Skip to content

Commit

Permalink
Operator version 2.5.0 (#1453)
Browse files Browse the repository at this point in the history 
* Rebuilt charts

* OWLS-76347 New sample scripts to manage DB service and RCU Schema (#1217)

* OWLS-76347 New sample scripts to manage DB service and RCU Schema

* eliminate duplication logger creation (#1225)

* merge 1241 into develop

* QUICKTEST and FULLTEST categorization  (#1237)

* test categorization into quicktest,fulltest, nightly

* fix quicktest

* fix typo

* fix sitconfig tests

* fix nightly

* remove fulltest

* remove fulltest

* remove smoketest which is not used

* change profile name

* triage external jenkins failures

* use operator image env vars for target op release

* run JRF test in nightly

* default quicktest true

* add retry for PV dir creation

* rename nightly to fulltest

* fulltest condition change

* fix compilation error

* readme and usecases updated

* readme updated

* adding domain in image wdt test to quicktest

* fix pv dir creation retry

* changed profile name

* OWLS-74959 - Validate FMW Infrastructure uses configured clusters in introspector job (#1230)

* validate FMW infrastructure domain cannot use dynamic clusters

* add missing namespaces to kubectl commands

* namespace

* rename ALLOW_DYNAMIC_IN_FMW_INFRA env var

* support testing for invalid domain testing

* fix env var name in validation error message

* Integration tests should take the env variable for WDT version to download (#1242)

* adding support to take WDT_VERSION env var

* remove commented code

* fix extra space

* Prepare for operator 2.3.1

* Revert "eliminate duplication logger creation (#1225)"

This reverts commit 4a8382d6f20b83bd067f8086916b84f5e9ed040e.

* WIP Added test to cover weblogicLoggingExporterFilters (#1211)

* Added test to cover weblogicLoggingExporterFilters jenkins-ignore

* Resolve CheckStyle issues

* merge 1246 changes from master

* Move to Kubernetes Java Client 6.0.1 (#1249)

* Use Kubernetes Java client 6.0.1

* Update domain status on Unprocessable Error (#1250)

* Update domain status on Unprocessable Error

* Set domain status when job creation fails with unprocessable entity

* OWLS-76624 (Resolves #1228) - Introspector pod not picking up the container context from the domain resource (#1247)

* support container and pod securityContext in introspector job. Code refactoring

* unit tests

* unit test

* minor cleanups

* merge conflicts

* unused imports

* cleanup import ordering

* CheckStyle corrections

* K8s service account (#1235)

* add service account to serverpod

* OWLS-73891 part 1: update warning messages and fix a helm upgrade issue (#1253)

* OWLS-73891 part 1 - fix stale domain watcher and add namespace in security check warning messages

* More cleanup of stale states associated with a recreated namespace

* Add REST resource annotion to ignore unknown properties (#1255)

* Simplify WaitForReadyStep (#1256)

* OWLS-76720 (Resolves #1198) - Fixes missing valueFrom envVar values (#1254)

* fixes missing valueFrom to env var

* Fix Javadoc and CheckStyle

* Revert pod watcher refactoring

* merge 1258 into develop

* OWLS-76780 : Modify FMW (domain-in-image) sample to support Restricted JRF Domain (#1263)

* OWLS-76806 (Resolves #1231) - scripts such as livenessProbe.sh should use JAVA_HOME if set (#1262)

* Prepend PATH with JAVA_HOME/bin before calling jps

* comment

* append only if JAVA_HOME/bin not already in PATH

* Reduced execution time, added support to execute against different versions of Grafana, Prom, WDT, monitoring exporter (#1265)

* modified the tests to improve exec time

* modified tests to improve perfomance

* added wait time for mysql creation

* corrected chart version for prom

* fixed typo

* added version choice for monexp

* add code cleanup

* remove not needed files

* fixed typo

* added suport for downloading monexp instead of building

* added prom,grafana, monexp as env var option

* fixed typo

*  fixed env setting

* added some debug

* WDT version 1.4.0 (#1267)

* WDT version 1.4.0

* OWLS-76949 added support for exposeAdminT3Channel in FMWDomain in domain-in-image model

* merge 1268 from master

* typo

* Modify sample scripts for RCU and DB Creation (#1238)

* Modification based on Mark's Comment

* Missiing typo correction

* Addded ImagePullSecret to Oracle and RCU pod

* Modify the default image pull secret name to docker-store to match with java integration default

* Missing modified file

* Modified the usage command

* Resolution to Review comments from Ryan

* edited README

* minor clean up

* Modified the cpu limit

* Soa 2.2.1 (#1243)

* Adding pv pvc config files for database

* Adding soa domain creation scripts/files

* Added database configuration yaml files

* Add files via upload

Adding SOA ESS changes

* Delete createFMWDomain.py

* Delete db-pv.yaml

* Delete db-pvc.yaml

* Create db-with-pv.yaml

* Create db-without-pv.yaml

* Delete db-with-pv.yaml

* Delete db-without-pv.yaml

* integrated soa ess osb changes from SOA dev team

* fixing indentation problem for bug 30158564

* added execute permissions for create-domain script

* Update db-without-pv.yaml

* Add files via upload

* Delete create-domain.sh

* Add files via upload

* updates for precreateService and osb_cluster

* removing extra characters if any

* fixing permission issue for create-domain.sh

* removed commented blocks and updated copyright

* added exec permissions for the scripts

* Updated description for domainType input

* Update create-domain-inputs.yaml

* corrected domain value

* corrected domain value

* corrected domain value

* removed precreateService in domain template

removed precreateService from serverpod and cluster definition

* removed soa domain related changes

removed soa domain related changes here. will be moving it to create-domain.sh script which is under soa samples.

* soa specific changes in domain.yaml

* removed extra line

* removing extra line

* removed pv pvc scripts

* enable checkstyle on test sources (#1270)

* Update license format (#1272)

* fix typo in License.txt - matches https://oss.oracle.com/licenses/upl/ (#1278)

* OWLS-69370: Introspect: Domain-in-Image: Add data home override support (#1106)

* OWLS-69370: Introspect: Domain-in-Image: Add data home override support

* incorporate first set of code review comments

* Update description of dataHome and remove dead code based on code review

* update the documentation so that it covers dataHome

* add DOMAIN_UID to persistent store directory path to distinguish different domains

* Create symbolic link from DOMAIN data dir to data home directory during server startup

* Changes based on review by Tom Barnes

* Update integration-test to verify centralized dataHome location of default and custom file stores

* another revision based on Tom Barnes review

* add env vars to wl-pod.yamlt for new env variable which disables symbolic link support for server's default data directory

* refactor symbolic link support to utils.sh and mark the feature as experimental

* updated descripton of experimental symbolic link support

* put local createFolder in introspectDomain.sh and moved pipefail to script scope in utils.sh

* Add unit tests for verifying dataHome env in WLS server pods

* OWLS-73891 part2 - clean up stale states about introspector jobs and domain presence infos (#1261)

* OWLS-73891 part2 - clean up stale states about introspector jobs

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Add unit test

* Retry and wait between retries of failed downloads jenkins-ignore (#1266)

* Retry and wait between retries of failed downloads jenkins-ignore

* Added loop to wget jar files jenkins-ignore

* Reduced wget retry times since wget is in a loop now jenkins-ignore

*  add note to advise against using console for starting and stopping servers

* Revert "OWLS-73891 part2 - clean up stale states about introspector jobs and domain presence infos (#1261)"

This reverts commit 980a5ac2a91b7e4b63800eef9c43e3af38ea20c0.

* Fix CheckStyle

* Add instructions to configure fluentd to export domain logs to ELK (#1281)

* adding sample help for configuring fluentd sidecar

* change org structure

* initial round of minor edits

* more backticks

* added some more explanation

* updates for Rosemary's feedback

* more updates for Rosemary's feedback

* update samples overview

* updates to Mark's comments

* more edits based on feedback

* fix Managed coherence test (#1279)

* Refactor managed coherence test and add error checking to avoid false postives

* revert chenages to Domain.java

* fix error reported by check style audit

* incorporating review comments

* run integration test in openshift (#1280)

* changes required to run ItOperator test in opneshift

* updates for running ItOperator on openshift

* run integration tests in openshift

* fix check style errors

* incorporating review comments

* merge 1285 from master

* merge 1282 from master

* PR: owls-77057 fix nightly full test failure for changing image test of ItPodsRestart (#1289)

* setMaxIterationsPod(40) for ItPodRestart

* setMaxIterationsPod(40) for ItPodRestart

* Added container name when copying archive files jenkins-ignore (#1288)

* Added container name when copying archive files jenkins-ignore

* Added try catch jenkins-ignore

* Changed to use copy via cat jenkins-ignore

* Changed to use copy via cat jenkins-ignore

* Changed to use copy via cat jenkins-ignore

* merge 1291 from master

* OWLS-76832 (Resolves #1232) - Error using variable in pod template if value has underscore (#1286)

