7.4.5 Verifying the OUD Deployment
Run the following command to verify the OUD deployment:
kubectl --namespace <namespace> get pod,service,secret,pv,pvc,ingress -o widekubectl --namespace oudns get pod,service,secret,pv,pvc,ingress -o wideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/oud-ds-rs-0 1/1 Running 0 14m 10.244.1.180 <Worker Node> <none> <none>
pod/oud-ds-rs-1 1/1 Running 0 8m26s 10.244.1.181 <Worker Node> <none> <none>
pod/oud-ds-rs-2 0/1 Running 0 2m24s 10.244.1.182 <Worker Node> <none> <none>
pod/oud-pod-cron-job-27586680-p5d8q 0/1 Completed 0 50s 10.244.1.183 <Worker Node> <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/oud-ds-rs ClusterIP None <none> 1444/TCP,1888/TCP,1389/TCP,1636/TCP,1080/TCP,1081/TCP,1898/TCP 14m app.kubernetes.io/instance=oud-ds-rs,app.kubernetes.io/name=oud-ds-rs
service/oud-ds-rs-0 ClusterIP None <none> 1444/TCP,1888/TCP,1898/TCP 14m app.kubernetes.io/instance=oud-ds-rs,app.kubernetes.io/name=oud-ds-rs,statefulset.kubernetes.io/pod-name=oud-ds-rs-0
service/oud-ds-rs-1 ClusterIP None <none> 1444/TCP,1888/TCP,1898/TCP 14m app.kubernetes.io/instance=oud-ds-rs,app.kubernetes.io/name=oud-ds-rs,statefulset.kubernetes.io/pod-name=oud-ds-rs-1
service/oud-ds-rs-2 ClusterIP None <none> 1444/TCP,1888/TCP,1898/TCP 14m app.kubernetes.io/instance=oud-ds-rs,app.kubernetes.io/name=oud-ds-rs,statefulset.kubernetes.io/pod-name=oud-ds-rs-2
service/oud-ds-rs-http-0 ClusterIP 10.104.112.93 <none> 1080/TCP,1081/TCP 14m app.kubernetes.io/instance=oud-ds-rs,app.kubernetes.io/name=oud-ds-rs,statefulset.kubernetes.io/pod-name=oud-ds-rs-0
service/oud-ds-rs-http-1 ClusterIP 10.103.105.70 <none> 1080/TCP,1081/TCP 14m app.kubernetes.io/instance=oud-ds-rs,app.kubernetes.io/name=oud-ds-rs,statefulset.kubernetes.io/pod-name=oud-ds-rs-1
service/oud-ds-rs-http-2 ClusterIP 10.110.160.107 <none> 1080/TCP,1081/TCP 14m app.kubernetes.io/instance=oud-ds-rs,app.kubernetes.io/name=oud-ds-rs,statefulset.kubernetes.io/pod-name=oud-ds-rs-2
service/oud-ds-rs-lbr-admin ClusterIP 10.99.238.222 <none> 1888/TCP,1444/TCP 14m app.kubernetes.io/instance=oud-ds-rs,app.kubernetes.io/name=oud-ds-rs
service/oud-ds-rs-lbr-http ClusterIP 10.101.250.196 <none> 1080/TCP,1081/TCP 14m app.kubernetes.io/instance=oud-ds-rs,app.kubernetes.io/name=oud-ds-rs
service/oud-ds-rs-lbr-ldap ClusterIP 10.104.149.90 <none> 1389/TCP,1636/TCP 14m app.kubernetes.io/instance=oud-ds-rs,app.kubernetes.io/name=oud-ds-rs
service/oud-ds-rs-ldap-0 ClusterIP 10.109.255.221 <none> 1389/TCP,1636/TCP 14m app.kubernetes.io/instance=oud-ds-rs,app.kubernetes.io/name=oud-ds-rs,statefulset.kubernetes.io/pod-name=oud-ds-rs-0
service/oud-ds-rs-ldap-1 ClusterIP 10.111.135.142 <none> 1389/TCP,1636/TCP 14m app.kubernetes.io/instance=oud-ds-rs,app.kubernetes.io/name=oud-ds-rs,statefulset.kubernetes.io/pod-name=oud-ds-rs-1
service/oud-ds-rs-ldap-2 ClusterIP 10.100.8.145 <none> 1389/TCP,1636/TCP 14m app.kubernetes.io/instance=oud-ds-rs,app.kubernetes.io/name=oud-ds-rs,statefulset.kubernetes.io/pod-name=oud-ds-rs-2
NAME TYPE DATA AGE
secret/dockercred kubernetes.io/dockerconfigjson 1 4h24m
secret/orclcred kubernetes.io/dockerconfigjson 1 14m
secret/oud-ds-rs-creds opaque 8 14m
secret/oud-ds-rs-tls-cert kubernetes.io/tls 2 14m
secret/sh.helm.release.v1.oud-ds-rs.v1 helm.sh/release.v1 1 14m
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE VOLUMEMODE
persistentvolume/oud-ds-rs-pv 20Gi RWX Delete Bound oudns/oud-ds-rs-pvc manual 14m Filesystem
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE VOLUMEMODE
persistentvolumeclaim/oud-ds-rs-pvc Bound oud-ds-rs-pv 20Gi RWX manual 14m Filesystem
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/oud-ds-rs-admin-ingress-nginx <none> oud-ds-rs-admin-0,oud-ds-rs-admin-0,oud-ds-rs-admin-1 + 3 more... 80, 443 14m
ingress.networking.k8s.io/oud-ds-rs-http-ingress-nginx <none> oud-ds-rs-http-0,oud-ds-rs-http-1,oud-ds-rs-http-2 + 3 more... 80, 443 14m If you are using block storage you will see slightly different entries for PV and PVC, for
example:
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE VOLUMEMODE
persistentvolume/ocid1.volume.oc1.iad.<unique_ID> 50Gi RWO Delete Bound oudns/oud-ds-rs-pv-oud-ds-rs-2 oud-sc 60m Filesystem
persistentvolume/ocid1.volume.oc1.iad.<unique_ID> 50Gi RWO Delete Bound oudns/oud-ds-rs-pv-oud-ds-rs-1 oud-sc 67m Filesystem
persistentvolume/ocid1.volume.oc1.iad.<unique_ID> 50Gi RWO Delete Bound oudns/oud-ds-rs-pv-oud-ds-rs-3 oud-sc 45m Filesystem
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE VOLUMEMODE
persistentvolumeclaim/oud-ds-rs-pv-oud-ds-rs-1 Bound ocid1.volume.oc1.iad.<unique_ID> 50Gi RWO oud-sc 67m Filesystem
persistentvolumeclaim/oud-ds-rs-pv-oud-ds-rs-2 Bound ocid1.volume.oc1.iad.<unique_ID> 50Gi RWO oud-sc 60m Filesystem
persistentvolumeclaim/oud-ds-rs-pv-oud-ds-rs-3 Bound ocid1.volume.oc1.iad.<unique_ID> 50Gi RWO oud-sc 45m FilesystemNote:
Initiallypod/oud-ds-rs-0 will appear with a
STATUS of 0/1 and it will take approximately 5 minutes
before OUD is started (1/1). Once pod/oud-ds-rs-0 has a
STATUS of 1/1, pod/oud-ds-rs-1 will
appear with a STATUS of 0/1. Once
pod/oud-ds-rs-1 is started (1/1),
pod/oud-ds-rs-2 will appear. It will take around 15 minutes for all the
pods to fully started.
While the oud-ds-rs pods have a
STATUS of
0/1 the pod is running but OUD server associated with it is
currently starting. While the pod is starting you can check the startup status in the
pod logs, by running the following
command:kubectl logs <pod> -n oudnskubectl logs oud-ds-rs-0 -n oudnsIf the OUD deployment fails, additionally refer to General Troubleshooting for instructions on how describe the failing pod(s). Once the problem is identified follow Deleting an OUD Deployment to clean down the deployment before deploying again.
Kubernetes Objects
Kubernetes objects created by the Helm chart are detailed in the table below:
Note:
The ‘Example Name’ for each Object below is based on the value ‘oud-ds-rs’ as deployment/release name for the Helm chart installation.| Type | Name | Example Name | Purpose |
|---|---|---|---|
| Service Account | <deployment/release name> | oud-ds-rs | Kubernetes Service Account for the Helm Chart deployment. |
| Secret | <deployment/release name>-creds | oud-ds-rs-creds | Secret object for Oracle Unified Directory related critical values like passwords. |
| Persistent Volume | <deployment/release name>-pv | oud-ds-rs-pv | Persistent Volume for user_projects mount. |
| Persistent Volume Claim | <deployment/release name>-pvc | oud-ds-rs-pvc | Persistent Volume Claim for user_projects mount. |
| Persistent Volume | <deployment/release name>-pv-config | oud-ds-rs-pv-config | Persistent Volume for mounting volume in containers for configuration files like ldif, schema, jks, java.security, etc. |
| Persistent Volume Claim | <deployment/release name>-pvc-config | oud-ds-rs-pvc-config | Persistent Volume Claim for mounting volume in containers for configuration files like ldif, schema, jks, java.security, etc. |
| Pod | <deployment/release name>-0 | oud-ds-rs-0 | Pod/Container for base Oracle Unified Directory Instance which would be populated first with base configuration (like number of sample entries). |
| Pod | <deployment/release name>-N | oud-ds-rs-1, oud-ds-rs-2, … | Pod(s)/Container(s) for Oracle Unified Directory Instances - each would have replication enabled against base Oracle Unified Directory instance <deployment/release name>-0. |
| Service | <deployment/release name>-0 | oud-ds-rs-0 | Service for LDAPS Admin, REST Admin and Replication interfaces from base Oracle Unified Directory instance <deployment/release name>-0. |
| Service | <deployment/release name>-http-0 | oud-ds-rs-http-0 | Service for HTTP and HTTPS interfaces from base Oracle Unified Directory instance <deployment/release name>-0. |
| Service | <deployment/release name>-ldap-0 | oud-ds-rs-ldap-0 | Service for LDAP and LDAPS interfaces from base Oracle Unified Directory instance <deployment/release name>-0. |
| Service | <deployment/release name>-N | oud-ds-rs-1, oud-ds-rs-2, … | Service(s) for LDAPS Admin, REST Admin and Replication interfaces from base Oracle Unified Directory instance <deployment/release name>-N. |
| Service | <deployment/release name>-http-N | oud-ds-rs-http-1, oud-ds-rs-http-2, … | Service(s) for HTTP and HTTPS interfaces from base Oracle Unified Directory instance <deployment/release name>-N. |
| Service | <deployment/release name>-ldap-N | oud-ds-rs-ldap-1, oud-ds-rs-ldap-2, … | Service(s) for LDAP and LDAPS interfaces from base Oracle Unified Directory instance <deployment/release name>-N. |
| Service | <deployment/release name>-lbr-admin | oud-ds-rs-lbr-admin | Service for LDAPS Admin, REST Admin and Replication interfaces from all Oracle Unified Directory instances. |
| Service | <deployment/release name>-lbr-http | oud-ds-rs-lbr-http | Service for HTTP and HTTPS interfaces from all Oracle Unified Directory instances. |
| Service | <deployment/release name>-lbr-ldap | oud-ds-rs-lbr-ldap | Service for LDAP and LDAPS interfaces from all Oracle Unified Directory instances. |
| Ingress | <deployment/release name>-admin-ingress-nginx | oud-ds-rs-admin-ingress-nginx | Ingress Rules for HTTP Admin interfaces. |
| Ingress | <deployment/release name>-http-ingress-nginx | oud-ds-rs-http-ingress-nginx | Ingress Rules for HTTP (Data/REST) interfaces. |