755
index 000000000..c8b8089eb
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/templates/service.yaml
@@ -0,0 +1,28 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "apache.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+spec:
+ type: NodePort
+ selector:
+ app: {{ template "apache.fullname" . }}
+ ports:
+{{- if .Values.useNonPriviledgedPorts }}
+ - port: 8080
+{{- else}}
+ - port: 80
+{{- end }}
+ nodePort: {{ .Values.httpNodePort }}
+ name: http
+{{- if .Values.virtualHostName }}
+ - port: 4433
+{{- else }}
+ - port: 443
+{{- end }}
+ nodePort: {{ .Values.httpsNodePort }}
+ name: https
+
diff --git a/OracleIdentityGovernance/kubernetes/charts/apache-webtier/values.yaml b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/values.yaml
new file mode 100755
index 000000000..ee0a8a815
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/apache-webtier/values.yaml
@@ -0,0 +1,79 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# Apache webtier docker image
+image: "oracle/apache:12.2.1.3"
+
+# imagePullPolicy specifies the image pull policy for the apache webiter docker image
+imagePullPolicy: "IfNotPresent"
+
+# imagePullSecrets contains an optional list of Kubernetes secrets, that are needed
+# to access the registry containing the apache webtier image.
+# If no secrets are required, then omit this property.
+#
+# Example : a secret is needed, and has been stored in 'my-apache-webtier-secret'
+#
+# imagePullSecrets:
+# - name: my-apache-webtier-secret
+#
+# imagePullSecrets:
+# - name:
+
+# Volume path for Apache webtier. By default, it is empty, which causes the volume
+# mount be disabled and, therefore, the built-in Apache plugin config be used.
+# Use this to provide your own Apache webtier configuration as needed; simply define this
+# path and put your own custom_mod_wl_apache.conf file under this path.
+persistentVolumeClaimName:
+
+# Boolean indicating if RBAC resources should be created
+createRBAC: true
+
+# NodePort to expose for http access
+httpNodePort: 30305
+
+# NodePort to expose for https access
+httpsNodePort: 30443
+
+# The VirtualHostName of the Apache HTTP server. It is used to enable custom SSL configuration.
+# If it is set, the Apache HTTP Server is configured to listen to port 4433 for SSL traffic.
+virtualHostName:
+
+# The customer supplied certificate to use for Apache webtier SSL configuration.
+# The value must be a string containing a base64 encoded certificate.
+# If 'virtualHostName' is set, the custom certificate and private key are not provided,
+# the default built-in auto-generated sample certificate and private key in the apache image will be used.
+# This parameter is ignored if 'virtualHostName' is not set.
+customCert:
+
+# The customer supplied private key to use for Apache webtier SSL configuration.
+# The value must be a string containing a base64 encoded key.
+# If 'virtualHostName' is set, the custom certificate and private key are not provided,
+# the default built-in auto-generated sample certificate and private key in the apache image will be used.
+# This parameter is ignored if 'virtualHostName' is not set.
+customKey:
+
+# Unique ID identifying a domain.
+# This ID must not contain an underscore ("_"), and must be lowercase and unique across all domains in a Kubernetes cluster.
+domainUID: "domain1"
+
+# Cluster name
+clusterName: "cluster-1"
+
+# Name of the admin server
+adminServerName: "admin-server"
+
+# Port number for admin server
+adminPort: 7001
+
+# Port number for each managed server
+managedServerPort: 8001
+
+# Prepath for all application deployed on WebLogic cluster.
+# For example, if it is set to '/weblogic', all applications deployed on the cluster can be accessed via
+# http://myhost:myport/weblogic/application_end_url
+# where 'myhost' is the IP of the machine that runs the Apache web tier, and
+# 'myport' is the port that the Apache web tier is publicly exposed to.
+location: "/weblogic"
+
+# Use non privileged port 8080 to listen. If set to false, default privileged port 80 will be used.
+useNonPriviledgedPorts: false
diff --git a/OracleIdentityGovernance/kubernetes/3.0.1/ingress-per-domain/Chart.yaml b/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/Chart.yaml
old mode 100644
new mode 100755
similarity index 54%
rename from OracleIdentityGovernance/kubernetes/3.0.1/ingress-per-domain/Chart.yaml
rename to OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/Chart.yaml
index 5c7f11b71..dc3981291
--- a/OracleIdentityGovernance/kubernetes/3.0.1/ingress-per-domain/Chart.yaml
+++ b/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/Chart.yaml
@@ -1,8 +1,8 @@
-# Copyright (c) 2020, Oracle Corporation and/or its affiliates.
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
-
+#
apiVersion: v1
appVersion: "1.0"
-description: A Helm chart to create an Ingress for a Oracle WebLogic Server domain.
+description: A Helm chart to create an Ingress for a WLS domain.
name: ingress-per-domain
version: 0.1.0
diff --git a/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/templates/nginx-ingress-k8s1.19.yaml b/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/templates/nginx-ingress-k8s1.19.yaml
new file mode 100755
index 000000000..adbc02e0a
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/templates/nginx-ingress-k8s1.19.yaml
@@ -0,0 +1,193 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if eq .Values.type "NGINX" }}
+{{- if or (eq .Values.sslType "NONSSL") (eq .Values.sslType "SSL") }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ .Values.wlsDomain.domainUID }}-nginx
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ nginx.ingress.kubernetes.io/affinity: 'cookie'
+ nginx.ingress.kubernetes.io/enable-access-log: 'false'
+ kubernetes.io/ingress.class: 'nginx'
+{{- if eq .Values.sslType "SSL" }}
+ nginx.ingress.kubernetes.io/proxy-buffer-size: '2000k'
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ more_set_input_headers "X-Forwarded-Proto: https";
+ more_set_input_headers "WL-Proxy-SSL: true";
+ nginx.ingress.kubernetes.io/ingress.allow-http: 'false'
+{{- end }}
+spec:
+ rules:
+ - http:
+ paths:
+ - path: /console
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /em
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /soa
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.soaClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.soaManagedServerPort }}
+ - path: /integration
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.soaClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.soaManagedServerPort }}
+ - path: /soa-infra
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.soaClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.soaManagedServerPort }}
+ - path: /identity
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /admin
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /oim
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /sysadmin
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /workflowservice
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /xlWebApp
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /Nexaweb
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /callbackResponseService
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /spml-xsd
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /HTTPClnt
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /reqsvc
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /iam
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /provisioning-callback
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /CertificationCallbackService
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /ucs
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /FacadeWebApp
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /OIGUI
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /weblogic
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+
+{{- end }}
+{{- end }}
+{{- end }}
+
diff --git a/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/templates/nginx-ingress.yaml b/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/templates/nginx-ingress.yaml
new file mode 100755
index 000000000..3e845d139
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/templates/nginx-ingress.yaml
@@ -0,0 +1,124 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+{{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if eq .Values.type "NGINX" }}
+{{- if or (eq .Values.sslType "NONSSL") (eq .Values.sslType "SSL") }}
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: {{ .Values.wlsDomain.domainUID }}-nginx
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ nginx.ingress.kubernetes.io/affinity: 'cookie'
+ nginx.ingress.kubernetes.io/enable-access-log: 'false'
+ kubernetes.io/ingress.class: 'nginx'
+{{- if eq .Values.sslType "SSL" }}
+ nginx.ingress.kubernetes.io/proxy-buffer-size: '2000k'
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ more_set_input_headers "X-Forwarded-Proto: https";
+ more_set_input_headers "WL-Proxy-SSL: true";
+ nginx.ingress.kubernetes.io/ingress.allow-http: 'false'
+{{- end }}
+spec:
+ rules:
+ - http:
+ paths:
+ - path: /console
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /em
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /soa
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.soaClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.soaManagedServerPort }}
+ - path: /integration
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.soaClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.soaManagedServerPort }}
+ - path: /soa-infra
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.soaClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.soaManagedServerPort }}
+ - path: /identity
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /admin
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /oim
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /sysadmin
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /workflowservice
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /xlWebApp
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /Nexaweb
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /callbackResponseService
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /spml-xsd
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /HTTPClnt
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /reqsvc
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /iam
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /provisioning-callback
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /CertificationCallbackService
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /ucs
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /FacadeWebApp
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /OIGUI
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+ - path: /weblogic
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+
+{{- end }}
+{{- end }}
+{{- end }}
+
diff --git a/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/templates/traefik-ingress-k8s1.19.yaml b/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/templates/traefik-ingress-k8s1.19.yaml
new file mode 100755
index 000000000..d19b64c93
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/templates/traefik-ingress-k8s1.19.yaml
@@ -0,0 +1,92 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if eq .Values.type "TRAEFIK" }}
+{{- if or (eq .Values.sslType "NONSSL") (eq .Values.sslType "SSL") }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ .Values.wlsDomain.domainUID }}-traefik
+ namespace: {{ .Release.Namespace }}
+ labels:
+ weblogic.resourceVersion: domain-v2
+ annotations:
+ kubernetes.io/ingress.class: 'traefik'
+spec:
+ rules:
+ - host: '{{ .Values.traefik.hostname }}'
+ http:
+ paths:
+ - path: /console
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /em
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /soa
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.soaClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.soaManagedServerPort }}
+ - path: /integration
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.soaClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.soaManagedServerPort }}
+ - path: /soa-infra
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.soaClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.soaManagedServerPort }}
+ - path:
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ port:
+ number: {{ .Values.wlsDomain.oimManagedServerPort }}
+{{- if eq .Values.sslType "SSL" }}
+ tls:
+ - hosts:
+ - '{{ .Values.traefik.hostname }}'
+ secretName: {{ .Values.secretName }}
+{{- end }}
+---
+#Create Traefik Middleware custom resource for SSL Termination
+{{- if eq .Values.sslType "SSL" }}
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: wls-proxy-ssl
+ namespace: {{ .Release.Namespace }}
+spec:
+ headers:
+ customRequestHeaders:
+ X-Custom-Request-Header: ""
+ X-Forwarded-For: ""
+ WL-Proxy-Client-IP: ""
+ WL-Proxy-SSL: ""
+ WL-Proxy-SSL: "true"
+ sslRedirect: true
+{{- end }}
+
+{{- end }}
+{{- end }}
+{{- end }}
+
diff --git a/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/templates/traefik-ingress.yaml b/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/templates/traefik-ingress.yaml
new file mode 100755
index 000000000..efb029ee3
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/templates/traefik-ingress.yaml
@@ -0,0 +1,74 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+{{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if eq .Values.type "TRAEFIK" }}
+{{- if or (eq .Values.sslType "NONSSL") (eq .Values.sslType "SSL") }}
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: {{ .Values.wlsDomain.domainUID }}-traefik
+ namespace: {{ .Release.Namespace }}
+ labels:
+ weblogic.resourceVersion: domain-v2
+ annotations:
+ kubernetes.io/ingress.class: 'traefik'
+spec:
+ rules:
+ - host: '{{ .Values.traefik.hostname }}'
+ http:
+ paths:
+ - path: /console
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /em
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.adminServerPort }}
+ - path: /soa
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.soaClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.soaManagedServerPort }}
+ - path: /integration
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.soaClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.soaManagedServerPort }}
+ - path: /soa-infra
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.soaClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.soaManagedServerPort }}
+ - path:
+ backend:
+ serviceName: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.oimClusterName | lower | replace "_" "-" }}'
+ servicePort: {{ .Values.wlsDomain.oimManagedServerPort }}
+{{- if eq .Values.sslType "SSL" }}
+ tls:
+ - hosts:
+ - '{{ .Values.traefik.hostname }}'
+ secretName: {{ .Values.secretName }}
+{{- end }}
+---
+#Create Traefik Middleware custom resource for SSL Termination
+{{- if eq .Values.sslType "SSL" }}
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: wls-proxy-ssl
+ namespace: {{ .Release.Namespace }}
+spec:
+ headers:
+ customRequestHeaders:
+ X-Custom-Request-Header: ""
+ X-Forwarded-For: ""
+ WL-Proxy-Client-IP: ""
+ WL-Proxy-SSL: ""
+ WL-Proxy-SSL: "true"
+ sslRedirect: true
+{{- end }}
+
+{{- end }}
+{{- end }}
+{{- end }}
+
diff --git a/OracleIdentityGovernance/kubernetes/3.0.1/ingress-per-domain/values.yaml b/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/values.yaml
old mode 100644
new mode 100755
similarity index 54%
rename from OracleIdentityGovernance/kubernetes/3.0.1/ingress-per-domain/values.yaml
rename to OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/values.yaml
index bd23a79f6..907a843eb
--- a/OracleIdentityGovernance/kubernetes/3.0.1/ingress-per-domain/values.yaml
+++ b/OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/values.yaml
@@ -1,33 +1,28 @@
-# Copyright (c) 2020, Oracle Corporation and/or its affiliates.
