From 98b960745e8a7f038a263f6b9526e9e1c9cd3a95 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 22 Apr 2026 16:03:02 +0200 Subject: [PATCH 001/115] v5.0 --- option/src/ui/langgraph/ui/html/chat.js | 9 +- test_suite/test_no_destroy.sh | 23 +- test_suite/test_suite_shared.sh | 746 ++++++++++++------------ 3 files changed, 406 insertions(+), 372 deletions(-) diff --git a/option/src/ui/langgraph/ui/html/chat.js b/option/src/ui/langgraph/ui/html/chat.js index d018fe9c..ed47548e 100644 --- a/option/src/ui/langgraph/ui/html/chat.js +++ b/option/src/ui/langgraph/ui/html/chat.js @@ -77,6 +77,11 @@ function hideSpinner() { spinnerContainer.innerHTML = ''; } +// Remove spinner (when SSE is done) +function errorSpinner() { + spinnerContainer.innerHTML = 'ERROR'; +} + function scrollToBottom() { // Scroll so the anchor div is visible document.getElementById('spinner-container').scrollIntoView({ behavior: "smooth" }); @@ -158,7 +163,7 @@ function startSSE(reqBody, onMessage, onDone) { body: JSON.stringify(reqBody) }).then(async response => { if (!response.ok || !response.body) { - hideSpinner(); + errorSpinner(); onMessage({ type: "ai", content: "Network/server error." }); if (onDone) onDone(); return; @@ -196,7 +201,7 @@ function startSSE(reqBody, onMessage, onDone) { hideSpinner(); if (onDone) onDone(); }).catch(e => { - hideSpinner(); + errorSpinner(); onMessage({ type: "ai", content: "Connection error." }); if (onDone) onDone(); }); diff --git a/test_suite/test_no_destroy.sh b/test_suite/test_no_destroy.sh index 9330f276..214c9e0d 100755 --- a/test_suite/test_no_destroy.sh +++ b/test_suite/test_no_destroy.sh @@ -2,11 +2,26 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) cd $SCRIPT_DIR -if [ -z "$1" ]; then - echo "Usage: test_rerun.sh " - exit +if [ "$#" -lt 1 ]; then + echo "Usage: test_rerun.sh " + exit 1 +fi + +echo "Mode" +echo "[1] ./test_rerun.sh destroy_refresh_build_destroy" +echo "[2] ./test_rerun.sh destroy_refresh_build" +echo "[3] ./test_rerun.sh refresh" +read -p "Enter choice [1/4]: " MODE_ID +if [ "$MODE_ID" == "1" ]; then + ; +elif [ "$MODE_ID" == "2" ]; then + export TEST_RERUN_NO_DESTROY=TRUE +elif [ "$MODE_ID" == "3" ]; then + export TEST_RERUN_REFRESH=TRUE +else + echo "ERROR: Unknown choice" + exit 1 fi export TEST_DIRECTORY_ONLY=$1 -export TEST_NO_DESTROY=TRUE ./test_suite.sh diff --git a/test_suite/test_suite_shared.sh b/test_suite/test_suite_shared.sh index dbaf449e..cf19cd1f 100755 --- a/test_suite/test_suite_shared.sh +++ b/test_suite/test_suite_shared.sh @@ -21,423 +21,437 @@ OPTION_BUILD_HOST=terraform export nocolorarg=1 