17.1.1 Patching a Container Image
The instructions in this section relate to patching or upgrading an existing 14.1.2.1.0 Oracle Access Management (OAM) deployment with a new OAM container image.
Note:
Administrators should be aware of the following:- If you are not using Oracle Container Registry or your own container registry, then you must first load the new container image on all nodes in your Kubernetes cluster.
- If you have Kubernetes Horizontal Pod Autoscaler (HPA) enabled, you must disable HPA before performing the steps below. See, Deleting HPA.
- Updating the container image leads to a rolling restart of the pods. The administration server will terminate and restart, followed by any OAM managed servers and policy manager servers.
Choose one of the following options to update your OAM deployment with a new image:
- Running the
kubectl edit domaincommand. - Running the
kubectl patch domaincommand.
Running the kubectl edit domain Command
To update the domain:
- Run the following
command:
For example:kubectl edit domain <domainname> -n <namespace>kubectl edit domain accessdomain -n oamnsNote:
This opens an edit session for the domain, where parameters can be changed using standard vi commands. - Update the
imageparameter to reference the new OAM container image:- If using Oracle Container Registry or your own container registry for your
OAM container image, update the image to point at the location of the new
image, for example:
... image: container-registry.oracle.com/middleware/oam_cpu:<new_tag> imagePullPolicy: IfNotPresent imagePullSecrets: - name: orclcred ... - If you are not using a container registry and have loaded the image on each
of the worker nodes, update the image to point at the new
image:
... image: container-registry.oracle.com/middleware/oam_cpu:<new_tag> imagePullPolicy: oracle/oam:<new_tag> ...
- If using Oracle Container Registry or your own container registry for your
OAM container image, update the image to point at the location of the new
image, for example:
- Save the file and exit (
:wq!)
Running the kubectl patch Command
To update the domain:
- Run the following command to set the
imageparameter to the location of the new image:
For example:kubectl patch domain <domain> -n <namespace> --type merge -p '{"spec":{"image":"<repository>:<new_tag>"}}'- If using Oracle Container Registry or your own container registry for your
OAM container
image:
kubectl patch domain accessdomain -n oamns --type merge -p '{"spec":{"image":"container-registry.oracle.com/middleware/oam_cpu:<new_tag>"}}' - If you are not using a container registry and have loaded the image on each
of the worker
nodes:
The output will look similar to the following:kubectl patch domain accessdomain -n oamns --type merge -p '{"spec":{"image":"oracle/oam:<new_tag>"}}'domain.weblogic.oracle/accessdomain patched
- If using Oracle Container Registry or your own container registry for your
OAM container
image:
Verifying the OAM Deployment is Using the New Image
After following the above steps, a rolling restart will be performed. The administration server will terminate and restart, followed by the OAM managed server(s) and policy manager server(s).
While the servers are restarting you can run the following command to view the
status:
kubectl get pods -n <domain_namespace> -wkubectl get pods -n oamns -wOnce the pods are up and running, you can run the following command to show the image is
used by the
pods:
kubectl describe pod <pod> -n <domain_namespace>kubectl describe pod accessdomain-oam-server1 -n oamns...
Containers:
weblogic-server:
Container ID: cri-o://220fa83d079e079ac183c00f884b10ea30a794527dbb65e6964a035d450384f8
Image: container-registry.oracle.com/middleware/oam_cpu:<new_tag>
Image ID: container-registry.oracle.com/middleware/oam_cpu@sha256:cdf51b6aa47cd05573bc53244681b193fb4e2f6db56e50d2251b9416bc68ebc0
Port: 14100/TCP
Host Port: 0/TCP
Command:
...