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
-
+#
+#
# Default values for ingress-per-domain.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
+#
+# Load balancer type. Supported values are: TRAEFIK, NGINX
+type: NGINX
+
+# Type of Configuration Supported Values are : NONSSL, SSL
+sslType: SSL
-# Load balancer type. Supported values are: VOYAGER, NGINX
-type: VOYAGER
-# Type of Configuration Supported Values are : NONSSL,SSL
-# tls: NONSSL
-tls: SSL
# TLS secret name if the mode is SSL
secretName: domain1-tls-cert
-
-# WLS domain as backend to the load balancer
+#WLS domain as backend to the load balancer
wlsDomain:
domainUID: oimcluster
- oimClusterName: oim_cluster
+ adminServerName: AdminServer
+ adminServerPort: 7001
soaClusterName: soa_cluster
soaManagedServerPort: 8001
+ oimClusterName: oim_cluster
oimManagedServerPort: 14000
- adminServerName: adminserver
- adminServerPort: 7001
-# Voyager specific values
-voyager:
- # web port
- webPort: 30305
- # stats port
- statsPort: 30315
diff --git a/OracleIdentityGovernance/kubernetes/charts/traefik/values.yaml b/OracleIdentityGovernance/kubernetes/charts/traefik/values.yaml
new file mode 100755
index 000000000..e94bf24f2
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/traefik/values.yaml
@@ -0,0 +1,52 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+image:
+ name: traefik
+ tag: 2.2.8
+ pullPolicy: IfNotPresent
+ingressRoute:
+ dashboard:
+ enabled: true
+ # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
+ annotations: {}
+ # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
+ labels: {}
+providers:
+ kubernetesCRD:
+ enabled: true
+ kubernetesIngress:
+ enabled: true
+ # IP used for Kubernetes Ingress endpoints
+ports:
+ traefik:
+ port: 9000
+ expose: true
+ # The exposed port for this service
+ exposedPort: 9000
+ # The port protocol (TCP/UDP)
+ protocol: TCP
+ web:
+ port: 8000
+ # hostPort: 8000
+ expose: true
+ exposedPort: 30305
+ nodePort: 30305
+ # The port protocol (TCP/UDP)
+ protocol: TCP
+ # Use nodeport if set. This is useful if you have configured Traefik in a
+ # LoadBalancer
+ # nodePort: 32080
+ # Port Redirections
+ # Added in 2.2, you can make permanent redirects via entrypoints.
+ # https://docs.traefik.io/routing/entrypoints/#redirection
+ # redirectTo: websecure
+ websecure:
+ port: 8443
+# # hostPort: 8443
+ expose: true
+ exposedPort: 30443
+ # The port protocol (TCP/UDP)
+ protocol: TCP
+ nodePort: 30443
+
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/.helmignore b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/.helmignore
new file mode 100755
index 000000000..1397cc19f
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/.helmignore
@@ -0,0 +1,12 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+.git/
+.gitignore
+*.bak
+*.tmp
+*.orig
+*~
+.project
+.idea/
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/Chart.yaml b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/Chart.yaml
new file mode 100755
index 000000000..b5cac770e
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/Chart.yaml
@@ -0,0 +1,10 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+apiVersion: v1
+name: weblogic-operator
+description: Helm chart for configuring the WebLogic operator.
+
+type: application
+version: 3.3.0
+appVersion: 3.3.0
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_domain-namespaces.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_domain-namespaces.tpl
new file mode 100755
index 000000000..08988c28d
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_domain-namespaces.tpl
@@ -0,0 +1,134 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.domainNamespaces" }}
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+{{- $args := include "utils.cloneDictionary" . | fromYaml -}}
+{{- $key := .Release.Namespace -}}
+{{- $ignore := set $args "domainNamespace" $key -}}
+{{- include "operator.operatorRoleBindingNamespace" $args -}}
+{{- else if eq (default "List" .domainNamespaceSelectionStrategy) "List" }}
+{{- $args := include "utils.cloneDictionary" . | fromYaml -}}
+{{- range $key := $args.domainNamespaces -}}
+{{- $ignore := set $args "domainNamespace" $key -}}
+{{- include "operator.operatorRoleBindingNamespace" $args -}}
+{{- end }}
+{{- else if eq .domainNamespaceSelectionStrategy "LabelSelector" }}
+{{- $args := include "utils.cloneDictionary" . | fromYaml -}}
+{{- /*
+ Split terms on commas not contained in parentheses. Unfortunately, the regular expression
+ support included with Helm templates does not include lookarounds.
+*/ -}}
+{{- $working := dict "rejected" (list) "terms" (list $args.domainNamespaceLabelSelector) }}
+{{- if contains "," $args.domainNamespaceLabelSelector }}
+{{- $cs := regexSplit "," $args.domainNamespaceLabelSelector -1 }}
+{{- $ignore := set $working "st" (list) }}
+{{- $ignore := set $working "item" "" }}
+{{- range $c := $cs }}
+{{- if and (contains "(" $c) (not (contains ")" $c)) }}
+{{- $ignore := set $working "item" (print $working.item $c) }}
+{{- else if not (eq $working.item "") }}
+{{- $ignore := set $working "st" (append $working.st (print $working.item "," $c)) }}
+{{- if contains ")" $c }}
+{{- $ignore := set $working "item" "" }}
+{{- end }}
+{{- else }}
+{{- $ignore := set $working "st" (append $working.st $c) }}
+{{- end }}
+{{- end }}
+{{- $ignore := set $working "terms" $working.st }}
+{{- end }}
+{{- $namespaces := (lookup "v1" "Namespace" "" "").items }}
+{{- range $t := $working.terms }}
+{{- $term := trim $t }}
+{{- range $index, $namespace := $namespaces }}
+{{- /*
+ Label selector patterns
+ Equality-based: =, ==, !=
+ Set-based: x in (a, b), x notin (a, b)
+ Existence: x, !x
+*/ -}}
+{{- if not $namespace.metadata.labels }}
+{{- $ignore := set $namespace.metadata "labels" (dict) }}
+{{- end }}
+{{- if hasPrefix "!" $term }}
+{{- if hasKey $namespace.metadata.labels (trimPrefix "!" $term) }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- end }}
+{{- else if contains "!=" $term }}
+{{- $split := regexSplit "!=" $term 2 }}
+{{- $key := nospace (first $split) }}
+{{- if hasKey $namespace.metadata.labels $key }}
+{{- if eq (last $split | nospace) (get $namespace.metadata.labels $key) }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- end }}
+{{- end }}
+{{- else if contains "==" $term }}
+{{- $split := regexSplit "==" $term 2 }}
+{{- $key := nospace (first $split) }}
+{{- if or (not (hasKey $namespace.metadata.labels $key)) (not (eq (last $split | nospace) (get $namespace.metadata.labels $key))) }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- end }}
+{{- else if contains "=" $term }}
+{{- $split := regexSplit "=" $term 2 }}
+{{- $key := nospace (first $split) }}
+{{- if or (not (hasKey $namespace.metadata.labels $key)) (not (eq (last $split | nospace) (get $namespace.metadata.labels $key))) }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- end }}
+{{- else if contains " notin " $term }}
+{{- $split := regexSplit " notin " $term 2 }}
+{{- $key := nospace (first $split) }}
+{{- if hasKey $namespace.metadata.labels $key }}
+{{- $second := nospace (last $split) }}
+{{- $parenContents := substr 1 (int (sub (len $second) 1)) $second }}
+{{- $values := regexSplit "," $parenContents -1 }}
+{{- range $value := $values }}
+{{- if eq ($value | nospace) (get $namespace.metadata.labels $key) }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- else if contains " in " $term }}
+{{- $split := regexSplit " in " $term 2 }}
+{{- $key := nospace (first $split) }}
+{{- if not (hasKey $namespace.metadata.labels $key) }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- else }}
+{{- $second := nospace (last $split) }}
+{{- $parenContents := substr 1 (int (sub (len $second) 1)) $second }}
+{{- $values := regexSplit "," $parenContents -1 }}
+{{- $ignore := set $working "found" false }}
+{{- range $value := $values }}
+{{- if eq ($value | nospace) (get $namespace.metadata.labels $key) }}
+{{- $ignore := set $working "found" true }}
+{{- end }}
+{{- end }}
+{{- if not $working.found }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- end }}
+{{- end }}
+{{- else }}
+{{- if not (hasKey $namespace.metadata.labels $term) }}
+{{- $ignore := set $working "rejected" (append $working.rejected $namespace.metadata.name) }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- range $index, $namespace := $namespaces }}
+{{- $key := $namespace.metadata.name -}}
+{{- if not (has $key $working.rejected) }}
+{{- $ignore := set $args "domainNamespace" $key -}}
+{{- include "operator.operatorRoleBindingNamespace" $args -}}
+{{- end }}
+{{- end }}
+{{- else if eq .domainNamespaceSelectionStrategy "RegExp" }}
+{{- $args := include "utils.cloneDictionary" . | fromYaml -}}
+{{- range $index, $namespace := (lookup "v1" "Namespace" "" "").items }}
+{{- if regexMatch $args.domainNamespaceRegExp $namespace.metadata.name }}
+{{- $key := $namespace.metadata.name -}}
+{{- $ignore := set $args "domainNamespace" $key -}}
+{{- include "operator.operatorRoleBindingNamespace" $args -}}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-domain-admin.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-domain-admin.tpl
new file mode 100755
index 000000000..94cab9df7
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-domain-admin.tpl
@@ -0,0 +1,40 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorClusterRoleDomainAdmin" }}
+---
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+kind: "Role"
+{{- else }}
+kind: "ClusterRole"
+{{- end }}
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ name: "weblogic-operator-role-domain-admin"
+ namespace: {{ .Release.Namespace | quote }}
+ {{- else }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-domain-admin" | join "-" | quote }}
+ {{- end }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+rules:
+- apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+- apiGroups: [""]
+ resources: ["secrets", "pods", "events"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+ resources: ["pods/log"]
+ verbs: ["get", "list"]
+- apiGroups: [""]
+ resources: ["pods/exec"]
+ verbs: ["get", "create"]
+- apiGroups: ["weblogic.oracle"]
+ resources: ["domains"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+- apiGroups: ["weblogic.oracle"]
+ resources: ["domains/status"]
+ verbs: ["get", "watch"]
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-general.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-general.tpl
new file mode 100755
index 000000000..2eba13b95
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-general.tpl
@@ -0,0 +1,39 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorClusterRoleGeneral" }}
