Merge remote-tracking branch 'origin/main' into release/4.0

Author: rjeberhard

documentation/4.0/content/managing-domains/accessing-the-domain/istio/istio.md

@@ -175,7 +175,7 @@ spec:
     istio: ingressgateway
   servers:
     - hosts:
-        - '*'
+        - 'yourdomain.dns.com'
       port:
         name: http
         number: 80
@@ -190,7 +190,7 @@ spec:
   gateways:
     - domain1-gateway
   hosts:
-    - '*'
+    - 'yourdomain.dns.com'
   http:
     - match:
         - uri:
@@ -416,13 +416,13 @@ See Istio [Destination Rule](https://istio.io/latest/docs/reference/config/netwo
 
 Ingress gateway provides similar functions to `Kubernetes Ingress` but with more advanced functionality.
 
-For example, to configure an Ingress gateway for SSL termination at the gateway:
+I. For example, to configure an Ingress gateway for SSL termination at the gateway:
 
 1. Create a TLS certificate and secret.
 
 ```text
 $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls1.key -out /tmp/tls1.crt -subj "/CN=secure-domain.org"
-$ kubectl -n weblogic-domain1 create secret tls domain1-tls-cert --key /tmp/tls1.key --cert /tmp/tls1.crt
+$ kubectl -n istio-system create secret tls domain1-tls-cert --key /tmp/tls1.key --cert /tmp/tls1.crt
 ```
 
 2. Create the Ingress gateway.
@@ -453,8 +453,36 @@ spec:
       hosts:
       - 'regular-domain.org'
 ```
+ 
+If you are accessing the WebLogic Console through a secure gateway with SSL termination at the gateway level, enable 
+ `WeblogicPluginEnabled` in the WebLogic domain and add the appropriate request headers.  For example,
+ 
+If you are using WDT, add the `resources` section in the model YAML file.
+ 
+```text
+      resources:
+         WebAppContainer:
+            WeblogicPluginEnabled: true
+``` 
+
+If you are using WLST, set the `WeblogicPluginEnabled` for each server and cluster
+
+```text
+   set('WeblogicPluginEnabled',true)
+```
 
-For example, to configure an Ingress gateway for SSL passthrough:
+Set the request headers in the virtual service:  (Use `kubectl explain virtualservice.spec.http.route.headers` for help)
+
+```text
+   headers:
+     request:
+       remove: ['WL-Proxy-Client-IP',  'WL-Proxy-SSL']
+       set:
+         X-Forwarded-Proto: https
+         WL-Proxy-SSL: 'true'
+```  
+
+II. For example, to configure an Ingress gateway for SSL passthrough:
 
 
 ```text
@@ -483,4 +511,29 @@ spec:
       - 'regular-domain.org'
 ```
 
+The virtual service will then configure to match the `tls` rule.
+
+```text
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: sample-domain1-virtualservice
+  namespace: sample-domain1-ns
+spec:
+  gateways:
+    - sample-domain1-gateway
+  hosts:
+    - secure-domain.org
+  tls:
+  - match:
+    - port: 443
+      sniHosts:
+      - secure-domain.org
+    route:
+    - destination:
+        host: sample-domain1-admin-server
+        port:
+          number: 9002    
+```
+
 See Istio [Ingress](https://istio.io/latest/docs/tasks/traffic-management/ingress).

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMiiClusterResource.java

@@ -32,6 +32,7 @@
 import oracle.weblogic.kubernetes.annotations.IntegrationTest;
 import oracle.weblogic.kubernetes.annotations.Namespaces;
 import oracle.weblogic.kubernetes.logging.LoggingFacade;
+import org.awaitility.core.ConditionFactory;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.MethodOrderer;
@@ -67,6 +68,7 @@
 import static oracle.weblogic.kubernetes.utils.ClusterUtils.stopCluster;
 import static oracle.weblogic.kubernetes.utils.CommonMiiTestUtils.verifyPodsNotRolled;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.checkPodReadyAndServiceExists;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.createCustomConditionFactory;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.getNextFreePort;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.testUntil;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.withLongRetryPolicy;
@@ -254,7 +256,8 @@ void testAddReplaceClusterResource() {
 
     //verify the introspector pod is created and runs
     String introspectPodNameBase2 = getIntrospectJobName(domainUid);
-    checkPodExists(introspectPodNameBase2, domainUid, domainNamespace);
+    ConditionFactory customConditionFactory = createCustomConditionFactory(0, 1, 5);
+    checkPodExists(customConditionFactory, introspectPodNameBase2, domainUid, domainNamespace);
     checkPodDoesNotExist(introspectPodNameBase2, domainUid, domainNamespace);
 
     // check managed server pods from cluster-1 are shutdown
@@ -363,7 +366,8 @@ void testDomainStatusMatchesClusterResourceStatus() {
 
     //verify the introspector pod is created and runs
     String introspectPodNameBase2 = getIntrospectJobName(domainUid);
-    checkPodExists(introspectPodNameBase2, domainUid, domainNamespace);
+    ConditionFactory customConditionFactory = createCustomConditionFactory(0, 1, 5);
+    checkPodExists(customConditionFactory, introspectPodNameBase2, domainUid, domainNamespace);
     checkPodDoesNotExist(introspectPodNameBase2, domainUid, domainNamespace);
 
     // check managed server pods from cluster-1 are shutdown

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItRetryImprovements.java

@@ -404,11 +404,15 @@ void testRetryOccursAndErrorFromIntrospectorLoggedInOperator() throws Exception
     testUntil(() -> checkPodLogContainsRegex(createDomainFailedMsgRegex, operatorPodName, opNamespace),
         logger, "{0} is found in Operator log", createDomainFailedMsgRegex);
 
-    // verify that SEVERE and createDomainFailedMsgRegex message found in Operator log
+    // verify that SEVERE and createDomainFailedMsgRegex message found in introspector log
     testUntil(() -> checkInUncompletedIntroPodLogContainsRegex(createDomainFailedMsgRegex,
         domainUid, domainNamespace),
         logger, "{0} is found in introspector log", createDomainFailedMsgRegex);
 
+    // verify that SEVERE and createDomainFailedMsgRegex message found in domain status
+    testUntil(() -> findStringInDomainStatusMessage(domainNamespace, domainUid, createDomainFailedMsgRegex, "true"),
+        logger, "{0} is found in domain status message", createDomainFailedMsgRegex);
+
     Callable<Boolean> configMapExist = assertDoesNotThrow(() -> configMapExist(domainNamespace, badModelFileCm));
 
     if (configMapExist.call().booleanValue()) {

integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/CommonTestUtils.java

@@ -129,6 +129,19 @@ private static ConditionFactory createStandardRetryPolicyWithAtMost(long minutes
 
   private static final String TMP_FILE_NAME = "temp-download-file.out";
 
+  /**
+   * Create a condition factory with custom values for pollDelay, pollInterval and atMost time.
+   *
+   * @param polldelay starting delay before checking for the condition in seconds
+   * @param pollInterval interval time between checking for the condition in seconds
+   * @param atMostMinutes how long should it wait for the condition becomes true in minutes
+   * @return ConditionFactory custom condition factory
+   */
+  public static ConditionFactory createCustomConditionFactory(int polldelay, int pollInterval, int atMostMinutes) {
+    return with().pollDelay(polldelay, SECONDS)
+        .and().with().pollInterval(pollInterval, SECONDS)
+        .atMost(atMostMinutes, MINUTES).await();
+  }
 
   /**
    * Test assertion using standard retry policy over time until it passes or the timeout expires.

integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/DomainUtils.java

@@ -1212,14 +1212,25 @@ public static DomainResource getAndValidateInitialDomain(String domainNamespace,
    * @return true if regex found, false otherwise.
    */
   @Nonnull
-  public static boolean findStringInDomainStatusMessage(String domainNamespace, String domainUid, String regex) {
+  public static boolean findStringInDomainStatusMessage(String domainNamespace,
+                                                        String domainUid,
+                                                        String regex,
+                                                        String... multupleMessage) {
     // get the domain status message
     StringBuffer getDomainInfoCmd = new StringBuffer(KUBERNETES_CLI + " get domain/");
     getDomainInfoCmd
         .append(domainUid)
         .append(" -n ")
-        .append(domainNamespace)
-        .append(" -o jsonpath='{.status.message}' --ignore-not-found");
+        .append(domainNamespace);
+
+    if (multupleMessage.length == 0) {
+      // get single field of domain message
+      getDomainInfoCmd.append(" -o jsonpath='{.status.message}' --ignore-not-found");
+    } else {
+      // use [,] to get side by side multiple fields of the domain status message
+      getDomainInfoCmd.append(" -o jsonpath=\"{.status.conditions[*]['status', 'message']}\" --ignore-not-found");
+    }
+
     getLogger().info("Command to get domain status message: " + getDomainInfoCmd);
 
     CommandParams params = new CommandParams().defaults();

integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/PodUtils.java

@@ -94,6 +94,27 @@ public static void checkPodExists(String podName, String domainUid, String domai
         domainNamespace);
   }
 
+  /**
+   * Check pod exists in the specified namespace.
+   *
+   * @param conditionFactory Configuration for Awaitility condition factory
+   * @param podName pod name to check
+   * @param domainUid the label the pod is decorated with
+   * @param domainNamespace the domain namespace in which the domain exists
+   */
+  public static void checkPodExists(ConditionFactory conditionFactory, String podName,
+      String domainUid, String domainNamespace) {
+    LoggingFacade logger = getLogger();
+    testUntil(conditionFactory,
+        assertDoesNotThrow(() -> podExists(podName, domainUid, domainNamespace),
+            String.format("podExists failed with ApiException for pod %s in namespace %s",
+                podName, domainNamespace)),
+        logger,
+        "pod {0} to be created in namespace {1}",
+        podName,
+        domainNamespace);
+  }
+  
   /**
    * Check pod is ready.
    *

kubernetes/crd/cluster-crd.yaml

@@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    weblogic.sha256: 46ef88005b68d9fb13a122b63fece506c555770209221581cb056c15f1ac7e6a
+    weblogic.sha256: 9f051b9b7805fc9100cf6490873e80b91671c7165960bfbcd6e8007ae171937f
   name: clusters.weblogic.oracle
 spec:
   group: weblogic.oracle
@@ -526,8 +526,6 @@ spec:
                                             type: string
                                           fieldsType:
                                             type: string
-                                    clusterName:
-                                      type: string
                                     creationTimestamp:
                                       format: date-time
                                       type: string

kubernetes/crd/domain-crd.yaml

@@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    weblogic.sha256: 3a81ece5d88c85957a5d5e4a1b6c068cdca4355afd80a5a6598cbfade313871f
+    weblogic.sha256: 50af6b0cfbe5da871bbeae4bb4fd91c6da38931a01817fa475801e63dbbbdcd5
   name: domains.weblogic.oracle
 spec:
   group: weblogic.oracle
@@ -1024,8 +1024,6 @@ spec:
                                                 type: string
                                               fieldsType:
                                                 type: string
-                                        clusterName:
-                                          type: string
                                         creationTimestamp:
                                           format: date-time
                                           type: string
@@ -4014,8 +4012,6 @@ spec:
                                             type: string
                                           fieldsType:
                                             type: string
-                                    clusterName:
-                                      type: string
                                     creationTimestamp:
                                       format: date-time
                                       type: string
@@ -6842,8 +6838,6 @@ spec:
                                                   type: string
                                                 fieldsType:
                                                   type: string
-                                          clusterName:
-                                            type: string
                                           creationTimestamp:
                                             format: date-time
                                             type: string

kubernetes/samples/scripts/common/domain-template.yaml

@@ -3,7 +3,7 @@
 #
 # This is an example of how to define a Domain resource.
 #
-apiVersion: "weblogic.oracle/v8"
+apiVersion: "weblogic.oracle/v9"
 kind: Domain
 metadata:
   name: %DOMAIN_UID%
@@ -83,12 +83,26 @@ spec:
     # Uncomment to export the T3Channel as a service
     %EXPOSE_T3_CHANNEL_PREFIX%   - channelName: T3Channel
 
-  # clusters is used to configure the desired behavior for starting member servers of a cluster.  
-  # If you use this entry, then the rules will be applied to ALL servers that are members of the named clusters.
+  # References to Cluster resources that describe the lifecycle options for all
+  # the Managed Server members of a WebLogic cluster, including Java
+  # options, environment variables, additional Pod content, and the ability to
+  # explicitly start, stop, or restart cluster members. The Cluster resource
+  # must describe a cluster that already exists in the WebLogic domain
+  # configuration.
   clusters:
-  - clusterName: %CLUSTER_NAME%
-    replicas: %INITIAL_MANAGED_SERVER_REPLICAS%
+  - name: %DOMAIN_UID%-%CLUSTER_NAME%
+
   # The number of managed servers to start for unlisted clusters
   # replicas: 1
 
+---
+# This is an example of how to define a Cluster resource.
+apiVersion: weblogic.oracle/v1
+kind: Cluster
+metadata:
+  name: %DOMAIN_UID%-%CLUSTER_NAME%
+  namespace: %NAMESPACE%
+spec:
+  clusterName: %CLUSTER_NAME%
+  replicas: %INITIAL_MANAGED_SERVER_REPLICAS%
 

kubernetes/samples/scripts/common/jrf-domain-template.yaml

@@ -3,7 +3,7 @@
 #
 # This is an example of how to define a Domain resource.
 #
-apiVersion: "weblogic.oracle/v8"
+apiVersion: "weblogic.oracle/v9"
 kind: Domain
 metadata:
   name: %DOMAIN_UID%
@@ -49,11 +49,11 @@ spec:
   # data storage directories are determined from the WebLogic domain home configuration.
   dataHome: "%DATA_HOME%"
 
-  # serverStartPolicy legal values are "NEVER", "IF_NEEDED", or "ADMIN_ONLY"
+  # serverStartPolicy legal values are "Never, "IfNeeded", or "AdminOnly"
   # This determines which WebLogic Servers the Operator will start up when it discovers this Domain
-  # - "NEVER" will not start any server in the domain
-  # - "ADMIN_ONLY" will start up only the administration server (no managed servers will be started)
-  # - "IF_NEEDED" will start all non-clustered servers, including the administration server and clustered servers up to the replica count
+  # - "Never" will not start any server in the domain
+  # - "AdminOnly" will start up only the administration server (no managed servers will be started)
+  # - "IfNeeded" will start all non-clustered servers, including the administration server and clustered servers up to the replica count
   serverStartPolicy: %SERVER_START_POLICY%
 
   serverPod:
@@ -87,12 +87,26 @@ spec:
       - name: USER_MEM_ARGS
         value: "-Djava.security.egd=file:/dev/./urandom -Xms512m -Xmx1024m "
 
-  # clusters is used to configure the desired behavior for starting member servers of a cluster.  
-  # If you use this entry, then the rules will be applied to ALL servers that are members of the named clusters.
+  # References to Cluster resources that describe the lifecycle options for all
+  # the Managed Server members of a WebLogic cluster, including Java
+  # options, environment variables, additional Pod content, and the ability to
+  # explicitly start, stop, or restart cluster members. The Cluster resource
+  # must describe a cluster that already exists in the WebLogic domain
+  # configuration.
   clusters:
-  - clusterName: %CLUSTER_NAME%
-    replicas: %INITIAL_MANAGED_SERVER_REPLICAS%
+  - name: %DOMAIN_UID%-%CLUSTER_NAME%
+
   # The number of managed servers to start for unlisted clusters
   # replicas: 1
 
+---
+# This is an example of how to define a Cluster resource.
+apiVersion: weblogic.oracle/v1
+kind: Cluster
+metadata:
+  name: %DOMAIN_UID%-%CLUSTER_NAME%
+  namespace: %NAMESPACE%
+spec:
+  clusterName: %CLUSTER_NAME%
+  replicas: %INITIAL_MANAGED_SERVER_REPLICAS%