7.1.5 Preparing the Create Domain Script
The sample scripts for Oracle Access Management (OAM) domain deployment are available in
the $WORKDIR/kubernetes/create-access-domain directory. You must prepare
the scripts before deploying OAM.
- Navigate to the
$WORKDIR/kubernetes/create-access-domain/domain-home-on-pvdirectory:cd $WORKDIR/kubernetes/create-access-domain/domain-home-on-pv - Make a copy of the
create-domain-inputs.yamlfile:cp create-domain-inputs.yaml create-domain-inputs.yaml.orig - Edit the
create-domain-inputs.yamland modify the following parameters. Save the file when complete:
For example:domainUID: <domain_uid> domainHome: /u01/oracle/user_projects/domains/<domain_uid> image: <image_name>:<tag> imagePullSecretName: <container_registry_secret> weblogicCredentialsSecretName: <kubernetes_domain_secret> logHome: /u01/oracle/user_projects/domains/logs/<domain_uid> namespace: <domain_namespace> persistentVolumeClaimName: <pvc_name> rcuSchemaPrefix: <rcu_prefix> rcuDatabaseURL: <rcu_db_host>:<rcu_db_port>/<rcu_db_service_name> rcuCredentialsSecret: <kubernetes_rcu_secret>domainUID: accessdomain domainHome: /u01/oracle/user_projects/domains/accessdomain image: container-registry.oracle.com/middleware/oam_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD> imagePullSecretName: orclcred weblogicCredentialsSecretName: accessdomain-credentials logHome: /u01/oracle/user_projects/domains/logs/accessdomain namespace: oamns persistentVolumeClaimName: accessdomain-domain-pvc rcuSchemaPrefix: OAMK8S rcuDatabaseURL: mydatabasehost.example.com:1521/orcl.example.com rcuCredentialsSecret: accessdomain-rcu-credentials
A full list of parameters in the
create-domain-inputs.yaml file are shown
below:
| Parameter | Definition | Default |
|---|---|---|
| adminPort | Port number for the Administration Server inside the Kubernetes cluster. | 7001 |
| adminNodePort | Port number of the Administration Server outside the Kubernetes cluster. | 30701 |
| adminServerName | Name of the Administration Server. | AdminServer |
| clusterName | Name of the WebLogic cluster instance to generate for the domain. By default the cluster name is oam_cluster for the OAM domain. | oam_cluster |
| configuredManagedServerCount | Number of Managed Server instances to generate for the domain. | 5 |
| createDomainFilesDir | Directory on the host machine to locate all the files to create a
WebLogic domain, including the script that is specified in the
createDomainScriptName property. By default, this
directory is set to the relative path wlst, and the create
script will use the built-in WLST offline scripts in the
wlst directory to create the WebLogic domain. It can
also be set to the relative path wdt, and then the built-in
WDT scripts will be used instead. An absolute path is also supported to
point to an arbitrary directory in the file system. The built-in scripts can
be replaced by the user-provided scripts or model files as long as those
files are in the specified directory. Files in this directory are put into a
Kubernetes config map, which in turn is mounted to the
createDomainScriptsMountPath, so that the Kubernetes pod can use
the scripts and supporting files to create a domain home.
|
wlst |
| createDomainScriptsMountPath | Mount path where the create domain scripts are located inside a pod. The
create-domain.sh script creates a Kubernetes job to run
the script (specified in the createDomainScriptName
property) in a Kubernetes pod to create a domain home. Files in the
createDomainFilesDir directory are mounted to this
location in the pod, so that the Kubernetes pod can use the scripts and
supporting files to create a domain home.
|
/u01/weblogic |
| createDomainScriptName | Script that the create domain script uses to create a WebLogic domain. The create-domain.sh script creates a Kubernetes job to run this script to create a domain home. The script is located in the in-pod directory that is specified in the createDomainScriptsMountPath property. If you need to provide your own scripts to create the domain home, instead of using the built-it scripts, you must use this property to set the name of the script that you want the create domain job to run. | create-domain-job.sh |
| domainHome | Home directory of the OAM domain. If not specified, the value is derived
from the domainUID as
/shared/domains/<domainUID>.
|
/u01/oracle/user_projects/domains/accessdomain |
| domainPVMountPath | Mount path of the domain persistent volume. | /u01/oracle/user_projects/domains |
| domainUID | Unique ID that will be used to identify this particular domain. Used as the name of the generated WebLogic domain as well as the name of the Kubernetes domain resource. This ID must be unique across all domains in a Kubernetes cluster. This ID cannot contain any character that is not valid in a Kubernetes service name. | accessdomain |
| domainType | Type of the domain. Mandatory input for OAM domains. You must provide
one of the supported domain type value: oam (deploys an OAM
domain)
|
oam |
| exposeAdminNodePort | Boolean indicating if the Administration Server is exposed outside of the Kubernetes cluster. | false |
| exposeAdminT3Channel | Boolean indicating if the T3 administrative channel is exposed outside the Kubernetes cluster. | false |
| image | OAM container image. The operator requires OAM 14.1.2. Refer to Obtaining the OAM Container image for details on how to obtain or create the image. | oracle/oam:14.1.2.1.0 |
| imagePullPolicy | WebLogic container image pull policy. Legal values are
IfNotPresent, Always, or
Never |
IfNotPresent |
| imagePullSecretName | Name of the Kubernetes secret to access the container registry to pull the OAM container image. The presence of the secret will be validated when this parameter is specified. | orclcred |
| includeServerOutInPodLog | Boolean indicating whether to include the server .out to the pod’s stdout. | true |
| initialManagedServerReplicas | Number of Managed Servers to initially start for the domain. | 1 |
| javaOptions | Java options for starting the Administration Server and Managed Servers.
A Java option can have references to one or more of the following
pre-defined variables to obtain WebLogic domain information:
$(DOMAIN_NAME), $(DOMAIN_HOME),
$(ADMIN_NAME), $(ADMIN_PORT), and
$(SERVER_NAME).
|
-Dweblogic.StdoutDebugEnabled=false |
| logHome | The in-pod location for the domain log, server logs, server out, and
Node Manager log files. If not specified, the value is derived from the
domainUID as
/shared/logs/<domainUID>.
|
/u01/oracle/user_projects/domains/logs/accessdomain |
| managedServerNameBase | Base string used to generate Managed Server names. | oam_server |
| managedServerPort | Port number for each Managed Server. | 14100 |
| namespace | Kubernetes namespace in which to create the domain. | oamns |
| persistentVolumeClaimName | Name of the persistent volume claim created to host the domain home. If
not specified, the value is derived from the domainUID as
<domainUID>-weblogic-sample-pvc.
|
accessdomain-domain-pvc |
| productionModeEnabled | Boolean indicating if production mode is enabled for the domain. | true |
| serverStartPolicy | Determines which WebLogic Server instances will be started. Legal values
are Never, IfNeeded,
AdminOnly.
|
IfNeeded |
| t3ChannelPort | Port for the T3 channel of the NetworkAccessPoint. | 30012 |
| t3PublicAddress | Public address for the T3 channel. This should be set to the public address of the Kubernetes cluster. This would typically be a load balancer address. For development environments only: In a single server (all-in-one) Kubernetes deployment, this may be set to the address of the master, or at the very least, it must be set to the address of one of the worker nodes. | If not provided, the script will attempt to set it to the IP address of the Kubernetes cluster |
| weblogicCredentialsSecretName | Name of the Kubernetes secret for the Administration Server’s user name
and password. If not specified, then the value is derived from the
domainUID as
<domainUID>-weblogic-credentials.
|
accessdomain-domain-credentials |
| serverPodCpuRequest, serverPodMemoryRequest, serverPodCpuCLimit, serverPodMemoryLimit | The maximum amount of compute resources allowed, and minimum amount of
compute resources required, for each server pod. Please refer to the
Kubernetes documentation on Managing Compute Resources for
Containers for details.
|
Resource requests and resource limits are not specified. |
| rcuSchemaPrefix | The schema prefix to use in the database, for example OAM1. You may wish to make this the same as the domainUID in order to simplify matching domains to their RCU schemas. | OAM1 |
| rcuDatabaseURL | The database URL. | xxxxx.example.com:1521/oampdb1.example.com |
| rcuCredentialsSecret | The Kubernetes secret containing the database credentials. | accessdomain-rcu-credentials |
| datasourceType | Type of JDBC datasource applicable for the OAM domain. Legal values are agl and generic. Choose agl for Active GridLink datasource and generic for Generic datasource. For enterprise deployments, Oracle recommends that you use GridLink data sources to connect to Oracle RAC databases. See, Enterprise Deployment Guide for Oracle Identity and Access Management in a Kubernetes Cluster for further details. | generic |
Note:
The names of the Kubernetes resources in the generated YAML files may be formed with the value of some of the properties specified in thecreate-inputs.yaml file. Those properties include the
adminServerName, clusterName and
managedServerNameBase. If those values contain any characters that
are invalid in a Kubernetes service name, those characters are converted to valid values
in the generated YAML files. For example, an uppercase letter is converted to a
lowercase letter and an underscore ("_") is converted to a hyphen ("-").
The sample demonstrates how to create an OAM domain home and associated Kubernetes resources for a domain that has one cluster only. In addition, the sample provides the capability for users to supply their own scripts to create the domain home for other use cases. The generated domain YAML file could also be modified to cover more use cases.