+---
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+kind: "Role"
+{{- else }}
+kind: "ClusterRole"
+{{- end }}
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ name: "weblogic-operator-role-general"
+ namespace: {{ .Release.Namespace | quote }}
+ {{- else }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-general" | join "-" | quote }}
+ {{- end }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+rules:
+{{- if not (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+- apiGroups: [""]
+ resources: ["namespaces"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions"]
+ verbs: ["get", "list", "watch", "create", "update", "patch"]
+{{- end }}
+- apiGroups: ["weblogic.oracle"]
+ resources: ["domains", "domains/status"]
+ verbs: ["get", "list", "watch", "update", "patch"]
+- apiGroups: ["authentication.k8s.io"]
+ resources: ["tokenreviews"]
+ verbs: ["create"]
+- apiGroups: ["authorization.k8s.io"]
+ resources: ["selfsubjectrulesreviews"]
+ verbs: ["create"]
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-namespace.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-namespace.tpl
new file mode 100755
index 000000000..6310779bb
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-namespace.tpl
@@ -0,0 +1,40 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorClusterRoleNamespace" }}
+---
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+kind: "Role"
+{{- else }}
+kind: "ClusterRole"
+{{- end }}
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ name: "weblogic-operator-role-namespace"
+ namespace: {{ .Release.Namespace | quote }}
+ {{- else }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-namespace" | join "-" | quote }}
+ {{- end }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+rules:
+- apiGroups: [""]
+ resources: ["services", "configmaps", "pods", "events"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+- apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+ resources: ["pods/log"]
+ verbs: ["get", "list"]
+- apiGroups: [""]
+ resources: ["pods/exec"]
+ verbs: ["get", "create"]
+- apiGroups: ["batch"]
+ resources: ["jobs"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+- apiGroups: ["policy"]
+ resources: ["poddisruptionbudgets"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-nonresource.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-nonresource.tpl
new file mode 100755
index 000000000..e3b6a2785
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-nonresource.tpl
@@ -0,0 +1,15 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorClusterRoleNonResource" }}
+---
+kind: "ClusterRole"
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-nonresource" | join "-" | quote }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+rules:
+- nonResourceURLs: ["/version/*"]
+ verbs: ["get"]
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-operator-admin.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-operator-admin.tpl
new file mode 100755
index 000000000..46faed184
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrole-operator-admin.tpl
@@ -0,0 +1,34 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorClusterRoleOperatorAdmin" }}
+---
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+kind: "Role"
+{{- else }}
+kind: "ClusterRole"
+{{- end }}
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ name: "weblogic-operator-role-operator-admin"
+ namespace: {{ .Release.Namespace | quote }}
+ {{- else }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-operator-admin" | join "-" | quote }}
+ {{- end }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+rules:
+- apiGroups: [""]
+ resources: ["configmaps", "secrets"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+- apiGroups: [""]
+ resources: ["pods", "events"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+ resources: ["pods/log"]
+ verbs: ["get", "list"]
+- apiGroups: [""]
+ resources: ["pods/exec"]
+ verbs: ["get", "create"]
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-auth-delegator.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-auth-delegator.tpl
new file mode 100755
index 000000000..783f970e7
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-auth-delegator.tpl
@@ -0,0 +1,30 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.clusterRoleBindingAuthDelegator" }}
+---
+apiVersion: "rbac.authorization.k8s.io/v1"
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+kind: "RoleBinding"
+{{- else }}
+kind: "ClusterRoleBinding"
+{{- end }}
+metadata:
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote}}
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ name: "weblogic-operator-rolebinding-auth-delegator"
+ namespace: {{ .Release.Namespace | quote }}
+ {{- else }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrolebinding-auth-delegator" | join "-" | quote }}
+ {{- end }}
+roleRef:
+ apiGroup: "rbac.authorization.k8s.io"
+ kind: "ClusterRole"
+ name: "system:auth-delegator"
+subjects:
+- kind: "ServiceAccount"
+ apiGroup: ""
+ name: {{ .serviceAccount | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-discovery.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-discovery.tpl
new file mode 100755
index 000000000..48c505fa5
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-discovery.tpl
@@ -0,0 +1,30 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.clusterRoleBindingDiscovery" }}
+---
+apiVersion: "rbac.authorization.k8s.io/v1"
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+kind: "RoleBinding"
+{{- else }}
+kind: "ClusterRoleBinding"
+{{- end }}
+metadata:
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ name: "weblogic-operator-rolebinding-discovery"
+ namespace: {{ .Release.Namespace | quote }}
+ {{- else }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrolebinding-discovery" | join "-" | quote }}
+ {{- end }}
+roleRef:
+ apiGroup: "rbac.authorization.k8s.io"
+ kind: "ClusterRole"
+ name: "system:discovery"
+subjects:
+- kind: "ServiceAccount"
+ apiGroup: ""
+ name: {{ .serviceAccount | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-general.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-general.tpl
new file mode 100755
index 000000000..f2994da33
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-general.tpl
@@ -0,0 +1,35 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.clusterRoleBindingGeneral" }}
+---
+apiVersion: "rbac.authorization.k8s.io/v1"
+{{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+kind: "RoleBinding"
+{{- else }}
+kind: "ClusterRoleBinding"
+{{- end }}
+metadata:
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ name: "weblogic-operator-rolebinding-general"
+ namespace: {{ .Release.Namespace | quote }}
+ {{- else }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrolebinding-general" | join "-" | quote }}
+ {{- end }}
+roleRef:
+ apiGroup: "rbac.authorization.k8s.io"
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ kind: "Role"
+ name: "weblogic-operator-role-general"
+ {{- else }}
+ kind: "ClusterRole"
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-general" | join "-" | quote }}
+ {{- end }}
+subjects:
+- kind: "ServiceAccount"
+ apiGroup: ""
+ name: {{ .serviceAccount | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-nonresource.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-nonresource.tpl
new file mode 100755
index 000000000..d998ab0e9
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-nonresource.tpl
@@ -0,0 +1,21 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.clusterRoleBindingNonResource" }}
+---
+apiVersion: "rbac.authorization.k8s.io/v1"
+kind: "ClusterRoleBinding"
+metadata:
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrolebinding-nonresource" | join "-" | quote }}
+roleRef:
+ apiGroup: "rbac.authorization.k8s.io"
+ kind: "ClusterRole"
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-nonresource" | join "-" | quote }}
+subjects:
+- kind: "ServiceAccount"
+ apiGroup: ""
+ name: {{ .serviceAccount | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-cm.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-cm.tpl
new file mode 100755
index 000000000..dd6594de2
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-cm.tpl
@@ -0,0 +1,58 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorConfigMap" }}
+---
+apiVersion: "v1"
+data:
+ {{- if .externalRestEnabled }}
+ {{- if (hasKey . "externalRestIdentitySecret") }}
+ externalRestIdentitySecret: {{ .externalRestIdentitySecret | quote }}
+ {{- else }}
+ externalOperatorCert: {{ .externalOperatorCert | quote }}
+ {{- end }}
+ {{- end }}
+ {{- $configmap := (lookup "v1" "ConfigMap" .Release.Namespace "weblogic-operator-cm") }}
+ {{- if (and $configmap $configmap.data) }}
+ {{- $internalOperatorCert := index $configmap.data "internalOperatorCert" }}
+ {{- if $internalOperatorCert }}
+ internalOperatorCert: {{ $internalOperatorCert }}
+ {{- end }}
+ {{- end }}
+ serviceaccount: {{ .serviceAccount | quote }}
+ domainNamespaceSelectionStrategy: {{ (default "List" .domainNamespaceSelectionStrategy) | quote }}
+ domainNamespaces: {{ .domainNamespaces | uniq | sortAlpha | join "," | quote }}
+ {{- if .dedicated }}
+ dedicated: {{ .dedicated | quote }}
+ {{- end }}
+ {{- if .domainNamespaceLabelSelector }}
+ domainNamespaceLabelSelector: {{ .domainNamespaceLabelSelector | quote }}
+ {{- end }}
+ {{- if .domainNamespaceRegExp }}
+ domainNamespaceRegExp: {{ .domainNamespaceRegExp | quote }}
+ {{- end }}
+ {{- if .dns1123Fields }}
+ dns1123Fields: {{ .dns1123Fields | quote }}
+ {{- end }}
+ {{- if .featureGates }}
+ featureGates: {{ .featureGates | quote }}
+ {{- end }}
+ {{- if .introspectorJobNameSuffix }}
+ introspectorJobNameSuffix: {{ .introspectorJobNameSuffix | quote }}
+ {{- end }}
+ {{- if .externalServiceNameSuffix }}
+ externalServiceNameSuffix: {{ .externalServiceNameSuffix | quote }}
+ {{- end }}
+ {{- if .clusterSizePaddingValidationEnabled }}
+ clusterSizePaddingValidationEnabled: {{ .clusterSizePaddingValidationEnabled | quote }}
+ {{- end }}
+ {{- if .tokenReviewAuthentication }}
+ tokenReviewAuthentication: {{ .tokenReviewAuthentication | quote }}
+ {{- end }}
+kind: "ConfigMap"
+metadata:
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+ name: "weblogic-operator-cm"
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl
new file mode 100755
index 000000000..3fadac7dc
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl
@@ -0,0 +1,158 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorDeployment" }}
+---
+apiVersion: "apps/v1"
+kind: "Deployment"
+metadata:
+ name: "weblogic-operator"
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+spec:
