16.1.1 Patching a Container Image
The instructions in this section relate to patching or upgrading an existing 14.1.2.1.0 Oracle Identity Governance (OIG) deployment with a new OIG container image.
Note:
Administrators should be aware of the following:- If you are not using Oracle Container Registry or your own container registry, then you must first load the new container image on all nodes in your Kubernetes cluster.
- If you have Kubernetes Horizontal Pod Autoscaler (HPA) enabled, you must disable HPA before performing the steps below. See, Deleting HPA.
Choose one of the following options to update your OIG deployment with a new image:
- Running the
kubectl edit domaincommand. - Running the
kubectl patch domaincommand.
Running the kubectl edit domain Command
To update the domain:
- Run the following
command:
For example:kubectl edit domain <domainUID> -n <domain_namespace>kubectl edit domain governancedomain -n oignsNote:
This opens an edit session for the domain, where parameters can be changed using standard vi commands. - Update the
imageparameter to reference the new OIG container image:- If using Oracle Container Registry or your own container registry for your OIG
container image, update the image to point at the location of the new image, for
example:
... image: container-registry.oracle.com/middleware/oig_cpu:<new_tag> imagePullPolicy: IfNotPresent imagePullSecrets: - name: orclcred ... - If you are not using a container registry and have loaded the image on each of the
worker nodes, update the image to point at the new
image:
... image: container-registry.oracle.com/middleware/oig_cpu:<new_tag> imagePullPolicy: oracle/oig:<new_tag> ...
- If using Oracle Container Registry or your own container registry for your OIG
container image, update the image to point at the location of the new image, for
example:
- Save the file and exit (
:wq!)
Running the kubectl patch Command
To update the domain:
- Run the following command to set the
imageparameter to the location of the new image:
For example:kubectl patch domain <domainUID> -n <domain_namespace> --type merge -p '{"spec":{"image":"<repository>:<new_tag>"}}'- If using Oracle Container Registry or your own container registry for your OIG
container
image:
kubectl patch domain governancedomain -n oigns --type merge -p '{"spec":{"image":"container-registry.oracle.com/middleware/oig_cpu:<new_tag>"}}' - If you are not using a container registry and have loaded the image on each of the
worker
nodes:
The output will look similar to the following:kubectl patch domain governancedomain -n oigns --type merge -p '{"spec":{"image":"oracle/oig:<new_tag>"}}'domain.weblogic.oracle/governancedomain patched
- If using Oracle Container Registry or your own container registry for your OIG
container
image:
Verifying the OIG Deployment is Using the New Image
Once the upgrade is successful, you can run the following command to show the image is
used by the
pods:
kubectl describe pod <pod> -n <domain_namespace>kubectl describe pod governancedomain-oim-server1 -n oigns...
Containers:
weblogic-server:
Container ID: cri-o://220fa83d079e079ac183c00f884b10ea30a794527dbb65e6964a035d450384f8
Image: container-registry.oracle.com/middleware/oig_cpu:<new>
Image ID: container-registry.oracle.com/middleware/oig_cpu@sha256:cdf51b6aa47cd05573bc53244681b193fb4e2f6db56e50d2251b9416bc68ebc0
Port: 14100/TCP
Host Port: 0/TCP
Command:
...