Backport documentation changes

Author: rjeberhard

documentation/staging/content/faq/oci-lb.md

@@ -7,14 +7,14 @@ description: "If you are running your Kubernetes cluster on Oracle Container Eng
 for Kubernetes (OKE), then you can have OCI automatically
 provision load balancers for you by creating a `Service` of type
 `LoadBalancer` instead of (or in addition to) installing an
-ingress controller like Traefik or Voyager."
+ingress controller like Traefik."
 ---
 
 If you are running your Kubernetes cluster on Oracle Container Engine
 for Kubernetes (commonly known as OKE), then you can have OCI automatically
 provision load balancers for you by creating a `Service` of type
 `LoadBalancer` instead of (or in addition to) installing an
-ingress controller like Traefik or Voyager.
+ingress controller like Traefik.
 
 OKE Kubernetes worker nodes typically do not have public IP addresses.
 This means that the `NodePort` services created by the operator are

documentation/staging/content/faq/security-validation.md

@@ -22,7 +22,19 @@ Warnings may be at the level of the JDK, or that SSL is not enabled. Some warnin
 
 - For Model in Image, supply model files with the recommended changes in its image's `modelHome` directory or use [runtime updates]({{< relref "/userguide/managing-domains/model-in-image/runtime-updates.md" >}}).
 
+
+> Msg ID: 090985
+>
+> Description: Production Mode is enabled but the the file or directory /u01/oracle/user_projects/domains/domain/bin/setDomainEnv.sh is insecure since its permission is not a minimum of umask 027.
+>
+> SOLUTION: Change the file or directory permission to at most allow only write by owner, read by group.
+>
+> Description:  The file or directory SerializedSystemIni.dat is insecure since its permission is not a minimum of umask 027.
+>
+> SOLUTION: Change the file or directory permission to at most allow only write by owner, read by group.
+
+When the [WebLogic Image Tool](https://oracle.github.io/weblogic-image-tool/) (WIT) creates a [Domain Home in Image](https://oracle.github.io/weblogic-kubernetes-operator/userguide/managing-domains/choosing-a-model/), you can specify the `--target OpenShift` option so that when WIT creates the domain, it sets the correct permissions in the domain home. When no `--target` option is specified, then the domain home directory has a umask of 027.
+
 {{% notice note %}}
 For information about handling file permission warnings on the OpenShift Kubernetes Platform, see the [OpenShift chapter]({{<relref "/security/openshift.md">}}) in the Security section.
 {{% /notice %}}
-

documentation/staging/content/samples/azure-kubernetes-service/_index.md

@@ -26,6 +26,10 @@ Azure Kubernetes Service makes it simple to deploy a managed Kubernetes cluster
 
 To learn more, see the [What is Azure Kubernetes Service?](https://docs.microsoft.com/en-us/azure/aks/intro-kubernetes).
 
+See [Supported platforms]({{< relref "userguide/platforms/environments.md" >}})
+for general operator prerequisites
+and operator support limitations that are specific to AKS.
+
 #### Domain home source types
 
 This sample demonstrates running the WebLogic cluster on AKS using two domain home types. The instructions for each are self-contained and independent. This section lists the domain home source types recommended for use with AKS, along with some benefits of each. For complete details on domain home source types, see [Choose a domain home source type]({{< relref "/userguide/managing-domains/choosing-a-model/_index.md" >}}).

documentation/staging/content/samples/ingress/_index.md

@@ -6,17 +6,16 @@ description: "Ingress controllers and load balancer sample scripts."
 ---
 
 
-The WebLogic Kubernetes Operator supports NGINX, Traefik, Voyager, and Apache. We provide samples that demonstrate how to install and configure each one.
+The WebLogic Kubernetes Operator supports NGINX, Traefik, and Apache. We provide samples that demonstrate how to install and configure each one.
 
 {{% notice note %}}
-For production environments, we recommend NGINX, Voyager, Traefik (2.2.1 or later) ingress controllers, Apache, or the load balancer provided by your cloud provider.
+For production environments, we recommend NGINX, Traefik (2.2.1 or later) ingress controllers, Apache, or the load balancer provided by your cloud provider.
 {{% /notice %}}
 
 
 The samples are located in following folders:
 
 * [Traefik](https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/charts/traefik/README.md)
-* [Voyager](https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/charts/voyager/README.md)
 * [NGINX](https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/charts/nginx/README.md)
 * Apache-samples/[custom-sample](https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/charts/apache-samples/custom-sample/README.md)
 * Apache-samples/[default-sample](https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/charts/apache-samples/default-sample/README.md)

documentation/staging/content/samples/tanzu-kubernetes-service/_index.md

@@ -32,6 +32,10 @@ This sample assumes the following prerequisite environment setup:
 * [kubectl](https://kubernetes-io-vnext-staging.netlify.com/docs/tasks/tools/install-kubectl/); use `kubectl version` to test if `kubectl` works.  This document was tested with version v1.18.6.
 * [Helm](https://helm.sh/docs/intro/install/) version 3.1 or later; use `helm version` to check the `helm` version.  This document was tested with version v3.2.1.
 
+See [Supported platforms]({{< relref "userguide/platforms/environments" >}})
+for general operator prerequisites
+and operator support limitations that are specific to Tanzu.
+
 ##### Create a Tanzu Kubernetes cluster
 
 Create the Kubernetes cluster using the TKG CLI. See the [Tanzu documentation](https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/1.2/vmware-tanzu-kubernetes-grid-12/GUID-index.html) to set up your Kubernetes cluster.

documentation/staging/content/security/openshift.md

@@ -113,9 +113,12 @@ For additional information about OpenShift requirements and the operator,
 see [OpenShift]({{<relref  "/userguide/platforms/environments#openshift">}}).
 {{% /notice %}}
 
-#### Using a dedicated namespace
+#### Use a dedicated namespace
 
 When the user that installs an individual instance of the operator does not have the required privileges to create resources at the Kubernetes cluster level, a dedicated namespace can be used for the operator instance and all the WebLogic domains that it manages. For more details about the `dedicated` setting, please refer to [Operator Helm configuration values]({{< relref "/userguide/managing-operators/using-helm#operator-helm-configuration-values" >}}).
 
 #### Set the Helm chart property `kubernetesPlatorm` to `OpenShift`
 Beginning with operator version 3.3.2, set the operator `kubernetesPlatform` Helm chart property to `OpenShift`. This property accommodates OpenShift security requirements. For more information, see [Operator Helm configuration values]({{<relref "/userguide/managing-operators/using-helm#operator-helm-configuration-values">}}).
+
+#### With WIT, set the `target` parameter to `OpenShift`
+When using the [WebLogic Image Tool](https://oracle.github.io/weblogic-image-tool/) (WIT), `create`, `rebase`, or `update` command, to create a [Domain in Image](https://oracle.github.io/weblogic-kubernetes-operator/userguide/managing-domains/choosing-a-model/) domain home, you can specify the `--target` parameter for the target Kubernetes environment. Its value can be either `Default` or `OpenShift`. The `OpenShift` option changes the domain directory files such that the group permissions for those files will be the same as the user permissions (group writable, in most cases). If you do not supply the OS group and user setting with `--chown`, then the `Default` setting for this option is changed from `oracle:oracle` to `oracle:root` to be in line with the expectations of an OpenShift environment.

documentation/staging/content/userguide/managing-domains/ingress/_index.md

@@ -7,7 +7,7 @@ pre = "<b> </b>"
 
 Ingresses are one approach provided by Kubernetes to configure load balancers.
 Depending on the version of Kubernetes you are using, and your cloud provider, you may need to use Ingresses.
-For more information about Ingresses, see [the Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/).  
+For more information about Ingresses, see the [Kubernetes Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) documentation.
 
 #### WebLogic clusters as backends of an Ingress
 
@@ -34,7 +34,7 @@ The service, `serviceName` and `servicePort`, of a WebLogic cluster will be used
 object and the load balancer will route traffic to the WebLogic Servers within the cluster based on the rules.
 
 {{% notice note %}}
-Most common ingress controllers, for example Traefik, Voyager, and NGINX,
+Most common ingress controllers, for example Traefik and NGINX,
 understand that there are zero or more actual pods behind the service, and they actually
 build their backend list and route requests to those backends directly, not through the service.  This means that
 requests are properly balanced across the pods, according to the load balancing algorithm
@@ -56,25 +56,21 @@ additional pods become ready, or pods enter a non-ready state.
 
       * Use the Helm chart [ingress-per-domain](https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/charts/ingress-per-domain).  
 
-        Each ingress provider supports a number of annotations in Ingress resources. This Helm chart allows you to define the routing rules without dealing with the detailed provider-specific annotations. Currently we support two ingress providers: Traefik and Voyager.
+        Each ingress provider supports a number of annotations in Ingress resources. This Helm chart allows you to define the routing rules without dealing with the detailed provider-specific annotations.
 
-     * Create the Ingress resource manually from a YAML file.  
+      * Create the Ingress resource manually from a YAML file.
 
         Manually create an Ingress YAML file and then apply it to the Kubernetes cluster.
 
-#### Guide and samples for Traefik, Voyager/HAProxy, and NGINX
+#### Guide and samples for Traefik and NGINX
 
 Information about how to install and configure these ingress controllers to load balance WebLogic clusters is provided here:
 
  - [Traefik guide](https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/charts/traefik/README.md)
- - [Voyager guide](https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/charts/voyager/README.md)
  - [NGINX guide](https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/charts/nginx/README.md)
 
  {{% notice note %}}
- For production environments, we recommend NGINX, Voyager, Traefik (2.2.1 or later) ingress controllers, Apache, or the load balancer provided by your cloud provider.
+ For production environments, we recommend NGINX, Traefik (2.2.1 or later) ingress controllers, Apache, or the load balancer provided by your cloud provider.
  {{% /notice %}}
 
-Samples are also provided for these two ingress controllers, showing how to manage multiple WebLogic clusters as the backends, using different routing rules, host-routing and path-routing; and TLS termination:
-
-- [Traefik samples](https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/charts/traefik/samples)
-- [Voyager samples](https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/charts/voyager/samples)
+Samples are also provided for the Traefik ingress controller, showing how to manage multiple WebLogic clusters as the backends, using different routing rules, host-routing and path-routing; and TLS termination: [Traefik samples](https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/charts/traefik/samples).