+ strategy:
+ type: Recreate
+ selector:
+ matchLabels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+ replicas: 1
+ template:
+ metadata:
+ {{- with .annotations }}
+ annotations:
+ {{- end }}
+ {{- range $key, $value := .annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+ app: "weblogic-operator"
+ {{- range $key, $value := .labels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ .serviceAccount | quote }}
+ {{- with .nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: "weblogic-operator"
+ image: {{ .image | quote }}
+ imagePullPolicy: {{ .imagePullPolicy | quote }}
+ command: ["bash"]
+ args: ["/operator/operator.sh"]
+ env:
+ - name: "OPERATOR_NAMESPACE"
+ valueFrom:
+ fieldRef:
+ fieldPath: "metadata.namespace"
+ - name: "OPERATOR_POD_NAME"
+ valueFrom:
+ fieldRef:
+ fieldPath: "metadata.name"
+ - name: "OPERATOR_POD_UID"
+ valueFrom:
+ fieldRef:
+ fieldPath: "metadata.uid"
+ - name: "OPERATOR_VERBOSE"
+ value: "false"
+ - name: "JAVA_LOGGING_LEVEL"
+ value: {{ .javaLoggingLevel | quote }}
+ - name: "JAVA_LOGGING_MAXSIZE"
+ value: {{ .javaLoggingFileSizeLimit | default 20000000 | quote }}
+ - name: "JAVA_LOGGING_COUNT"
+ value: {{ .javaLoggingFileCount | default 10 | quote }}
+ {{- if .remoteDebugNodePortEnabled }}
+ - name: "REMOTE_DEBUG_PORT"
+ value: {{ .internalDebugHttpPort | quote }}
+ - name: "DEBUG_SUSPEND"
+ {{- if .suspendOnDebugStartup }}
+ value: "y"
+ {{- else }}
+ value: "n"
+ {{- end }}
+ {{- end }}
+ {{- if .mockWLS }}
+ - name: "MOCK_WLS"
+ value: "true"
+ {{- end }}
+ resources:
+ requests:
+ cpu: {{ .cpuRequests | default "250m" }}
+ memory: {{ .memoryRequests | default "512Mi" }}
+ limits:
+ {{- if .cpuLimits}}
+ cpu: {{ .cpuLimits }}
+ {{- end }}
+ {{- if .memoryLimits}}
+ memory: {{ .memoryLimits }}
+ {{- end }}
+ volumeMounts:
+ - name: "weblogic-operator-cm-volume"
+ mountPath: "/operator/config"
+ - name: "weblogic-operator-debug-cm-volume"
+ mountPath: "/operator/debug-config"
+ - name: "weblogic-operator-secrets-volume"
+ mountPath: "/operator/secrets"
+ readOnly: true
+ {{- if .elkIntegrationEnabled }}
+ - mountPath: "/logs"
+ name: "log-dir"
+ readOnly: false
+ {{- end }}
+ {{- if not .remoteDebugNodePortEnabled }}
+ livenessProbe:
+ exec:
+ command:
+ - "bash"
+ - "/operator/livenessProbe.sh"
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ readinessProbe:
+ exec:
+ command:
+ - "bash"
+ - "/operator/readinessProbe.sh"
+ initialDelaySeconds: 2
+ periodSeconds: 10
+ {{- end }}
+ {{- if .elkIntegrationEnabled }}
+ - name: "logstash"
+ image: {{ .logStashImage | quote }}
+ args: [ "-f", "/logs/logstash.conf" ]
+ volumeMounts:
+ - name: "log-dir"
+ mountPath: "/logs"
+ env:
+ - name: "ELASTICSEARCH_HOST"
+ value: {{ .elasticSearchHost | quote }}
+ - name: "ELASTICSEARCH_PORT"
+ value: {{ .elasticSearchPort | quote }}
+ {{- end }}
+ {{- if .imagePullSecrets }}
+ imagePullSecrets:
+ {{ .imagePullSecrets | toYaml }}
+ {{- end }}
+ volumes:
+ - name: "weblogic-operator-cm-volume"
+ configMap:
+ name: "weblogic-operator-cm"
+ - name: "weblogic-operator-debug-cm-volume"
+ configMap:
+ name: "weblogic-operator-debug-cm"
+ optional: true
+ - name: "weblogic-operator-secrets-volume"
+ secret:
+ secretName: "weblogic-operator-secrets"
+ {{- if .elkIntegrationEnabled }}
+ - name: "log-dir"
+ emptyDir:
+ medium: "Memory"
+ {{- end }}
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-external-svc.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-external-svc.tpl
new file mode 100755
index 000000000..44bfc1191
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-external-svc.tpl
@@ -0,0 +1,30 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorExternalService" }}
+{{- if or .externalRestEnabled .remoteDebugNodePortEnabled }}
+---
+apiVersion: "v1"
+kind: "Service"
+metadata:
+ name: "external-weblogic-operator-svc"
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+spec:
+ type: "NodePort"
+ selector:
+ app: "weblogic-operator"
+ ports:
+ {{- if .externalRestEnabled }}
+ - name: "rest"
+ port: 8081
+ nodePort: {{ .externalRestHttpsPort }}
+ {{- end }}
+ {{- if .remoteDebugNodePortEnabled }}
+ - name: "debug"
+ port: {{ .internalDebugHttpPort }}
+ nodePort: {{ .externalDebugHttpPort }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-internal-svc.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-internal-svc.tpl
new file mode 100755
index 000000000..0108738de
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-internal-svc.tpl
@@ -0,0 +1,20 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorInternalService" }}
+---
+apiVersion: "v1"
+kind: "Service"
+metadata:
+ name: "internal-weblogic-operator-svc"
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+spec:
+ type: "ClusterIP"
+ selector:
+ app: "weblogic-operator"
+ ports:
+ - port: 8082
+ name: "rest"
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-role.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-role.tpl
new file mode 100755
index 000000000..e0c386b98
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-role.tpl
@@ -0,0 +1,17 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorRole" }}
+---
+kind: "Role"
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ name: "weblogic-operator-role"
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+rules:
+- apiGroups: [""]
+ resources: ["events", "secrets", "configmaps"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-rolebinding-namespace.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-rolebinding-namespace.tpl
new file mode 100755
index 000000000..d55ed3f47
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-rolebinding-namespace.tpl
@@ -0,0 +1,35 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorRoleBindingNamespace" }}
+---
+{{- if .enableClusterRoleBinding }}
+kind: "ClusterRoleBinding"
+{{- else }}
+kind: "RoleBinding"
+{{- end }}
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ {{- if .enableClusterRoleBinding }}
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrolebinding-namespace" | join "-" | quote }}
+ {{- else }}
+ name: "weblogic-operator-rolebinding-namespace"
+ namespace: {{ .domainNamespace | quote }}
+ {{- end }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+subjects:
+- kind: "ServiceAccount"
+ name: {{ .serviceAccount | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+ apiGroup: ""
+roleRef:
+ {{- if (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+ kind: "Role"
+ name: "weblogic-operator-role-namespace"
+ {{- else }}
+ kind: "ClusterRole"
+ name: {{ list .Release.Namespace "weblogic-operator-clusterrole-namespace" | join "-" | quote }}
+ {{- end }}
+ apiGroup: "rbac.authorization.k8s.io"
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-rolebinding.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-rolebinding.tpl
new file mode 100755
index 000000000..98a09424e
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-rolebinding.tpl
@@ -0,0 +1,22 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorRoleBinding" }}
+---
+kind: "RoleBinding"
+apiVersion: "rbac.authorization.k8s.io/v1"
+metadata:
+ name: "weblogic-operator-rolebinding"
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+subjects:
+- kind: "ServiceAccount"
+ name: {{ .serviceAccount | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+ apiGroup: ""
+roleRef:
+ kind: "Role"
+ name: "weblogic-operator-role"
+ apiGroup: "rbac.authorization.k8s.io"
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-secret.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-secret.tpl
new file mode 100755
index 000000000..6a7442718
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator-secret.tpl
@@ -0,0 +1,25 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operatorSecrets" }}
+---
+apiVersion: "v1"
+kind: "Secret"
+data:
+ {{- if (and .externalRestEnabled (hasKey . "externalOperatorKey")) }}
+ externalOperatorKey: {{ .externalOperatorKey | quote }}
+ {{- end }}
+ {{- $secret := (lookup "v1" "Secret" .Release.Namespace "weblogic-operator-secrets") }}
+ {{- if (and $secret $secret.data) }}
+ {{- $internalOperatorKey := index $secret.data "internalOperatorKey" }}
+ {{- if $internalOperatorKey }}
+ internalOperatorKey: {{ $internalOperatorKey }}
+ {{- end }}
+ {{- end }}
+metadata:
+ labels:
+ weblogic.operatorName: {{ .Release.Namespace | quote }}
+ name: "weblogic-operator-secrets"
+ namespace: {{ .Release.Namespace | quote }}
+type: "Opaque"
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator.tpl
new file mode 100755
index 000000000..c24d7eebf
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_operator.tpl
@@ -0,0 +1,30 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.operator" -}}
+{{- include "operator.operatorClusterRoleGeneral" . }}
+{{- include "operator.operatorClusterRoleNamespace" . }}
+{{- if not (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+{{- include "operator.operatorClusterRoleNonResource" . }}
+{{- end }}
+{{- include "operator.operatorClusterRoleOperatorAdmin" . }}
+{{- include "operator.operatorClusterRoleDomainAdmin" . }}
+{{- include "operator.clusterRoleBindingGeneral" . }}
+{{- include "operator.clusterRoleBindingAuthDelegator" . }}
+{{- include "operator.clusterRoleBindingDiscovery" . }}
+{{- if not (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+{{- include "operator.clusterRoleBindingNonResource" . }}
+{{- end }}
+{{- include "operator.operatorRole" . }}
+{{- include "operator.operatorRoleBinding" . }}
+{{- include "operator.operatorConfigMap" . }}
+{{- include "operator.operatorSecrets" . }}
+{{- include "operator.operatorDeployment" . }}
+{{- include "operator.operatorInternalService" . }}
+{{- include "operator.operatorExternalService" . }}
+{{- if .enableClusterRoleBinding }}
+{{- include "operator.operatorRoleBindingNamespace" . }}
+{{- else }}
+{{- include "operator.domainNamespaces" . }}
+{{- end }}
+{{- end }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_utils.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_utils.tpl
new file mode 100755
index 000000000..9f2ed825c
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_utils.tpl
@@ -0,0 +1,493 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{/*
+Start validation
+*/}}
+{{- define "utils.startValidation" -}}
+{{- $scope := . -}}
+{{- $context := dict "scope" $scope "path" list -}}
+{{- $stack := list $context -}}
+{{- $ignore := set $scope "validationContextStack" $stack -}}
+{{- $ignore := include "utils.setCurrentValidationContext" $scope -}}
+{{- end -}}
+
+{{/*
+End validation
+If there were any validation errors, report them and kill the helm chart installation.
+*/}}
+{{- define "utils.endValidation" -}}
+{{- $scope := . -}}
+{{- if hasKey $scope "validationErrors" -}}
+{{- fail $scope.validationErrors -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Push a new validation context
+*/}}
+{{- define "utils.pushValidationContext" -}}
+{{- $scope := index . 0 }}
+{{- $scopeName := index . 1 }}
+{{- $newScope := index $scope.validationScope $scopeName -}}
+{{- $newPath := append $scope.validationPath $scopeName -}}
+{{- $newContext := dict "scope" $newScope "path" $newPath -}}
+{{- $newStack := append $scope.validationContextStack $newContext -}}
+{{- $ignore := set $scope "validationContextStack" $newStack -}}
+{{- $ignore := include "utils.setCurrentValidationContext" $scope -}}
+{{- end -}}
+
+{{/*
+Pop the validation context
+*/}}
+{{- define "utils.popValidationContext" -}}
+{{- $scope := . }}
+{{- $stack := $scope.validationContextStack -}}
+{{- $ignore := set $scope "validationContextStack" (initial $stack) -}}
+{{- $ignore := include "utils.setCurrentValidationContext" $scope -}}
+{{- end -}}
+
+{{/*
+Set the current validation context from the stack
+*/}}
+{{- define "utils.setCurrentValidationContext" -}}
+{{- $scope := . }}
+{{- $context := $scope.validationContextStack | last -}}
+{{- $ignore := set $scope "validationScope" (index $context "scope") -}}
+{{- $ignore := set $scope "validationPath" (index $context "path") -}}
+{{- end -}}
+
+{{/*
+Record a validation error (it will get reported later by utils.reportValidationErrors)
+*/}}
+{{- define "utils.recordValidationError" -}}
+{{- $scope := index . 0 -}}
+{{- $errorMsg := index . 1 -}}
+{{- $path := $scope.validationPath -}}
+{{- $pathStr := $path | join "." | trim -}}
+{{- $scopedErrorMsg := (list "\n" $pathStr $errorMsg) | compact | join " " -}}
+{{- if hasKey $scope "validationErrors" -}}
+{{- $newValidationErrors := cat $scope.validationErrors $scopedErrorMsg -}}
+{{- $ignore := set $scope "validationErrors" $newValidationErrors -}}
+{{- else -}}
+{{- $newValidationErrors := $scopedErrorMsg -}}
+{{- $ignore := set $scope "validationErrors" $newValidationErrors -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns whether any errors have been reported
+*/}}
+{{- define "utils.haveValidationErrors" -}}
+{{- if hasKey . "validationErrors" -}}
+ true
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine whether a dictionary has a non-null value for a key
+*/}}
+{{- define "utils.dictionaryHasNonNullValue" -}}
+{{- $dict := index . 0 -}}
+{{- $name := index . 1 -}}
+{{- if and (hasKey $dict $name) (not ( eq (typeOf (index $dict $name)) "" )) -}}
+ true
+{{- end -}}
+{{- end -}}
+
+{{/*
+Verify that a value of a specific kind has been specified.
+*/}}
+{{- define "utils.verifyValue" -}}
+{{- $requiredKind := index . 0 -}}
+{{- $scope := index . 1 -}}
+{{- $name := index . 2 -}}
+{{- $isRequired := index . 3 -}}
+{{- if $scope.trace -}}
+{{- $errorMsg := cat "TRACE" $name $requiredKind $isRequired -}}
+{{- $ignore := include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- end -}}
+{{- $parent := $scope.validationScope -}}
+{{- if include "utils.dictionaryHasNonNullValue" (list $parent $name) -}}
+{{- $value := index $parent $name -}}
+{{- $actualKind := kindOf $value -}}
+{{- if eq $requiredKind $actualKind -}}
+ true
+{{- else -}}
+{{- $errorMsg := cat $name "must be a" $requiredKind ":" $actualKind -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- end -}}
+{{- else -}}
+{{- if $isRequired -}}
+{{- $errorMsg := cat $requiredKind $name "must be specified" -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- else -}}
+ true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Verify that a list value has been specified
+*/}}
+{{- define "utils.verifyListValue" -}}
+{{- $requiredKind := index . 0 -}}
+{{- $scope := index . 1 -}}
+{{- $name := index . 2 -}}
+{{- $isRequired := index . 3 -}}
+{{- $parent := $scope.validationScope -}}
+{{- $args := . -}}
+{{- if include "utils.verifyValue" (list "slice" $scope $name $isRequired) -}}
+{{- $status := dict -}}
+{{- if hasKey $parent $name -}}
+{{- $list := index $parent $name -}}
+{{- range $value := $list -}}
+{{- $actualKind := kindOf $value -}}
+{{- if not (eq $requiredKind $actualKind) -}}
+{{- $errorMsg := cat $name "must only contain" $requiredKind "elements:" $actualKind -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- $ignore := set $status "error" true -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- if not (hasKey $status "error") -}}
+ true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Verify a string value
+*/}}
+{{- define "utils.baseVerifyString" -}}
+{{- include "utils.verifyValue" (prepend . "string") -}}
+{{- end -}}
+
+{{/*
+Verify a required string value
+*/}}
+{{- define "utils.verifyString" -}}
+{{- include "utils.baseVerifyString" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional string value
+*/}}
+{{- define "utils.verifyOptionalString" -}}
+{{- include "utils.baseVerifyString" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify a boolean value
+*/}}
+{{- define "utils.baseVerifyBoolean" -}}
+{{- include "utils.verifyValue" (prepend . "bool") -}}
+{{- end -}}
+
+{{/*
+Verify a required boolean value
+*/}}
+{{- define "utils.verifyBoolean" -}}
+{{- include "utils.baseVerifyBoolean" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional boolean value
+*/}}
+{{- define "utils.verifyOptionalBoolean" -}}
+{{- include "utils.baseVerifyBoolean" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify an integer value
+*/}}
+{{- define "utils.baseVerifyInteger" -}}
+{{- include "utils.verifyValue" (prepend . "float64") -}}
+{{- end -}}
+
+{{/*
+Verify a required integer value
+*/}}
+{{- define "utils.verifyInteger" -}}
+{{- include "utils.baseVerifyInteger" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional required integer value
+*/}}
+{{- define "utils.verifyOptionalInteger" -}}
+{{- include "utils.baseVerifyInteger" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify a dictionary value
+*/}}
+{{- define "utils.baseVerifyDictionary" -}}
+{{- include "utils.verifyValue" (prepend . "map") -}}
+{{- end -}}
+
+{{/*
+Verify a required dictionary value
+*/}}
+{{- define "utils.verifyDictionary" -}}
+{{- include "utils.baseVerifyDictionary" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional dictionary value
+*/}}
+{{- define "utils.verifyOptionalDictionary" -}}
+{{- include "utils.baseVerifyDictionary" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify a enum string value
+*/}}
+{{- define "utils.baseVerifyEnum" -}}
+{{- $scope := index . 0 -}}
+{{- $name := index . 1 -}}
+{{- $legalValues := index . 2 -}}
+{{- $isRequired := index . 3 -}}
+{{- if include "utils.baseVerifyString" (list $scope $name $isRequired) -}}
+{{- $parent := $scope.validationScope -}}
+{{- if include "utils.dictionaryHasNonNullValue" (list $parent $name) -}}
+{{- $value := index $parent $name -}}
+{{- if has $value $legalValues -}}
+ true
+{{- else -}}
+{{ $errorMsg := cat $name "must be one of the following values" $legalValues ":" $value -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Verify a required enum string value
+*/}}
+{{- define "utils.verifyEnum" -}}
+{{- include "utils.baseVerifyEnum" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional enum string value
+*/}}
+{{- define "utils.verifyOptionalEnum" -}}
+{{- include "utils.baseVerifyEnum" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify a kubernetes resource name string value
+*/}}
+{{- define "utils.baseVerifyResourceName" -}}
+{{/* https://kubernetes.io/docs/concepts/overview/working-with-objects/names */}}
+{{/* names: only lower case, numbers, dot, dash, max 253 */}}
+{{/* https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set */}}
+{{/* labels/selectors - upper & lower case, numbers, dot, dash, underscore, max 63 */}}
+{{- $scope := index . 0 -}}
+{{- $name := index . 1 -}}
+{{- $max := index . 2 -}}
+{{- $isRequired := index . 3 -}}
+{{- if include "utils.baseVerifyString" (list $scope $name $isRequired) -}}
+{{- $parent := $scope.validationScope -}}
+{{- if include "utils.dictionaryHasNonNullValue" (list $parent $name) -}}
+{{- $value := index $parent $name -}}
+{{- $len := len $value -}}
+{{- if and (le $len $max) (regexMatch "^[a-z0-9.-]+$" $value) -}}
+ true
+{{- else -}}
+{{- $errorMsg := cat $name "must only contain lower case letters, numbers, dashes and dots, and must not contain more than" $max "characters: " $value -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- end -}}
+{{- end -}}
+{{- else -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Verify a required kubernetes resource name string value
+*/}}
+{{- define "utils.verifyResourceName" -}}
+{{- include "utils.baseVerifyResourceName" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional kubernetes resource name string value
+*/}}
+{{- define "utils.verifyOptionalResourceName" -}}
+{{- include "utils.baseVerifyResourceName" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify external service name suffix string value
+*/}}
+{{- define "utils.verifyExternalServiceNameSuffix" -}}
+{{- include "utils.baseVerifyResourceName" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify introspector job name suffix string value
+*/}}
+{{- define "utils.verifyIntrospectorJobNameSuffix" -}}
+{{- include "utils.baseVerifyResourceName" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify a list of strings value
+*/}}
+{{- define "utils.baseVerifyStringList" -}}
+{{- include "utils.verifyListValue" (prepend . "string") -}}
+{{- end -}}
+
+{{/*
+Verify a required list of strings value
+*/}}
+{{- define "utils.verifyStringList" -}}
+{{- include "utils.baseVerifyStringList" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional list of strings value
+*/}}
+{{- define "utils.verifyOptionalStringList" -}}
+{{- include "utils.baseVerifyStringList" (append . false) -}}
+{{- end -}}
+
+{{/*
+Verify a list of dictionaries value
+*/}}
+{{- define "utils.baseVerifyDictionaryList" -}}
+{{- include "utils.verifyListValue" (prepend . "map") -}}
+{{- end -}}
+
+{{/*
+Verify a required list of dictionaries value
+*/}}
+{{- define "utils.verifyDictionaryList" -}}
+{{- include "utils.baseVerifyDictionaryList" (append . true) -}}
+{{- end -}}
+
+{{/*
+Verify an optional list of dictionaries value
+*/}}
+{{- define "utils.verifyOptionalDictionaryList" -}}
+{{- include "utils.baseVerifyDictionaryList" (append . false) -}}
+{{- end -}}
+
+{{/*
+Merge a set of dictionaries into a single dictionary.
