1. Deploying and Managing Oracle Identity Governance on Kubernetes
  2. Installing Oracle Identity Governance on Kubernetes
  3. Post Installation Configuration
  4. Configuring Design Console
  5. Using the Design Console Client
  6. Using a Container Image for Design Console

10.5.3.2 Using a Container Image for Design Console

The Design Console can be run from a container using X Windows emulation.

To use a container image for Design Console with Podman or Docker, perform the following steps:

Note:

The example below use podman. Unless stated the podman command can be replaced with docker.
  1. On the parent machine where the Design Console is to be displayed, run xhost +.
  2. Find which worker node the oim-server1 pod is running. For example:
    kubectl get pods -n <domain_namespace> -o wide | grep <domainUID>-oim-server1
    For example:
    kubectl get pods -n oigns -o wide | grep governancedomain-oim-server1
    The output will look similar to the following:
    governancedomain-oim-server1                                1/1     Running     0          31m     10.244.2.98   worker-node2
  3. On the worker node returned above, for example worker-node2, execute the following command to find the OIG container image name:
    sudo podman images
    The output will be similar to the following:
    REPOSITORY                                        TAG                            IMAGE ID      CREATED        SIZE
container-registry.oracle.com/middleware/oig_cpu  14.1.2.1.0-jdk17-ol8-<YYDDMM>  7cde9673ba56  5 days ago     4.43 GB
  4. Run the following command to start a container to run Design Console:
    podman run -u root --name oigdcbase -it <image> bash
    For example:
    podman run -u root -it --name oigdcbase container-registry.oracle.com/middleware/oig_cpu:14.1.2.1.0-jdk17-ol8-<YYDDMM> bash
    This will take you into a bash shell inside the container:
    bash-4.2#
  5. Inside the bash shell for the container, run the following command to set the proxy to the internet:
    export https_proxy=http://proxy.example.com:80
  6. Run the following command to install the required packages:
    yum install libXext libXrender libXtst
  7. If using SSL, copy the Certificate Authority (CA) certificate(s) for your OIG URL entry point, to the worker node where the oigdcbase image is to be created. Run the following command outside the container:
    cd $WORKDIR>/ssl
    podman cp <certificate> <container_name>:/u01/jdk/jre/lib/security/<certificate>
    For example:
    podman cp ca.crt oigdcbase:/u01/jdk/jre/lib/security/ca.crt
  8. Inside the bash shell for the container, run the following command to import the CA certificate:
    /u01/jdk/bin/keytool -import -trustcacerts -alias dc -file /u01/jdk/jre/lib/security/<certificate> \
-keystore /u01/jdk/jre/lib/security/cacerts
    For example:
    /u01/jdk/bin/keytool -import -trustcacerts -alias dc -file /u01/jdk/jre/lib/security/ca.crt \
-keystore /u01/jdk/jre/lib/security/cacerts
  9. Outside the container, run the following command to create a new Design Console image from the container:
    podman commit <container_name> <design_console_image_name>
    For example:
    podman commit oigdcbase oigdc
  10. Exit the container bash session:
    exit
  11. Start a new container using the Design Console image:
    podman run --name oigdc -it oigdc /bin/bash
    This will take you into a bash shell for the container:
    bash-4.2#
  12. In the bash shell for the container, run the following to export the DISPLAY:
    export DISPLAY=<parent_machine_hostname:1>
  13. Start the Design Console from inside the container:
    cd idm/designconsole
    sh xlclient.sh
    The Design Console login should be displayed.