Deployment script and documentation for IDM 22.2.1 release (#105)

Author: manjunathdhegde-2910

OracleAccessManagement/kubernetes/create-access-domain/domain-home-on-pv/common/oamconfig_modify.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2020, Oracle Corporation and/or its affiliates.
+# Copyright (c) 2020, 2022, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 cur_dir=`dirname $(readlink -f "$0")`
@@ -61,7 +61,7 @@ if [ $ING_TYPE == "NodePort" ]; then
 	 exit 1 
 	fi
 elif [ $ING_TYPE == "LoadBalancer" ]; then	
-	LBR_PORT = $SSL_PORT
+	LBR_PORT=$SSL_PORT
 else
  echo "Error: Invalid INGRESS TYPE : $ING_TYPE"		
  exit 1 

OracleAccessManagement/kubernetes/elasticsearch-and-kibana/README.md

@@ -19,13 +19,15 @@ To control Elasticsearch memory parameters (Heap allocation and Enabling/Disabli
 
 * ES_JAVA_OPTS: value may contain for example -Xms512m -Xmx512m to lower the default memory usage (please be aware that this value is only applicable for demo purpose and it is not the one recommended by Elasticsearch itself)
 * bootstrap.memory_lock: value may contain true (enables the usage of mlockall to try to lock the process address space into RAM, preventing any Elasticsearch memory from being swapped out) or false (disables the usage of mlockall to try to lock the process address space into RAM, preventing any Elasticsearch memory from being swapped out). 
+* imagePullSecrets: It has been added to resolve the issue with Docker Hub Rate Limiting. One needs to create a secret using your docker hub credentials to work around the error and
+  replace the value `dockercred`.
 
 To install Elasticsearch and Kibana, use:
 ```shell
-$ kubectl apply -f kubernetes/samples/scripts/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
+$ kubectl apply -f kubernetes/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
 ```
 
 To remove them, use:
 ```shell
-$ kubectl delete -f kubernetes/samples/scripts/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
+$ kubectl delete -f kubernetes/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
 ```

OracleAccessManagement/kubernetes/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml

@@ -1,4 +1,4 @@
-# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Copyright (c) 2018, 2022, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 # When a user installs the WebLogic operator Helm chart, the user can set
@@ -18,16 +18,16 @@
 # values.yaml file.
 #
 # To configure them, use:
-#   kubectl apply -f kubernetes/samples/scripts/elasticsearch_and_kibana.yaml
+#   kubectl apply -f kubernetes/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
 #
 # To remove them, use:
-#   kubectl delete -f kubernetes/samples/scripts/elasticsearch_and_kibana.yaml
+#   kubectl delete -f kubernetes/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
 
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  namespace: "default"
+  namespace: "oamns"
   name: "elasticsearch"
   labels:
     app: "elasticsearch"
@@ -41,6 +41,8 @@ spec:
       labels:
         app: "elasticsearch"
     spec:
+      imagePullSecrets:
+      - name: dockercred
       initContainers:
       - name: set-vm-max-map-count
         image: busybox
@@ -50,6 +52,9 @@ spec:
           privileged: true
       containers:
       - name: "elasticsearch"
+        securityContext:
+          capabilities:
+            add: ["SYS_CHROOT"]
         image: "elasticsearch:6.8.0"
         ports:
         - containerPort: 9200
@@ -62,7 +67,7 @@ spec:
 kind: "Service"
 apiVersion: "v1"
 metadata:
-  namespace: "default"
+  namespace: "oamns"
   name: "elasticsearch"
 spec:
   ports:
@@ -81,7 +86,7 @@ spec:
 apiVersion: "apps/v1"
 kind: "Deployment"
 metadata:
-  namespace: "default"
+  namespace: "oamns"
   name: "kibana"
   labels:
     app: "kibana"
@@ -100,12 +105,14 @@ spec:
         image: "kibana:6.8.0"
         ports:
         - containerPort: 5601
+      imagePullSecrets:
+      - name: dockercred
 