+
+The scope must be a list of dictionaries, starting with the least specific
+and ending with the most specific.
+
+First it makes an empty destinaction dictionary, then iterates over the dictionaries,
+overlaying their values on the destination dictionary.
+
+If a value is null, then it removes that key from the destination dictionary.
+
+If the value is already present in the destination dictionary, and the old and
+new values are both dictionaries, it merges them into the destination.
+*/}}
+{{- define "utils.mergeDictionaries" -}}
+{{- $dest := dict -}}
+{{- range $src := . -}}
+{{- if not (empty $src) -}}
+{{- range $key, $value := $src -}}
+{{- $ignore := include "utils.mergeDictionaryValue" (list $dest $key $value) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- toYaml $dest -}}
+{{- end -}}
+
+{{/*
+Merge a value into a dictionary.
+This is like helm's 'merge' function, except that it handles null entries too.
+*/}}
+{{- define "utils.mergeDictionaryValue" -}}
+{{- $dest := index . 0 -}}
+{{- $key := index . 1 -}}
+{{- $newValue := index . 2 -}}
+{{- $newType := typeOf $newValue -}}
+{{- if hasKey $dest $key -}}
+{{- if eq $newType "" -}}
+{{/* # if the value already existed, and the new value is null, remove the old value */}}
+{{- $ignore := unset $dest $key -}}
+{{- else -}}
+{{- $oldValue := index $dest $key -}}
+{{- $oldKind := kindOf $oldValue -}}
+{{- $newKind := kindOf $newValue -}}
+{{- if (and (eq $oldKind "map") (eq $newKind "map")) -}}
+{{/* # if both values are maps, merge them */}}
+{{- $merged := include "utils.mergeDictionaries" (list $oldValue $newValue) | fromYaml -}}
+{{- $ignore := set $dest $key $merged -}}
+{{- else -}}
+{{/* # replace the old value with the new one */}}
+{{- $ignore := set $dest $key $newValue -}}
+{{- end -}}
+{{- end -}}
+{{- else -}}
+{{- if not (eq $newType "") -}}
+{{/* #if there was no old value, and the new value isn't null, use the new value */}}
+{{- $ignore := set $dest $key $newValue -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Make a writable copy of a dictionary.
+TBD - does helm provide a clone method we can use instead?
+*/}}
+{{- define "utils.cloneDictionary" -}}
+{{- include "utils.mergeDictionaries" (list .) -}}
+{{- end -}}
+
+{{/*
+Verify that a list of values (exclude) can not be defined if another value (key) is already defined
+*/}}
+{{- define "utils.mutexValue" -}}
+{{- $scope := index . 0 -}}
+{{- $key := index . 1 -}}
+{{- $exclude := index . 2 -}}
+{{- $type := index . 3 -}}
+{{- $parent := $scope.validationScope -}}
+{{- $args := . -}}
+{{- $status := dict -}}
+{{- if hasKey $parent $key -}}
+{{- range $value := $exclude -}}
+{{- if hasKey $parent $value -}}
+{{- $errorMsg := cat $value "can not be present when" $key "is defined" " " -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- $ignore := set $status "error" true -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- if not (hasKey $status "error") -}}
+ true
+{{- end -}}
+{{- end -}}
+
+{{/*
+Verify that a list of strings can not be defined if another string is already defined
+*/}}
+{{- define "utils.mutexString" -}}
+{{- include "utils.mutexValue" (append . "string") -}}
+{{- end -}}
+
+{{/*
+Verify that a Kubernetes resource exists in a given namespace
+*/}}
+{{- define "utils.verifyK8SResource" -}}
+{{- $scope := index . 0 -}}
+{{- $name := index . 1 -}}
+{{- $type := index . 2 -}}
+{{- $namespace := index . 3 -}}
+{{- $foundNS := (lookup "v1" "Namespace" "" $namespace) }}
+{{- if $foundNS }}
+{{- $foundResource := (lookup "v1" $type $namespace $name) }}
+{{- if not $foundResource }}
+{{- $errorMsg := cat $type $name " not found in namespace " $namespace -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_validate-inputs.tpl b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_validate-inputs.tpl
new file mode 100755
index 000000000..a6ee7dd02
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/_validate-inputs.tpl
@@ -0,0 +1,63 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- define "operator.validateInputs" -}}
+{{- $scope := include "utils.cloneDictionary" . | fromYaml -}}
+{{- $ignore:= include "utils.startValidation" $scope -}}
+{{- $ignore := include "utils.pushValidationContext" (list $scope "Release") -}}
+{{- $ignore := include "utils.verifyResourceName" (list $scope "Namespace" 63) -}}
+{{- $ignore := include "utils.popValidationContext" $scope -}}
+{{- $ignore := include "utils.verifyString" (list $scope "serviceAccount") -}}
+{{- $ignore := include "utils.verifyK8SResource" (list $scope .serviceAccount "ServiceAccount" .Release.Namespace) -}}
+{{- $ignore := include "utils.verifyString" (list $scope "image") -}}
+{{- $ignore := include "utils.verifyEnum" (list $scope "imagePullPolicy" (list "Always" "IfNotPresent" "Never")) -}}
+{{- $ignore := include "utils.verifyOptionalDictionaryList" (list $scope "imagePullSecrets") -}}
+{{- $ignore := include "utils.verifyEnum" (list $scope "javaLoggingLevel" (list "SEVERE" "WARNING" "INFO" "CONFIG" "FINE" "FINER" "FINEST")) -}}
+{{- if include "utils.verifyBoolean" (list $scope "externalRestEnabled") -}}
+{{- if $scope.externalRestEnabled -}}
+{{- $ignore := include "utils.verifyInteger" (list $scope "externalRestHttpsPort") -}}
+{{- $ignore := include "utils.mutexString" (list $scope "externalRestIdentitySecret" (list "externalOperatorKey" "externalOperatorCert")) -}}
+{{- if (or (hasKey $scope "externalOperatorCert") (hasKey $scope "externalOperatorKey")) -}}
+{{- $ignore := include "utils.verifyString" (list $scope "externalOperatorCert") -}}
+{{- $ignore := include "utils.verifyString" (list $scope "externalOperatorKey") -}}
+{{- else }}
+{{- $ignore := include "utils.verifyString" (list $scope "externalRestIdentitySecret") -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- if include "utils.verifyBoolean" (list $scope "remoteDebugNodePortEnabled") -}}
+{{- if $scope.remoteDebugNodePortEnabled -}}
+{{- $ignore := include "utils.verifyBoolean" (list $scope "suspendOnDebugStartup") -}}
+{{- $ignore := include "utils.verifyInteger" (list $scope "internalDebugHttpPort") -}}
+{{- $ignore := include "utils.verifyInteger" (list $scope "externalDebugHttpPort") -}}
+{{- end -}}
+{{- end -}}
+{{- $ignore := include "utils.verifyOptionalBoolean" (list $scope "enableClusterRoleBinding") -}}
+{{- if and .enableClusterRoleBinding (or (eq (default "List" .domainNamespaceSelectionStrategy) "Dedicated") (and .dedicated (eq (default "List" .domainNamespaceSelectionStrategy) "List"))) }}
+{{- $errorMsg := "The enableClusterRoleBinding value may not be true when either dedicated is true or domainNamespaceSelectionStrategy is Dedicated" -}}
+{{- include "utils.recordValidationError" (list $scope $errorMsg) -}}
+{{- end -}}
+{{- if eq (default "List" $scope.domainNamespaceSelectionStrategy) "List" -}}
+{{- $ignore := include "utils.verifyStringList" (list $scope "domainNamespaces") -}}
+{{- end -}}
+{{- if include "utils.verifyBoolean" (list $scope "elkIntegrationEnabled") -}}
+{{- if $scope.elkIntegrationEnabled -}}
+{{- $ignore := include "utils.verifyString" (list $scope "logStashImage") -}}
+{{- $ignore := include "utils.verifyString" (list $scope "elasticSearchHost") -}}
+{{- $ignore := include "utils.verifyInteger" (list $scope "elasticSearchPort") -}}
+{{- end -}}
+{{- end -}}
+{{- $ignore := include "utils.verifyOptionalBoolean" (list $scope "dedicated") -}}
+{{- $ignore := include "utils.verifyOptionalEnum" (list $scope "domainNamespaceSelectionStrategy" (list "List" "LabelSelector" "RegExp" "Dedicated")) -}}
+{{- if eq (default "List" $scope.domainNamespaceSelectionStrategy) "LabelSelector" -}}
+{{- $ignore := include "utils.verifyString" (list $scope "domainNamespaceLabelSelector") -}}
+{{- end -}}
+{{- if eq (default "List" $scope.domainNamespaceSelectionStrategy) "RegExp" -}}
+{{- $ignore := include "utils.verifyString" (list $scope "domainNamespaceRegExp") -}}
+{{- end -}}
+{{- $ignore := include "utils.verifyOptionalBoolean" (list $scope "mockWLS") -}}
+{{- $ignore := include "utils.verifyIntrospectorJobNameSuffix" (list $scope "introspectorJobNameSuffix" 25) -}}
+{{- $ignore := include "utils.verifyExternalServiceNameSuffix" (list $scope "externalServiceNameSuffix" 10) -}}
+{{- $ignore := include "utils.verifyOptionalBoolean" (list $scope "clusterSizePaddingValidationEnabled") -}}
+{{- $ignore := include "utils.endValidation" $scope -}}
+{{- end -}}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/main.yaml b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/main.yaml
new file mode 100755
index 000000000..fb7e731f9
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/templates/main.yaml
@@ -0,0 +1,11 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{- $scope := include "utils.cloneDictionary" .Values | fromYaml -}}
+{{- $ignore := set $scope "Files" .Files -}}
+{{- $ignore := set $scope "Chart" .Chart -}}
+{{- $ignore := set $scope "Release" .Release -}}
+{{- $ignore := set $scope "APIVersions" .Capabilities.APIVersions -}}
+
+{{ include "operator.validateInputs" $scope }}
+{{- include "operator.operator" $scope }}
diff --git a/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/values.yaml b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/values.yaml
new file mode 100755
index 000000000..dac9a5382
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/charts/weblogic-operator/values.yaml
@@ -0,0 +1,224 @@
+# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# serviceAccount specifies the name of the ServiceAccount in the operator's namespace that the
+# operator will use to make requests to the Kubernetes API server.
