Synchronize

Author: rjeberhard

documentation/3.4/content/samples/azure-kubernetes-service/domain-on-pv.md

@@ -26,12 +26,39 @@ This sample demonstrates how to use the [WebLogic Kubernetes Operator](/weblogic
 
 ##### Clone WebLogic Kubernetes Operator repository
 
-Clone the [WebLogic Kubernetes Operator repository](https://github.com/oracle/weblogic-kubernetes-operator) to your machine. You will use several scripts in this repository to create a WebLogic domain. This sample was tested with v3.3.7, but should work with the latest release.
+Clone the [WebLogic Kubernetes Operator repository](https://github.com/oracle/weblogic-kubernetes-operator) to your machine. You will use several scripts in this repository to create a WebLogic domain. This sample was tested with v3.4.2, but should work with the latest release.
 
 ```shell
 $ git clone --branch v{{< latestVersion >}} https://github.com/oracle/weblogic-kubernetes-operator.git
 ```
 
+##### Sign in with Azure CLI
+
+The steps in this section show you how to sign in to the Azure CLI.
+
+1. Open a Bash shell.
+
+1. Sign out and delete some authentication files to remove any lingering credentials.
+
+   ```shell
+   $ az logout
+   $ rm ~/.azure/accessTokens.json
+   $ rm ~/.azure/azureProfile.json
+   ```
+
+1. Sign in to your Azure CLI.
+
+   ```shell
+   $ az login
+   ```
+
+1. Set the subscription ID. Be sure to replace the placeholder with the appropriate value.
+
+   ```shell
+   $ export SUBSCRIPTION_ID=<your-subscription-id>
+   $ az account set -s $SUBSCRIPTION_ID
+   ```
+
 {{% notice info %}} The following sections of the sample instructions will guide you, step-by-step, through the process of setting up a WebLogic cluster on AKS - remaining as close as possible to a native Kubernetes experience. This lets you understand and customize each step. If you wish to have a more automated experience that abstracts some lower level details, you can skip to the [Automation](#automation) section.
 {{% /notice %}}
 
@@ -495,9 +522,6 @@ For input values, you can edit `kubernetes/samples/scripts/create-weblogic-domai
 
 | Name in YAML file | Example value | Notes |
 |-------------------|---------------|-------|
-| `azureServicePrincipalAppId` | `nr086o75-pn59-4782-no5n-nq2op0rsr1q6` | Application ID of your service principal; refer to the application ID in the [Create Service Principal]({{< relref "/samples/azure-kubernetes-service/domain-on-pv#create-a-service-principal-for-aks" >}}) section. |
-| `azureServicePrincipalClientSecret` | `8693089o-q190-45ps-9319-or36252s3s90` | A client secret of your service principal; refer to the client secret in the [Create Service Principal]({{< relref "/samples/azure-kubernetes-service/domain-on-pv#create-a-service-principal-for-aks" >}}) section. |
-| `azureServicePrincipalTenantId` | `72s988os-86s1-cafe-babe-2q7pq011qo47` | Tenant (Directory ) ID of your service principal; refer to the client secret in the [Create Service Principal]({{< relref "/samples/azure-kubernetes-service/domain-on-pv#create-a-service-principal-for-aks" >}}) section. |
 | `dockerEmail` | `yourDockerEmail` | Oracle Single Sign-On (SSO) account email, used to pull the WebLogic Server Docker image. |
 | `dockerPassword` | `yourDockerPassword`| Password for Oracle SSO account, used to pull the WebLogic Server Docker image, in clear text. |
 | `dockerUserName` | `yourDockerId` | The same value as `dockerEmail`.  |
@@ -524,46 +548,140 @@ The script will print the Administration Server address after a successful deplo
 
 #### Deploy sample application
 
-Now that you have WLS running in AKS, you can test the cluster by deploying the simple sample application included in the repository:
-
-1. Go to the WebLogic Server Administration Console, Select "Lock & Edit".
-1. Select Deployments.
-1. Select Install.
-1. Select Upload your file(s).
-1. For the Deployment Archive, Select "Choose File".
-1. Select the file `kubernetes/samples/charts/application/testwebapp.war`.
-1. Select Next. Choose 'Install this deployment as an application'.
-1. Select Next. Select cluster-1 and All servers in the cluster.  Select Next.
-1. Accept the defaults in the next screen and select Next
-1. Select Finish.
-1. Select Activate Changes.
-
-{{%expand "Click here to view the application deployment screenshot." %}}
-![Deploy Application](../screenshot-deploy-test-app.png)
-{{% /expand %}}
+Now that you have WLS running in AKS, you can test the cluster by deploying the sample application included in the repository.
+
+First, package the application with the following command:
 
