1. Deploying and Managing Oracle Identity Governance on Kubernetes
  2. Installing Oracle Identity Governance on Kubernetes
  3. Creating Oracle Identity Governance Domains
  4. Creating OIG Domains Using WDT Models
  5. Preparing the WDT Create Domain YAML Files

7.2.3 Preparing the WDT Create Domain YAML Files

Prepare the create-domain-wdt.yaml file by running the following commands:

  1. Navigate to the $WORKDIR/kubernetes/create-oim-domain/domain-home-on-pv/wdt-utils/generate_models_utils directory:
    cd $WORKDIR/kubernetes/create-oim-domain/domain-home-on-pv/wdt-utils/generate_models_utils
  2. Make a copy of the create-domain-wdt.yaml file:
    cp create-domain-wdt.yaml create-domain-wdt.yaml.orig
  3. Edit the create-domain-wdt.yaml and modify the following parameters. Save the file when complete:
    appVersion: 14c
domainUID: <domain_uid>
domainHome: /u01/oracle/user_projects/domains/<domain_uid>
image: <image_name>:<tag>
imagePullSecretName: <container_registry_secret>
logHome: /u01/oracle/user_projects/domains/logs/<domain_uid>
namespace: <domain_namespace>
weblogicDomainStorageType: NFS
weblogicDomainStorageNFSServer: <nfs_server>
weblogicDomainStoragePath: <physical_path_of_persistent_storage>
weblogicDomainStorageSize: 10Gi
    For example:
    appVersion: 14c
domainUID: governancedomain
domainHome: /u01/oracle/user_projects/domains/governancedomain
image: container-registry.oracle.com/middleware/oig_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD>
imagePullSecretName: orclcred
logHome: /u01/oracle/user_projects/domains/logs/governancedomain
namespace: oigns
weblogicDomainStorageType: NFS
weblogicDomainStorageNFSServer: mynfsserver
weblogicDomainStoragePath: /nfs_volumes/oig/governancedomainpv
weblogicDomainStorageSize: 10Gi

    Note:

    If using a shared file system instead of NFS, set weblogicDomainStorageType: HOST_PATH and remove weblogicDomainStorageNFSServer.
A full list of parameters in the create-domain-wdt.yaml file are shown below:
Parameter Definition Default
adminPort Port number for the Administration Server inside the Kubernetes cluster. 7001
adminNodePort Port number of the Administration Server outside the Kubernetes cluster. 30701
configuredManagedServerCount Number of Managed Server instances to generate for the domain. 5
datasourceType Type of JDBC datasource applicable for the OIG domain. Legal values are agl and generic. Choose agl for Active GridLink datasource and generic for Generic datasource. For enterprise deployments, Oracle recommends that you use GridLink data sources to connect to Oracle RAC databases. See the Preparing an Existing Database for an Enterprise Deploymentfor further details. generic
domainHome Home directory of the OIG domain. If not specified, the value is derived from the domainUID as /shared/domains/<domainUID>. /u01/oracle/user_projects/domains/governancedomain
domainPVMountPath Mount path of the domain persistent volume. /u01/oracle/user_projects/domains
domainUID Unique ID that will be used to identify this particular domain. Used as the name of the generated WebLogic domain as well as the name of the Kubernetes domain resource. This ID must be unique across all domains in a Kubernetes cluster. This ID cannot contain any character that is not valid in a Kubernetes service name. governancedomain
edgInstall Used only if performing an install using the Enterprise Deployment Guide.

See, Enterprise Deployment Guide for Oracle Identity and Access Management in a Kubernetes Cluster

false
exposeAdminNodePort Boolean indicating if the Administration Server is exposed outside of the Kubernetes cluster. false
exposeAdminT3Channel Boolean indicating if the T3 administrative channel is exposed outside the Kubernetes cluster. true
frontEndHost The entry point URL for the OIM. example.com
frontEndPort The entry point port for the OIM. 14000
image OIG container image. The operator requires OIG 14.1.2. Refer to Obtaining the OIG Container Image for details on how to obtain or create the image. oracle/oig:14.1.2.1.0
imagePullSecretName Name of the Kubernetes secret to access the container registry to pull the OIG container image. The presence of the secret will be validated when this parameter is specified. orclcred
initialManagedServerReplicas Number of Managed Servers to initially start for the domain. 2
javaOptions Java options for starting the Administration Server and Managed Servers. A Java option can have references to one or more of the following pre-defined variables to obtain WebLogic domain information: $(DOMAIN_NAME), $(DOMAIN_HOME), $(ADMIN_NAME), $(ADMIN_PORT), and $(SERVER_NAME). -Dweblogic.StdoutDebugEnabled=false
logHome The in-pod location for the domain log, server logs, server out, and Node Manager log files. If not specified, the value is derived from the domainUID as /shared/logs/<domainUID>. /u01/oracle/user_projects/domains/logs/governancedomain
namespace Kubernetes namespace in which to create the domain. oigns
oimCPU Initial CPU Units, 1000m = 1 CPU core. 1000m
oimMaxCPU Max CPU a pod is allowed to consume. 2
oimMemory Initial memory allocated to a pod. 4Gi
oimMaxMemory Max memory a pod is allowed to consume. 8Gi
oimServerJavaParams The memory parameters to use for the OIG managed servers. "-Xms8192m -Xmx8192m"
productionModeEnabled Boolean indicating if production mode is enabled for the domain. true
soaCPU Initial CPU Units, 1000m = 1 CPU core. 1000m
soaMaxCPU Max CPU Cores pod is allowed to consume. 1
soaMemory Initial Memory pod allocated to a pod. 4Gi
soaMaxMemory Max Memory pod is allowed to consume. 10Gi
soaServerJavaParams The memory parameters to use for the SOA managed servers "-Xms8192m -Xmx8192m"
t3PublicAddress Public address for the T3 channel. This should be set to the public address of the Kubernetes cluster. This would typically be a load balancer address. For development environments only: In a single server (all-in-one) Kubernetes deployment, this may be set to the address of the master, or at the very least, it must be set to the address of one of the worker nodes. If not provided, the script will attempt to set it to the IP address of the Kubernetes cluster
weblogicDomainStorageType Persistent volume storage type. Options are NFS for NFS volumes or HOST_PATH for shared file system. NFS
weblogicDomainStorageNFSServer Hostname or IP address of the NFS Server. nfsServer
weblogicDomainStoragePath Physical path to the persistent volume. /scratch/governancedomainpv
weblogicDomainStorageSize Total storage allocated to the persistent storage. 10Gi

Note:

The above CPU and memory values are for examples only. For Enterprise Deployments, please review the performance recommendations and sizing requirements in Enterprise Deployment Guide for Oracle Identity and Access Management in a Kubernetes Cluster.