Add domainUID labels to k8s that didn't already have them. Add a new general purpose delete-domain.sh script.

Author: Tom Barnes

kubernetes/delete-domain.sh

@@ -0,0 +1,163 @@
+#!/bin/bash
+# Copyright 2018, Oracle Corporation and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+#
+# Description:
+#   Use this script to delete a set of given domains, or all domains.
+#
+#   Alternatively, run the script in a test mode to show what would
+#   be deleted without actually performing the deletes.
+#
+# Usage:
+#   See "function usage" below or call this script with no parameters.
+#
+
+# default when to stop retrying (settable via command line)
+default_maxwaitsecs=90
+
+# optional test mode that lists what would be deleted without 
+# actually deleting (settable via command line)
+test_mode=false
+
+
+function usage {
+cat << EOF
+  Usage:
+
+    $0 -d domain-uid,domain-uid,... [-s max-seconds] [-t]
+    $0 -d domain-uid [-s max-seconds] [-t]
+    $0 -d all [-s max-seconds] [-t]
+    $0 -h
+
+  Perform a best-effort delete of the k8s artifacts for
+  the given domain(s), and retry until either max-seconds is reached
+  or all artifacts were deleted (default $default_maxwaitsecs seconds).
+  The domains can be specified as a comma-separated list of 
+  domain-uids (no spaces), or the keyword 'all'.
+
+  Specify '-t' to run the script in a test mode which will
+  show the delete commands without actually performing them.
+
+  This script exits with a zero status on success, and a 
+  non-zero status on failure.
+EOF
+}
+
+
+#
+# getDomain
+#   - get all k8s artifacts for domain $1 using label search weblogic.domainUID in $1
+#   - if $1 has special value "all" then get the k8s artifacts for all domains
+#
+function getDomain {
+  if [ "$1" = "all" ]; then
+    local label_selector="weblogic.domainUID"
+  else
+    local label_selector="weblogic.domainUID in ($1)"
+  fi
+
+  # get all namespaced types with -l $label_selector
+
+  local namespaced_types="pod,job,deploy,rs,service,pvc,ingress,cm,serviceaccount,role,rolebinding,secret"
+
+  # if domain crd exists, look for domains too:
+  kubectl get crd domains.weblogic.oracle > /dev/null 2>&1
+  if [ $? -eq 0 ]; then
+    namespaced_types="domain,$namespaced_types"
+  fi
+
+  kubectl get $namespaced_types \
+          -l "$label_selector" \
+          -o=jsonpath='{range .items[*]}{.kind}{" "}{.metadata.name}{" -n "}{.metadata.namespace}{"\n"}{end}'
+
+  # get all non-namespaced types with -l $label_selector
+
+  kubectl get pv,crd,clusterroles,clusterrolebindings \
+          -l "$label_selector" \
+          -o=jsonpath='{range .items[*]}{.kind}{" "}{.metadata.name}{"\n"}{end}' 
+}
+
+#
+# deleteDomain
+#   - delete all k8s artifacts for domain $1 and retry up to $2 seconds
+#   - if $1 has special value "all" then delete the k8s artifacts for all domains
+#   - $2 is optional, default is $default_maxwaitsecs
+#   - if $test_mode is true, show deletes but don't actually perform them
+function deleteDomain {
+
+  if [ "$test_mode" = "true" ]; then
+    echo @@ Test mode. Delete commands for kubernetes artifacts with label weblogic.domainUID \'$1\'.
+  else
+    echo @@ Deleting kubernetes artifacts with label weblogic.domainUID \'$1\'.
+  fi
+
+  local maxwaitsecs=${2:-$default_maxwaitsecs}
+  local tempfile="/tmp/getdomain.tmp.$1.$$"
+  local mstart=`date +%s`
+
+  while : ; do
+    getDomain $1 > $tempfile
+    local count=`wc -l $tempfile | awk '{ print $1 }'`
+
+    local mnow=`date +%s`
+
+    echo @@ $count objects remaining after $((mnow - mstart)) seconds. Max wait is $maxwaitsecs seconds.
+    if [ $count -eq 0 ]; then
+      echo @@ Success.
+      rm -f $tempfile
+      exit 0
+    fi
+
+    if [ $((mnow - mstart)) -gt $maxwaitsecs ]; then
+      echo @@ Error. Max wait of $maxwaitsecs seconds exceeded with $count objects remaining. giving up. Remaining objects:
+      cat $tempfile
+      rm -f $tempfile
+      exit $count
+    fi
+
+    cat $tempfile | while read line; do 
+      if [ "$test_mode" = "true" ]; then
+        echo kubectl delete $line --ignore-not-found
+      else
+        kubectl delete $line --ignore-not-found
+      fi
+    done
+    sleep 3
+  done
+}
+
+domains=""
+
+# parse command line options
+while getopts ":d:s:th" opt; do
+  case $opt in
+    d) domains="${OPTARG}"
+       ;;
+
+    s) maxwaitsecs="${OPTARG}"
+       ;;
+
+    t) test_mode="true"
+       ;;
+
+    h) usage
+       exit 0
+       ;;
+
+    *) usage
+       exit 9999 
+       ;;
+  esac
+done
+
+if [ "$domains" = "" ]; then
+  usage
+  exit 9999
+fi
+
+if [ ! -x "$(command -v kubectl)" ]; then
+  echo "@@ Error. kubectl is not installed."
+  exit 9999
+fi
+
+deleteDomain "${domains}" "${maxwaitsecs}"

