WKO documentation corrected for AKS for MII and DPV scenarios

documentation/site/content/samples/azure-kubernetes-service/domain-on-pv.md

@@ -131,7 +131,7 @@ An image can contain multiple properties files, archive ZIP files, and model YAM
 
 #### Creating the image with WIT
 
-{{< readfile file="/samples/azure-kubernetes-service/includes/run-mii-to-create-auxiliary-image.txt" >}}
+{{< readfile file="/samples/azure-kubernetes-service/includes/run-dpv-to-create-auxiliary-image.txt" >}}
 
 {{% notice note %}}
 The `imagetool.sh` is not supported on macOS with Apple Silicon. See [Troubleshooting - exec format error]({{< relref "/samples/azure-kubernetes-service/troubleshooting#exec-weblogic-operatorscriptsintrospectdomainsh-exec-format-error" >}}).
@@ -286,6 +286,8 @@ The domain resource references the cluster resource, a WebLogic Server installat
 
 - Create the load balancer services using the following commands:
 
+  Note: For secure mode, replace port 7001 with 9002 in admin-lb.yaml file before applying
+
   ```shell
   $ kubectl apply -f admin-lb.yaml
   ```
@@ -296,6 +298,9 @@ The domain resource references the cluster resource, a WebLogic Server installat
   service/domain1-admin-server-external-lb created
   ```
 
+  Note: For secure mode, replace port 8001 with 8002 in cluster-lb.yaml file before applying
+
+
   ```shell
   $ kubectl  apply -f cluster-lb.yaml
   ```
@@ -363,7 +368,15 @@ The domain resource references the cluster resource, a WebLogic Server installat
 
   ```
 
+  For secure mode, notice ports 9002, 8002 respectively, under PORT(S) column for admin-server and cluster
+  LoadBalancer service configurations, as these ports were included in the admin-lb.yaml and 
+  cluster-lb.yaml files.
+
+
   In the example, the URL to access the Administration Server is: `http://4.157.147.131:7001/console`.
+
+  For secure mode, use `https://4.157.147.131:9002/console`.
+
   The user name and password that you enter for the Administration Console must match the ones you specified for the `domain1-weblogic-credentials` secret in the [Create secrets](#create-secrets) step.
 
   If the WLS Administration Console is still not available, use `kubectl get events --sort-by='.metadata.creationTimestamp' ` to troubleshoot.
@@ -410,6 +423,8 @@ $ ADMIN_SERVER_IP=$(kubectl get svc domain1-admin-server-external-lb -o=jsonpath
 $ echo "Administration Console Address: http://${ADMIN_SERVER_IP}:7001/console/"
 ```
 
+For secure mode, use Administration Console Address: `https://${ADMIN_SERVER_IP}:9002/console/`.
+
 Access the sample application using the cluster load balancer IP address.
 
 ```shell
@@ -420,6 +435,9 @@ $ CLUSTER_IP=$(kubectl get svc domain1-cluster-1-lb -o=jsonpath='{.status.loadBa
 $ curl http://${CLUSTER_IP}:8001/myapp_war/index.jsp
 ```
 
+For secure mode, use
+`curl https://${CLUSTER_IP}:8002/myapp_war/index.jsp`
+
 The test application will list the server host on the output, like the following:
 
 ```html

documentation/site/content/samples/azure-kubernetes-service/includes/download-samples-zip.txt

@@ -1,9 +1,9 @@
-Download the WebLogic Kubernetes Operator sample ZIP file. We will use several scripts in this zip file to create a WebLogic domain. This sample was tested with v4.2.8, but should work with the latest release.
+Download the WebLogic Kubernetes Operator sample ZIP file. We will use several scripts in this zip file to create a WebLogic domain. This sample was tested with v4.2.16, but should work with the latest release.
 
 ```shell
 $ cd $BASE_DIR
 $ mkdir sample-scripts
-$ curl -m 120 -fL https://github.com/oracle/weblogic-kubernetes-operator/releases/download/v4.2.8/sample-scripts.zip \
+$ curl -m 120 -fL https://github.com/oracle/weblogic-kubernetes-operator/releases/download/v4.2.16/sample-scripts.zip \
       -o ${BASE_DIR}/sample-scripts/sample-scripts.zip
 $ unzip ${BASE_DIR}/sample-scripts/sample-scripts.zip -d ${BASE_DIR}/sample-scripts
 ```

documentation/site/content/samples/azure-kubernetes-service/includes/run-dpv-to-create-auxiliary-image.txt

@@ -0,0 +1,43 @@
+At this point, you have all of the files needed for `image wdt-domain-image:WLS-v1` staged; they include:
+
+  - `/tmp/dpv-sample/wdt-model-files/WLS-v1/model.10.yaml`
+  - `/tmp/dpv-sample/wdt-model-files/WLS-v1/model.10.properties`
+  - `/tmp/dpv-sample/wdt-model-files/WLS-v1/archive.zip`
+
+Now, you use the Image Tool to create an image named `wdt-domain-image:WLS-v1`. You’ve already set up this tool during the prerequisite steps.
+
+Run the following command to create the image and verify that it worked. 
+
+```shell
+$ ${WDT_MODEL_FILES_PATH}/imagetool/bin/imagetool.sh createAuxImage \
+  --tag wdt-domain-image:WLS-v1 \
+  --wdtModel ${WDT_MODEL_FILES_PATH}/WLS-v1/model.10.yaml \
+  --wdtVariables ${WDT_MODEL_FILES_PATH}/WLS-v1/model.10.properties \
+  --wdtArchive ${WDT_MODEL_FILES_PATH}/WLS-v1/archive.zip
+```
+
+This command runs the WebLogic Image Tool to create the domain creation image and does the following:
+
+  - Builds the final container image as a layer on a small `busybox` base image.
+  - Copies the WDT ZIP file that's referenced in the WIT cache into the image.
+    - Note that you cached WDT in WIT using the keyword `latest` when you set up the cache during the sample prerequisites steps.
+    - This lets WIT implicitly assume it's the desired WDT version and removes the need to pass a `-wdtVersion` flag.
+  - Copies the specified WDT model, properties, and application archives to image location `/auxiliary/models`.
+
+When the command succeeds, it should end with output like the following:
+
+```
+[INFO   ] Build successful. Build time=70s. Image tag=wdt-domain-image:WLS-v1
+```
+
+Verify the image is available in the local Docker server with the following command.
+
+```shell
+$ docker images | grep WLS-v1
+```
+
+The output will show something similar to the following:
+
+```
+wdt-domain-image          WLS-v1   012d3bfa3536   5 days ago      1.13GB
+```

documentation/site/content/samples/azure-kubernetes-service/includes/run-mii-to-create-auxiliary-image.txt

@@ -1,8 +1,8 @@
 At this point, you have all of the files needed for `image wdt-domain-image:WLS-v1` staged; they include:
 
-  - `/tmp/sample/wdt-artifacts/wdt-model-files/WLS-v1/model.10.yaml`
-  - `/tmp/sample/wdt-artifacts/wdt-model-files/WLS-v1/model.10.properties`
-  - `/tmp/sample/wdt-artifacts/wdt-model-files/WLS-v1/archive.zip`
+  - `/tmp/mii-sample/wdt-model-files/WLS-v1/model.10.yaml`
+  - `/tmp/mii-sample/wdt-model-files/WLS-v1/model.10.properties`
+  - `/tmp/mii-sample/wdt-model-files/WLS-v1/archive.zip`
 
 Now, you use the Image Tool to create an image named `wdt-domain-image:WLS-v1`. You’ve already set up this tool during the prerequisite steps.
 

documentation/site/content/samples/azure-kubernetes-service/includes/staging-model-files.txt

@@ -56,4 +56,38 @@ The model file:
         - _This conveniently provides a simple way to deploy multiple differently named domains using the same model image_.
     - The model file administrator user name and password are set using a `weblogic-credentials` secret macro reference to the WebLogic credential secret.
         - This secret is in turn referenced using the `webLogicCredentialsSecret` field in the Domain.
-        - The `weblogic-credentials` is a reserved name that always dereferences to the owning Domain actual WebLogic credentials secret name.
+        - The `weblogic-credentials` is a reserved name that always dereferences to the owning Domain actual WebLogic credentials secret name.
+
+Secure Mode:
+
+To configure WebLogic Domain in Secure mode, make the following changes in `model.10.yaml` file
+
+- Set server start mode to secure
+
+```
+domainInfo:
+    AdminUserName: '@@SECRET:__weblogic-credentials__:username@@'
+    AdminPassword: '@@SECRET:__weblogic-credentials__:password@@'
+    ServerStartMode: 'secure'
+
+```
+
+Include and enable SSL Listen Port 8002 for Server Template and enable secure mode under Security Configuration section
+```
+    Server:
+        'admin-server':
+            ListenPort: 7001
+    ServerTemplate:
+        'cluster-1-template':
+            Cluster: 'cluster-1'
+            ListenPort: 8001
+            SSL:
+               ListenPort: 8002
+               Enabled: true
+
+    SecurityConfiguration:
+        SecureMode:
+            SecureModeEnabled: true
+```
+
+- Note that, when secure mode is enabled, the WebLogic Server Administration port defaults to 9002 (https)

documentation/site/content/samples/azure-kubernetes-service/model-in-image.md

@@ -1,6 +1,6 @@
 ---
 title: "Model in Image"
-date: 2020-11-24T18:22:31-05:00
+date: 2025-05-12T13:22:31-05:00
 weight: 3
 description: "Sample for creating a WebLogic cluster on the Azure Kubernetes Service with model in image domain home source type."
 ---
@@ -114,7 +114,7 @@ Update the repo to get the latest Helm charts. It is a best practice to do this
 $ helm repo update
 $ helm install weblogic-operator weblogic-operator/weblogic-operator \
   --namespace sample-weblogic-operator-ns \
-  --version 4.2.8 \
+  --version 4.2.16 \
   --set serviceAccount=sample-weblogic-operator-sa \
   --wait
 ```
@@ -123,14 +123,14 @@ The output will show something similar to the following:
 
