The OIG domain patching script automatically performs the update of your OIG Kubernetes cluster with a new OIG container image.
Note: Before following the steps below, you must have upgraded to WebLogic Kubernetes Operator 4.0.4.
The script executes the following steps sequentially:
serverStartPolicy set as Never in the domain definition yaml.serverStartPolicy to IfNeeded and image to new image tag.The script exits with a failure if a configurable timeout is reached before the target pod count is reached, depending upon the domain configuration. It also exits if there is any failure while patching the database schema and domain.
Note: The script execution will cause downtime while patching the OIG deployment and database schemas.
Before you begin, perform the following steps:
Review the Domain resource documentation.
Ensure that you have a running OIG deployment in your cluster.
Ensure that the database is up and running.
Download the latest code repository as follows:
Create a working directory to setup the source code.
$ mkdir <workdir>
For example:
$ mkdir /scratch/OIGK8Slatest
Download the latest OIG deployment scripts from the OIG repository.
$ cd <workdir>
$ git clone https://github.com/oracle/fmw-kubernetes.git --branch release/23.3.1
For example:
$ cd /scratch/OIGK8Slatest
$ git clone https://github.com/oracle/fmw-kubernetes.git --branch release/23.3.1
Set the $WORKDIR environment variable as follows:
$ export WORKDIR=<workdir>/fmw-kubernetes/OracleIdentityGovernance
For example:
$ export WORKDIR=/scratch/OIGK8Slatest/fmw-kubernetes/OracleIdentityGovernance
Run the patch domain script as follows. Specify the inputs required by the script. If you need help understanding the inputs run the command help -h.
$ cd $WORKDIR/kubernetes/domain-lifecycle
$ ./patch_oig_domain.sh -h
$ ./patch_oig_domain.sh -i <target_image_tag> -n <oig_namespace>
For example:
$ cd $WORKDIR/kubernetes/domain-lifecycle
$ ./patch_oig_domain.sh -h
$ ./patch_oig_domain.sh -i 12.2.1.4-jdk8-ol7-<July`23> -n oigns
The output will look similar to the following
[INFO] Found domain name: governancedomain
[INFO] Image Registry: container-registry.oracle.com/middleware/oig_cpu
[INFO] Domain governancedomain is currently running with image: container-registry.oracle.com/middleware/oig_cpu:12.2.1.4-jdk8-ol7-<April`23>
current no of pods under governancedomain are 3
[INFO] The pod helper already exists in namespace oigns.
[INFO] Deleting pod helper
pod "helper" deleted
[INFO] Fetched Image Pull Secret: orclcred
[INFO] Creating new helper pod with image: container-registry.oracle.com/middleware/oig_cpu:12.2.1.4-jdk8-ol7-<July`23>
pod/helper created
Checking helper Running
[INFO] Stopping Admin, SOA and OIM servers in domain governancedomain. This may take some time, monitor log /scratch/OIGK8Slatest/fmw-kubernetes/OracleIdentityGovernance/kubernetes/domain-lifecycle/log/oim_patch_log-<DATE>/stop_servers.log for details
[INFO] All servers are now stopped successfully. Proceeding with DB Schema changes
[INFO] Patching OIM schemas...
[INFO] DB schema update successful. Check log /scratch/OIGK8Slatest/fmw-kubernetes/OracleIdentityGovernance/kubernetes/domain-lifecycle/log/oim_patch_log-<DATE>/patch_oim_wls.log for details
[INFO] Starting Admin, SOA and OIM servers with new image container-registry.oracle.com/middleware/oig_cpu:12.2.1.4-jdk8-ol7-<July`23>
[INFO] Waiting for 3 weblogic pods to be ready..This may take several minutes, do not close the window. Check log /scratch/OIGK8Slatest/fmw-kubernetes/OracleIdentityGovernance/kubernetes/domain-lifecycle/log/oim_patch_log-<DATE>/monitor_weblogic_pods.log for progress
[SUCCESS] All servers under governancedomain are now in ready state with new image: container-registry.oracle.com/middleware/oig_cpu:12.2.1.4-jdk8-ol7-<July`23>
The logs are available at $WORKDIR/kubernetes/domain-lifecycle by default. A custom log location can also be provided to the script.
Note: If the patch domain script creation fails, refer to the Troubleshooting section.