+# The customer is responsible for creating the ServiceAccount in the same namespace as this Helm release.
+# If not specified, the the operator will use the Helm release namespace's 'default' ServiceAccount.
+serviceAccount: "default"
+
+# domainNamespaceSelectionStrategy specifies how the operator will select the set of namespaces
+# that it will manage. Legal values are: List, LabelSelector, RegExp, and Dedicated. If set to 'List',
+# then the operator will manage the set of namespaces listed by the 'domainNamespaces' value.
+# If set to 'LabelSelector', then the operator will manage the set of namespaces discovered by a list
+# of namespaces using the value specified by 'domainNamespaceLabelSelector' as a label selector.
+# If set to 'RegExp', then the operator will manage the set of namespaces discovered by a list
+# of namespaces using the value specified by 'domainNamespaceRegExp' as a regular expression matched
+# against the namespace names.
+# If set to 'Dedicated', then operator will manage WebLogic Domains only in the same namespace
+# where the operator itself is deployed, which is the namespace of the Helm release.
+domainNamespaceSelectionStrategy: List
+
+# This value is deprecated. Please use 'domainNamespaceSelectionStrategy: Dedicated'.
+# dedicated specifies if this operator will manage WebLogic Domains only in the same namespace in
+# which the operator itself is deployed. If set to 'true', then the 'domainNamespaces' value below
+# is ignored. This value is ignored if 'domainNamespaceSelectionStrategy' is set to a value other
+# than 'List'.
+# dedicated: false
+
+# domainNamespaces specifies list of WebLogic Domain namespaces that this operator manages. This value
+# is ignored if 'domainNamespaceSelectionStrategy' is not 'List'. The customer is responsible for creating these
+# namespaces. If not specified, then the operator will manage WebLogic Domains in the Kubernetes 'default' namespace.
+#
+# Example: In the configuration below, the operator will manage namespace1 and namespace2.
+#
+# domainNamespaces:
+# - "namespace1"
+# - "namespace2"
+domainNamespaces:
+- "default"
+
+# domainNamespaceLabelSelector specifies the label selector value that the operator will use when listing
+# namespaces in search of the namespaces that contain WebLogic Domains that this operator will manage. Ignored
+# if 'domainNamespaceSelectionStrategy' is not 'LabelSelector'.
+#
+# Example: manage any namespace with a label named "weblogic-operator".
+#
+# domainNamespaceLabelSelector: "weblogic-operator"
+#
+# domainNamespaceLabelSelector:
+
+# domainNamespaceRegExp specifies a regular expression that will be matched against namespace names when listing
+# namespaces in search of the namespaces that contain WebLogic Domains that this operator will manage. Ignored
+# if 'domainNamespaceSelectionStrategy' is not 'RegExp'.
+#
+# Example: manage any namespace where the namespace name starts with "prod".
+#
+# domainNamespaceRegExp: "^prod"
+#
+# domainNamespaceRegExp:
+
+# enableClusterRoleBinding specifies whether the roles necessary for the operator to manage domains
+# will be granted using a ClusterRoleBinding rather than using RoleBindings in each managed namespace.
+enableClusterRoleBinding: false
+
+# image specifies the container image containing the operator.
+image: "ghcr.io/oracle/weblogic-kubernetes-operator:3.3.0"
+
+# imagePullPolicy specifies the image pull policy for the operator's container image.
+imagePullPolicy: IfNotPresent
+
+# imagePullSecrets contains an optional list of Kubernetes Secrets, in the operator's namespace,
+# that are needed to access the registry containing the operator's container image.
+# The customer is responsible for creating the Secret.
+# If no Secrets are required, then omit this property.
+#
+# Example: a Secret is needed, and has been stored in 'my-operator-secret'
+#
+# imagePullSecrets:
+# - name: "my-operator-secret"
+
+# externalRestEnabled specifies whether the the operator's REST interface is exposed
+# outside of the Kubernetes cluster on the port specified by the 'externalRestHttpsPort'
+# property.
+#
+# If set to true, then the customer must provide the SSL certificate and private key for
+# the operator's external REST interface by specifying the 'externalOperatorCert' and
+# 'externalOperatorKey' properties.
+externalRestEnabled: false
+
+# externalRestHttpsPort specifies the node port that should be allocated for the external operator REST HTTPS interface.
+# This parameter is required if 'externalRestEnabled' is true.
+# Otherwise, it is ignored.
+externalRestHttpsPort: 31001
+
+# The name of the Secret used to store the certificate and private key to use for the external operator REST HTTPS interface.
+# The Secret has to be created in the same namespace of the WebLogic operator.
+# This parameter is required if 'externalRestEnabled' is true. Otherwise, it is ignored.
+# As example, an external REST identity can be created using the following sample script
+# kubernetes/samples/scripts/rest/generate-external-rest-identity.sh
+# externalRestIdentitySecret:
+
+# elkIntegrationEnabled specifies whether or not ELK integration is enabled.
+elkIntegrationEnabled: false
+
+# logStashImage specifies the container image containing logstash.
+# This parameter is ignored if 'elkIntegrationEnabled' is false.
+logStashImage: "logstash:6.6.0"
+
+# elasticSearchHost specifies the hostname of where elasticsearch is running.
+# This parameter is ignored if 'elkIntegrationEnabled' is false.
+elasticSearchHost: "elasticsearch.default.svc.cluster.local"
+
+# elasticSearchPort specifies the port number of where elasticsearch is running.
+# This parameter is ignored if 'elkIntegrationEnabled' is false.
+elasticSearchPort: 9200
+
+# featureGates specifies a set of key=value pairs separated by commas that describe whether a given
+# operator feature is enabled. You enable a feature by including a key=value pair where the key is the
+# feature name and the value is "true". This will allow the operator team to release features that
+# are not yet ready to be enabled by default, but that are ready for testing by customers. Once a feature is
+# stable then it will be enabled by default and can not be disabled using this configuration.
+# featureGates: "...,AuxiliaryImage=true"
+
+# javaLoggingLevel specifies the Java logging level for the operator. This affects the operator pod's
+# log output and the contents of log files in the container's /logs/ directory.
+# Valid values are: "SEVERE", "WARNING", "INFO", "CONFIG", "FINE", "FINER", and "FINEST".
+javaLoggingLevel: "INFO"
+
+# javaLoggingFileSizeLimit specifies the maximum size in bytes for an individual Java logging file in the operator container's
+# /logs/ directory.
+javaLoggingFileSizeLimit: 20000000
+
+# javaLoggingFileCount specifies the number of Java logging files to preserve in the operator container's /logs/
+# directory as the files are rotated.
+javaLoggingFileCount: 10
+
+# labels specifies a set of key-value labels that will be added to each pod running the operator.
+# See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+#labels:
+
+# annotations specifies a set of key-value annotations that will be added to each pod running the operator.
+# See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+#annotations:
+
+# nodeSelector specifies a matching rule that the Kubernetes scheduler will use when selecting the node
+# where the operator will run. If the nodeSelector value is specified, then this content will be added to
+# the operator's deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
+# for more information on node selectors.
+#nodeSelector:
+
+# affinity specifies a set of matching rules related to the presence of other workloads that the Kubernetes scheduler
+# will use when selecting the node where the operator will run. If the affinity value is specified, then this content
+# will be added to the operator's deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+# for more information on affinity and anti-affinity.
+#affinity:
+
+# Values related to debugging the operator.
+# Customers should not need to use the following properties
+
+# remoteDebugNodePortEnabled specifies whether or not the operator will provide a Java remote debug interface on the
+# provided port. If the 'suspendOnDebugStartup' property is specified, the operator will suspend execution
+# until a remote debugger has attached.
+# The 'internalDebugHttpPort' property controls the port number inside the Kubernetes
+# cluster and the 'externalDebugHttpPort' property controls the port number outside
+# the Kubernetes cluster.
+remoteDebugNodePortEnabled: false
+
+#suspendOnDebugStartup specifies whether the operator will suspend on startup when a Java remote debugging is enabled.
+suspendOnDebugStartup: false
+
+# internalDebugHttpPort specifies the port number inside the Kubernetes cluster for the operator's Java
+# remote debug interface.
+# This parameter is required if 'remoteDebugNodePortEnabled' is true.
+# Otherwise, it is ignored.
+internalDebugHttpPort: 30999
+
+# externalDebugHttpPort specifies the node port that should be allocated for the operator's
+# Java remote debug interface.
+# This parameter is required if 'remoteDebugNodePortEnabled' is true.
+# Otherwise, it is ignored.
+externalDebugHttpPort: 30999
+
+# dns1123Fields overrides the default list of field names that the operator
+# converts to DNS-1123 legal values when replacing variable references in the
+# Domain resource. The default list can be found inside the class LegalNames
+# in the oracle.kubernetes.operator.helpers package.
+# Supply a comma separated list of field names to customize the list of fields
+# such as "name, claimName, volumeName", or leave it commented out to use
+# the default list of field names.
+# dns1123Fields: ""
+
+# introspectorJobNameSuffix overrides the default suffix that the operator uses
+# to append to the domainUID to form the name of the domain introspector job name.
+# Note that the resultant job name should not be more than 58 characters due to
+# the Kubernetes limit to the name of a job and Kubernetes appends five additional
+# characters to the name of the pod that is created by the job controller.
+# The default suffix is '-introspector'.
+# The default suffix in pre-3.1.0 is "-introspect-domain-job"
+introspectorJobNameSuffix: "-introspector"
+
+# externalServiceNameSuffix overrides the default suffix that the operator uses
+# to append to the domainUID and the WebLogic admin server name, to form the name
+# of the domain's admin server external service.
+# Note that the resultant name should not be more than 63 characters due to
+# the Kubernetes limit to the name of a service.
+# The default suffix is '-ext'.