 ```
 NAME: weblogic-operator
-LAST DEPLOYED: Fri Aug 12 14:28:47 2022
+LAST DEPLOYED: Mon May 12 14:28:47 2025
 NAMESPACE: sample-weblogic-operator-ns
 STATUS: deployed
 REVISION: 1
 TEST SUITE: None
 ```
 
-{{% notice tip %}} If you wish to use a more recent version of the operator, replace the `4.2.8` in the preceding command with the other version number. To see the list of versions, visit the [GitHub releases page](https://github.com/oracle/weblogic-kubernetes-operator/releases).
+{{% notice tip %}} If you wish to use a more recent version of the operator, replace the `4.2.16` in the preceding command with the other version number. To see the list of versions, visit the [GitHub releases page](https://github.com/oracle/weblogic-kubernetes-operator/releases).
 {{% /notice %}}
 
 
@@ -144,7 +144,7 @@ The output will show something similar to the following:
 
 ```
 NAME                    NAMESPACE                       REVISION        UPDATED                                 STATUS CHART                    APP VERSION
-weblogic-operator       sample-weblogic-operator-ns     1               2023-05-15 10:31:05.1890341 +0800 CST   deployeweblogic-operator-4.2.8  4.2.8
+weblogic-operator       sample-weblogic-operator-ns     1               2025-05-12 15:31:05.1890341 +0800 CST   deployeweblogic-operator-4.2.16  4.2.16
 ```
 
 ```shell
@@ -402,6 +402,13 @@ $ bash $BASE_DIR/sample-scripts/create-weblogic-domain-on-azure-kubernetes-servi
 
 After running above commands, you will get three files: `mii-initial.yaml`, `admin-lb.yaml` and `cluster-lb.yaml`.
 
+For secure mode, include "-Dweblogic.security.SSL.ignoreHostnameVerification=true" under JAVA_OPTIONS in mii-initial.yaml file.
+
+```
+   - name: JAVA_OPTIONS
+      value: "-Dweblogic.StdoutDebugEnabled=false -Dweblogic.security.SSL.ignoreHostnameVerification=true"
+```
+
 Run the following command to create the domain custom resource:
 
 ```shell
@@ -489,6 +496,30 @@ spec:
 ```
 {{% /expand %}}
 
+In secure mode, as Administration port defaults to 9002, replace port 7001 with 9002 in the admin-lb.yaml file in order to create a load balancer service for the Administration Server.
+
+{{%expand "Click here to view YAML content." %}}
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: sample-domain1-admin-server-external-lb
+  namespace: sample-domain1-ns
+spec:
+  ports:
+  - name: default
+    port: 9002
+    protocol: TCP
+    targetPort: 9002
+  selector:
+    weblogic.domainUID: sample-domain1
+    weblogic.serverName: admin-server
+  sessionAffinity: None
+  type: LoadBalancer
+```
+{{% /expand %}}
+
+
 Use the file `cluster-lb.yaml` to create a load balancer service for the managed servers. If you are choosing not to use the predefined YAML file and instead created new one with customized values, then substitute the following content with your domain values.
 
 {{%expand "Click here to view YAML content." %}}
@@ -513,6 +544,31 @@ spec:
 ```
 {{% /expand %}}
 
+For Secure mode, similar to the Administration Server Load Balancer service configuration, replace port 8001 with 8002 as Managed Servers will now listen on port 8002 (https) in secure mode
+
+{{%expand "Click here to view YAML content." %}}
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: sample-domain1-cluster-1-lb
+  namespace: sample-domain1-ns
+spec:
+  ports:
+  - name: default
+    port: 8002
+    protocol: TCP
+    targetPort: 8002
+  selector:
+    weblogic.domainUID: sample-domain1
+    weblogic.clusterName: cluster-1
+  sessionAffinity: None
+  type: LoadBalancer
+
+```
+
+{{% /expand %}}
+
 Create the load balancer services using the following commands:
 