-Next you will need to start the application:
+```bash
+cd integration-tests/src/test/resources/bash-scripts
+bash build-war-app.sh -s ../apps/testwebapp/ -d /tmp/testwebapp
+```
 
-1. Go to Deployments.
-1. Select Control.
-1. Select the check box next to `testwebapp`.
-1. Select Start.
-1. Select Servicing all requests.
-1. Select Yes.
+Successful output will look like the following:
 
-After the successful deployment, go to the application through the `domain1-cluster-1-lb` external IP.
+```text
+Found source at ../apps/testwebapp/
+build /tmp/testwebapp/testwebapp.war with command jar -cvf /tmp/testwebapp/testwebapp.war *
+added manifest
+ignoring entry META-INF/
+ignoring entry META-INF/MANIFEST.MF
+adding: META-INF/maven/(in = 0) (out= 0)(stored 0%)
+adding: META-INF/maven/com.oracle.weblogic/(in = 0) (out= 0)(stored 0%)
+adding: META-INF/maven/com.oracle.weblogic/testwebapp/(in = 0) (out= 0)(stored 0%)
+adding: META-INF/maven/com.oracle.weblogic/testwebapp/pom.properties(in = 117) (out= 113)(deflated 3%)
+adding: META-INF/maven/com.oracle.weblogic/testwebapp/pom.xml(in = 1210) (out= 443)(deflated 63%)
+adding: WEB-INF/(in = 0) (out= 0)(stored 0%)
+adding: WEB-INF/web.xml(in = 951) (out= 428)(deflated 54%)
+adding: WEB-INF/weblogic.xml(in = 1140) (out= 468)(deflated 58%)
+adding: index.jsp(in = 1001) (out= 459)(deflated 54%)
+-rw-r--r-- 1 user user 3528 Jul  5 14:25 /tmp/testwebapp/testwebapp.war
+```
 
-```shell
-$ kubectl  get svc domain1-cluster-1-external-lb
+Now, you are able to deploy the sample application in `/tmp/testwebapp/testwebapp.war` to the cluster. This sample uses WLS RESTful API [/management/weblogic/latest/edit/appDeployments](https://docs.oracle.com/en/middleware/standalone/weblogic-server/14.1.1.0/wlrer/op-management-weblogic-version-edit-appdeployments-x-operations-1.html) to deploy the sample application. The WLS administration account and password in this sample are `weblogic:welcome1`, replace them with your value created in [Create WebLogic domain secrets](#create-secrets):
+
+```bash
+$ ADMIN_SERVER_IP=$(kubectl get svc domain1-admin-server-external-lb -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')
+$ curl --user weblogic:welcome1 -H X-Requested-By:MyClient  -H Accept:application/json -s -v \
+  -H Content-Type:multipart/form-data  \
+  -F "model={
+        name:    'testwebapp',
+        targets: [ { identity: [ 'clusters', 'cluster-1' ] } ]
+      }" \
+  -F "sourcePath=@/tmp/testwebapp/testwebapp.war" \
+  -H "Prefer:respond-async" \
+  -X POST http://${ADMIN_SERVER_IP}:7001/management/weblogic/latest/edit/appDeployments
 ```
+
+After the successful deployment, you will find output similar to the following:
+
+{{%expand "Click here to view the output." %}}
+```text
+*   Trying 52.226.101.43:7001...
+* TCP_NODELAY set
+* Connected to 52.226.101.43 (52.226.101.43) port 7001 (#0)
+* Server auth using Basic with user 'weblogic'
+> POST /management/weblogic/latest/edit/appDeployments HTTP/1.1
+> Host: 52.226.101.43:7001
+> Authorization: Basic d2VibG9naWM6d2VsY29tZTE=
+> User-Agent: curl/7.68.0
+> X-Requested-By:MyClient
+> Accept:application/json
+> Prefer:respond-async
+> Content-Length: 3925
+> Content-Type: multipart/form-data; boundary=------------------------cc76a2c2d819911f
+> Expect: 100-continue
+>
+* Mark bundle as not supporting multiuse
+< HTTP/1.1 100 Continue
+* We are completely uploaded and fine
+* Mark bundle as not supporting multiuse
+< HTTP/1.1 202 Accepted
+< Date: Thu, 11 Aug 2022 08:32:56 GMT
+< Location: http://domain1-admin-server:7001/management/weblogic/latest/domainRuntime/deploymentManager/deploymentProgressObjects/testwebapp
+< Content-Length: 764
+< Content-Type: application/json
+< X-ORACLE-DMS-ECID: 6f205c83-e172-4c34-a638-7f0c6345ce45-00000055
+< X-ORACLE-DMS-RID: 0
+< Set-Cookie: JSESSIONID=NOCMCQBO7dxyA2lUfCYp4zSYIeFB0S3V1KRRzigmmoOUfmQmlLOh!-546081476; path=/; HttpOnly
+< Vary: Accept-Encoding
+<
+{
+    "links": [{
+        "rel": "job",
+        "href": "http:\/\/domain1-admin-server:7001\/management\/weblogic\/latest\/domainRuntime\/deploymentManager\/deploymentProgressObjects\/testwebapp"
+    }],
+    "identity": [
+        "deploymentManager",
+        "deploymentProgressObjects",
+        "testwebapp"
+    ],
+    "rootExceptions": [],
+    "deploymentMessages": [],
+    "name": "testwebapp",
+    "operationType": 3,
+    "startTimeAsLong": 1660206785965,
+    "state": "STATE_RUNNING",
+    "id": "0",
+    "type": "DeploymentProgressObject",
+    "targets": ["cluster-1"],
+    "applicationName": "testwebapp",
+    "failedTargets": [],
+    "progress": "processing",
+    "completed": false,
+    "intervalToPoll": 1000,
+    "startTime": "2022-08-11T08:33:05.965Z"
+* Connection #0 to host 52.226.101.43 left intact
 ```
-NAME                            TYPE           CLUSTER-IP     EXTERNAL-IP     PORT(S)          AGE
-domain1-cluster-1-external-lb   LoadBalancer   10.0.108.249   52.224.248.40   8001:32695/TCP   30m
+{{% /expand %}}
+
+Now, you can go to the application through the `domain1-cluster-1-lb` external IP.
+
+```shell
+$ CLUSTER_IP=$(kubectl get svc domain1-cluster-1-external-lb -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')
+
+$ curl http://${CLUSTER_IP}:8001/testwebapp/
 ```
 
-In the example, the application address is: `http://52.224.248.40:8001/testwebapp`.
+The test application will list the server host and server IP on the output, like this:
+
+```html
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 
-The test application will list the server host and server IP on the page.
+    <link rel="stylesheet" href="/testwebapp/res/styles.css;jsessionid=9uiMDakndtPlZTyDB9A-OKZEFBBAPyIs_9bG3qC4uA3PYaI8DsH1!-1450005246" type="text/css">
+    <title>Test WebApp</title>
+  </head>
+  <body>
+
+
+    <li>InetAddress: domain1-managed-server1/10.244.1.8
+    <li>InetAddress.hostname: domain1-managed-server1
+
+  </body>
+</html>
+```
 
 #### Validate NFS volume
 

documentation/3.4/content/samples/azure-kubernetes-service/includes/clean-up-resources-body-02.txt

@@ -1,6 +1,5 @@
 ```shell
 $ az group delete --yes --no-wait --name $AKS_PERS_RESOURCE_GROUP
 $ az group delete --yes --no-wait --name "MC_$AKS_PERS_RESOURCE_GROUP"_"$AKS_CLUSTER_NAME"_"$AKS_PERS_LOCATION"
-$ az ad sp delete --id $SP_APP_ID
 ```
 

documentation/3.4/content/samples/azure-kubernetes-service/includes/create-aks-cluster-body-01.txt

@@ -1,73 +1,3 @@
-##### Create a Service Principal for AKS
-
-An AKS cluster requires either an [Azure Active Directory (AD) service principal](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals) or a [managed identity](https://docs.microsoft.com/azure/aks/use-managed-identity) to interact with Azure resources.
-
-We will use a service principal to create an AKS cluster. Follow the commands below to create a new service principal.
-
-Please run `az login` first. Do set the subscription you want to work with. You can get a list of your subscriptions by running `az account list`.
-
-```shell
-# Login
-$ az login
-
-# Set your working subscription
-$ export SUBSCRIPTION_ID=<your-subscription-id>
-$ az account set -s $SUBSCRIPTION_ID
-```
-
-Create the new service principal with the following commands:
-
-```shell
-# Create Service Principal
-$ export SP_NAME=myAKSClusterServicePrincipal
-$ az ad sp create-for-rbac --skip-assignment --name $SP_NAME
-
-# Copy the output to a file, we will use it later.
-```
-
-If you see an error similar to the following:
-
-```shell
-Found an existing application instance of "5pn2s201-nq4q-43n1-z942-p9r9571qr3rp". We will patch it
-Insufficient privileges to complete the operation.
-```
-
-The problem may be a pre-existing service principal with the same name.  Either delete the other service principal or pick a different name.
-
-Successful output will look like the following:
-
-```json
-{
-  "appId": "r3qnq743-61s9-4758-8163-4qpo87s72s54",
-  "displayName": "myAKSClusterServicePrincipal",
-  "name": "http://myAKSClusterServicePrincipal",
-  "password": "TfhR~uOJ1C1ftD5NS_LzJJj6UOjS2OwXfz",
-  "tenant": "82sr215n-0ns5-404e-9161-206r0oqyq999"
-}
-```
-
-Grant your service principal with a contributor role to create AKS resources.
-
-```shell
-# Use the <appId> from the output of the last command
-$ export SP_APP_ID=r3qnq743-61s9-4758-8163-4qpo87s72s54
-$ az role assignment create --assignee $SP_APP_ID --role Contributor
-```
-
-Successful output will look like the following:
-
-```json
-{
-  "canDelegate": null,
-  "id": "/subscriptions/p7844r91-o11q-4n7s-np6s-996308sopqo9/providers/Microsoft.Authorization/roleAssignments/4oq396os-rs95-4n6s-n3qo-sqqpnpo91035",
-  "name": "4oq396os-rs95-4n6s-n3qo-sqqpnpo91035",
-  "principalId": "952551r8-n129-4on3-oqo9-231n0s6011n3",
-  "principalType": "ServicePrincipal",
-  "roleDefinitionId": "/subscriptions/p7844r91-o11q-4n7s-np6s-996308sopqo9/providers/Microsoft.Authorization/roleDefinitions/o24988np-6180-42n0-no88-20s7382qq24p",
-  "scope": "/subscriptions/p7844r91-o11q-4n7s-np6s-996308sopqo9",
-}
-```
-
 ##### Oracle Container Registry
 
 You will need an Oracle account. The following steps will direct you to accept the license agreement for WebLogic Server.  Make note of your Oracle Account password and email.  This sample pertains to 12.2.1.4, but other versions may work as well.

documentation/3.4/content/samples/azure-kubernetes-service/includes/create-aks-cluster-body-02.txt

@@ -13,8 +13,6 @@ $ export TIMESTAMP=`date +%s`
 $ export AKS_CLUSTER_NAME="${NAME_PREFIX}aks${TIMESTAMP}"
 $ export AKS_PERS_RESOURCE_GROUP="${NAME_PREFIX}resourcegroup${TIMESTAMP}"
 $ export AKS_PERS_LOCATION=eastus
-$ export SP_APP_ID=<appId from the az ad sp create-for-rbac command>
-$ export SP_CLIENT_SECRET=<password from the az ad sp create-for-rbac command>
 
 $ az group create --name $AKS_PERS_RESOURCE_GROUP --location $AKS_PERS_LOCATION
 $ az aks create \
@@ -25,8 +23,7 @@ $ az aks create \
    --nodepool-name nodepool1 \
    --node-vm-size Standard_DS2_v2 \
    --location $AKS_PERS_LOCATION \
-   --service-principal $SP_APP_ID \
-   --client-secret $SP_CLIENT_SECRET
+   --enable-managed-identity
 ```
 
 Successful output will be a JSON object with the entry `"type": "Microsoft.ContainerService/ManagedClusters"`.

documentation/3.4/content/samples/azure-kubernetes-service/includes/create-aks-cluster-storage.txt

@@ -58,9 +58,33 @@ You will dynamically create and use a persistent volume with Azure Files NFS sha
 
     The command provisions an NFS file share with NFS 4.1 or above.
 
-3. Configure network security.
+3. Assign the AKS cluster **Contributor** role to access the storage account.
 
-    You must configure the network security allowing access from AKS cluster to the storage account.
+    You must configure role assignment allowing access from AKS cluster to the storage account.
+
+    Get `objectId` of the AKS cluster with the following command and save it with variable `AKS_OBJECT_ID`:
+
+    ```shell
+    $ AKS_OBJECT_ID=$(az aks show --name ${AKS_CLUSTER_NAME} --resource-group ${AKS_PERS_RESOURCE_GROUP} --query "identity.principalId" -o tsv)
+    ```
+
+    Get Id of the storage account with the following command:
+
+    ```shell
+    $ STORAGE_ACCOUNT_ID=$(az storage account show --name ${AKS_PERS_STORAGE_ACCOUNT_NAME} --resource-group ${AKS_PERS_RESOURCE_GROUP} --query "id" -o tsv)
+    ```
+
+    Now, you are able to create a role assignment to grant the AKS cluster **Contributor** in the scope of the storage account. Then, the AKS cluster is able to access the file share.
+
+    ```shell
+    $ az role assignment create --assignee "${AKS_OBJECT_ID}" \
+      --role "Contributor" \
+      --scope "${STORAGE_ACCOUNT_ID}"
+    ```
+
+4. Configure network security.
+
+    You must configure the network security allowing access from AKS cluster to the file share.
 
     First, you must get the virtual network name and the subnet name of the AKS cluster.
 
@@ -72,7 +96,10 @@ You will dynamically create and use a persistent volume with Azure Files NFS sha
     $ echo ${aksMCRGName}
 
     # get network name of AKS cluster
-    $ aksNetworkName=$(az resource list --resource-group ${aksMCRGName} --resource-type Microsoft.Network/virtualNetworks -o tsv --query '[*].name')
+    $ aksNetworkName=$(az graph query -q "Resources \
+        | where type =~ 'Microsoft.Network/virtualNetworks' \
+        | where resourceGroup  =~ '${aksMCRGName}' \
+        | project name = name" --query "data[0].name"  -o tsv)
     $ echo ${aksNetworkName}
 
     # get subnet name of AKS agent pool

documentation/3.4/content/samples/azure-kubernetes-service/includes/prerequisites-01.txt

@@ -3,8 +3,9 @@
 This sample assumes the following prerequisite environment.
 
 * Operating System: GNU/Linux, macOS or [WSL2 for Windows 10](https://docs.microsoft.com/windows/wsl/install-win10).
-* [Git](https://git-scm.com/downloads); use `git --version` to test if `git` works.  This document was tested with version 2.17.1.
-* [Azure CLI](https://docs.microsoft.com/cli/azure); use `az --version` to test if `az` works.  This document was tested with version 2.9.1.
-* [Docker for Desktop](https://www.docker.com/products/docker-desktop).  This document was tested with `Docker version 20.10.2, build 2291f61`
-* [kubectl](https://kubernetes-io-vnext-staging.netlify.com/docs/tasks/tools/install-kubectl/); use `kubectl version` to test if `kubectl` works.  This document was tested with version v1.16.3.
-* [Helm](https://helm.sh/docs/intro/install/), version 3.1 and later; use `helm version` to check the `helm` version.  This document was tested with version v3.2.5.
+* [Git](https://git-scm.com/downloads); use `git --version` to test if `git` works.  This document was tested with version 2.25.1.
+* [Azure CLI](https://docs.microsoft.com/cli/azure); use `az --version` to test if `az` works.  This document was tested with version 2.39.0.
+* [Docker for Desktop](https://www.docker.com/products/docker-desktop).  This document was tested with `Docker version 20.10.7`
+* [kubectl](https://kubernetes-io-vnext-staging.netlify.com/docs/tasks/tools/install-kubectl/); use `kubectl version` to test if `kubectl` works.  This document was tested with version v1.21.2.
+* [Helm](https://helm.sh/docs/intro/install/), version 3.1 and later; use `helm version` to check the `helm` version.  This document was tested with version v3.6.2.
+* A Java JDK, Version 8 or 11. Azure recommends [Microsoft Build of OpenJDK](https://docs.microsoft.com/java/openjdk/download). Ensure that your `JAVA_HOME` environment variable is set correctly in the shells in which you run the commands.