+# The default suffix in pre-3.1.0 is "-external".
+externalServiceNameSuffix: "-ext"
+
+# clusterSizePaddingValidationEnabled specifies if additional one or two characters
+# need to be reserved to account for longer managed server names because of an increased
+# cluster size.
+# The default value is true.
+clusterSizePaddingValidationEnabled: true
+
+# tokenReviewAuthentication, if set to true, specifies whether the the operator's REST API should use
+# 1. Kubernetes token review API for authenticating users, and
+# 2. Kubernetes subject access review API for authorizing a user's operation (get, list,
+# patch, etc) on a resource.
+# 3. Update the Domain resource using the operator's privileges.
+# This parameter, if set to false, will use the caller's bearer token for any update
+# to the Domain resource so that it is done using the caller's privileges.
+# The default value is false.
+#tokenReviewAuthentication: false
diff --git a/OracleIdentityGovernance/kubernetes/common/createFMWJRFDomain.py b/OracleIdentityGovernance/kubernetes/common/createFMWJRFDomain.py
new file mode 100755
index 000000000..bde936ca5
--- /dev/null
+++ b/OracleIdentityGovernance/kubernetes/common/createFMWJRFDomain.py
@@ -0,0 +1,332 @@
+# Copyright (c) 2014, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+import os
+import sys
+
+import com.oracle.cie.domain.script.jython.WLSTException as WLSTException
+
+class Infra12213Provisioner:
+
+ MACHINES = {
+ 'machine1' : {
+ 'NMType': 'SSL',
+ 'ListenAddress': 'localhost',
+ 'ListenPort': 5658
+ }
+ }
+
+ JRF_12213_TEMPLATES = {
+ 'baseTemplate' : '@@ORACLE_HOME@@/wlserver/common/templates/wls/wls.jar',
+ 'extensionTemplates' : [
+ '@@ORACLE_HOME@@/oracle_common/common/templates/wls/oracle.jrf_template.jar',
+ '@@ORACLE_HOME@@/oracle_common/common/templates/wls/oracle.jrf.ws.async_template.jar',
+ '@@ORACLE_HOME@@/oracle_common/common/templates/wls/oracle.wsmpm_template.jar',
+ '@@ORACLE_HOME@@/oracle_common/common/templates/wls/oracle.ums_template.jar',
+ '@@ORACLE_HOME@@/em/common/templates/wls/oracle.em_wls_template.jar'
+ ],
+ 'serverGroupsToTarget' : [ 'JRF-MAN-SVR', 'WSMPM-MAN-SVR' ]
+ }
+
+ def __init__(self, oracleHome, javaHome, domainParentDir, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount, clusterName):
+ self.oracleHome = self.validateDirectory(oracleHome)
+ self.javaHome = self.validateDirectory(javaHome)
+ self.domainParentDir = self.validateDirectory(domainParentDir, create=True)
+ return
+
+ def createInfraDomain(self, domainName, user, password, db, dbPrefix, dbPassword, adminListenPort, adminName,
+ managedNameBase, managedServerPort, prodMode, managedCount, clusterName,
+ exposeAdminT3Channel=None, t3ChannelPublicAddress=None, t3ChannelPort=None):
+ domainHome = self.createBaseDomain(domainName, user, password, adminListenPort, adminName, managedNameBase,
+ managedServerPort, prodMode, managedCount, clusterName
+ )
+ self.extendDomain(domainHome, db, dbPrefix, dbPassword, exposeAdminT3Channel, t3ChannelPublicAddress,
+ t3ChannelPort)
+
+ def createBaseDomain(self, domainName, user, password, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount, clusterName):
+ baseTemplate = self.replaceTokens(self.JRF_12213_TEMPLATES['baseTemplate'])
+
+ readTemplate(baseTemplate)
+ setOption('DomainName', domainName)
+ setOption('JavaHome', self.javaHome)
+ if (prodMode == 'true'):
+ setOption('ServerStartMode', 'prod')
+ else:
+ setOption('ServerStartMode', 'dev')
+ set('Name', domainName)
+
+ admin_port = int(adminListenPort)
+ ms_port = int(managedServerPort)
+ ms_count = int(managedCount)
+
+ # Create Admin Server
+ # =======================
+ print 'Creating Admin Server...'
+ cd('/Servers/AdminServer')
+ #set('ListenAddress', '%s-%s' % (domain_uid, admin_server_name_svc))
+ set('ListenPort', admin_port)
+ set('Name', adminName)
+
+ # Define the user password for weblogic
+ # =====================================
+ cd('/Security/' + domainName + '/User/weblogic')
+ set('Name', user)
+ set('Password', password)
+
+ # Create a cluster
+ # ======================
+ print 'Creating cluster...'
+ cd('/')
+ cl=create(clusterName, 'Cluster')
+
+ # Create managed servers
+ for index in range(0, ms_count):
+ cd('/')
+ msIndex = index+1
+ cd('/')
+ name = '%s%s' % (managedNameBase, msIndex)
+ create(name, 'Server')
+ cd('/Servers/%s/' % name )
+ print('managed server name is %s' % name);
+ set('ListenPort', ms_port)
+ set('NumOfRetriesBeforeMSIMode', 0)
+ set('RetryIntervalBeforeMSIMode', 1)
+ set('Cluster', clusterName)
+
+ # Create Node Manager
+ # =======================
+ print 'Creating Node Managers...'
+ for machine in self.MACHINES:
+ cd('/')
+ create(machine, 'Machine')
+ cd('Machine/' + machine)
+ create(machine, 'NodeManager')
+ cd('NodeManager/' + machine)
+ for param in self.MACHINES[machine]:
+ set(param, self.MACHINES[machine][param])
+
+
+ setOption('OverwriteDomain', 'true')
+ domainHome = self.domainParentDir + '/' + domainName
+ print 'Will create Base domain at ' + domainHome
+
+ print 'Writing base domain...'
+ writeDomain(domainHome)
+ closeTemplate()
+ print 'Base domain created at ' + domainHome
+ return domainHome
+
+
+ def extendDomain(self, domainHome, db, dbPrefix, dbPassword, exposeAdminT3Channel, t3ChannelPublicAddress,
+ t3ChannelPort):
+ print 'Extending domain at ' + domainHome
+ print 'Database ' + db
+ readDomain(domainHome)
+ setOption('AppDir', self.domainParentDir + '/applications')
+
+ print 'ExposeAdminT3Channel %s with %s:%s ' % (exposeAdminT3Channel, t3ChannelPublicAddress, t3ChannelPort)
+ if 'true' == exposeAdminT3Channel:
+ self.enable_admin_channel(t3ChannelPublicAddress, t3ChannelPort)
+
+ print 'Applying JRF templates...'
+ for extensionTemplate in self.JRF_12213_TEMPLATES['extensionTemplates']:
+ addTemplate(self.replaceTokens(extensionTemplate))
+
+ print 'Extension Templates added'
+
+ print 'Configuring the Service Table DataSource...'
+ fmwDb = 'jdbc:oracle:thin:@' + db
+ print 'fmwDatabase ' + fmwDb
+ cd('/JDBCSystemResource/LocalSvcTblDataSource/JdbcResource/LocalSvcTblDataSource')
+ cd('JDBCDriverParams/NO_NAME_0')
+ set('DriverName', 'oracle.jdbc.OracleDriver')
+ set('URL', fmwDb)
+ set('PasswordEncrypted', dbPassword)
+
+ stbUser = dbPrefix + '_STB'
+ cd('Properties/NO_NAME_0/Property/user')
+ set('Value', stbUser)
+
+ print 'Getting Database Defaults...'
+ getDatabaseDefaults()
+
+ print 'Targeting Server Groups...'
+ managedName= '%s%s' % (managedNameBase, 1)
+ print "Set CoherenceClusterSystemResource to defaultCoherenceCluster for server:" + managedName
+ serverGroupsToTarget = list(self.JRF_12213_TEMPLATES['serverGroupsToTarget'])
+ cd('/')
+ setServerGroups(managedName, serverGroupsToTarget)
+ print "Set CoherenceClusterSystemResource to defaultCoherenceCluster for server:" + managedName
+ cd('/Servers/' + managedName)
+ set('CoherenceClusterSystemResource', 'defaultCoherenceCluster')
+
+ print 'Targeting Cluster ...'
+ cd('/')
+ print "Set CoherenceClusterSystemResource to defaultCoherenceCluster for cluster:" + clusterName
+ cd('/Cluster/' + clusterName)
+ set('CoherenceClusterSystemResource', 'defaultCoherenceCluster')
+ print "Set WLS clusters as target of defaultCoherenceCluster:" + clusterName
+ cd('/CoherenceClusterSystemResource/defaultCoherenceCluster')
+ set('Target', clusterName)
+
+ print 'Preparing to update domain...'
+ updateDomain()
+ print 'Domain updated successfully'
+ closeDomain()
+ return
+
+
+ ###########################################################################
+ # Helper Methods #
+ ###########################################################################
+
+ def validateDirectory(self, dirName, create=False):
+ directory = os.path.realpath(dirName)
+ if not os.path.exists(directory):
+ if create:
+ os.makedirs(directory)
+ else:
+ message = 'Directory ' + directory + ' does not exist'
+ raise WLSTException(message)
+ elif not os.path.isdir(directory):
+ message = 'Directory ' + directory + ' is not a directory'
+ raise WLSTException(message)
+ return self.fixupPath(directory)
+
+
+ def fixupPath(self, path):
+ result = path
+ if path is not None:
+ result = path.replace('\\', '/')
+ return result
+
+
+ def replaceTokens(self, path):
+ result = path
+ if path is not None:
+ result = path.replace('@@ORACLE_HOME@@', oracleHome)
+ return result
+
+ def enable_admin_channel(self, admin_channel_address, admin_channel_port):
+ if admin_channel_address == None or admin_channel_port == 'None':
+ return
+ cd('/')
+ admin_server_name = get('AdminServerName')
+ print('setting admin server t3channel for ' + admin_server_name)
+ cd('/Servers/' + admin_server_name)
+ create('T3Channel', 'NetworkAccessPoint')
+ cd('/Servers/' + admin_server_name + '/NetworkAccessPoint/T3Channel')
+ set('ListenPort', int(admin_channel_port))
+ set('PublicPort', int(admin_channel_port))
+ set('PublicAddress', admin_channel_address)
+
+#############################
+# Entry point to the script #
+#############################
+
+def usage():
+ print sys.argv[0] + ' -oh -jh -parent -name ' + \
+ '-user -password ' + \
+ '-rcuDb -rcuPrefix -rcuSchemaPwd ' \
+ '-adminListenPort -adminName ' \
+ '-managedNameBase -managedServerPort -prodMode