 ```shell
@@ -553,15 +609,30 @@ sample-domain1-managed-server1            ClusterIP      None           <none>
 sample-domain1-managed-server2            ClusterIP      None           <none>           8001/TCP         7m52s
 ```
 
+For secure mode, the Successful output will look like:
+
+```
+NAME                                      TYPE           CLUSTER-IP     EXTERNAL-IP       PORT(S)             AGE
+sample-domain1-admin-server               ClusterIP      None           <none>            9002/TCP,7002/TCP   10m
+sample-domain1-admin-server-external-lb   LoadBalancer   10.0.184.118   52.191.234.149    9002:30087/TCP      4m40s
+sample-domain1-cluster-1-lb               LoadBalancer   10.0.76.7      52.191.235.71     8002:32600/TCP      71s
+sample-domain1-cluster-cluster-1          ClusterIP      10.0.118.225   <none>            7002/TCP,9002/TCP   12m
+sample-domain1-managed-server1            ClusterIP      None           <none>            7002/TCP,9002/TCP   12m
+sample-domain1-managed-server2            ClusterIP      None           <none>            7002/TCP,9002/TCP   12m
+```
+
 In the example, the URL to access the Administration Server is: `http://52.191.234.149:7001/console`.
+
+For secure mode, use the URL: `https://52.191.234.149:9002/console`
+
 The expected username and password must match the values that you chose during the [Kubernetes Secrets for WebLogic](#kubernetes-secrets-for-weblogic) step.
 
-**IMPORTANT:** You must ensure that any Network Security Group rules that govern access to the console allow inbound traffic on port 7001.
+**IMPORTANT:** You must ensure that any Network Security Group rules that govern access to the console allow inbound traffic on port 7001 (9002 for secure mode).
 
 If the WLS Administration Console is still not available, use `kubectl describe domain` to check domain status.
 
 ```shell
-$ kubectl describe domain domain1
+$ kubectl describe domain sample-domain1 -n sample-domain1-ns
 ```
 
 Make sure the status of cluster-1 is `ServersReady` and `Available`.
@@ -575,7 +646,7 @@ Annotations:  <none>
 API Version:  weblogic.oracle/v9
 Kind:         Domain
 Metadata:
-  Creation Timestamp:  2020-11-30T05:40:11Z
+  Creation Timestamp:  2025-05-12T15:40:11Z
   Generation:          1
   Resource Version:    9346
   Self Link:           /apis/weblogic.oracle/v9/namespaces/sample-domain1-ns/domains/sample-domain1
@@ -637,7 +708,7 @@ Status:
     Replicas:          2
     Replicas Goal:     2
   Conditions:
-    Last Transition Time:        2020-11-30T05:45:15.493Z
+    Last Transition Time:        2025-05-12T15:45:15.493Z
     Reason:                      ServersReady
     Status:                      True
     Type:                        Available
@@ -657,7 +728,7 @@ Status:
     Cluster Name:   cluster-1
     Desired State:  RUNNING
     Health:
-      Activation Time:  2020-11-30T05:44:54.699Z
+      Activation Time:  2025-05-12T15:44:54.699Z
       Overall Health:   ok
       Subsystems:
         Subsystem Name:  ServerRuntime
@@ -668,7 +739,7 @@ Status:
     Cluster Name:   cluster-1
     Desired State:  RUNNING
     Health:
-      Activation Time:  2020-11-30T05:45:07.211Z
+      Activation Time:  2025-05-12T15:45:07.211Z
       Overall Health:   ok
       Subsystems:
         Subsystem Name:  ServerRuntime
@@ -685,7 +756,7 @@ Status:
     Cluster Name:   cluster-1
     Desired State:  SHUTDOWN
     Server Name:    managed-server5
-  Start Time:       2020-11-30T05:40:11.709Z
+  Start Time:       2025-05-12T15:40:11.709Z
 Events:             <none>
 ```
 {{% /expand %}}
@@ -699,16 +770,25 @@ $ ADMIN_SERVER_IP=$(kubectl -n sample-domain1-ns get svc sample-domain1-admin-se
 $ echo "Administration Console Address: http://${ADMIN_SERVER_IP}:7001/console/"
 ```
 
+For secure mode, use `https://${ADMIN_SERVER_IP}:9002/console/`
+
 Access the sample application using the cluster load balancer IP address.
 
 ```shell
 ## Access the sample application using the cluster load balancer IP.
 $ CLUSTER_IP=$(kubectl -n sample-domain1-ns get svc sample-domain1-cluster-1-lb -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')
 ```
 
+**IMPORTANT:** You must ensure that any Network Security Group rules that govern access to the sample application allow inbound traffic on port 8001 (8002 for secure mode).
+
+
 ```shell
 $ curl http://${CLUSTER_IP}:8001/myapp_war/index.jsp
 ```
+For secure mode, use
+```shell
+$ curl -k https://${CLUSTER_IP}:8002/myapp_war/index.jsp
+```
 
 Successful output will look like: