1. Using Oracle WebLogic Server for OKE
  2. Managing Resources
  3. Update the Oracle Cloud Infrastructure Registry Auth Token Credentials

Update the Oracle Cloud Infrastructure Registry Auth Token Credentials

If you update the registry user name and Oracle Cloud Infrastructure Registry (OCIR) auth token credentials for your Oracle WebLogic Server for OKE stack, you must remove the existing OCIR secrets, recreate the secrets, and update the registry user name.

  1. Create a config.json file with the updated OCIR token password. 
    {"auths": {"phx.ocir.io": {"Username": "tenancy_object_storage_namespace/ociruser", "Password": "XXX"}}}

    Where phx.ocir.io is the container registry and Password is the password in clear text used for docker login to container registry.

    You can get the user name using the following command:
    curl -H "Authorization:Bearer Oracle" -L http://169.254.169.254/opc/v2/instance/metadata | grep ocir_user
  2. List the secrets created with previous auth token.
    kubectl get secrets -A | grep ocirsecrets
  3. Remove all OCIR secrets obtained in step 2.

    Example commands to remove the following OCIR secrets:

    kubectl delete secret ocirsecrets -n jenkins-ns
kubectl delete secret ocirsecrets -n <domain_name>-ns
kubectl delete secret ocirsecrets -n <service_prefix_name>-operator-ns
kubectl delete secret ocirsecrets -n wlsoke-ingress-nginx

    Note:

    If you have created multiple domains, you must delete the secrets for all domains.
  4. Recreate the OCIR secrets you deleted in step 3 for each of the namespaces.

    Example commands to recreate OCIR secrets:

    kubectl create secret generic ocirsecrets -n jenkins-ns --from-file=.dockerconfigjson=config.json --type=kubernetes.io/dockerconfigjson
kubectl create secret generic ocirsecrets -n <domain_name>-ns --from-file=.dockerconfigjson=config.json --type=kubernetes.io/dockerconfigjson
kubectl create secret generic ocirsecrets -n <service_prefix_name>-operator-ns --from-file=.dockerconfigjson=config.json --type=kubernetes.io/dockerconfigjson
kubectl create secret generic ocirsecrets -n wlsoke-ingress-nginx --from-file=.dockerconfigjson=config.json --type=kubernetes.io/dockerconfigjson

    Note:

    If you have created multiple domains, you must recreate the secrets for all domains.
  5. In wlsoke-metadata-configmap, update ocir_user.
    kubectl edit configmap wlsoke-metadata-configmap -n jenkins-ns
kubectl delete secret ocirtokensecret -n jenkins-ns
kubectl create secret generic ocirtokensecret -n jenkins-ns --from-literal=username="tenancy_object_storage_namespace/ociruser" --from-literal=password="XXX"

    Where, Password is the password in clear text used for docker login to container registry.