* convert substituted variables to DNS1123 if used as names

* only convert variables for selected, customizable list of fields

* checkstyle fixes

* add dns1123Fields to helm chart to override default list of field names that requires dns-1123 values

* document dns1123fields

* dns1123Names values no longer case sensitive

* minor cleanup

* doc update base on feedback

* merge 1292 from master

* OWLS-73891 part3 - add FAQ entry for managing namespaces (#1264)

* Add FAQ documentation for managing namespaces

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Fix a minor typo

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Fix format

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* More format changes

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Correct the wrong example job output

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* More edits

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* More edits

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* More edits

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* More fine tuning of the contents

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* More edits

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Add cross-references

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* One more cross-reference

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Add links to inidivual sections and add a section for getting the domainNamespaces value

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Fix a typo

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* incorprate edits

* Adjust cross-references

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Timestamp

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Reword the last section about restart operator pod

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Simplify WaitForReady step (#1277)

* Simply WaitForReady step

* checkstyle for copyright

* Modified rcu script to support both SOA and FMWInfra Domain (#1290)

* Modified rcu script to support both SOA and FMWInfra Domain

* Fixed few typo on the script as per Review Comment

* Add SOA user doc (#1229)

* WIP: Add SOA user doc

* update link to SAO sample

* fix broken x-refs due to updated directory structure

* incorporate Samba edits

* incorprated updates

* MARK: add disclaimer that soa is preview for early adopters, also fix the theme files at the same time

* minor edits

* restore theme customizations

* get rid of the =copy-to-clipboard' dohickies

* fix formatting issues

* fix another broken link

* fix merge conflicts

* Add SOA sample doc (#1234)

* WIP: Add SOA sample doc

* incorporate Samba edits

* incorprated updates

* add soa preview warnings

* updates to soa doc based on end to end review/test

* merge 1295 from master

* Owls 73891 retry (#1283)

* OWLS-73891 part2 - clean up stale states about introspector jobs and domain presence infos (#1261)

* fix NamespaceTest

* fix asynchronous thread

* Revert changes

* merge 1296 from master

* merge 1299 from master

* PR: Create JRF domain using create-rcu-schema sample (#1274)

* v1 of new jrfdomain test

* adding domain yaml file

* modification

* pull Pani's latest sample

* pull pani's latest sample

* increase DBping attempts

* stop DB in unPrepare phase

* increase DBping attempts to 100

* debug DB connection issue

* debugging

* adding DB_BDB_BUNDLE to oradb.yaml

* debugging

* use database 12.2.0.1 image instead of slim version

* adding missing class

* debugging

* debugging

* debugging

* debugging

* debugging

* debugging

* debugging

* setMaxIterationsPod to 35

* correct the file name

* minor change

* minor change

* minor change

* adding doc

* address review comment

* minor change

* debugging

* debugging

* debugging

* refine the code

* debugging

* debugging

* minor change

* remove the commented out code

* fix checkstyle

* address review comments

* OWLS-77432 :  add new rcuType Parameter (#1298)

* OWLS-77432 :  add new rcuType Parameter

* Minor Modification to the script to handle imagePull secret

* Switched from latest grafana to 3.12.0 version of helm chart due syntax error in chart https://github.com/helm/charts/issues/18215 (#1310)

*  added debug

*  added debug1

* replaced latest version to 3.12.0 version of helmchart grafana

*  cleaned commented out lines

* PR: Fix Jrf quicktest suite issue (#1314)

* fix JRF domain QUICKTEST

* debugging

* PR: Owls76920 change JRF domain class name starting with It (#1320)

* changing JrfDomainOnPvWlst.java to ItJrfDomainOnPvWlst.java

* minor change

* to exclude the old Jrf tests

* fix typo in create-domain script

* Add a note to the quickstart about variations between k8s versions

* OWLS-76689 - SOA:ADMINSERVER TAKING TIME TO RESTART USING SERVERSTARTPOLICY(NEVER TO IF_NEEDED) ON OKE CLUSTER  (#1319)

* delete service if domain is shutting down evern if isPreserveServices is true

* do not add precreateservice only server to startup list if both admin server and managed server should not be started

* add unit tests

* test name fix

* unit test fix, and code cleanup to improve readability

* test fixes

* OWLS-77556: replace complete env dump in pods/job with curated listin… (#1323)

* OWLS-77556: replace complete env dump in pods/job with curated listing of env var values

* suppress verbose checkEnv output if traceEnv recently called

* Javadoc for 2.3.1

* Domain version v6

* Deploy tooling 1.6.0

* Helm chart updates

* ensure that domain directory exists (#1324)

* SOA related changes for operator 2.3.0 (#1305)

* 2.3.0 changes for soa

Conflicts:
	kubernetes/samples/scripts/create-soa-domain/common/create-domain-job.sh
	kubernetes/samples/scripts/create-soa-domain/common/createSOADomain.py
	kubernetes/samples/scripts/create-soa-domain/common/utility.sh
	kubernetes/samples/scripts/create-soa-domain/create-domain-inputs.yaml
	kubernetes/samples/scripts/create-soa-domain/create-domain-job-template.yaml
	kubernetes/samples/scripts/create-soa-domain/create-domain.sh
	kubernetes/samples/scripts/create-soa-domain/delete-domain-job-template.yaml
	kubernetes/samples/scripts/create-soa-domain/wlst/create-domain-script.sh

* 2.3.0 domain-home-on-pv directory

* changing soa image name

* doc updates corresponding to SOA 2.3.0 PR 1305

* Incorporated review comments for PR 1305

* Update charts

* Handle forbidden status from Async call (#1341)

* update docs

* update script

* Update sit-cfg doc to note when _not_ to change external ports (#1346)

* Update sit-cfg doc to note situations when _not_ to change external ports

* Update sit-cfg doc to note situations when _not_ to change external ports

* Correct issue with CRD not generating structural schema (#1347)

* add file ownership tracing to introspect-job/server-pod, and to sample pv create-domain-job scripts (#1338)

* add file ownership tracing to pod and job start scripts

* add file owner tracing to pv samples

* update WLS image version

* Remove fsGroup from tests for containerSecurityContext (#1356)

* Run integration tests in parallel using Junit5 (#1355)

