Creating a Basic UIM Cloud Native Instance

4 Creating a Basic UIM Cloud Native Instance

This chapter describes how to create a basic UIM cloud native instance in your cloud environment using the operational scripts and the base UIM configuration provided in the UIM cloud native toolkit. You can create a UIM instance quickly in order to become familiar with the process, explore the configuration, and structure your own project. This procedure is intended to validate that you are able to create a basic UIM instance in your environment. For information on creating your own project with custom configuration, see "Creating Your Own UIM Cloud Native Instance".

Before you can create a UIM instance, you must do the following:

Download and extract the Common cloud native toolkit (COMMON CNTK) archive file.
Assemble the specifications.
Install WebLogic Operator. For more information, see "Installing the WebLogic Kubernetes Operator Container Image".
Install Nginx Ingress. For more information, see "About Load Balancing and Ingress Controller".

Installing the UIM Cloud Native Artifacts and the Toolkit

Build container images for the following using the UIM cloud native Image Builder:

UIM core application
UIM database installer

You must create a private Docker repository for these images, ensuring that all nodes in the cluster have access to the repository. See "About Container Image Management" for more information.

Download the Common cloud native toolkit archive and do the following:

On Oracle Linux: Where Kubernetes is hosted on Oracle Linux, download and extract the tar archive to each host that has connectivity to the Kubernetes cluster.
On OKE: For an environment where Kubernetes is running in OKE, extract the contents of the tar archive on each OKE client host. The OKE client host is the bastion host/s that is set up to communicate with the OKE cluster.

Assembling the Specifications

You must assemble the specification files to use the Common cloud native toolkit. To assemble the specification files:

Extract the archive.
Set up the environment.
Prepare the configuration.

Run the following command to assemble specification:

#Extract common-cntk
cd workspace
tar -xvf common-cntk.tar.gz

#Create spec directory
mkdir spec_dir

#Export variables 
export COMMON_CNTK=(path_to_workspace)/common-cntk
export SPEC_PATH=(path_to_workspace)/spec_dir
export STRIMZI_NS=strimzi   #this is strimzi namespace for message bus, if not applicable to you can keep default value `strimzi`

#Run assemble specification 
$COMMON_CNTK/scripts/assemble-specifications.sh -p project -i instance -s $SPEC_PATH

After assembling the specifications successfully without any errors, verify if the configuration files are correctly assembled by checking the contents of the $SPEC_PATH directory.

Note:

All scripts in common-cntk are designed to read the required configuration files from the path specified by $SPEC_PATH.

Installing WebLogic Kubernetes Operator (WKO) and Ingress Controller

In a shared environment, multiple developers may create UIM instances in the same cluster, using a shared WebLogic Kubernetes Operator.

Note:

There can be multiple operators in a Kubernetes cluster, and in that case, you must ensure that the namespaces managed by these operators do not overlap. A namespace can be managed by one operator.

For each cluster in your environment, you download and install the following:

WebLogic Kubernetes Operator (WKO) application deployment.
Nginx Ingress Controller deployment

Before installing the WKO and the Nginx, do the following tasks:

Remove the instances of the WKO and Nginx that you installed to validate your cloud environment.
Ensure that you have cleaned up the environment. See "Validating Your Cloud Environment" for instructions on cleaning up.
Ensure that there are no WebLogic Server Operator artifacts in the environment.

Installing the WebLogic Kubernetes Operator Container Image

UIM cloud native package does not provide scripts to install or remove the WebLogic Kubernetes operator. See WKO Documentation for Installing and uninstalling Weblogic Operator.

See "UIM Software Compatibility" in UIM Compatibility Matrix for WKO recommended version.

For example, to download and install the WKO version:

See https://github.com/oracle/weblogic-kubernetes-operator/releases/.
Choose a namespace for the operator and set the WLSKO_NS environment variable to the Kubernetes namespace in which WKO will be deployed.

Note:

Oracle recommends you use --version=<version> while installing. See "UIM Software Compatibility" UIM Compatibility Matrix for the corresponding WKO version.

Oracle recommends you set the label to the same as namespace using --set "domainNamespaceLabelSelector=<namespace>=enabled" instead of the default label "weblogic-operator=enabled" as having multiple operators installed with the same label is not recommended.
After successful installation of WKO, validate that the operator is installed by running the following command:
```
kubectl get pods -n $WLSKO_NS
```

If you are using a version older than 3.1.0, the operator is supported to specify the namespaces that can be managed only through a list. Currently, the operator supports a list of namespaces, a label selector, or a regular expression matching namespace names.

Note:

If you are upgrading from UIM CN 7.5.1 and an older version of the WebLogic Operator, see "Upgrading the UIM Cloud Native Environment" for more information.

Installing the Ingress Controller

You can use any Ingress Controller that conforms to the standard Kubernetes ingress API and that supports annotations required for UIM. See "About Load Balancing and Ingress Controller" and "Working with Ingress, Ingress Controller, and External Load Balancer" for more information.

Note:

Oracle does not certify individual Ingress Controllers to confirm this generic compatibility.

WebLogic Kubernetes Operator describes the installation and the usage of the Nginx Ingress controller. See https://github.com/oracle/weblogic-kubernetes-operator/blob/release/4.1/kubernetes/samples/charts/nginx/README.md for more information. To know the supported WebLogic version, see UIM Cloud Native Deployment Software Compatibility.

Creating a Basic UIM Instance

This section describes how to create a basic UIM instance. In this section, while creating a basic instance, the project name is considered as "sr" and instance name is considered as "quick".

Setting Environment Variables

UIM cloud native relies on access to certain environment variables to run seamlessly. Ensure the following variables are set in your environment:

Path to your specification directory.
Path to your Common cloud native toolkit directory.
Path to your WebLogic operator namespace.

To set the environment variables:

Ensure that you have copied the corresponding files to the specification directory as mentioned in "Assembling the Specifications".
Note:
You must provide full path of specification directory for SPEC_PATH variable as follows:
```
$ export SPEC_PATH=<path to workspec>/spec_dir
```
Set the COMMON_CNTK variable for common-cntk directory path as follows:
```
$ export COMMON_CNTK=<path to workspace>/common-cntk
```
Set the WLSKO_NS variable for WebLogic operator namespace as follows:
```
$ export WLSKO_NS = wlsko namespace
```

Registering the Namespace

After you set the environment variables, register the namespace. If you are working with wlsko as the targetNamespace, then RegisterNamespace script offers an additional -l option that enables you to include the label selector used during the operator installation.

If a label selector is not added while installing the operator:

By default the weblogic-enabled=true label is added to your $WLSKO_NS namespace so that the operator can monitor it.

If a label selector is added while installing the operator:

Ensure that you include the same label using the -l option, as follows.

To register the namespace for wlsko, run the following command:

#if you have defined labelselector while installing operator Example: wlsko=enabled
$COMMON_CNTK/scripts/register-namespace.sh -p <project> -t targets -l <label- Selector>
#For example, $COMMON_CNTK/scripts/register-namespace.sh -p sr -t wlsko -l wlsko=enabled

Note:

wlsko is the name of the targets for registering the namespace. The script uses WLSKO_NS to locate these targets.
For Generic IngressController, the registration of namespace is not required. To select the ingress controller, you need to provide the ingressClassName value under the ingress.className field in the applications-base.yaml file.
For more information about ingressClassName, see https://kubernetes.io/docs/concepts/services-networking/ingress/.

Creating Secrets

You must store sensitive data and credential information in the form of Kubernetes Secrets that the scripts and Helm charts in the toolkit consume. Managing secrets is out of the scope of the toolkit and must be implemented while adhering to your organization's corporate policies. Additionally, UIM cloud native does not establish password policies.

Note:

The passwords and other input data such as RCU schema prefix length that you provide must adhere to the policies specified by the appropriate component.

As a prerequisite to use the toolkit for either installing the UIM database or creating a UIM instance, you must create secrets to access the following:

UIM database
RCU DB
OPSS
Operator artifacts for the instance
WebLogic Server Admin (credentials used while creating the domain)

The toolkit provides sample scripts for this purpose. However, they are not pipeline-friendly. The scripts should be used for creating an instance manually and quickly, but not for any automated process for creating instances. The scripts also illustrate both the naming of the secret and the layout of the data within the secret that UIM cloud native requires. You must create secrets prior to running the install-database.sh or create-applications.sh scripts.

Ensure that you have assembled the specification before you the following script.

Run the following script to create the required secrets:

$COMMON_CNTK/scripts/manage-app-credentials.sh -p sr -i quick -s $SPEC_PATH -a uim create wlsadmin,opssWP,wlsRTE,rcudb,uimdb

where:

uimdb specifies the connectivity details and the credentials for connecting to the UIM PDB (UIM schema). This is consumed by the UIM DB installer and UIM runtime.

Note:
The uimdb secrets contain PDB sysdba user and uim main schema user. The names of these must be unique.
rcudb specifies the connectivity details and the credentials for connecting to the UIM PDB (RCU schema). This is consumed by the UIM database installer and UIM and Fusion MiddleWare runtime.
wlsadmin is the credential for the intended user that will be created with administrative access to the WebLogic domain.
opssWP is the password for encrypting and decrypting the ewallet contents.
wlsRTE is the password used to encrypt the operator artifacts for this instance. The merged domain model and the domain ZIP are available in the operator config map and are encoded using this password.

Verify that the following secrets are created:

sr-quick-database-credentials
sr-quick-embedded-ldap-credentials
sr-quick-weblogic-credentials
sr-quick-rcudb-credentials
sr-quick-opss-wallet-password-secret
sr-quick-runtime-encryption-secret

Additionally, the secret opssWF is created by the installation process and does not follow the same guidelines. It is therefore not a pre-requisite for creating a new instance. In scenarios where a database is being re-used for a different UIM instance, then this becomes a pre-requisite secret. For more details, see "Reusing the Database State".

Creating Secrets for LDAP System Users

To create secrets for LDAP system users:

Create a user information file, for example: ldap_users.txt, with the list of users and groups as follows:

uim:uimadminuser:secret:uim-users
uim:uimcmwsuser:secret:Administrators,Cartridge_Management_WebService
uim:uimmetricsuser:secret:uim-metrics-users

Run the following command to create the required secrets for embedded LDAP system users:
```
$COMMON_CNTK/samples/credentials/manage-uim-credentials.sh -p sr -i quick -c create -f "location to ldap_users.txt"
```

Installing the UIM and RCU Schemas

This procedure configures an empty PDB. Depending on the database strategy for your team, you may have already performed this procedure as described in "Planning Your Cloud Native Environment". Before continuing, confirm whether the PDB being used for creating the UIM instance has been cloned from a Master PDB that includes the schema installation. If the PDB already has the schema installed, skip this procedure and proceed to the Creating UIM Users and Groups topic.

After the PDB is created, it is configured with the UIM schema, the RCU schema, and the cluster leasing table.

To install the UIM and RCU schemas:

Note:

YAML formatting is case-sensitive. While the next step uses vi editor for editing, if you are not familiar with editing YAML files, use a YAML editor to ensure that you do not make any syntax errors while editing. Follow the indentation guidelines for YAML, as incorrect spacing can lead to errors.

Edit the database.yaml specification file and update the DB installer image to point to the location of your image as shown below:

Note:
Before changing the default values provided in the specification file, confirm that they align with the values used during PDB creation. For example, the default tablespace name should match the value used when PDB is created.
```
uim-dbinstaller:
  dbinstaller:
    image:
      name: "uim-cn-db-installer"
      tag: "latest"
```
If your environment requires a password to download the container images from your repository, create a Kubernetes secret with the Docker pull credentials. See the "Kubernetes documentation" for details. Refer the secret name in the database.yaml specification file.
```
# The image pull access credentials for the "docker login" into Docker repository, as a Kubernetes secret.
# Uncomment and set if required.
# imagePullSecret: ""
```
Configure the tablespace details. By default, the defaultTablespace and tempTablespace is SYSTEM and TEMP respectively as follows:
```
db:
    defaultTablespace: "SYSTEM"
    tempTablespace: "TEMP"
```
Run the following script to start the UIM DB installer, which instantiates a Kubernetes Pod resource. The pod resource lives until the DB installation operation completes.
```
#(UIM Schema)
$COMMON_CNTK/scripts/install-database.sh -p project -i instance -s $SPEC_PATH -a uim -c 1

## once finished #(RCU Schema)
$COMMON_CNTK/scripts/install-database.sh -p project -i instance -s $SPEC_PATH -a uim -c 2
```
You can invoke the script with -h to see the available options.
Check the console to see if the DB installer is installed successfully.
If the installation failed, run the following command to review the error message in the log:
```
kubectl logs -n sr sr-quick-dbinstaller
```
Clean up the failed pod by running the following command:
```
helm uninstall sr-quick-dbinstaller -n sr
```
Go back to step 4 and run the script again to install the UIM DB installer.

Generating Encrypted WebLogic Administrator's Password

To generate encrypted WebLogic administrator's password:

Run the following command to start the UIM DB installer, which initiates a Kubernetes Pod resource. The pod resource is available until the DB installation completes.
```
$COMMON_CNTK/scripts/install-database.sh -p project -i instance -s $SPEC_PATH -a uim -c 8
```
Note:
To see further options available, use -h command.
Check the WebLogic console for successful DB installation. If the installation failed, run the following command to view the error message from the log:
```
kubectl logs -n sr sr-quick-dbinstaller
```
Clean up the failed pod using the following command:
```
helm uninstall sr-quick-dbinstaller -n sr
```

Verify the new secret that is created as follows:

kubectl get secrets -n sr | grep encrypted
sr-quick-weblogic-encrypted-credentials Opaque 1 5m32s

Configuring the Specification Files

Ensure that you have assembled the specification, and you have to edit and provide the values for the files in $SPEC_PATH location.

To configure the base specification, edit $SPEC_PATH/project/instance/applications-base.yaml:

Provide the ingressController details as follows for Nginx ingress controller, if you are using any other ingress controller, provide the corresponding details:

ingressController: "GENERIC"
ingress:
  #provide appropriate ingressClass for controller, “nginx” is default for Nginx ingressController.
  className: "nginx"  
  annotations:
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/affinity-mode: "persistent"
    nginx.ingress.kubernetes.io/session-cookie-name: "nginxingresscookie"
    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
    nginx.ingress.kubernetes.io/proxy-buffer-size: 64k

If your environment requires a password to download the container images from your repository, create a Kubernetes secret with the Docker pull credentials. For more information, see Kubernetes documentation. Check the secret name in the project specification.
```
# The image pull access credentials for the "docker login" into Docker repository, as a Kubernetes secret.
# uncomment and set if required.
#imagePullSecret:
# imagePullSecrets:
# -name: <image-pull-secret>
```
For your DNS resolution mechanism, change the default load balancer sub domain name as per your requirement:
```
hostSuffix: "uim.org"
```
Select the shape to be used. shape is the file that contains the resources for UIM service and must present at location $SPEC_PATH/project/instance/shape directory:
```
shape: dev
```
If external load balancer is used, provide the loadbalancerport of load balancer. Else, provide the Nginx Ingress Controller NodePort as loadBalancerPort. 30505 is the default value of non-ssl NodePort of Nginx in the sample files:
```
loadbalancerport: 30505
```

To configure the app specification, edit $SPEC_PATH/project/instance/app-uim.yaml:

Provide the image in your repository (name and tag):

** edit the image to reflect the UIM image name and location in your docker repository
uim:
   image: 
     name: "uim-cn-base"
     tag: "latest"

Provide the list of inventory users. All these users should be present in project-instance-uimcn-cred-uim secret:
```
inventoryUsers:
  - uimdev
  - cmwsdev
```

Specify the database details to enable MultiDataSource and ServerAffinity:

db:
datasourcesPrimary: 
  port: 1521
  rcuPort: 1521
  # Below boolean is to enable server affinity, by default it is false. 
  serverAffinityEnabled: false
  # Below boolean is to enable RAC DB Setup, by default it is false. 
  multiDataSourceEnabled: false
  # If using RAC,enable multiDataSourceEnabled and provide list of SCAN hostname/IP addresses
  # If not using RAC, comment it out "#uimScans:" 
  #uimScans:
  # - scan1-ip 
  # - scan2-ip  
  #
  # If using RAC, provide either a list of VIP hostname/IP addresses 
  # or a list of INSTANCE_NAMES
  # If not using RAC, comment these out "#uimVips:" and "#uimInstances:" 
  #
  #uimVips:
  # - vip1-ip 
  # - vip2-ip 
  # --- OR ---
  #uimInstances:
  # - instance-1 
  # - instance-2
  # By default rcu and uim schema are colocated, if we have different rcu schema and different uim then below RAC details are to be provided.
  # If not provided it will not be considered as RAC. rcuUimSchemaCoLocated: true
  # RCU db information
  # If using RAC, provide list of SCAN hostname/IP addresses 
  # If not using RAC, comment it out "#rcuScans:"
  #rcuScans:
  # - scan1-ip 
  # - scan2-ip 
  #
  # If using RAC, provide either a list of VIP hostname/IP addresses 
  # or a list of INSTANCE_NAMES
  # If not using RAC, comment these out "#rcuVips:" and "#rcuInstances:" 
  #
  #rcuVips:
  # - vip1-ip 
  # - vip2-ip 
  # --- OR ---
  #rcuInstances:
  # - instance-1 
  # - instance-2

Creating an Ingress

An ingress establishes connectivity to the UIM instances.

To create an Ingress, run the following command:

$COMMON_CNTK/scripts/create-ingress.sh -p sr -i quick -s $SPEC_PATH -a uim
Project Namespace : sr
Instance Fullname : sr-quick
LB_HOST           : quick.sr.uim.org
Ingress Controller: GENERIC
External LB IP    : 192.0.0.8
 
NAME: sr-quick-ingress
LAST DEPLOYED: Wed Jul  1 10:20:27 2020
NAMESPACE: sr
STATUS: deployed
REVISION: 1
TEST SUITE: None
 
Ingress created successfully...

Creating a UIM Instance

This procedure describes how to create a UIM instance in your environment using the scripts that are provided with the toolkit.

To create a UIM instance:

Run the following command:
```
$COMMON_CNTK/scripts/create-applications.sh -p sr -i quick -s $SPEC_PATH -a uim
```
The create-applications.sh script uses the Helm chart located in the charts/uim-app directory to create and deploy the domain custom resource and the domain config map for your instance. If the scripts fails, see the Troubleshooting Issues section at the end of this topic, before you make additional attempts.

The instance creation process creates the opssWF secret, which is required for access to the RCU DB. It is possible to handle the wallet manually if needed. To do so, pass -w to the create-applications.sh script, which creates the wallet file at a location you choose. You can then use this wallet file to create a secret by using the manage instance credentials script.

Validate the important input details such as Image name and tag, specification files used (Values Applied), hostname, and port for ingress routing:

$COMMON_CNTK/scripts/create-applications.sh -p sr -i quick -s $SPEC_PATH -a uim
Calling helm lint==> Linting /scratch/sthatipa/cloudlab/uim-cntk/scripts/../charts/uim
[INFO] Chart.yaml: icon is recommended
1 chart(s) linted, 0 chart(s) failed
Project Namespace : sr
Instance Fullname : sr-quick
LB_HOST : quick.sr.uim.org 
LB_PORT : 30505 
Image : uim-cn-base:7.5.1.0.1
Shape : dev
Values  Applied : 
Output wallet : n/a

After the script finishes running, the log shows the following:

NAME             READY   STATUS              RESTARTS   AGE
sr-quick-admin   1/1     Running             0          2m12s
sr-quick-ms1     0/1     ContainerCreating   0          1s
 
Provide opss wallet File for 'sr-quick' ...
For example : '/path-to-uim-cntk/sr-quick.ewallet'
opss wallet File:
secret/sr-quick-opss-walletfile-secret created
 
Instance 'sr/sr-quick' admin server is now running.
Creation of instance 'sr/sr-quick' has completed successfully.

The create-applications.sh script also provides some useful commands and configuration to inspect the instance and access it for use.

Note:

While creating an instance on new RCU Schema, provide -w option to save OPSS eWallet data of instance. By default, this data is pushed into the opssWF secret automatically.

If you query the status of the pods, the READY state of the managed servers may display 0/1 for several minutes while the UIM application is starting.
When the READY state shows 1/1, your UIM instance is up and running. You can validate the instance by deploying UIM base cartridges and creating Custom Object instance in the UIM Home page.

The base hostname required to access this instance using HTTP is quick.sr.uim.org. See "Planning Your Cloud Native Environment" for details about hostname resolution.

The create-applications script prints out the following valuable information that you can use while working with your UIM domain:

The T3 URL: http://t3.quick.sr.uim.org:30505 This is required for external client applications such as JMS and WLST.
Log in to the WebLogic Remote Console by:
1. Open WebLogic Remote Console Application application.
2. Choose startup task as Add Admin Server Connection Provider.
3. Enter URL as follows:
```
http://ServerName:Port
```
4. Enter the WebLogic server administration user name and password.
The URL for access to the UIM UIs, which is provided through the ingress controller that requires the host to be specified as: http://quick.sr.uim.org:30505/Inventory/Login.jsp.

Assigning Roles

To access UIM Home page, you need to assign roles. You can use EM console for role assignments.

To assign roles:

Create uim-user-roles.txt as follows:
```
uimdev:uimuser
cmwsdev:uimuser
```

Run the following command to assign the roles:

$COMMON_CNTK/samples/credentials/assign-role.sh -p sr -i quick -f uim-user-roles.txt

Validating the UIM Instance

After creating an instance, you can validate it by checking the domain configuration and the client UIs.

Run the following command to display the domain configuration details of the UIM instance that you have created:

kubectl describe domain sr-quick -n sr

The command displays the domain configuration information.

To verify the client UIs:

Log into the WebLogic console using the URL specified in the output of the create-instance script: http://admin.quick.sr.uim.org:30505/console

You can use the console to verify the configuration that has been applied and to see that the UIM application is in an active state.
Log into the UIM Task Web client user interface with the UIM administrator login credentials created as part of "Creating Secrets" using the URL (http://quick.sr.uim.org:30505/Inventory/Login.jsp) specified in the output of the create-applications script.

Note:

After a UIM instance is created, it may take a few minutes for the UIM user interface to become active.

Scaling the UIM Application Cluster

Now that your UIM shape is up and running, you can explore the ability to dynamically scale the application cluster. Update the shape directory name that you have provided.

To scale the UIM application cluster, edit the configuration:

In the shape specification directory mentioned in applications-base.yaml, change the value for clusterSize in uim.yaml file manually. This change would ultimately be performed by an automated CI/CD pipeline.
```
vi $SPEC_PATH/sr/quick/shapes/dev/uim.yaml

# Change the cluster size to a value not larger than 18

#cluster size
clusterSize: 2
```
Note:
You can watch the Kubernetes pods in your namespace shrink or grow in real-time. To watch the pods shrink or grow, in a separate terminal window, run the following command:
```
kubectl get pods -n sr --watch
```
Upgrade the deployed Helm release:
```
$COMMON_CNTK/scripts/upgrade-applications.sh -p sr -i quick -s $SPEC_PATH -a uim
```
This pushes the new configuration to the deployed Helm release so the operator can take the necessary steps.

The WebLogic operator monitors changes to clusterSize and results in the operator spinning up or tearing down managed servers to align with the requested cluster size.

Deleting and Recreating Your UIM Instance

Deleting Your UIM Instance

To delete your UIM instance, run the following command:

$COMMON_CNTK/scripts/delete-applications.sh -p sr -i quick -s $SPEC_PATH -a uim

Re-creating Your UIM Instance

When you delete a UIM instance, the database state for that instance still remains unaffected. You can re-create a UIM instance with the same project and the instance names, pointing to the same database.

Note:

Ensure that you use the same specifications that you used for creating the instance and that the following secrets have not been deleted:

uimdb
rcudb
opssWF
opssWP
wlsRTE

To re-create a UIM instance, run the following command:

$COMMON_CNTK/scripts/create-applications.sh -p sr -i quick -s $SPEC_PATH -a uim

Note:

After re-creating an instance, client applications such as SoapUI and HermesJMS may need to be restarted to avoid using expired cache information.

Cleaning Up the Environment

To clean up the environment:

Delete the instance:

$COMMON_CNTK/scripts/delete-applications.sh -p sr -i quick -s $SPEC_PATH -a uim

Delete the ingress:

$COMMON_CNTK/scripts/delete-ingress.sh -p sr -i quick -s $SPEC_PATH -a uim

Delete the namespace, which in turn deletes the Kubernetes namespace and the secrets:
```
$COMMON_CNTK/scripts/unregister-namespace.sh -p sr -d -t targets
```
Note:
wlsko is the name of the target for registration of the namespace. The script uses WLSKO_NS to find the target.
(Optional) To stop WebLogic Operator from monitoring the namespace, unregister it:
- Ensure that you provide the labelselector you used while registering the namespace with wlsko. For example, for wko412=enabled, use the following command for unregistering. You can describe the project namespace and check the label to see which label selector is used.
```
$COMMON_CNTK/scripts/unregister-namespace.sh -p <project> -t wlsko -l label

#For example,
$COMMON_CNTK/scripts/unregister-namespace.sh -p sr -t wlsko -l wlsko412
```
Note:
You do not have to provide the complete label, which is key=value. You can provide only the key of the label.

Drop the PDB as follows:

# Drop UIM Schema
$COMMON_CNTK/scripts/install-database.sh -p project -i instance -s $SPEC_PATH -a uim -c 5

# Drop RCU Schema
$COMMON_CNTK/scripts/install-database.sh -p project -i instance -s $SPEC_PATH -a uim -c 6

# If RCU dropped, You can delete the secret 
kubectl delete secret -n project project-instance-opss-walletfile-secret

Troubleshooting Issues with the Scripts

This section provides information about troubleshooting some issues that you may come across when running the scripts.

If you experience issues when running the scripts, do the following:

Check the operator logs to find out the details about the issue:

kubectl get pods -n $WLSKO_NS
# get the operator pod name to be used in the next command
kubectl logs -n $WLSKO_NS operator_pod

Check the "Status" section of the domain to see if there is useful information:
```
kubectl describe domain -n sr sr-quick 
```

"Timeout" Issue

In the logs, you may sometimes see the word "timeout" when the create-applications script fails. When you run the create-applications script, it may take a long time to pull the image, if you are doing it for the first time. In such a scenario, the script may fail and display the text "timeout" in the log.

To resolve this issue, try increasing the podStartupDeadlineSeconds parameter. The podStartupDeadlineSeconds parameter is a configurable parameter exposed in the instance specification that can be increased if required. Start with a very high timeout value and then monitor the average time it takes, because it depends on the speed with which the images are downloaded and how busy your cluster is. Once you have a good idea of the average time, you can reduce the timeout value accordingly to something that considers both the average time and some buffer.

# Modify the timeout value to start introspector pod. Mainly
# when using against slow DB or pulling image first time.
podStartupDeadlineSeconds: 800

After adjusting the parameter, clean up the failed instance and re-create the instance.

Cleanup Failed Instance

When a create-applications script fails, you must clean up the instance before making another attempt at instance creation.

Note:

Do not retry running the create-applications script or the upgrade-applications script immediately to fix any errors, as they would return errors. The upgrade-applications script may work but re-running it does not complete the operation.

To clean up the failed instance:

Delete the instance:

$COMMON_CNTK/scripts/delete-applications.sh -p sr -i quick -s $SPEC_PATH -a uim

Delete and recreate the RCU schema:

$COMMON_CNTK/scripts/install-database.sh -p project -i instance -s $SPEC_PATH -a uim -c 5
$COMMON_CNTK/scripts/install-database.sh -p project -i instance -s $SPEC_PATH -a uim -c 2

Recreating an Instance

If you face issues when creating an instance, do not try to re-run the create-applications.sh script as this will fail. Instead, perform the cleanup activities and then run the following command:

$COMMON_CNTK/scripts/create-applications.sh -p sr -i quick -s $SPEC_PATH -a uim

Next Steps

A basic UIM cloud native instance should now be running in your environment. This process exposed you to some of the base functionality and concepts that are new to UIM cloud native. You can continue in your sandbox environment learning about more UIM cloud native capabilities by following the learning path.

If, however, your first priority is to understand details on infrastructure setup and structuring of UIM instances for your organization, then you should follow the infrastructure path.

To follow the infrastructure path, proceed to "Planning Infrastructure".

To follow the learning path, proceed to "Creating Your Own UIM Cloud Native Instance".