Create new sample ohs-on-k8s

OracleHTTPServer/dockerfiles/12.2.1.4.0/container-scripts/provisionOHS.sh

@@ -29,9 +29,6 @@ function _kill() {
 # Set SIGTERM handler
 trap _term SIGTERM
 
-# Set SIGKILL handler
-#trap _kill SIGKILL
-
 echo "ORACLE_HOME=${ORACLE_HOME:?"Please set ORACLE_HOME"}"
 echo "DOMAIN_NAME=${DOMAIN_NAME:?"Please set DOMAIN_NAME"}"
 echo "OHS_COMPONENT_NAME=${OHS_COMPONENT_NAME:?"Please set OHS_COMPONENT_NAME"}"
@@ -106,13 +103,13 @@ conf=$(ls -l /u01/oracle/config/moduleconf/*.conf 2>/dev/null | wc -l)
 if [ $conf -gt 0 ]
 then
   echo "  Copying moduleconf conf files to OHS Instance"
-  cp  -L /u01/oracle/config/moduleconf/*.conf ${DOMAIN_HOME}/config/fmwconfig/components/OHS/$OHS_COMPONENT_NAME/moduleconf && find ${DOMAIN_HOME}/config/fmwconfig/components/OHS/$OHS_COMPONENT_NAME/moduleconf -print0 -name '.*' | xargs rm -rf
+  cp  -L /u01/oracle/config/moduleconf/*.conf ${DOMAIN_HOME}/config/fmwconfig/components/OHS/$OHS_COMPONENT_NAME/moduleconf && find ${DOMAIN_HOME}/config/fmwconfig/components/OHS/$OHS_COMPONENT_NAME/moduleconf -name '.*' | xargs rm -rf
 fi
 
 conf=$(ls -l /u01/oracle/config/httpd/*.conf 2>/dev/null | wc -l)
 if [ $conf -gt 0 ]
 then
-   echo "  Copying root conf files OHS Instance"
+   echo "Copying root conf files OHS Instance"
    cp  -L /u01/oracle/config/httpd/*.conf ${DOMAIN_HOME}/config/fmwconfig/components/OHS/$OHS_COMPONENT_NAME
 fi
 
@@ -121,14 +118,14 @@ if [ $conf -gt 0 ]
 then
    echo "  Copying OHS Wallets to OHS Instance"
    mkdir -p ${DOMAIN_HOME}/config/fmwconfig/components/OHS/$OHS_COMPONENT_NAME/keystores > /dev/null 2>&1
-   cp  -L /u01/oracle/config/wallet/* ${DOMAIN_HOME}/config/fmwconfig/components/OHS/$OHS_COMPONENT_NAME/keystores/
+   cp  -Lr /u01/oracle/config/wallet/* ${DOMAIN_HOME}/config/fmwconfig/components/OHS/$OHS_COMPONENT_NAME/keystores/ && find ${DOMAIN_HOME}/config/fmwconfig/components/OHS/$OHS_COMPONENT_NAME/keystores -name '.*' | xargs rm -rf
 fi
 
-htdocs=$(ls -l /u01/oracle/config/htdocs/*.html 2>/dev/null | wc -l)
+htdocs=$(ls -l /u01/oracle/config/htdocs/* 2>/dev/null | wc -l)
 if [ $htdocs -gt 0 ]
 then
    echo "Copying htdocs to OHS Instance"
-   cp  -L /u01/oracle/config/htdocs/*.html ${DOMAIN_HOME}/config/fmwconfig/components/OHS/$OHS_COMPONENT_NAME/htdocs
+   cp  -Lr /u01/oracle/config/htdocs/* ${DOMAIN_HOME}/config/fmwconfig/components/OHS/$OHS_COMPONENT_NAME/htdocs && find ${DOMAIN_HOME}/config/fmwconfig/components/OHS/$OHS_COMPONENT_NAME/htdocs -name '.*' | xargs rm -rf
 fi
 
 if [ "$DEPLOY_WG" = "true" ]
@@ -148,7 +145,7 @@ then
     echo "<LocationMatch \"/iam/access/binding/api/v10/oap\">" >> ${DOMAIN_HOME}/config/fmwconfig/components/OHS/${OHS_COMPONENT_NAME}/webgate.conf
     echo "    require all granted" >> ${DOMAIN_HOME}/config/fmwconfig/components/OHS/${OHS_COMPONENT_NAME}/webgate.conf
     echo "</LocationMatch>" >> ${DOMAIN_HOME}/config/fmwconfig/components/OHS/${OHS_COMPONENT_NAME}/webgate.conf
-    cp  -rL /u01/oracle/config/webgate ${DOMAIN_HOME}/config/fmwconfig/components/OHS/${OHS_COMPONENT_NAME} && find ${DOMAIN_HOME}/config/fmwconfig/components/OHS/${OHS_COMPONENT_NAME}/webgate -print0 -name '.*' | xargs rm -rf
+    cp  -rL /u01/oracle/config/webgate ${DOMAIN_HOME}/config/fmwconfig/components/OHS/${OHS_COMPONENT_NAME} && find ${DOMAIN_HOME}/config/fmwconfig/components/OHS/${OHS_COMPONENT_NAME}/webgate -name '.*' | xargs rm -rf
 else
     echo "WebGate not deployed"
 fi

OracleHTTPServer/samples/ohs-on-k8s/README.md

@@ -0,0 +1,102 @@
+# Running OHS and WebGate in Kubernetes sample
+===============================================
+This sample provides the instructions and yaml files for you to run Oracle HTTP Server (OHS) and WebGate in Kubernetes. The instance of OHS that is running in the Kubernetes pod/container is a OHS 12.2.1.4 Standalone (w/ Database Client 19c) domain. 
+
+Before running this sample you need an OHS 12.2.1.4 image and a Kubernetes cluster where to run OHS and WebGate containers.
+
+
+## How to Run
+First make sure you have built oracle/ohs:12.2.1.4.0 image.
+
+###Deploying OHS in Kubernetes
+ 1. Create a namespace for OHS
+        "kubectl create namespace ohsns"
+
+
+2. Create config maps for the Configuration files based on the directory structure above
+
+        "kubectl create cm -n ohsns ohs-config --from-file=ohsConfig/moduleconf"
+        "kubectl create cm -n ohsns ohs-httpd --from-file=ohsConfig/httpconf"
+        "kubectl create cm -n ohsns ohs-htdocs --from-file=ohsConfig/htdocs"
+        "kubectl create cm -n ohsns webgate-config --from-file=config/webgateConf"
+        "kubectl create cm -n ohsns webgate-wallet --from-file=ohsConfig/webgateWallet"
+        "kubectl create cm -n ohsns ohs-wallet --from-file=config/wallet"
+
+3.  Create a secret for your Registry (if needed)
+
+        "kubectl create secret -n hosts docker-registry regcred --docker-server=<REGISTRY> --docker-username=<REG_USER> --docker-password=<REG_PWD>"
+
+4. Create a secret for OHS domain credentials
+
+Create the secret using the command:
+
+        "kubectl create secret generic ohs-secret -n ohsns --from-literal=username=weblogic --from-literal=password='welcome1'"
+
+
+5. The yaml file  ohs.yaml is used to deploy the container in Kubernetes.
+
+You need to modify the ohs.yaml file to add the OHS image name, namespace, and wallet name. You might want to make changes to the port numbers to customize them to your environment requirements. 
+
+
+**Notes:**
+
+**Set DEPLOY_WG to true or false depending on whether webgate is to be deployed.**
+**All config Maps have been shown for completeness.  If you do not wish htdocs then remove that configMap, if you are not deploying webgate then remove the webgate config maps, remove maps as appropriate.**
+**All config Maps must mount to the directories stated.**
+**If you registry is open you do not need the imagePullSecrets.**
+**User changeable values:   Ports, and Image.**
+
+
+6. Create the OHS container using the command:
+
+        "kubectl create -f ohs.yaml"
+
+
+7. Monitor the container creation using 
+
+        "kubectl get pods -n ohsns"
+
+        "kubectl logs n hosts ohs-domain-<uniqueValue>"
+
+
+8. Create a kubernetes service (node port) for OHS  ** must there be 1 per pod? **
+
+a) Use ohs_service.yaml to create the service for OHS.
+
+The ohs_service.yaml file needs to be changed to add the namespace where the domain will run.  If you made changes to the port numbers in step 5 you need to modify ohs_service.yaml to have the same port numbers.
+
+b) Create the service using the command:
+
+        "kubectl create -f ohs_service.yaml"
+
+c) Validate the service has been created using the command:
+
+        "kubectl get service -n ohsns"
+
+
+###Updating OHS/Webgate Image
+Edit the deployment (created with ohs.yaml)
+
+Change at runtime 
+
+        "kubectl set image deployment/ohs-domain -n ohsns ohs=<new image tag>"
+
+spec:
+      containers:
+      - name: ohs
+        image: <new image tag>
+
+###Scaling OHS/Webgate in Kubernetes
+Edit the deployment (created with ohs.yaml)
+
+        "kubectl -n ohsns patch deployment  ohs-domain -p '{"spec": {"replicas": <replica count>}}'"
+
+spec:
+  progressDeadlineSeconds: 600
+  replicas: <increase replica count>
+
+## Support
+Oracle HTTP Server is supported in containers by Oracle.
+
+## Copyright
+Copyright (c) 2024 Oracle and/or its affiliates. All rights reserved.

OracleHTTPServer/samples/ohs-on-k8s/ohs.yaml

@@ -0,0 +1,145 @@
+# Copyright (c) 2024, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+#
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ohs-script-configmap
+  namespace: <NAMESPACE>
+data:
+  ohs-script.sh: |
+    #!/bin/bash
+    mkdir -p /u01/oracle/bootdir /u01/oracle/config /u01/oracle/config/moduleconf /u01/oracle/config/webgate/config
+    { echo -en "username=" && cat /ohs-config/username && echo -en "\npassword=" && cat /ohs-config/password; } > /u01/oracle/bootdir/domain.properties
+    /u01/oracle/provisionOHS.sh
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ohs-domain
+  namespace: <NAMESPACE>
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  selector:
+    matchLabels:
+      oracle: ohs
+  template:
+    metadata:
+      labels:
+        oracle: ohs
+    spec:
+      containers:
+      - name: ohs
+        image: <IMAGE_NAME>
+        env:
+          - name: DEPLOY_WG
+            value: "false"
+        ports:
+        - name: clear
+          containerPort: 7777
+        - name: https
+          containerPort: 4443
+        resources:
+          requests:
+            cpu: 1000m
+            memory: 1Gi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          privileged: false
+          runAsNonRoot: true
+          runAsUser: 1000
+        livenessProbe:
+          exec:
+            command:
+            - /bin/bash
+            - -c
+            - pgrep httpd
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        readinessProbe:
+          httpGet:
+            port: 7777
+            path: /helloWorld.html
+        volumeMounts:
+          - name: ohs-secret
+            mountPath: /ohs-config
+          - name: ohs-config
+            mountPath: /u01/oracle/config/moduleconf
+          - name: ohs-htdocs
+            mountPath: /u01/oracle/config/htdocs
+          - name: ohs-httpd
+            mountPath: /u01/oracle/config/httpd
+          - name: webgate-config
+            mountPath: /u01/oracle/config/webgate/config
+          - name: webgate-wallet
+            mountPath: /u01/oracle/config/webgate/config/wallet
+          - name: ohs-wallet
+            mountPath: /u01/oracle/config/wallet/<WALLET_NAME>
+          - name: script-volume
+            mountPath: /ohs-bin
+            readOnly: true
+        command: ["/ohs-bin/ohs-script.sh"]
+      imagePullSecrets:
+        - name: regcred
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: oracle
+                  operator: In
+                  values:
+                  - ohs
+              topologyKey: "kubernetes.io/hostname"
+      restartPolicy: Always
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: ohs-secret
+        secret:
+          defaultMode: 0444
+          secretName: ohs-secret
+      - name: script-volume
+        configMap:
+          defaultMode: 0555
+          name: ohs-script-configmap
+      - name: ohs-config
+        configMap:
+          defaultMode: 0555
+          name: ohs-config
+      - name: ohs-httpd
+        configMap:
+          defaultMode: 0555
+          name: ohs-httpd
+      - name: ohs-htdocs
+        configMap:
+          defaultMode: 0555
+          name: ohs-htdocs
+      - name: webgate-config
+        configMap:
+          defaultMode: 0555
+          name: webgate-config
+      - name: webgate-wallet
+        configMap:
+          defaultMode: 0555
+          name: webgate-wallet
+      - name: ohs-wallet
+        configMap:
+          defaultMode: 0555
+          name: ohs-wallet
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+

OracleHTTPServer/samples/ohs-on-k8s/ohs_service.yaml

@@ -0,0 +1,25 @@
+# Copyright (c) 2024, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# This is an example file to deploy logstash
+#
+kind: Service
+apiVersion: v1
+metadata:
+  name: ohs-domain-nodeport
+  namespace: <NAMESPACE>
+spec:
+  selector:
+    oracle: ohs
+  type: NodePort
+  ports:
+    - name: http
+      targetPort: 7777
+      port: 7777
+      nodePort: 31777
+      protocol: TCP
+    - name: https
+      targetPort: 443
+      port: 443
+      nodePort: 31443
+      protocol: TCP