* making ItOperator run in parallel

* making ItOperator run in parallel

* changes for more tests

* making more classes use unique operator

* fixing more tests

* fix more classes

* changing more tests to use unique operator

* fix checkstyle

* fix checkstyle issues, sharingpv test

* fix checkstyle

* fix helm chart test

* fix for parallel runs

* fix pom to run post-integration-test

* fix pom for log format

* keep domain running if test fails for debugging

* adding javadoc and some refactoring

* remove spaces in domain namespace list

* Suncup Logging tests jenkins-ignore

* change the image name for domain in image test case

* synchronize ns update in LB

* Synced up ItElasticlogging test jenkins-ignore

* Synced up ItElasticlogging test jenkins-ignore

* debugging

* conflict when creating LB. So adding synchronization

* v1 change for ItPodsRestart tests in parallel

* adding unique image attribute

* adding unique name for conflicting domain yaml file

* fixing coherence test

* fixing image name and coherence test

* updated tests to support parallel runs

* try synchronize one more time

* increased helm timeout

* skip statedump.sh as its failing

* corrected checkstyle issues

* remove syncrhonize at method level

* corrected checkstyle issues1

* checkstyle1

* undo pom.xml change

* checkstyle2

*  minor fix of exec order

* updated test to run in parallel

* fixed checkstyle

* uncommented one test, it will fails to run in paral

* fixed checkstyle

* switch between seq or parallel using var

* initial fix

* updated readme for parallel testing

* updated readme for parallel testing

* updated readme for parallel testing

* fixing the image name for dominimage

* Remove the tag

* Fix the image name pushing to registry

* convert SitConfig tests to run in paral

* Fixed Voyager issue when running StickySession test jenkins-ignore

* Fixed Voyager issue when running StickySession test 2 jenkins-ignore

* run against modified exporter branch temp

* Removed debugger from LoadBalance.java jenkins-ignore

* dir structure changes

* Added loop to wait Voyager gets ready jenkins-ignore

*  fixed mysql jdbs driver

* del unchanged test files

* pvroot dir creation

*  updated mysql creation

*  fixed typo

*  fixed typo1

* fix path

* itclass to lowercase

* fix sample test

* fix sample test

* updated version of Mon Exp, fixed SitConfig

* fixed checkstyle

* modify more tests

* fixed vars initializing

* fixed vars initializing1

* checkstyle

* initialize fix3

* initialize fix3

* fixed ns

* fixed ns1

* fixed dst

* fixed ns1

* fix1

* fix2

* fix3

* fixed fix4

* fixed fix5

* adding more tests with results dir changes

* adding more tests with changes

* refactor changes

* fix jrf result loc

* fixing jrf test

* exclude elasticlogging test

* fix jrf test

* fix jrf test

* fix jrf tests

* integration test changes to run with junit5

* refactoring

* create dir with root permissions

* run only quicktests for quicktests

* adding jrf tests

* initial version for JRf testsinparallel

* make getNewSuffixCnt synchronized and fix testClassName

* undo elasticlogging exclude

* Fixed a hanging issue jenkins-ignore

* change the pom.xml

* delete the old Jrf test class

* fixed fix6

* fixed fix7

* fix8

* code cleanup

* fix11

* fix11

* fix12

* fix13

* exclude itmonitoringexporter

* fix asserts in k8sUtils

* fix14

* fix15

* fix116

* fix17

* fix18

* fix19

* fix20

* switched back to master for monexp

* add junit properties file

* increasing global maxiterations

* merged changes

* comply with PV/dir/ structure

* fix elk test

* comment out setWaitTime calls

* merge to current changes

* adding sleep as huiling suggested

* skip elk test which is hanging

* undo skip elk test which is hanging

* remove explicit set of iteration

* add javadoc

* remove unused constants and files

* updated code based on review

* updated code based on review1

* updated code based on review2

* deleting old jrf tests and commenting hanging test

* fixed MonExporter test

* fixed MonExporter test1

* Fixed issues running in parallel jenkins-ignore

* fixed MonExporter test3

* undo skip test

* undo skip test

* trying threadcountclasses 5

* remove unlimited thread count

* set percorethreadcount to false

* fixed MonExporter test4

* refactor itoperator into smaller classes

* increase thread count to 7

* fix quicktest issue

* added back monitoring exporter

* fixed db

* fixed db1

* delete commented out comments

* delete commented out comments1

* fix surefire plugin version

* update to it pom.xml

* fixing ItmonitoringExporter and Jrf test

* commenting elastic logging test

* add pod name and timeout, junit config

* fix namespace

* test with two profiles

* thread count 10

* add back wls jrf profile

* adding two profiles

* fixed shutdowntests and monexp for junit5

* reduce thread count

* junit5

* junit5-1

* junit5-2

* adding ingress check

* add option to run parallel/sequential and fix failing test

* test

* test1

* test3

* test4

* adding cleanup in post-integration-test

* minor changes

* fixing README

* fixing README

* reverting the change

* Added request-timeout jenkins-ignore (#1344)

* added option to specify the branch name for monitoring exporter GitHub project (#1359)

* fix helm chart test

* fix for parallel runs

* fix pom to run post-integration-test

* fix pom for log format

* keep domain running if test fails for debugging

* adding javadoc and some refactoring

* remove spaces in domain namespace list

* Suncup Logging tests jenkins-ignore

* change the image name for domain in image test case

* synchronize ns update in LB

* Synced up ItElasticlogging test jenkins-ignore

* Synced up ItElasticlogging test jenkins-ignore

* debugging

* conflict when creating LB. So adding synchronization

* v1 change for ItPodsRestart tests in parallel

* adding unique image attribute

* adding unique name for conflicting domain yaml file

* fixing coherence test

* fixing image name and coherence test

* updated tests to support parallel runs

* try synchronize one more time

* increased helm timeout

* skip statedump.sh as its failing

* corrected checkstyle issues

* remove syncrhonize at method level

* corrected checkstyle issues1

* checkstyle1

* undo pom.xml change

* checkstyle2

*  minor fix of exec order

* updated test to run in parallel

* fixed checkstyle

* uncommented one test, it will fails to run in paral

* fixed checkstyle

* switch between seq or parallel using var

* initial fix

* updated readme for parallel testing

* updated readme for parallel testing

* updated readme for parallel testing

* fixing the image name for dominimage

* Remove the tag

* Fix the image name pushing to registry

* convert SitConfig tests to run in paral

* Fixed Voyager issue when running StickySession test jenkins-ignore

* Fixed Voyager issue when running StickySession test 2 jenkins-ignore

* run against modified exporter branch temp

* Removed debugger from LoadBalance.java jenkins-ignore

* dir structure changes

* Added loop to wait Voyager gets ready jenkins-ignore

*  fixed mysql jdbs driver

* del unchanged test files

* pvroot dir creation

*  updated mysql creation

*  fixed typo

*  fixed typo1

* fix path

* itclass to lowercase

* fix sample test

* fix sample test

* updated version of Mon Exp, fixed SitConfig

* fixed checkstyle

* modify more tests

* fixed vars initializing

* fixed vars initializing1

* checkstyle

* initialize fix3

* initialize fix3

* fixed ns

* fixed ns1

* fixed dst

* fixed ns1

* fix1

* fix2

* fix3

* fixed fix4

* fixed fix5

* adding more tests with results dir changes

* adding more tests with changes

* refactor changes

* fix jrf result loc

* fixing jrf test

* exclude elasticlogging test

* fix jrf test

* fix jrf test

* fix jrf tests

* integration test changes to run with junit5

* refactoring

* create dir with root permissions

* run only quicktests for quicktests

* adding jrf tests

* initial version for JRf testsinparallel

* make getNewSuffixCnt synchronized and fix testClassName

* undo elasticlogging exclude

* Fixed a hanging issue jenkins-ignore

* change the pom.xml

* delete the old Jrf test class

* fixed fix6

* fixed fix7

* fix8

* code cleanup

* fix11

* fix11

* fix12

* fix13

* exclude itmonitoringexporter

* fix asserts in k8sUtils

* fix14

* fix15

* fix116

* fix17

* fix18

* fix19

* fix20

* switched back to master for monexp

* add junit properties file

* increasing global maxiterations

* merged changes

* comply with PV/dir/ structure

* fix elk test

* comment out setWaitTime calls

* merge to current changes

* adding sleep as huiling suggested

* skip elk test which is hanging

* undo skip elk test which is hanging

* remove explicit set of iteration

* add javadoc

* remove unused constants and files

* updated code based on review

* updated code based on review1

* updated code based on review2

* deleting old jrf tests and commenting hanging test

* fixed MonExporter test

* fixed MonExporter test1

* Fixed issues running in parallel jenkins-ignore

* fixed MonExporter test3

* undo skip test

* undo skip test

* trying threadcountclasses 5

* remove unlimited thread count

* set percorethreadcount to false

* fixed MonExporter test4

* refactor itoperator into smaller classes

* increase thread count to 7

* fix quicktest issue

* added back monitoring exporter

* fixed db

* fixed db1

* delete commented out comments

* delete commented out comments1

* fix surefire plugin version

* update to it pom.xml

* fixing ItmonitoringExporter and Jrf test

* commenting elastic logging test

* add pod name and timeout, junit config

* fix namespace

* test with two profiles

* thread count 10

* add back wls jrf profile

* adding two profiles

* fixed shutdowntests and monexp for junit5

* reduce thread count

* junit5

* junit5-1

* junit5-2

* adding ingress check

* fixed intermitent issues

* fixed intermitent issues1

* add option to run parallel/sequential and fix failing test

* fixed intermitent issues2

* fixed intermitent issues3

* fixed intermitent issues4

* test

* fix temp failures

* test1

* test3

* test4

* adding cleanup in post-integration-test

* minor changes

* fixing README

* fixing README

* reverting the change

* Added request-timeout jenkins-ignore (#1344)

* added branch ver

* added mon branch

* added mon branch1

* faq for external clients (#1358)

* add external client faq entry

* add external client faq entry

* more updates to external-clients FAQ

* Update external-client FAQ

* Update external-client FAQ

* Update external-client FAQ

* Update external-client FAQ

* Update external-client FAQ

* Update external-client FAQ

* Update external-client FAQ

* Update external-client FAQ

* Update external-client FAQ

* Add namespace watch (#1350)

* Add namespace watcher

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Debugging namespace watcher

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* More operator code changes

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Minor fix

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Minor debugging message fix

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Add a basic unit test case

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Complete the basic unit test case

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Take not only targetNamespaces, but also stopping state into consideration for start/stop namespaces

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Fix initial resource version for the watcher

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Cleanup

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* remove unused import

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Cleanup

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Remove invalid entry from resources test

* Added support for Custom NameSpace for DB Service (#1349)

* Added support for Custom NameSpace for DB Service

* Missing updated files

* Modified the QA infra

* resolution to jenkin failure

* More changes to DbUtils.java

* More test modification

* Modification based on Review Comments

* Incorporated more review comments

* More Chanegs to README.md file

* More chages for PR Review

* Sync up latest develop branch

* Add env var for docker images url and more changes (#1363)

* fix checkstyle issues, sharingpv test

* fix checkstyle

* fix helm chart test

* fix for parallel runs

* fix pom to run post-integration-test

* fix pom for log format

* keep domain running if test fails for debugging

* adding javadoc and some refactoring

* remove spaces in domain namespace list

* Suncup Logging tests jenkins-ignore

* change the image name for domain in image test case

* synchronize ns update in LB

* Synced up ItElasticlogging test jenkins-ignore

* Synced up ItElasticlogging test jenkins-ignore

* debugging

* conflict when creating LB. So adding synchronization

* v1 change for ItPodsRestart tests in parallel

* adding unique image attribute

* adding unique name for conflicting domain yaml file

* fixing coherence test

* fixing image name and coherence test

* updated tests to support parallel runs

* try synchronize one more time

* increased helm timeout

* skip statedump.sh as its failing

* corrected checkstyle issues

* remove syncrhonize at method level

* corrected checkstyle issues1

* checkstyle1

* undo pom.xml change

* checkstyle2

*  minor fix of exec order

* updated test to run in parallel

* fixed checkstyle

* uncommented one test, it will fails to run in paral

* fixed checkstyle

* switch between seq or parallel using var

* initial fix

* updated readme for parallel testing

* updated readme for parallel testing

* updated readme for parallel testing

* fixing the image name for dominimage

* Remove the tag

* Fix the image name pushing to registry

* convert SitConfig tests to run in paral

* Fixed Voyager issue when running StickySession test jenkins-ignore

* Fixed Voyager issue when running StickySession test 2 jenkins-ignore

* run against modified exporter branch temp

* Removed debugger from LoadBalance.java jenkins-ignore

* dir structure changes

* Added loop to wait Voyager gets ready jenkins-ignore

*  fixed mysql jdbs driver

* del unchanged test files

* pvroot dir creation

*  updated mysql creation

*  fixed typo

*  fixed typo1

* fix path

* itclass to lowercase

* fix sample test

* fix sample test

* updated version of Mon Exp, fixed SitConfig

* fixed checkstyle

* modify more tests

* fixed vars initializing

* fixed vars initializing1

* checkstyle

* initialize fix3

* initialize fix3

* fixed ns

* fixed ns1

* fixed dst

* fixed ns1

* fix1

* fix2

* fix3

* fixed fix4

* fixed fix5

* adding more tests with results dir changes

* adding more tests with changes

* refactor changes

* fix jrf result loc

* fixing jrf test

* exclude elasticlogging test

* fix jrf test

* fix jrf test

* fix jrf tests

* integration test changes to run with junit5

* refactoring

* create dir with root permissions

* run only quicktests for quicktests

* adding jrf tests

* initial version for JRf testsinparallel

* make getNewSuffixCnt synchronized and fix testClassName

* undo elasticlogging exclude

* Fixed a hanging issue jenkins-ignore

* change the pom.xml

* delete the old Jrf test class

* fixed fix6

* fixed fix7

* fix8

* code cleanup

* fix11

* fix11

* fix12

* fix13

* exclude itmonitoringexporter

* fix asserts in k8sUtils

* fix14

* fix15

* fix116

* fix17

* fix18

* fix19

* fix20

* switched back to master for monexp

* add junit properties file

* increasing global maxiterations

* merged changes

* comply with PV/dir/ structure

* fix elk test

* comment out setWaitTime calls

* merge to current changes

* adding sleep as huiling suggested

* skip elk test which is hanging

* undo skip elk test which is hanging

* remove explicit set of iteration

* add javadoc

* remove unused constants and files

* updated code based on review

* updated code based on review1

* updated code based on review2

* deleting old jrf tests and commenting hanging test

* fixed MonExporter test

* fixed MonExporter test1

* Fixed issues running in parallel jenkins-ignore

* fixed MonExporter test3

* undo skip test

* undo skip test

* trying threadcountclasses 5

* remove unlimited thread count

* set percorethreadcount to false

* fixed MonExporter test4

* refactor itoperator into smaller classes

* increase thread count to 7

* fix quicktest issue

* added back monitoring exporter

* fixed db

* fixed db1

* delete commented out comments

* delete commented out comments1

* fix surefire plugin version

* update to it pom.xml

* fixing ItmonitoringExporter and Jrf test

* commenting elastic logging test

* add pod name and timeout, junit config

* fix namespace

* test with two profiles

* thread count 10

* add back wls jrf profile

* adding two profiles

* fixed shutdowntests and monexp for junit5

* reduce thread count

* junit5

* junit5-1

* junit5-2

* adding ingress check

* add option to run parallel/sequential and fix failing test

* test

* test1

* test3

* test4

* adding cleanup in post-integration-test

* minor changes

* fixing README

* fixing README

* reverting the change

* Added request-timeout jenkins-ignore (#1344)

* remove duplicate test methods

* uncomment elastic search test

* changing to junit5

* add ability to take docker images url from env var

* use patch to update status (#1362)

* use patch to update status

* update domain status and log validation failures

* Remove UseContainerSupport and related option usage (#1368)

* Remove UseContainerSupport option usage

* Remove UseCGroupMemoryLimitForHeap option

* OWLS-78571 (Resolves #1252) - Config map not updated with new files on second run of create-domain.sh (#1367)

* replace contents of configmap if already exists

* replace contents of configmap if already exists

* Remove unneeded image pull secret (#1372)

* Revert "Remove unneeded image pull secret"

This reverts commit 1b52a227d677ed5f417e807be67c51bf8276ea2c.

* add Traefik notice

* Removed order dependency for tests, added more checks to avoid intermittent failures (#1375)

* synchronize ns update in LB

* Synced up ItElasticlogging test jenkins-ignore

* Synced up ItElasticlogging test jenkins-ignore

* debugging

* conflict when creating LB. So adding synchronization

* v1 change for ItPodsRestart tests in parallel

* adding unique image attribute

* adding unique name for conflicting domain yaml file

* fixing coherence test

* fixing image name and coherence test

* updated tests to support parallel runs

* try synchronize one more time

* increased helm timeout

* skip statedump.sh as its failing

* corrected checkstyle issues

* remove syncrhonize at method level

* corrected checkstyle issues1

* checkstyle1

* undo pom.xml change

* checkstyle2

*  minor fix of exec order

* updated test to run in parallel

* fixed checkstyle

* uncommented one test, it will fails to run in paral

* fixed checkstyle

* switch between seq or parallel using var

* initial fix

* updated readme for parallel testing

* updated readme for parallel testing

* updated readme for parallel testing

* fixing the image name for dominimage

* Remove the tag

* Fix the image name pushing to registry

* convert SitConfig tests to run in paral

* Fixed Voyager issue when running StickySession test jenkins-ignore

* Fixed Voyager issue when running StickySession test 2 jenkins-ignore

* run against modified exporter branch temp

* Removed debugger from LoadBalance.java jenkins-ignore

* dir structure changes

* Added loop to wait Voyager gets ready jenkins-ignore

*  fixed mysql jdbs driver

* del unchanged test files

* pvroot dir creation

*  updated mysql creation

*  fixed typo

*  fixed typo1

* fix path

* itclass to lowercase

* fix sample test

* fix sample test

* updated version of Mon Exp, fixed SitConfig

* fixed checkstyle

* modify more tests

* fixed vars initializing

* fixed vars initializing1

* checkstyle

* initialize fix3

* initialize fix3

* fixed ns

* fixed ns1

* fixed dst

* fixed ns1

* fix1

* fix2

* fix3

* fixed fix4

* fixed fix5

* adding more tests with results dir changes

* adding more tests with changes

* refactor changes

* fix jrf result loc

* fixing jrf test

* exclude elasticlogging test

* fix jrf test

* fix jrf test

* fix jrf tests

* integration test changes to run with junit5

* refactoring

* create dir with root permissions

* run only quicktests for quicktests

* adding jrf tests

* initial version for JRf testsinparallel

* make getNewSuffixCnt synchronized and fix testClassName

* undo elasticlogging exclude

* Fixed a hanging issue jenkins-ignore

* change the pom.xml

* delete the old Jrf test class

* fixed fix6

* fixed fix7

* fix8

* code cleanup

* fix11

* fix11

* fix12

* fix13

* exclude itmonitoringexporter

* fix asserts in k8sUtils

* fix14

* fix15

* fix116

* fix17

* fix18

* fix19

* fix20

* switched back to master for monexp

* add junit properties file

* increasing global maxiterations

* merged changes

* comply with PV/dir/ structure

* fix elk test

* comment out setWaitTime calls

* merge to current changes

* adding sleep as huiling suggested

* skip elk test which is hanging

* undo skip elk test which is hanging

* remove explicit set of iteration

* add javadoc

* remove unused constants and files

* updated code based on review

* updated code based on review1

* updated code based on review2

* deleting old jrf tests and commenting hanging test

* fixed MonExporter test

* fixed MonExporter test1

* Fixed issues running in parallel jenkins-ignore

* fixed MonExporter test3

* undo skip test

* undo skip test

* trying threadcountclasses 5

* remove unlimited thread count

* set percorethreadcount to false

* fixed MonExporter test4

* refactor itoperator into smaller classes

* increase thread count to 7

* fix quicktest issue

* added back monitoring exporter

* fixed db

* fixed db1

* delete commented out comments

* delete commented out comments1

* fix surefire plugin version

* update to it pom.xml

* fixing ItmonitoringExporter and Jrf test

* commenting elastic logging test

* add pod name and timeout, junit config

* fix namespace

* test with two profiles

* thread count 10

* add back wls jrf profile

* adding two profiles

* fixed shutdowntests and monexp for junit5

* reduce thread count

* junit5

* junit5-1

* junit5-2

* adding ingress check

* fixed intermitent issues

* fixed intermitent issues1

* add option to run parallel/sequential and fix failing test

* fixed intermitent issues2

* fixed intermitent issues3

* fixed intermitent issues4

* test

* fix temp failures

* test1

* test3

* test4

* adding cleanup in post-integration-test

* minor changes

* fixing README

* fixing README

* reverting the change

* Added request-timeout jenkins-ignore (#1344)

* added branch ver

* added mon branch

* added mon branch1

* fixing interm issues

* interm fix

* interm fix1

* interm fix2

* fixed intem issues and order of exe

* clean up commented out code

*  combined basic func tests into one

* Verify configured secrets before running introspector (#1369)

* Verify weblogic credentials secret before running introspector

* fix codestyle errors

* enforce namespace restriction for weblogicCredentialsSecret

* Add validations for image pull and config override secrets

* search for secrets in domain namespace only

* Install image pull secret even without a cluster

* Clean up ConfigMap watcher map and log messages (#1376)

* update docs (#1345)

* update docs

* update script

* update WLS image version (#1357)

* Correct log messages for CM creation/replacement/exists and for security checks

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Avoid potential NPE

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Minor fix

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

Co-authored-by: Rosemary Marano <rosemary.marano@oracle.com>

* OWLS 72829: Separate JVM arguments for NM and server instance (#1373)

* initial implementation for separating JVM arguments for NM and server instances

* cleanup trace debug statements

* Changes based on review feedback

* removed extraneous '.'

* incorporated Rosemary Marano's documentation review changes

* added description for default values of USER_MEM_ARGS

* Remove extraneous '_'

* add SOA samples (#1371)

* add SOA samples

* edit SOA sample and delete images

* incorporate Samba comments

* Fix ItOperator testDomainOnPvUsingWdt test on external Jenkins (#1378)

* fix for itoperator test failure and npe

* make OCR user/password mandatory as its required for multi node cluster

* Opupgradefix (#1379)

* Fix the image property in operator map when running in shared cluster and
it has operatorImageName and operatorImageTag

* No need to have another if check, the presence of operatorImageName and
Tag should be enough to set the image params regardless where it is
running

* add FAQs for mapping PVC and ConfigMap to instances (#1381)

* add FAQs for mapping PVC and ConfigMap to instances

* Address initial review comments

* Quoted more names

* Nm mem args (#1382)

* set -Djava.security.egd=file:/dev/./urandom for Node Manager, if not defined

* update user guide to include defaulting information about java security property

* default memory and Java security values if NODEMGR_MEM_ARGS environment variable not defined

* Fix some of the intermittent failures on external jenkins (#1385)

* fix for itoperator test failure and npe

* make OCR user/password mandatory as its required for multi node cluster

* retry curl to fix intermittent failures on ext jenkins

* exclude itmonitoringexporter

* fixing dir check intermittent failure in external jenkins

* fix for intemittent NoRouteToHostException

* fix checkstyle errors

* remove monitoring exporter exclude

* Make getAdminService idempotent (#1383)

* Make getAdminService idempotent

* Only update status when it changes

* Introspect Test Fix: integration test PV directory cleanup now expects tests to be one directory deeper (#1387)

* increase DB connection attempts (#1386)

* Get NM thread dump if NM times out. Also fix NM .out dump to stdout. (#1388)

* Upgrade Kubernetes Java client to 7.0.0 (#1389)

* Move to client version 7.0.0

* Kubernetes java-client version 7.0.0

* Correct parameter

* Missing copyrights

* Disable unnecessary API client pooling

* Review comments

* fix kubectl cp with the latest FMW image (#1390)

* Fix use of dryRun (#1393)

* Fix WLDF scaling test that's failing with updated WebLogic image on OCR (#1391)

* fix for itoperator test failure and npe

* make OCR user/password mandatory as its required for multi node cluster

* retry curl to fix intermittent failures on ext jenkins

* exclude itmonitoringexporter

* fixing dir check intermittent failure in external jenkins

* fix for intemittent NoRouteToHostException

* fix checkstyle errors

* remove monitoring exporter exclude

* exclude monexp tests

* list dir

* list dir

* list dir

* list dir

* list dir

* list dir

* change permission on file

* using TestUtils for copy/cat

* using TestUtils for copy/cat

* undo mon exp exclude

* Made some changes to run MonExporter test in external Jenkins  (#1392)

* added changes to support extjen runs

* added changes to support extjen runs1

* fixed image policy

* fixed image policy1

* corrected secret gen

* deleted debug commands  (#1397)

*  comment out get pods k8s comm

*  comment out get pods k8s comm1

* cleanup

* [OWLS-79168] Run operator as non-root user (#1399)

* change operator to run with non-root user

* add user and group definitions

* reorder dockerfile to minimize image size

* fix broken link

* When patching fails, re-read the domain and recompute the patch (#1401)

* PR: Owls 79241 improve JRF domain cleanup logic (#1402)

* improve cleanup logic for JRF domain

* improve cleanup of JRF domain

* made conditional to create imagepull secret (#1403)

*  comment out get pods k8s comm

*  comment out get pods k8s comm1

* cleanup

* made conditional pull secret creation

* Helm3 owls 79158 (#1396)

* Add helm 3 support and update doc

* update doc for helm update command

* update doc wordings

* update doc

* update doc

* update doc

* update doc

* update doc

* change formatting and wordings

* capitalized Helm

* format change

* Fix formatting

* change formatting

* fix formatting

* Update cleanup.md

* Update create-domain.md

* Update namespace-management.md

* Update namespace-management.md

* Update namespace-management.md

* Update secrets.md

* Update certificates.md

* Update _index.md

* Update _index.md

* Update namespace-management.md

* Update _index.md

* Update cleanup.md

* Update prepare.md

* Update _index.md

* add apiVersion: v1 to Chart.yaml for helm 3 backward compatibility

* fixed bad character

* format change

* Update _index.md

* Update _index.md

* review and edit files

* Update _index.md

* Update install.md

Co-authored-by: Rosemary Marano <rosemary.marano@oracle.com>

* owls-77750 dedicated ns (#1384)

* Work in progress

* More changes and merge with develop

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* More changes

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Work around issues with CRD validation and fix an installation test failure

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Fix installation test failure

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Fixing installation test failure in Jenkins

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* More change for dedicated in installation test

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* One more change

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Minor fix of nonresource security

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* update operator charts docs

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Workaround generated CRD yaml issue

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Move the generated crd to a different location

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Move generated crd

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Fix podresets permission error

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Check and skip access to cluster level resources and update copyright

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Improve security check code

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Cleanup cluster security checks and add log messages

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Update generated domain crd yaml and clean up logging

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Add more logging

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Add basic unit test cases for "dedicated"

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Add doc contents plus cleanup

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Fix validation

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Turn off verify boolen for dedicated value

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* add unit tests

* Address review comments from Mark

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Address doc comments from Rosemary

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Rebuilt files

Co-authored-by: Ryan Eberhard <ryan.eberhard@oracle.com>
Co-authored-by: Russell Gold <russell.gold@oracle.com>

* Fix Helm tests

* Remove defunct test

* delete the domain in image created for the test (#1404)

* delete domain image for all domain in image tests at the end

* del image

* fix checkstyle

* fix copyright

* adding javadoc

* fix copyright

* Remove permissions to cluster-level resources (#1411)

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* merge 1408 into develop

* Change log to INFO and omit stack trace (#1410)

* Change log to INFO and omit stack trace

* correct log message

* Update CheckStyle plugin version and take latest rule set (#1417)

* WIP: updating checkstyle plugin and rules

* update checkstyle rules with derek

* WIP - fixing checkstyle violations

* fixing violations

* fixing violations

* fixing violations

* fixing violations

* style cleanup - after checkstyle update

* fixing violations

* style cleanup - after checkstyle update

* fixing violations

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* fixing violations

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* fixing violations

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* fixing violations

* fixing violations

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* fixing violations

* Update WeblogicApi

* Fix build

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* style cleanup - after checkstyle update

* Additional javadoc

* Resolve more CheckStyle errors

* Work in progress

* CheckStyle clean

* Copyright dates

Co-authored-by: Derek Sharpe <36005286+ddsharpe@users.noreply.github.com>
Co-authored-by: Ryan Eberhard <ryan.eberhard@oracle.com>

* Fixed image pull policy for external jenkin, added cleanup for wls image  (#1416)

* cleaned domain image, changed policy to Always

* fixed typos

* fixed typos1

* fixed typo3

* fixed typos4

* fixed checkstyle

* fixed grafana port number

Co-authored-by: Ryan Eberhard <ryan.eberhard@oracle.com>

* Owls79453 (#1418)

* change port range and connectexception string

* fix port range and remove unused method

* revert port change

Co-authored-by: Ryan Eberhard <ryan.eberhard@oracle.com>

* Update for new license format (#1420)

* Use deploy tool version 1.7.0 (#1421)

* Use deploy tooling release 1.7.0

* Revert unintended change

* Dependency and plugin version updates for 2.5.0 (#1423)

* Owls 79377 (#1407)

* Modified setup.sh to work with Helm 2.x/3.x

* Modified CopyRight Statement

* resolution to review comments

* Addressed more review comments

* modified helm search command and add functionality to add NameSpace if does not exits

* Modify the uninstall command for Helm 3.x

* Added support for Custom Voyager Version

* Explict Helm Version Check

* Explict Helm Version Check; Get the Voyager Doc Change from PR 1406

Co-authored-by: Ryan Eberhard <ryan.eberhard@oracle.com>

* jenkins-ignore - testing gitlab-ci

* jenkins-ignore - testing gitlab-ci

* Delete .gitlab-ci.yml

* New branch for Wit sample tests, using DomainMap to change image tag (#1424)

* New b ranch for WIT sample test jenkins-ignore

* New b ranch for WIT sample test jenkins-ignore

* Added the test to USECASES.MD jenkins-ignore

* fix copyright notice

* fix copyright notice

* fix copyright notice

* fix copyright notice

* fix copyright notice

Co-authored-by: Mark Nelson <mark.x.nelson@oracle.com>

* Fixed test to support different LB's (#1422)

* added support for other LBs

*  fixed checkstyle

* fixed string

* fixed lb

* added extra check

* fixed some logic

* fixed logic

* fixed checkstyle

* updated to newest grafana/prom versions

* fixed logic

* fixed logic1

* made promalertmager port generated

* fixed lb

* promval

* changed back grafana version due not compatable with tiller version

* changed back grafana version due not compatable with tiller version1

* updated grafana ver

* updated grafana ver1

* added condition for imagepull policy

*  modified shell script

*  reverted prom version

* merge 1425 to develop

* MARK: SOA doc merge (#1427)

* update docs (#1345)

* update docs

* update script

* Doc updates for SOA

* incorporated review comments for PR #1351

* Corrected link to soa index.md

* updated docs for review comments

* updated the latest links for pages

* update WLS image version (#1357)

* updated docs to resolve review comments

* add Traefik notice (#1374)

* Reverted the SOA documenatation related changes

* fix for SOA managed server startup failure issue (bug 30433422)

* added create-oracle-db-service code to SOA

* fix broken link (#1400)

* removed create-oracle-db-service code from this branch

* Updated SOA docs with latest information

* updated soa doc with latest db creation steps

* Remove the build badge which is not using https, does not have a (#1408)

valid cert, and which is not being used 'right' anyway - not
pointing to a consistent branch.

* create image with Image Tool (#1398)

* create image with Image Tool

* fix JDK version number

* FIX MISTAKES YIKES

* additional edits

* Added README.md for SOA

* Updated links

* mark is reviewing

* review edits

* mark is still editing

* update samples

* minor edits

* address review comments

Co-authored-by: Rosemary Marano <rosemary.marano@oracle.com>
Co-authored-by: Sambasiva Battagiri <52483425+sbattagi@users.noreply.github.com>

* Add weight to OCI FSS FAQ entry (#1428)

* pull updated fgaw from master:

* PR: Accommodate the latest FMW image change (#1419)

* fix the latest FMW image issue

* fix the latest FMW image issue

* fix the latest FMW image issue

* fix the latest FMW image issue

* fix the latest FMW image issue

* increase pod loop count

* fix a typo

* revert ItJrfPvWlst.java change

* copyright change

* resolve the conflicts

* Unit test support for Helm 2 and 3 (#1432)

* Unit test support for Helm 2 and 3

* Adjust helm version check for older versions

* Remove bad test

* cherrypick merge 1431 from master into develop

* Remove unnecessary privileges and run successfully with missing cluster privs (#1435)

* Reduce required and given privilege

* Fix Helm tests

* Update docs and prepare for privilege checking

* Reorganize namespace start so that security check information is available

* Remove unnecessary code and privileges

* Work in progress

* Don't watch namespaces on dedicated

* Finish skip or fail if not authorized

* Fix dedicated mode failures

* Rebuild files

* More doc updates for dedicated namespace (#1405)

* More doc updates for dedicated namespace

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Reword a sentence to address Rosemary's review comment.

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Add notice to service-accounts.md pointing to "dedicated" namespaces.

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Minor formatting change

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* More doc update, and split the notice into two.

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Add one more sentence

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

* Minor format change

Signed-off-by: doxiao <dongbo.xiao@oracle.com>

Co-authored-by: Ryan Eberhard <ryan.eberhard@oracle.com>

* add check for dynamic-servers with no name element (#1434)

* Add /logs directory (#1436)

* Commented out ItMonitoringExporter test (#1438)

* added support for other LBs

*  fixed checkstyle

* fixed string

* fixed lb

* added extra check

* fixed some logic

* fixed logic

* fixed checkstyle

* updated to newest grafana/prom versions

* fixed logic

* fixed logic1

* made promalertmager port generated

* fixed lb

* promval

* changed back grafana version due not compatable with tiller version

* changed back grafana version due not compatable with tiller version1

* updated grafana ver

* updated grafana ver1

* added condition for imagepull policy

*  modified shell script

*  reverted prom version

* added ignore to skip the test

* Update supported versions before 2.5.0 release (#1437)

* Build charts

* Update WDT and WIT versions (#1441)

* Fix what is broken (#1443)

* No longer skip based on pre-auth

* Clarify when to run namespace vs cluster access checks

* Clean-up some more access check logs

* excluded MonExp via pom.xml

* Add comment

Co-authored-by: Marina Kogan <marina.kogan@oracle.com>

* Restore older version docs

* Remove dead code and add final modifiers (#1444)

* Remove dead code and add final modifiers

* Remove a few final designations that were modified by stubs in unit-tests

* Domain secret MD5 checksum. (#1445)

* Domain secret MD5 checksum.

* Domain secret MD5 checksum: fix to handle live upgrade case.

* cherrypick 1429 from master

* cherrypick 1448 from master

* Late version updates (#1449)

* Update javadoc

* Version updates

Co-authored-by: Antaryami Panigrahi <31135902+anpanigr@users.noreply.github.com>
Co-authored-by: Russell Gold <russell.gold@oracle.com>
Co-authored-by: Mark Nelson <mark.x.nelson@oracle.com>
Co-authored-by: Vanajakshi Mukkara <35709372+vanajamukkara@users.noreply.github.com>
Co-authored-by: Anthony Lai <anthony.lai@oracle.com>
Co-authored-by: Huiling Zhao <41090416+hzhao-github@users.noreply.github.com>
Co-authored-by: alan-cao <cao_yulong@hotmail.com>
Co-authored-by: Dongbo Xiao <dongbo.xiao@oracle.com>
Co-authored-by: Craig Perez <craig.perez@oracle.com>
Co-authored-by: Marina Kogan <marina.kogan@oracle.com>
Co-authored-by: Sambasiva Battagiri <52483425+sbattagi@users.noreply.github.com>
Co-authored-by: Derek Sharpe <36005286+ddsharpe@users.noreply.github.com>
Co-authored-by: Lenny Phan <33355669+lennyphan@users.noreply.github.com>
Co-authored-by: Rosemary Marano <rosemary.marano@oracle.com>
Co-authored-by: Michael Gianatassio <31552226+mgianatagh@users.noreply.github.com>
Co-authored-by: Bhavani Ravichandran <31928633+bhavaniravichandran@users.noreply.github.com>
Co-authored-by: Maggie He <maggie.he@oracle.com>
Co-authored-by: Tom Barnes <tom.barnes@oracle.com>
Co-authored-by: Sankar Periyathambi Neelakandan <45743425+sankarpn@users.noreply.github.com>
Co-authored-by: Johnny Shum <johnny.shum@oracle.com>
  • Loading branch information
@rjeberhard @anpanigr
@russgold @markxnelson @vanajamukkara @alai8 @hzhao-github @alan-cao @doxiao @TheFrogPad @marinakog @sbattagi @ddsharpe @lennyphan @rosemarymarano @mgianatagh @bhavaniravichandran @maggiehe00 @sankarpn @jshum2479
21 people authored Feb 26, 2020
1 parent b002bed commit 075416c
Show file tree
Hide file tree
Showing 1,474 changed files with 77,324 additions and 96,161 deletions.
13 changes: 10 additions & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright (c) 2017, 2019, Oracle Corporation and/or its affiliates. All rights reserved.
# Copyright (c) 2017, 2020, Oracle Corporation and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
#
# HOW TO BUILD THIS IMAGE
Expand All @@ -16,8 +16,15 @@ RUN yum -y install openssl && yum clean all
# ----------
MAINTAINER Ryan Eberhard <ryan.eberhard@oracle.com>

RUN mkdir /operator
RUN mkdir /operator/lib
# make the operator run with a non-root user id (1000 is the `oracle` user)
RUN groupadd -g 1000 oracle && \
useradd -d /operator -M -s /bin/bash -g 1000 -u 1000 oracle && \
mkdir /operator && \
mkdir /operator/lib && \
mkdir /logs && \
chown -R 1000:1000 /operator /logs
USER 1000

ENV PATH=$PATH:/operator

ARG VERSION
Expand Down
2 changes: 2 additions & 0 deletions build-tools/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
<!-- Copyright (c) 2017, 2020, Oracle Corporation and/or its affiliates.
Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. -->
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>oracle.kubernetes</groupId>
Expand Down
155 changes: 112 additions & 43 deletions ...s/src/main/resources/weblogic-kubernetes-operator/checkstyle/customized_google_checks.xml
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion build-tools/src/main/resources/weblogic-kubernetes-operator/checkstyle/java.header
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
^// Copyright \(c\) (\d\d\d\d, )+Oracle Corporation and\/or its affiliates\. All rights reserved\.$
^// Copyright \(c\) (\d\d\d\d, )+Oracle Corporation and\/or its affiliates\.$
^// Licensed under the Universal Permissive License v 1\.0 as shown at https://oss\.oracle\.com/licenses/upl\.$
5 changes: 3 additions & 2 deletions buildtime-reports/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Copyright (c) 2017, 2020, Oracle Corporation and/or its affiliates.
Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. -->
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
Expand All @@ -7,7 +8,7 @@
<parent>
<artifactId>operator-parent</artifactId>
<groupId>oracle.kubernetes</groupId>
<version>2.4.0</version>
<version>2.5.0</version>
</parent>

<artifactId>buildtime-reports</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion docs-source/content/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ The fastest way to experience the operator is to follow the [Quick Start guide](

***
The [current release of the operator](https://github.com/oracle/weblogic-kubernetes-operator/releases) is 2.5.0.
This release was published on February 26th, 2020.
This release was published on February 26, 2020.
***

{{% notice note %}}
Expand Down
1 change: 1 addition & 0 deletions docs-source/content/faq/cannot-pull-image.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
title: "Cannot Pull Image"
date: 2019-03-23T08:08:19-04:00
draft: false
weight: 1
---

> My domain will not start and I see errors like `ImagePullBackoff` or `Cannot pull image`
Expand Down
1 change: 1 addition & 0 deletions docs-source/content/faq/coherence-requirements.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
title: "Coherence Requirements"
date: 2019-08-12T12:41:38-04:00
draft: false
weight: 4
---

If you are running Coherence on Kubernetes, either inside a WebLogic domain
Expand Down
43 changes: 43 additions & 0 deletions docs-source/content/faq/configmaps.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
---
title: "Providing access to a Config Map"
date: 2020-01-07T15:02:28-05:00
draft: false
weight: 11
---
> I need to provide an instance with access to a Config Map.
Configuration files can be supplied to Kubernetes pods and jobs by a
[ConfigMap](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#create-a-configmap),
which consists of a set of key-value pairs. Each entry may be accessed by one or more operator-managed nodes
as a read-only text file. Access can be provided across the domain, within a single cluster, or for a single server.
In each case, the access is configured within the `serverPod` element of the desired scope.

For example, given
a ConfigMap named `my-map` with entries `key-1` and `key-2`, you can provide access to both values as separate files
in the same directory within the `cluster-1` cluster with the following
in your [domain resource](https://github.com/oracle/weblogic-kubernetes-operator/blob/master/docs/domains/Domain.md):


```
clusters:
- clusterName: cluster-1
serverPod:
volumes:
- name: my-volume-1
configMap:
name: my-map
items:
- key: key-1
path: first
- key: key-2
path: second
volumeMounts:
- name: my-volume-1
mountPath: /weblogic-operator/my
```
This provides access to two files, found at paths `/weblogic-operator/my/first` and `/weblogic-operator/my/second`.
Both a `volume` and a `volumeMount` entry are required, and must have the same name. The name of the `ConfigMap` is
specified in the `name` field under the `configMap` entry. The `items` entry is an array,
in which each entry maps a `ConfigMap` key to a file name under the directory specified as `mountPath` under a `volumeMount`.

206 changes: 206 additions & 0 deletions docs-source/content/faq/external-clients.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,206 @@
---
title: "External WebLogic Clients"
date: 2019-11-21T21:23:03Z
draft: false
weight: 6
---

### Approaches

There are two supported approaches for giving external WebLogic EJB or JMS clients access to a Kubernetes hosted WebLogic cluster: [Load Balancer Tunneling](#load-balancer-tunneling) and [Kubernetes NodePorts](#kubernetes-nodeports).

{{% notice note %}}
This FAQ is for remote EJB and JMS clients - not JTA clients. The operator does not currently support external WebLogic JTA access to a WebLogic cluster, as (A) external JTA access requires each server in the cluster to be individually addressable by the client, but this conflicts with (B) the current operator requirement that a network channel in a cluster have the same port across all servers in the cluster.
{{% /notice %}}

#### Load Balancer Tunneling

The Load Balancer Tunneling approach for giving external WebLogic EJB or JMS clients access to a Kubernetes hosted WebLogic cluster involves configuring a network channel on the desired WebLogic cluster that accepts T3 protocol traffic that's tunnelled over HTTP, deploying a load balancer that redirects external HTTP network traffic to the desired WebLogic network channel, and ensuring that EJB and JMS clients specify a URL that resolves the load balancer's network address.

Here are the specific steps:

- Configure a custom channel for the T3 protocol in WebLogic that (A) enables HTTP Tunneling, and (B) specifies an external address and port that correspond to the address and port remote clients will use to access the load balancer. See [Adding a WebLogic Custom Channel](#adding-a-weblogic-custom-channel) for samples and details.

- Set up a load balancer that redirects HTTP traffic to the custom channel. For a discussion of load balancers, see [Ingress]({{<relref "/userguide/managing-domains/ingress/_index.md">}}). If you're also using OKE/OCI to host your Kubernetes cluster, also see [Using an OCI Load Balancer]({{<relref "/faq/oci-lb">}}).

- __Important__: Ensure that the load balancer configures the HTTP flow to be 'sticky' - for example, a Traefik load balancer has a `sticky sessions` option. This ensures that all of the packets of a tunneling client connection flow to the same pod, otherwise the connection will stall when its packets are load balanced to a different pod.

- Remote clients can then access the custom channel using an `http://` URL instead of a `t3://` URL.

- Review the [Security Notes](#security-notes) below.

#### Kubernetes NodePorts

The Kubernetes NodePorts approach for giving external WebLogic EJB or JMS clients access to a Kubernetes hosted WebLogic cluster involves configuring a network channel on the desired WebLogic cluster that accepts T3 protocol traffic, and deploying Kubernetes NodePort that redirects external network traffic on the Kubernetes nodes to the network channel.

Here are the specific steps:

- Configure a custom channel for the T3 protocol in WebLogic that specifies an external address and port that are suitable for remote client use. See [Adding a WebLogic Custom Channel](#adding-a-weblogic-custom-channel).

- Deploy a Kubernetes NodePort to publicly expose the WebLogic ports. See [Setting up a NodePort](#setting-up-a-nodeport).

- Review the [Security Notes](#security-notes) below.

### Adding a WebLogic Custom Channel

#### When is a WebLogic Custom Channel Needed?

WebLogic implicitly creates a multi-protocol default channel that spans the `Listen Address` and `Port` fields specified on each server in the cluster, but this channel is usually unsuitable for external network traffic from EJB and JMS clients. Instead, you may need to configure an additional dedicated WebLogic custom channel to handle remote EJB or JMS client network traffic.

A custom channel provides a way to configure an external listen address and port for use by external clients, unlike a default channel. External listen address and/or port configuration is needed when a channel's configured listen address and/or port would not work if used to form a URL in the remote client. This is because remote EJB and JMS clients internally use their client's channel's configured network information to reconnect to WebLogic when needed. (The EJB and JMS clients do not always use the initial URL specified in the client's JNDI context.)

A custom channel can be locked down using two-way SSL as a way to prevent access by unauthorizzed external JMS and EJB clients, only accepts protocols that are explicitly enabled for the channel, and can be configured to be the only channel that accepts EJB/JMS clients that tunnel over HTTP. A default channel may often be deliberately unencrypted for convenient internal use, or, if used externally, is only used for web traffic (not tunneling traffic). In addition, a default channel supports several protocols but it's a best practice to limit the protocols that can be accessed by external clients. Finally, external clients may require access using HTTP tunneling in order to make connections, but it's often inadvisable to enable tunneling for an unsecured default channel that's already servicing external HTTP traffic. This is because enabling HTTP tunneling would potentially allow unauthorized external JMS and EJB clients unsecured access to the WebLogic cluster through the same HTTP path.

#### Configuring a WebLogic Custom Channel

The basic requirements for configuring a custom channel for remote EJB and JMS access are:

- Configure a T3 protocol network-access-point (NAP) with the same name and port on each server (the operator will set the listen address for you).

- Configure the external listen address and port on each NAP to match the address and port component of a URL your clients can use. For example, if you are providing access to remote clients using a load balancer then these should match the address and port of the load balancer.

- If you want WebLogic T3 clients to tunnel through HTTP, then enable HTTP tunneling on each NAP. This is often necessary for load balancers.

- Do _NOT_ set `outbound-enabled` to `true` on the network-access-point (the default is `false`), as this may cause internal network traffic to stall in an attempt to route through the network-access-point.

- Ensure you haven't enabled `calculated-listen-ports` for WebLogic dynamic cluster servers. The operator requires that a channel have the same port on each server in a cluster, but `calculated-listen-ports` causes the port to be different on each server.

For example, here is a snippet of a WebLogic domain's `config.xml` for channel `MyChannel` defined for a WebLogic dynamic cluster named `cluster-1`:

```
<server-template>
<name>cluster-1-template</name>
<listen-port>8001</listen-port>
<cluster>cluster-1</cluster>
<network-access-point>
<name>MyChannel</name>
<protocol>t3</protocol>
<public-address>some.public.address.com</public-address>
<listen-port>7999</listen-port>
<public-port>30999</public-port>
<http-enabled-for-this-protocol>true</http-enabled-for-this-protocol>
<tunneling-enabled>true</tunneling-enabled>
<outbound-enabled>false</outbound-enabled>
<enabled>true</enabled>
<two-way-ssl-enabled>false</two-way-ssl-enabled>
<client-certificate-enforced>false</client-certificate-enforced>
</network-access-point>
</server-template>
<cluster>
<name>cluster-1</name>
<cluster-messaging-mode>unicast</cluster-messaging-mode>
<dynamic-servers>
<name>cluster-1</name>
<server-template>cluster-1-template</server-template>
<maximum-dynamic-server-count>5</maximum-dynamic-server-count>
<calculated-listen-ports>false</calculated-listen-ports>
<server-name-prefix>managed-server</server-name-prefix>
<dynamic-cluster-size>5</dynamic-cluster-size>
<max-dynamic-cluster-size>5</max-dynamic-cluster-size>
</dynamic-servers>
</cluster>
```

And here is a snippet of offline WLST code that corresponds to the above config.xml snippet:

```
templateName = "cluster-1-template"
cd('/ServerTemplates/%s' % templateName)
templateChannelName = "MyChannel"
create(templateChannelName, 'NetworkAccessPoint')
cd('NetworkAccessPoints/%s' % templateChannelName)
set('Protocol', 't3')
set('ListenPort', 7999)
set('PublicPort', 30999)
set('HttpEnabledForThisProtocol', true)
set('TunnelingEnabled', true)
set('OutboundEnabled', false)
set('Enabled', true)
set('TwoWaySslEnabled', false)
set('ClientCertificateEnforced', false)
```

In this example:

- WebLogic binds the custom network channel to port `7999` and the default network channel to `8001`.

- The operator will automatically create a Kubernetes service named `DOMAIN_UID-cluster-cluster-1` for both the custom and default channel.

- Internal clients running in the same Kubernetes cluster as the channel can access the cluster using `t3://DOMAIN_UID-cluster-cluster-1:8001`.

- External clients would be expected to access the cluster using the custom channel using URLs like `t3://some.public.address.com:30999` or, if using tunneling, `http://some.public.address.com:30999`.

#### WebLogic Custom Channel Notes

- Channel configuration for a configured cluster requires configuring the same network-access-point on each server. The operator currently doesn't test or support network channels that have a different configuration on each server in the cluster.

- Additional steps are required for external clients beyond configuring the custom channel - see [Approaches](#approaches).

### Setting up a NodePort

#### Getting Started

A Kubernetes NodePort exposes a port on each machine that hosts the Kubernetes cluster where the port is accessible from outside of a Kubernetes cluster. This port redirects network traffic to pods within the Kubernetes cluster. Setting up a Kubernetes NodePort is one approach for giving external WebLogic clients access to JMS or EJBs.

If an EJB or JMS service is running on an Administration Server, then you can skip the rest of this section and use the `spec.adminServer.adminService.channels` domain resource attribute to have the operator create a NodePort for you. See [Reference - Domain resource]({{<relref "/reference/domain-resource/_index.md">}}). Otherwise, if the EJB or JMS service is running in a WebLogic cluster or standalone WebLogic Managed Server, and you desire to provide access to the service using a NodePort, then the NodePort must be deployed 'manually' - see the following sample and table.

{{% notice note %}}
Setting up a NodePort usually also requires setting up a custom network channel. See [Adding a WebLogic Custom Channel](#adding-a-weblogic-custom-channel) above.
{{% /notice %}}

#### Sample NodePort Resource

The following NodePort YAML deploys an external node port of `30999` and internal port `7999` for a domain UID of `DOMAIN_UID`, a domain name of `DOMAIN_NAME`, and a cluster name of `CLUSTER_NAME`. It assumes that `7999` corresponds to a T3 protocol port of a channel that's configured on your WebLogic cluster.

```
apiVersion: v1
kind: Service
metadata:
namespace: default
name: DOMAIN_UID-cluster-CLUSTER_NAME-ext
labels:
weblogic.domainUID: DOMAIN_UID
spec:
type: NodePort
externalTrafficPolicy: Cluster
sessionAffinity: ClientIP
selector:
weblogic.domainUID: DOMAIN_UID
weblogic.clusterName: CLUSTER_NAME
ports:
- name: myclustert3channel
nodePort: 30999
port: 7999
protocol: TCP
targetPort: 7999
```

#### Table of NodePort Attributes

|Attribute|Description|
|---------|-----------|
|`metadata.name`|For this particular use case, the NodePort name can be arbitrary as long as it is DNS compatible. But, as a convention it's recommended to use `DOMAIN_UID-cluster-CLUSTER_NAME-ext`. To ensure the name is DNS compatible, use all lower case and convert any underscores (`_`) to dashes (`-`).|
|`metadata.namespace`|Must match the namespace of your WebLogic cluster.|
|`metadata.labels`|Optional. It's helpful to set a `weblogic.domainUid` label so that cleanup scripts can locate all Kubernetes resources associated with a particular domain UID.|
|`spec.type`|Must be `NodePort`.|
|`spec.externalTrafficPolicy`|Set to `Cluster` for most use cases. This may lower performance, but ensures that a client that attaches to a node without any pods that match the `spec.selector` will be rerouted to a node with pods that do match. If set to `Local`, then connections to a particular Node will only route to that Node's pods and will fail if the Node doesn't host any pods with the given `spec.selector`. It's recommended for clients of a `spec.externalTrafficPolicy: Local` NodePort to use a URL that resolves to a list of all nodes such as `t3://mynode1,mynode2:30999` so that a client connect attempt will implicitly try `mynode2` if `mynode1` fails (alternatively, use a round-robin DNS address in place of `mynode1,mynode2`).|
|`spec.sessionAffinity`|Set to `ClientIP` to ensure an HTTP tunneling connection always routes to the same pod, otherwise the connection may hang and fail.|
|`spec.selector`|Specifies a `weblogic.domainUID` and `weblogic.clusterName` to associate the NodePort resource with your cluster's pods. The operator automatically sets these labels on the WebLogic cluster pods that it deploys for you.|
|`spec.ports.name`|This name is arbitrary.|
|`spec.ports.nodePort`|The external port that clients will use. This must match the external port that's configured on the WebLogic configured channels/network-access-points. By default, Kubernetes requires that this value range from `30000` to `32767`.|
|`spec.ports.port` and `spec.targetPort`|These must match the port that's configured on the WebLogic configured channel/network-access-point(s).|

### Security Notes

- With some cloud providers, a load balancer or NodePort may implicitly expose a port to the public Internet.

- If such a port supports a protocol suitable for WebLogic clients, note that WebLogic allows access to JNDI entries, EJB/RMI applications, and JMS by anonymous users by default.

- You can configure a custom channel with a secure protocol and two-way SSL to help prevent external access by unwanted clients. See [When is a WebLogic Custom Channel needed?](#when-is-a-weblogic-custom-channel-needed?).


### Optional Reading

- See [Run Standalone WebLogic JMS Clients on Kubernetes](https://blogs.oracle.com/weblogicserver/run-standalone-weblogic-jms-clients-on-kubernetes) for sample JMS client code and JMS configuration.

- See [T3 RMI Communication for WebLogic Server Running on Kubernetes](https://blogs.oracle.com/weblogicserver/t3-rmi-communication-for-weblogic-server-running-on-kubernetes) for a deep-level discussion of using T3 in combination with port mapping.
1 change: 1 addition & 0 deletions docs-source/content/faq/fan.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
title: "Disabling Fast Application Notifications"
date: 2019-10-11T17:20:00-05:00
draft: false
weight: 5
---

To support Fast Application Notifications (FAN), Oracle databases configure GRID (Oracle Grid Infrastructure).
Expand Down
Loading

0 comments on commit 075416c

Please sign in to comment.