kubernetes/internal/domain-custom-resource-template.yaml

@@ -8,6 +8,8 @@ kind: Domain
 metadata:
   name: %DOMAIN_UID%
   namespace: %NAMESPACE%
+  labels:
+    weblogic.domainUID: %DOMAIN_UID%
 spec:
   # The domainUID must be unique across the entire Kubernetes Cluster.   Each WebLogic Domain must
   # have its own unique domainUID.  This does not have to be the same as the Domain Name.  It is allowed

kubernetes/internal/domain-job-template.yaml

@@ -5,6 +5,8 @@ kind: ConfigMap
 metadata:
   name: domain-%DOMAIN_UID%-scripts
   namespace: %NAMESPACE%
+  labels:
+    weblogic.domainUID: %DOMAIN_UID%
 data:
   utility.sh: |-
     #!/bin/bash

kubernetes/internal/traefik-deployment-template.yaml

@@ -4,6 +4,8 @@ kind: ServiceAccount
 metadata:
   name: %DOMAIN_UID%-%CLUSTER_NAME_LC%-traefik
   namespace: %NAMESPACE%
+  labels:
+    weblogic.domainUID: %DOMAIN_UID%
 ---
 kind: Deployment
 apiVersion: extensions/v1beta1
@@ -12,6 +14,7 @@ metadata:
   namespace: %NAMESPACE%
   labels:
     app: %DOMAIN_UID%-%CLUSTER_NAME_LC%-traefik
+    weblogic.domainUID: %DOMAIN_UID%
 spec:
   replicas: 1
   selector:
@@ -21,6 +24,7 @@ spec:
     metadata:
       labels:
         app: %DOMAIN_UID%-%CLUSTER_NAME_LC%-traefik
+        weblogic.domainUID: %DOMAIN_UID%
     spec:
       serviceAccountName: %DOMAIN_UID%-%CLUSTER_NAME_LC%-traefik
       terminationGracePeriodSeconds: 60
@@ -74,6 +78,7 @@ metadata:
   namespace: %NAMESPACE%
   labels:
     app: %DOMAIN_UID%-%CLUSTER_NAME_LC%-traefik
+    weblogic.domainUID: %DOMAIN_UID%
 data:
   traefik.toml: |
     # traefik.toml
@@ -93,6 +98,8 @@ apiVersion: v1
 metadata:
   name: %DOMAIN_UID%-%CLUSTER_NAME_LC%-traefik
   namespace: %NAMESPACE%
+  labels:
+    weblogic.domainUID: %DOMAIN_UID%
 spec:
   selector:
     app: %DOMAIN_UID%-%CLUSTER_NAME_LC%-traefik
@@ -110,6 +117,7 @@ metadata:
   namespace: %NAMESPACE%
   labels:
     app: %DOMAIN_UID%-%CLUSTER_NAME_LC%-traefik
+    weblogic.domainUID: %DOMAIN_UID%
 spec:
   selector:
     app: %DOMAIN_UID%-%CLUSTER_NAME_LC%-traefik

kubernetes/internal/traefik-rbac-template.yaml

@@ -3,6 +3,8 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: %DOMAIN_UID%-%CLUSTER_NAME_LC%-traefik
+  labels:
+    weblogic.domainUID: %DOMAIN_UID%
 rules:
   - apiGroups:
       - ""
@@ -28,6 +30,8 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: %DOMAIN_UID%-%CLUSTER_NAME_LC%-traefik
+  labels:
+    weblogic.domainUID: %DOMAIN_UID%
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

src/integration-tests/bash/run.sh

@@ -716,15 +716,15 @@ function run_create_domain_job {
     mkdir -p $tmp_dir
 
     local CREDENTIAL_NAME="$DOMAIN_UID-weblogic-credentials"
-    local CREDENTIAL_FILE="${tmp_dir}/$CREDENTIAL_NAME.yaml"
+    local CREDENTIAL_FILE="${tmp_dir}/weblogic-credentials.yaml"
 
     trace 'Create the secret with weblogic admin credentials'
-    cp $CUSTOM_YAML/domain1-weblogic-credentials.yaml  $CREDENTIAL_FILE
+    cp $CUSTOM_YAML/weblogic-credentials-template.yaml  $CREDENTIAL_FILE
 