 ---
 apiVersion: "v1"
 kind: "Service"
 metadata: 
-  namespace: "default"
+  namespace: "oamns"
   name: "kibana"
   labels: 
     app: "kibana"

OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/templates/nginx-ingress-k8s1.19.yaml

@@ -1,4 +1,4 @@
-# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Copyright (c) 2020, 2022, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
@@ -14,6 +14,10 @@ metadata:
     nginx.ingress.kubernetes.io/affinity: 'cookie'
     nginx.ingress.kubernetes.io/enable-access-log: 'false'
     kubernetes.io/ingress.class: 'nginx'
+{{- if (.Values.nginxTimeOut) }}
+    nginx.ingress.kubernetes.io/proxy-read-timeout: '{{ .Values.nginxTimeOut }}'
+    nginx.ingress.kubernetes.io/proxy-send-timeout: '{{ .Values.nginxTimeOut }}'
+{{- end }}
 {{- if eq .Values.sslType "SSL" }}  
     nginx.ingress.kubernetes.io/proxy-buffer-size: '2000k'
     nginx.ingress.kubernetes.io/configuration-snippet: |

OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/templates/nginx-ingress.yaml

@@ -1,4 +1,4 @@
-# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Copyright (c) 2020, 2022, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 {{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
@@ -14,6 +14,10 @@ metadata:
     nginx.ingress.kubernetes.io/affinity: 'cookie'
     nginx.ingress.kubernetes.io/enable-access-log: 'false'
     kubernetes.io/ingress.class: 'nginx'
+{{- if (.Values.nginxTimeOut) }}
+    nginx.ingress.kubernetes.io/proxy-read-timeout: '{{ .Values.nginxTimeOut }}' 
+    nginx.ingress.kubernetes.io/proxy-send-timeout: '{{ .Values.nginxTimeOut }}'
+{{- end }}
 {{- if eq .Values.sslType "SSL" }}  
     nginx.ingress.kubernetes.io/proxy-buffer-size: '2000k'
     nginx.ingress.kubernetes.io/configuration-snippet: |

OracleIdentityGovernance/kubernetes/charts/ingress-per-domain/values.yaml

@@ -1,4 +1,4 @@
-# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Copyright (c) 2020, 2022, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 #
@@ -8,7 +8,8 @@
 #
 # Load balancer type.  Supported values are: TRAEFIK, NGINX
 type: NGINX
-
+# TimeOut value to be set for nginx parameters proxy-read-timeout and proxy-send-timeout
+nginxTimeOut: 180
 # Type of Configuration Supported Values are : NONSSL, SSL 
 sslType: SSL
 

OracleIdentityGovernance/kubernetes/create-oim-domain/domain-home-on-pv/common/createFMWDomain.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2020, Oracle Corporation and/or its affiliates.
+# Copyright (c) 2020, 2022, Oracle Corporation and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 import os
@@ -556,10 +556,10 @@ def usage():
           '-t3ChannelPort <t3 channel port> '
     sys.exit(0)
 
-
-print str(sys.argv[0]) + " called with the following sys.argv array:"
-for index, arg in enumerate(sys.argv):
-    print "sys.argv[" + str(index) + "] = " + str(sys.argv[index])
+# Uncomment for Debug only
+#print str(sys.argv[0]) + " called with the following sys.argv array:"
+#for index, arg in enumerate(sys.argv):
+#    print "sys.argv[" + str(index) + "] = " + str(sys.argv[index])
 
 if len(sys.argv) < 17:
     usage()

OracleIdentityGovernance/kubernetes/elasticsearch-and-kibana/README.md

@@ -19,13 +19,13 @@ To control Elasticsearch memory parameters (Heap allocation and Enabling/Disabli
 
 * ES_JAVA_OPTS: value may contain for example -Xms512m -Xmx512m to lower the default memory usage (please be aware that this value is only applicable for demo purpose and it is not the one recommended by Elasticsearch itself)
 * bootstrap.memory_lock: value may contain true (enables the usage of mlockall to try to lock the process address space into RAM, preventing any Elasticsearch memory from being swapped out) or false (disables the usage of mlockall to try to lock the process address space into RAM, preventing any Elasticsearch memory from being swapped out). 
-
+* imagePullSecrets: It has been added to resolve the issue with Docker Hub Rate Limiting. One needs to create a secret using your docker hub credentials to work around the error and replace the value dockercred.
 To install Elasticsearch and Kibana, use:
 ```shell
-$ kubectl apply -f kubernetes/samples/scripts/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
+$ kubectl apply -f kubernetes/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
 ```
 
 To remove them, use:
 ```shell
-$ kubectl delete -f kubernetes/samples/scripts/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
+$ kubectl delete -f kubernetes/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
 ```

OracleIdentityGovernance/kubernetes/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml

@@ -1,4 +1,4 @@
-# Copyright (c) 2018, 2021, Oracle and/or its affiliates.
+# Copyright (c) 2018, 2022, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 # When a user installs the WebLogic operator Helm chart, the user can set
@@ -18,16 +18,16 @@
 # values.yaml file.
 #
 # To configure them, use:
-#   kubectl apply -f kubernetes/samples/scripts/elasticsearch_and_kibana.yaml
+#   kubectl apply -f kubernetes/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
 #
 # To remove them, use:
-#   kubectl delete -f kubernetes/samples/scripts/elasticsearch_and_kibana.yaml
+#   kubectl delete -f kubernetes/elasticsearch-and-kibana/elasticsearch_and_kibana.yaml
 
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  namespace: "default"
+  namespace: "oigns"
   name: "elasticsearch"
   labels:
     app: "elasticsearch"
@@ -41,6 +41,8 @@ spec:
       labels:
         app: "elasticsearch"
     spec:
+      imagePullSecrets:
+      - name: dockercred
       initContainers:
       - name: set-vm-max-map-count
         image: busybox
@@ -50,6 +52,9 @@ spec:
           privileged: true
       containers:
       - name: "elasticsearch"
+        securityContext:
+          capabilities:
+            add: ["SYS_CHROOT"]
         image: "elasticsearch:6.8.0"
         ports:
         - containerPort: 9200
@@ -62,7 +67,7 @@ spec:
 kind: "Service"
 apiVersion: "v1"
 metadata:
-  namespace: "default"
+  namespace: "oigns"
   name: "elasticsearch"
 spec:
   ports:
@@ -81,7 +86,7 @@ spec:
 apiVersion: "apps/v1"
 kind: "Deployment"
 metadata:
-  namespace: "default"
+  namespace: "oigns"
   name: "kibana"
   labels:
     app: "kibana"
@@ -100,12 +105,14 @@ spec:
         image: "kibana:6.8.0"
         ports:
         - containerPort: 5601
+      imagePullSecrets:
+      - name: dockercred
 
 ---
 apiVersion: "v1"
 kind: "Service"
 metadata: 
-  namespace: "default"
+  namespace: "oigns"
   name: "kibana"
   labels: 
     app: "kibana"

OracleUnifiedDirectory/kubernetes/README.md

@@ -33,18 +33,11 @@ Oracle Unified Directory Docker Image has been tested and is known to run on fol
 
 |       | Version                        | Command to verify version |
 | :---: | :----------------------------: | :-----------------------: |
-| OS    | Oracle Linux 7.3 or higher     | more /etc/oracle-release  |
 | Docker| Docker version 18.03 or higher | docker version            |
 | K8s   | Kubernetes version 1.16.0+     | kubectl version
 
 # Prerequisites
 
-## Verify OS Version
-OS version should be Oracle Linux 7.3 or higher.  To check this, issue the following command:
-
-        # more /etc/oracle-release
-        Oracle Linux Server release 7.5
-
 ## Verify Docker Version and OUD Image
 Docker version should be 18.03 or higher.  To check this, issue the following command: