Template Files
This section lists all the template files required when you upgrade the Kubernetes version of your cluster to 1.24 and your node pools to 1.24.
Topics:
- NGINX Ingress Template File located in
/u01/scripts/ingress-controller
directory - NGINX Ingress Template File located in
/u01/shared/scripts/pipeline/create_domain/ingress-controller
directory - NGINX Role Template File
- Jenkins Role Template File
NGINX Ingress Template File
The contents of the NGINX ingress template file,
_nginx-ingress.tpl
located in
/u01/scripts/ingress-controller
directory is provided below.
#
# Copyright (c) 2020, 2022, Oracle and/or its affiliates. All rights reserved.
#
{{- define "nginx.ingress" }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jenkins-dashboard-ingress
namespace: {{ .jenkins_namespace }}
annotations:
helm.sh/resource-policy: keep
kubernetes.io/ingress.class: "nginx"
spec:
# tls:
# - secretName: {{ .cert_secret_name }}
rules:
- http:
paths:
- path: /jenkins
pathType: Prefix
backend:
service:
name: {{ .jenkins_service }}
port:
number: {{ .jenkins_service_port }}
{{- end }}
NGINX Ingress Template File
The contents of the NGINX ingress template file,
_nginx-ingress.tpl
located in
/u01/shared/scripts/pipeline/create_domain/ingress-controller
directory is
provided below.
#
# Copyright (c) 2021, 2022, Oracle and/or its affiliates. All rights reserved.
#
{{- define "nginx.ingress" }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wls-admin-ingress
namespace: {{ .wls_domain_namespace }}
annotations:
helm.sh/resource-policy: keep
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- http:
paths:
- path: {{ "/" }}{{ .domain_name }}{{ "/console" }}
pathType: Prefix
backend:
service:
name: {{ .admin_service }}
port:
number: {{ .admin_service_port }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wls-console-help-ingress
namespace: {{ .wls_domain_namespace }}
annotations:
helm.sh/resource-policy: keep
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- http:
paths:
- path: {{ "/" }}{{ .domain_name }}{{ "/consolehelp" }}
pathType: Prefix
backend:
service:
name: {{ .admin_service }}
port:
number: {{ .admin_service_port }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wls-cluster-ingress
namespace: {{ .lb_namespace }}
annotations:
helm.sh/resource-policy: keep
kubernetes.io/ingress.class: "{{ .domain_name }}-nginx-applications"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_clear_input_headers "WL-Proxy-Client-IP" "WL-Proxy-SSL";
more_set_input_headers "X-Forwarded-Proto: https";
more_set_input_headers "WL-Proxy-SSL: true";
more_set_input_headers "is_ssl:ssl";
nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/session-cookie-name: "JSESSIONID"
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
{{ if .is_idcs_selected }}
service:
name: {{ .domain_name }}-idcsappgateway-service
port:
number: 80
{{ else }}
service:
name: {{ .cluster_service }}
port:
number: {{ .cluster_service_port }}
{{ end }}
{{- end }}
NGINX Role Template File
The contents of the NGINX role template file,
_nginx-role.tpl
is provided below.
#
# Copyright (c) 2020, 2022, Oracle and/or its affiliates. All rights reserved.
#
{{- define "nginx.role" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
helm.sh/resource-policy: keep
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: nginx-ingress-role
namespace: {{ .ingress_namespace }}
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
helm.sh/resource-policy: keep
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- update
- delete
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: {{ .ingress_namespace }}
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
helm.sh/resource-policy: keep
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: {{ .ingress_namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
helm.sh/resource-policy: keep
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: {{ .ingress_namespace }}
- kind: ServiceAccount
name: provisioning-sa
namespace: {{ .ingress_namespace }}
{{- end }}
Jenkins Role Template File
The contents of the Jenkins role template file,
jenkins-role.tpl
is provided below.
#
# Copyright (c) 2020, 2022, Oracle and/or its affiliates. All rights reserved.
#
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jenkins-clusterrole
rules:
- apiGroups:
- ""
resources:
- endpoints
- nodes
- pods
- services
- secrets
- namespaces
- deployments
- ingresses
- persistentvolumes
- persistentvolumeclaims
- serviceaccounts
- configmaps
- events
- pods
- pods/log
- pods/exec
verbs:
- list
- watch
- get
- create
- delete
- update
- patch
- deletecollection
- apiGroups:
- apps
resources:
- endpoints
- nodes
- pods
- services
- secrets
- deployments
- ingresses
- replicasets
verbs:
- list
- watch
- get
- create
- delete
- update
- patch
- apiGroups:
- "weblogic.oracle"
resources:
- domains
verbs:
- get
- create
- list
- watch
- delete
- patch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- create
- list
- watch
- delete
- patch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- clusterroles
- clusterrolebindings
- roles
verbs:
- get
- list
- watch
- update
- create
- patch
- delete
- apiGroups:
- batch
resources:
- jobs
verbs:
- list
- watch
- get
- create
- delete
- update
- patch
- deletecollection
- apiGroups:
- core.oam.dev
resources:
- components
- applicationconfigurations
- nodes
- pods
- services
- secrets
- namespaces
- deployments
- ingresses
- persistentvolumes
- persistentvolumeclaims
- configmaps
- events
- pods
- pods/log
- pods/exec
verbs:
- list
- watch
- get
- create
- delete
- update
- patch
- deletecollection
- apiGroups:
- networking.istio.io
resources:
- gateways
verbs:
- list
- watch
- get
- update
- delete
- patch
- create
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- create
- delete
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: jenkins-role
namespace: {{ .Values.service.namespace }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- pods/log
- pods/exec
- secrets
verbs:
- create
- update
- patch
- list
- watch
- get
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins-rolebinding
namespace: {{ .Values.service.namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins-role
subjects:
- kind: ServiceAccount
name: jenkins-serviceaccount
namespace: {{ .Values.service.namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: default-rolebinding
namespace: {{ .Values.service.namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins-role
subjects:
- kind: ServiceAccount
name: default
namespace: {{ .Values.service.namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: default-clusterrole-binding
namespace: {{ .Values.service.namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins-clusterrole
subjects:
- kind: ServiceAccount
name: default
namespace: {{ .Values.service.namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-clusterrole-binding
namespace: {{ .Values.service.namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins-clusterrole
subjects:
- kind: ServiceAccount
name: jenkins-serviceaccount
namespace: {{ .Values.service.namespace }}