-    sed -i -e "s|namespace: default|namespace: $NAMESPACE|g" $CREDENTIAL_FILE
-    sed -i -e "s|name: domain1-weblogic-credentials|name: $CREDENTIAL_NAME|g" $CREDENTIAL_FILE
+    sed -i -e "s|%NAMESPACE%|$NAMESPACE|g" $CREDENTIAL_FILE
+    sed -i -e "s|%DOMAIN_UID%|$DOMAIN_UID|g" $CREDENTIAL_FILE
 
-    kubectl apply -f $CREDENTIAL_FILE -n $NAMESPACE
+    kubectl apply -f $CREDENTIAL_FILE
 
     trace 'Check secret'
     local ADMINSECRET=`kubectl get secret $CREDENTIAL_NAME -n $NAMESPACE | grep $CREDENTIAL_NAME | wc -l `
@@ -816,8 +816,8 @@ function deploy_webapp_via_REST {
     local ADMIN_PORT="`dom_get $1 ADMIN_PORT`"
     local TMP_DIR="`dom_get $1 TMP_DIR`"
 
-    local WLS_ADMIN_USERNAME="`get_wladmin_user`"
-    local WLS_ADMIN_PASSWORD="`get_wladmin_pass`"
+    local WLS_ADMIN_USERNAME="`get_wladmin_user $1`"
+    local WLS_ADMIN_PASSWORD="`get_wladmin_pass $1`"
 
     local AS_NAME="$DOMAIN_UID-admin-server"
 
@@ -1098,8 +1098,8 @@ function verify_admin_server_ext_service {
     local NAMESPACE="`dom_get $1 NAMESPACE`"
     local DOMAIN_UID="`dom_get $1 DOMAIN_UID`"
     local TMP_DIR="`dom_get $1 TMP_DIR`"
-    local WLS_ADMIN_USERNAME="`get_wladmin_user`"
-    local WLS_ADMIN_PASSWORD="`get_wladmin_pass`"
+    local WLS_ADMIN_USERNAME="`get_wladmin_user $1`"
+    local WLS_ADMIN_PASSWORD="`get_wladmin_pass $1`"
 
     local ADMIN_SERVER_NODEPORT_SERVICE="$DOMAIN_UID-admin-server"
 
@@ -1480,23 +1480,30 @@ function check_pv {
 }
 
 function get_wladmin_cred {
-  if [ "$#" != 1 ]; then
-    fail "requires one parameter, keyword 'username' or 'password'."
+  if [ "$#" != 2 ]; then
+    fail "requires two parameters:  domainKey and keyword 'username' or 'password'."
   fi
   # All domains use the same user/pass
-  if ! val=`grep "^  $1:" $CUSTOM_YAML/domain1-weblogic-credentials.yaml | awk '{ print $2 }' | base64 -d`
+  local TMP_DIR="`dom_get $1 TMP_DIR`"
+  if ! val=`grep "^  $2:" $TMP_DIR/weblogic-credentials.yaml | awk '{ print $2 }' | base64 -d`
   then
     fail "get_wladmin_cred:  Could not determine $1"
   fi
   echo $val
 }
 
 function get_wladmin_pass {
-  get_wladmin_cred password
+  if [ "$#" != 1 ] ; then
+    fail "requires 1 parameter: domainKey"
+  fi 
+  get_wladmin_cred $1 password
 }
 
 function get_wladmin_user {
-  get_wladmin_cred username
+  if [ "$#" != 1 ] ; then
+    fail "requires 1 parameter: domainKey"
+  fi 
+  get_wladmin_cred $1 username
 }
 
 function verify_wlst_access {
@@ -1550,8 +1557,8 @@ function run_wlst_script {
   local TMP_DIR="`dom_get $1 TMP_DIR`"
   local AS_NAME="$DOMAIN_UID-admin-server"
   local location="$2"
-  local username=`get_wladmin_user` 
-  local password=`get_wladmin_pass`
+  local username=`get_wladmin_user $1` 
+  local password=`get_wladmin_pass $1`
   local pyfile_lcl="$3"
   local pyfile_pod="/shared/`basename $pyfile_lcl`"
   local t3url_lcl="t3://$NODEPORT_HOST:$ADMIN_WLST_PORT"

src/integration-tests/kubernetes/weblogic-credentials-template.yaml

@@ -0,0 +1,18 @@
+# This is an example of how to set up the Secret with the WebLogic Admin credentials.
+# Please note that this method used encoded, but not encrypted data.
+# We recommend that you use the command line alternative from a secure environment instead,
+# i.e. kubectl create secret ...
+apiVersion: v1
+kind: Secret
+metadata:
+  # Note that this MUST match the name defined in the Domain Custom Resource
+  name: %DOMAIN_UID%-weblogic-credentials
+  namespace: %NAMESPACE%
+  labels:
+    weblogic.domainUID: %DOMAIN_UID%
+type: Opaque
+data:
+  # data is base64 encoded like this: `echo -n "weblogic" | base64`
+  # In this example, username is weblogic, password is welcome1
+  username: d2VibG9naWM=
+  password: d2VsY29tZTE=