exit_on_error() { - RESULT=$? - if [ $RESULT -eq 0 ]; then - echo "Success - $1" - else - echo "EXIT ON ERROR - HISTORY - $1 " - history 2 | cut -c1-256 - echo "Command Failed (RESULT=$RESULT)" - exit - fi + RESULT=$? + if [ $RESULT -eq 0 ]; then + echo "Success - $1" + else + echo "EXIT ON ERROR - HISTORY - $1 " + history 2 | cut -c1-256 + echo "Command Failed (RESULT=$RESULT)" + exit + fi } start_test() { - export TEST_NAME=$1 - if [ "$OPTION_GROUP_NAME" != "none" ]; then - export TEST_DIR=$TEST_HOME/$OPTION_DEPLOY/$TEST_NAME - else - export TEST_DIR=$TEST_HOME/no_group/$OPTION_DEPLOY/$TEST_NAME - mkdir -p $TEST_DIR - fi - echo "-- TEST: $OPTION_DEPLOY - $TEST_NAME ---------------------------------------" + export TEST_NAME=$1 + if [ "$OPTION_GROUP_NAME" != "none" ]; then + export TEST_DIR=$TEST_HOME/$OPTION_DEPLOY/$TEST_NAME + else + export TEST_DIR=$TEST_HOME/no_group/$OPTION_DEPLOY/$TEST_NAME + mkdir -p $TEST_DIR + fi + echo "-- TEST: $OPTION_DEPLOY - $TEST_NAME ---------------------------------------" } # Speed test of 100 calls test_run_100() { - START=$(date +%s.%N) - UI_URL=`cat $TMP_PATH/ui_url.txt` - x=0 - while [ $x -lt 100 ] - do - curl $UI_URL/app/dept -s -D $TMP_PATH/speed_json.log > $TMP_PATH/speed.json - if grep -q -i "deptno" $TMP_PATH/speed.json; then - CSV_RUN100_OK=$(( $CSV_RUN100_OK + 1 )) - fi - x=$(( $x + 1 )) + START=$(date +%s.%N) + UI_URL=`cat $TMP_PATH/ui_url.txt` + x=0 + while [ $x -lt 100 ]; do + curl $UI_URL/app/dept -s -D $TMP_PATH/speed_json.log > $TMP_PATH/speed.json + if grep -q -i "deptno" $TMP_PATH/speed.json; then + CSV_RUN100_OK=$(( $CSV_RUN100_OK + 1 )) + fi + x=$(( $x + 1 )) done - END=$(date +%s.%N) - CSV_RUN100_SECOND=`echo "scale=2;($END-$START)/1" | bc` - echo "Speed Test Result (100 runs):" - echo "- Time in seconds: $CSV_RUN100_SECOND" - echo "- OK (results including deptno): $CSV_RUN100_OK" + END=$(date +%s.%N) + CSV_RUN100_SECOND=`echo "scale=2;($END-$START)/1" | bc` + echo "Speed Test Result (100 runs):" + echo "- Time in seconds: $CSV_RUN100_SECOND" + echo "- OK (results including deptno): $CSV_RUN100_OK" } build_test () { - SECONDS=0 - # Change to the TEST_HOME directory first in case that the creation of TEST_DIR failed - cd $TEST_HOME - cd $TEST_DIR - pwd - ./starter.sh build --auto-approve > build_$BUILD_ID.log 2>&1 - - CSV_NAME=$PREFIX - CSV_DIR=$TEST_DIR - CSV_DATE=`date '+%Y%m%d-%H%M%S'` - CSV_BUILD_SECOND=$SECONDS - CSV_HTML_OK=0 - CSV_JSON_OK=0 - CSV_RUN100_SECOND=0 - CSV_RUN100_OK=0 - TMP_PATH="/tmp/$PREFIX" - - echo "build_secs_$BUILD_ID=$SECONDS" >> ${TEST_DIR}_time.txt - if [ -f $TMP_PATH/result_html.html ]; then - if grep -qiE "starter|deptno|messages" "$TMP_PATH/result_html.html"; then - echo -e "\u2705 RESULT HTML: OK" - CSV_HTML_OK=1 - else - echo -e "\u274C RESULT HTML - starter or deptno or messages not found. ***** BAD ******" - fi - if grep -q -i "deptno" $TMP_PATH/result_dept.json; then - echo -e "\u2705 RESULT JSON: deptno found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 - CSV_JSON_OK=1 + SECONDS=0 + # Change to the TEST_HOME directory first in case that the creation of TEST_DIR failed + cd $TEST_HOME + cd $TEST_DIR + pwd + ./starter.sh build --auto-approve > build_$BUILD_ID.log 2>&1 + + CSV_NAME=$PREFIX + CSV_DIR=$TEST_DIR + CSV_DATE=`date '+%Y%m%d-%H%M%S'` + CSV_BUILD_SECOND=$SECONDS + CSV_HTML_OK=0 + CSV_JSON_OK=0 + CSV_RUN100_SECOND=0 + CSV_RUN100_OK=0 + TMP_PATH="/tmp/$PREFIX" + + echo "build_secs_$BUILD_ID=$SECONDS" >> ${TEST_DIR}_time.txt + if [ -f $TMP_PATH/result_html.html ]; then + if grep -qiE "starter|deptno|messages" "$TMP_PATH/result_html.html"; then + echo -e "\u2705 RESULT HTML: OK" + CSV_HTML_OK=1 + else + echo -e "\u274C RESULT HTML - starter or deptno or messages not found. ***** BAD ******" + fi + if grep -q -i "deptno" $TMP_PATH/result_dept.json; then + echo -e "\u2705 RESULT JSON: deptno found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 + CSV_JSON_OK=1 + else + echo -e "\u274C RESULT JSON: no deptno found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 + fi + echo -e "\u2139 RESULT INFO: "`cat $TMP_PATH/result_info.html` | cut -c 1-100 else - echo -e "\u274C RESULT JSON: no deptno found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 + echo -e "\u274C ERROR: No file $TMP_PATH/result_html.html" fi - echo -e "\u2139 RESULT INFO: "`cat $TMP_PATH/result_info.html` | cut -c 1-100 - else - echo -e "\u274C ERROR: No file $TMP_PATH/result_html.html" - fi - - mv $TMP_PATH/result_html.html ${TEST_DIR}_${BUILD_ID}_result_html.html 2>/dev/null; - mv $TMP_PATH/result_dept.json ${TEST_DIR}_${BUILD_ID}_result_dept.json 2>/dev/null; - mv $TMP_PATH/result_info.html ${TEST_DIR}_${BUILD_ID}_result_info.html 2>/dev/null; - mv $TMP_PATH/result_html.log ${TEST_DIR}_${BUILD_ID}_result_html.log 2>/dev/null; - mv $TMP_PATH/result_dept.log ${TEST_DIR}_${BUILD_ID}_result_dept.log 2>/dev/null; - mv $TMP_PATH/result_info.log ${TEST_DIR}_${BUILD_ID}_result_info.log 2>/dev/null; - - if [ "$CSV_JSON_OK" == "1" ]; then - test_run_100 - fi + + mv $TMP_PATH/result_html.html ${TEST_DIR}_${BUILD_ID}_result_html.html 2>/dev/null; + mv $TMP_PATH/result_dept.json ${TEST_DIR}_${BUILD_ID}_result_dept.json 2>/dev/null; + mv $TMP_PATH/result_info.html ${TEST_DIR}_${BUILD_ID}_result_info.html 2>/dev/null; + mv $TMP_PATH/result_html.log ${TEST_DIR}_${BUILD_ID}_result_html.log 2>/dev/null; + mv $TMP_PATH/result_dept.log ${TEST_DIR}_${BUILD_ID}_result_dept.log 2>/dev/null; + mv $TMP_PATH/result_info.log ${TEST_DIR}_${BUILD_ID}_result_info.log 2>/dev/null; + + if [ "$CSV_JSON_OK" == "1" ]; then + test_run_100 + fi } add_inprogress_rerun() { - echo "./test_rerun.sh $TEST_DIR" >> $TEST_HOME/inprogress_rerun.sh + echo "./test_rerun.sh $TEST_DIR" >> $TEST_HOME/inprogress_rerun.sh } add_errors_rerun() { - echo "./test_rerun.sh $TEST_DIR" >> $TEST_HOME/errors_rerun.sh - # Remove from inprogress_rerun - sed -i "\#$TEST_DIR#d" $TEST_HOME/inprogress_rerun.sh + echo "./test_rerun.sh $TEST_DIR" >> $TEST_HOME/errors_rerun.sh + # Remove from inprogress_rerun + sed -i "\#$TEST_DIR#d" $TEST_HOME/inprogress_rerun.sh } add_ok_rerun() { - echo "./test_rerun.sh $TEST_DIR" >> $TEST_HOME/ok_rerun.sh - # Remove from inprogress_rerun - sed -i "\#$TEST_DIR#d" $TEST_HOME/inprogress_rerun.sh - # Remove from errors_rerun - if [ -f $TEST_HOME/errors_rerun.sh ]; then - if grep -q "$TEST_DIR" $TEST_HOME/errors_rerun.sh; then - sed -i "\#$TEST_DIR#d" $TEST_HOME/errors_rerun.sh - echo "./test_rerun.sh $TEST_DIR" >> $TEST_HOME/errors_old.sh - fi - fi + echo "./test_rerun.sh $TEST_DIR" >> $TEST_HOME/ok_rerun.sh + # Remove from inprogress_rerun + sed -i "\#$TEST_DIR#d" $TEST_HOME/inprogress_rerun.sh + # Remove from errors_rerun + if [ -f $TEST_HOME/errors_rerun.sh ]; then + if grep -q "$TEST_DIR" $TEST_HOME/errors_rerun.sh; then + sed -i "\#$TEST_DIR#d" $TEST_HOME/errors_rerun.sh + echo "./test_rerun.sh $TEST_DIR" >> $TEST_HOME/errors_old.sh + fi + fi } build_test_destroy () { - BUILD_ID=1 - build_test - if [ "$BUILD_COUNT" = "2" ]; then - BUILD_ID=2 + BUILD_ID=1 build_test - fi - if [ -f $TEST_HOME/stop_after_build ]; then - echo "-------------------------------------------------------" - echo "stop_after_build file dectected" - echo "Exiting before destroy_all.sh" - echo "Last directory: $TEST_DIR" - rm $TEST_HOME/stop_after_build - exit - fi - if [ "$TEST_NO_DESTROY" != "" ]; then - echo "TEST_NO_DESTROY - Exiting before destroy_all.sh" - echo "Last directory: $TEST_DIR" - exit - fi - SECONDS=0 - ./starter.sh destroy --auto-approve > destroy.log 2>&1 - if [ -d "target" ]; then - # Avoid to have a lot of left resource in the tenancy after a lot of destroy that failed - echo "FATAL ERROR: target directory not fully destroyed" - echo "Last directory: $TEST_DIR" - exit - fi - - echo "destroy_secs=$SECONDS" >> ${TEST_DIR}_time.txt - CSV_DESTROY_SECOND=$SECONDS - cat ${TEST_DIR}_time.txt - - if [ "$OPTION_LANG" == "java" ]; then - echo "$CSV_DATE,$OPTION_DEPLOY,$OPTION_LANG,$OPTION_JAVA_FRAMEWORK,$OPTION_JAVA_VM,$OPTION_DB,$OPTION_DB_INSTALL,$OPTION_UI,$OPTION_SHAPE,$CSV_NAME,$CSV_HTML_OK,$CSV_JSON_OK,$CSV_BUILD_SECOND,$CSV_DESTROY_SECOND,$CSV_RUN100_OK,$CSV_RUN100_SECOND" >> $TEST_HOME/result.csv - elif [ "$OPTION_LANG" == "python" ]; then - echo "$CSV_DATE,$OPTION_DEPLOY,$OPTION_LANG,$OPTION_PYTHON_FRAMEWORK,-,$OPTION_DB,$OPTION_DB_INSTALL,$OPTION_UI,$OPTION_SHAPE,$CSV_NAME,$CSV_HTML_OK,$CSV_JSON_OK,$CSV_BUILD_SECOND,$CSV_DESTROY_SECOND,$CSV_RUN100_OK,$CSV_RUN100_SECOND" >> $TEST_HOME/result.csv - else - echo "$CSV_DATE,$OPTION_DEPLOY,$OPTION_LANG,-,-,$OPTION_DB,$OPTION_DB_INSTALL,$OPTION_UI,$OPTION_SHAPE,$CSV_NAME,$CSV_HTML_OK,$CSV_JSON_OK,$CSV_BUILD_SECOND,$CSV_DESTROY_SECOND,$CSV_RUN100_OK,$CSV_RUN100_SECOND" >> $TEST_HOME/result.csv - fi - if [ "$CSV_JSON_OK" != "1" ] || [ "$CSV_HTML_OK" != "1" ]; then - echo "$CSV_DATE,$OPTION_DEPLOY,$OPTION_LANG,$OPTION_JAVA_FRAMEWORK,$OPTION_JAVA_VM,$OPTION_DB,$OPTION_DB_INSTALL,$OPTION_UI,$OPTION_SHAPE,$CSV_NAME,$CSV_HTML_OK,$CSV_JSON_OK,$CSV_BUILD_SECOND,$CSV_DESTROY_SECOND,$CSV_RUN100_OK,$CSV_RUN100_SECOND" >> $TEST_HOME/errors.csv - add_errors_rerun - else - add_ok_rerun - fi - - if [ -f $TEST_HOME/stop_all_after_destroy ]; then - echo "-------------------------------------------------------" - echo "stop_all_after_destroy file dectected" - echo "Last directory: $TEST_DIR" - # rm $TEST_HOME/stop_all_after_destroy - exit - fi + if [ "$BUILD_COUNT" = "2" ]; then + BUILD_ID=2 + build_test + fi + if [ -f $TEST_HOME/stop_after_build ]; then + echo "-------------------------------------------------------" + echo "stop_after_build file dectected" + echo "Exiting before destroy_all.sh" + echo "Last directory: $TEST_DIR" + rm $TEST_HOME/stop_after_build + exit + fi + if [ "$TEST_RERUN_NO_DESTROY" != "" ]; then + echo "TEST_RERUN_NO_DESTROY - Exiting before destroy_all.sh" + echo "Last directory: $TEST_DIR" + exit + fi + SECONDS=0 + ./starter.sh destroy --auto-approve > destroy.log 2>&1 + if [ -d "target" ]; then + # Avoid to have a lot of left resource in the tenancy after a lot of destroy that failed + echo "FATAL ERROR: target directory not fully destroyed" + echo "Last directory: $TEST_DIR" + exit + fi + + echo "destroy_secs=$SECONDS" >> ${TEST_DIR}_time.txt + CSV_DESTROY_SECOND=$SECONDS + cat ${TEST_DIR}_time.txt + + if [ "$OPTION_LANG" == "java" ]; then + echo "$CSV_DATE,$OPTION_DEPLOY,$OPTION_LANG,$OPTION_JAVA_FRAMEWORK,$OPTION_JAVA_VM,$OPTION_DB,$OPTION_DB_INSTALL,$OPTION_UI,$OPTION_SHAPE,$CSV_NAME,$CSV_HTML_OK,$CSV_JSON_OK,$CSV_BUILD_SECOND,$CSV_DESTROY_SECOND,$CSV_RUN100_OK,$CSV_RUN100_SECOND" >> $TEST_HOME/result.csv + elif [ "$OPTION_LANG" == "python" ]; then + echo "$CSV_DATE,$OPTION_DEPLOY,$OPTION_LANG,$OPTION_PYTHON_FRAMEWORK,-,$OPTION_DB,$OPTION_DB_INSTALL,$OPTION_UI,$OPTION_SHAPE,$CSV_NAME,$CSV_HTML_OK,$CSV_JSON_OK,$CSV_BUILD_SECOND,$CSV_DESTROY_SECOND,$CSV_RUN100_OK,$CSV_RUN100_SECOND" >> $TEST_HOME/result.csv + else + echo "$CSV_DATE,$OPTION_DEPLOY,$OPTION_LANG,-,-,$OPTION_DB,$OPTION_DB_INSTALL,$OPTION_UI,$OPTION_SHAPE,$CSV_NAME,$CSV_HTML_OK,$CSV_JSON_OK,$CSV_BUILD_SECOND,$CSV_DESTROY_SECOND,$CSV_RUN100_OK,$CSV_RUN100_SECOND" >> $TEST_HOME/result.csv + fi + if [ "$CSV_JSON_OK" != "1" ] || [ "$CSV_HTML_OK" != "1" ]; then + echo "$CSV_DATE,$OPTION_DEPLOY,$OPTION_LANG,$OPTION_JAVA_FRAMEWORK,$OPTION_JAVA_VM,$OPTION_DB,$OPTION_DB_INSTALL,$OPTION_UI,$OPTION_SHAPE,$CSV_NAME,$CSV_HTML_OK,$CSV_JSON_OK,$CSV_BUILD_SECOND,$CSV_DESTROY_SECOND,$CSV_RUN100_OK,$CSV_RUN100_SECOND" >> $TEST_HOME/errors.csv + add_errors_rerun + else + add_ok_rerun + fi + + if [ -f $TEST_HOME/stop_all_after_destroy ]; then + echo "-------------------------------------------------------" + echo "stop_all_after_destroy file dectected" + echo "Last directory: $TEST_DIR" + # rm $TEST_HOME/stop_all_after_destroy + exit + fi } build_option() { - mkdir_deploy - if [ "$OPTION_TLS" != "none" ]; then - NAME=tls-${OPTION_TLS}-${OPTION_DEPLOY} - elif [ "$OPTION_LANG" == "java" ] && [ "$OPTION_DEPLOY" != "function" ]; then - NAME=${OPTION_LANG}-${OPTION_JAVA_FRAMEWORK}-${OPTION_JAVA_VM}-${OPTION_DB}-${OPTION_UI} - elif [ "$OPTION_LANG" == "python" ] && [ "$OPTION_DEPLOY" != "function" ]; then - NAME=${OPTION_LANG}-${OPTION_PYTHON_FRAMEWORK}-${OPTION_DB}-${OPTION_UI} - else - NAME=${OPTION_LANG}-${OPTION_DB}-${OPTION_UI} - fi - if [ "$OPTION_SHAPE" != "amd" ]; then - NAME=${NAME}-$OPTION_SHAPE - fi - if [ "$OPTION_BUILD_HOST" != "terraform" ]; then - NAME=${NAME}-bh - fi - if [ "$OPTION_INFRA_AS_CODE" == "resource_manager" ]; then - NAME=${NAME}-rm - elif [ "$OPTION_INFRA_AS_CODE" == "from_resource_manager" ]; then - NAME=${NAME}-frm - fi - NAME=${NAME/_/-} - NAME=${NAME/_/-} - NAME=${NAME/_/-} - start_test $NAME - if [ "$TEST_DIRECTORY_ONLY" != "" ]; then - if [ "$TEST_DIRECTORY_ONLY" == "$TEST_DIR" ]; then - echo "FOUND TEST_DIRECTORY_ONLY: $TEST_DIR" + mkdir_deploy + if [ "$OPTION_TLS" != "none" ]; then + NAME=tls-${OPTION_TLS}-${OPTION_DEPLOY} + elif [ "$OPTION_LANG" == "java" ] && [ "$OPTION_DEPLOY" != "function" ]; then + NAME=${OPTION_LANG}-${OPTION_JAVA_FRAMEWORK}-${OPTION_JAVA_VM}-${OPTION_DB}-${OPTION_UI} + elif [ "$OPTION_LANG" == "python" ] && [ "$OPTION_DEPLOY" != "function" ]; then + NAME=${OPTION_LANG}-${OPTION_PYTHON_FRAMEWORK}-${OPTION_DB}-${OPTION_UI} else - echo "SKIP: $TEST_DIR" - return + NAME=${OPTION_LANG}-${OPTION_DB}-${OPTION_UI} fi - else - if grep -q "$TEST_DIR" $TEST_HOME/inprogress_rerun.sh; then - echo "SKIP - FOUND in inprogress_rerun.sh: $TEST_DIR" - return + if [ "$OPTION_SHAPE" != "amd" ]; then + NAME=${NAME}-$OPTION_SHAPE fi - if grep -q "$TEST_DIR" $TEST_HOME/ok_rerun.sh; then - echo "SKIP - FOUND in ok_rerun.sh: $TEST_DIR" - return + if [ "$OPTION_BUILD_HOST" != "terraform" ]; then + NAME=${NAME}-bh + fi + if [ "$OPTION_INFRA_AS_CODE" == "resource_manager" ]; then + NAME=${NAME}-rm + elif [ "$OPTION_INFRA_AS_CODE" == "from_resource_manager" ]; then + NAME=${NAME}-frm fi - if [ "$TEST_ERRORS_ONLY" = "" ]; then - if [ -f $TEST_HOME/errors_rerun.sh ]; then - if grep -q "$TEST_DIR" $TEST_HOME/errors_rerun.sh; then - echo "SKIP - FOUND in errors_rerun.sh: $TEST_DIR" - return + NAME=${NAME/_/-} + NAME=${NAME/_/-} + NAME=${NAME/_/-} + start_test $NAME + if [ "$TEST_DIRECTORY_ONLY" != "" ]; then + if [ "$TEST_DIRECTORY_ONLY" == "$TEST_DIR" ]; then + echo "FOUND TEST_DIRECTORY_ONLY: $TEST_DIR" + else + echo "SKIP: $TEST_DIR" + return + fi + else + if grep -q "$TEST_DIR" $TEST_HOME/inprogress_rerun.sh; then + echo "SKIP - FOUND in inprogress_rerun.sh: $TEST_DIR" + return + fi + if grep -q "$TEST_DIR" $TEST_HOME/ok_rerun.sh; then + echo "SKIP - FOUND in ok_rerun.sh: $TEST_DIR" + return + fi + if [ "$TEST_ERRORS_ONLY" = "" ]; then + if [ -f $TEST_HOME/errors_rerun.sh ]; then + if grep -q "$TEST_DIR" $TEST_HOME/errors_rerun.sh; then + echo "SKIP - FOUND in errors_rerun.sh: $TEST_DIR" + return + fi + fi fi - fi fi - fi - add_inprogress_rerun - - # Prevent to have undeleted resource when rerunning the test_suite - if [ -d $TEST_DIR/target ]; then - cd $TEST_DIR - ./starter.sh destroy --auto-approve > destroy_before_refresh.log 2>&1 - if [ -d $TEST_DIR/target ]; then - echo "ERROR: Existing target directory detected. Destroy failed." - exit 1 - fi - fi - - # Prevent to start test build if the group_common was not finished - if [ ! -f $TEST_HOME/group_common_env.sh ]; then - echo "ERROR: $TEST_HOME/group_common_env.sh not found" - exit 1 - fi - - # Avoid 2 parallel creations of code - while [ -f $TEST_HOME/oci_starter_busy ]; do - echo "FOUND oci_starter_busy - Waiting" - sleep 5 - done - touch $TEST_HOME/oci_starter_busy - - cd $TEST_HOME/oci-starter - if [ "$OPTION_GROUP_NAME" == "dummy" ]; then - PREFIX=$NAME - echo ./oci_starter.sh\ - -prefix $PREFIX \ - -deploy $OPTION_DEPLOY \ - -ui $OPTION_UI \ - -language $OPTION_LANG \ - -build_host $OPTION_BUILD_HOST \ - -java_framework $OPTION_JAVA_FRAMEWORK \ - -java_vm $OPTION_JAVA_VM \ - -python_framework $OPTION_PYTHON_FRAMEWORK \ - -database $OPTION_DB \ - -db_password $TEST_DB_PASSWORD \ - -db_install $OPTION_DB_INSTALL \ - -group_common $OPTION_GROUP_NAME \ - -infra_as_code $OPTION_INFRA_AS_CODE \ - -shape $OPTION_SHAPE \ - -tls $OPTION_TLS \ - -compartment_ocid $EX_COMPARTMENT_OCID \ - -vcn_ocid $TF_VAR_vcn_ocid \ - -web_subnet_ocid $TF_VAR_web_subnet_ocid \ - -app_subnet_ocid $TF_VAR_app_subnet_ocid \ - -db_subnet_ocid $TF_VAR_db_subnet_ocid \ - -oke_ocid $OKE_OCID \ - -atp_ocid $TF_VAR_atp_ocid \ - -db_ocid $TF_VAR_db_ocid \ - -mysql_ocid $TF_VAR_mysql_ocid \ - -psql_ocid $TF_VAR_psql_ocid \ - -opensearch_ocid $TF_VAR_opensearch_ocid \ - -nosql_ocid $TF_VAR_nosql_ocid \ - -apigw_ocid $TF_VAR_apigw_ocid \ - -bastion_ocid $TF_VAR_bastion_ocid \ - -fnapp_ocid $TF_VAR_fnapp_ocid > ${TEST_DIR}.log 2>&1 - ./oci_starter.sh \ - -prefix $PREFIX \ - -deploy $OPTION_DEPLOY \ - -ui $OPTION_UI \ - -language $OPTION_LANG \ - -build_host $OPTION_BUILD_HOST \ - -java_framework $OPTION_JAVA_FRAMEWORK \ - -java_vm $OPTION_JAVA_VM \ - -python_framework $OPTION_PYTHON_FRAMEWORK \ - -database $OPTION_DB \ - -db_password $TEST_DB_PASSWORD \ - -db_install $OPTION_DB_INSTALL \ - -group_common $OPTION_GROUP_NAME \ - -infra_as_code $OPTION_INFRA_AS_CODE \ - -shape $OPTION_SHAPE \ - -tls $OPTION_TLS \ - -compartment_ocid $EX_COMPARTMENT_OCID \ - -vcn_ocid $TF_VAR_vcn_ocid \ - -web_subnet_ocid $TF_VAR_web_subnet_ocid \ - -app_subnet_ocid $TF_VAR_app_subnet_ocid \ - -db_subnet_ocid $TF_VAR_db_subnet_ocid \ - -oke_ocid $OKE_OCID \ - -atp_ocid $TF_VAR_atp_ocid \ - -db_ocid $TF_VAR_db_ocid \ - -mysql_ocid $TF_VAR_mysql_ocid \ - -psql_ocid $TF_VAR_psql_ocid \ - -opensearch_ocid $TF_VAR_opensearch_ocid \ - -nosql_ocid $TF_VAR_nosql_ocid \ - -apigw_ocid $TF_VAR_apigw_ocid \ - -bastion_ocid $TF_VAR_bastion_ocid \ - -fnapp_ocid $TF_VAR_fnapp_ocid >> ${TEST_DIR}.log 2>&1 - else - # Unique name to allow more generations of TLS certificates. The prefix is used as hostname for TLS http_01. - OPTION_TSONE_ID=$((OPTION_TSONEID+1)) - PREFIX=tsone${OPTION_TSONE_ID} - ./oci_starter.sh \ - -prefix $PREFIX \ - -deploy $OPTION_DEPLOY \ - -ui $OPTION_UI \ - -language $OPTION_LANG \ - -java_framework $OPTION_JAVA_FRAMEWORK \ - -java_vm $OPTION_JAVA_VM \ - -database $OPTION_DB \ - -db_password $TEST_DB_PASSWORD \ - -db_install $OPTION_DB_INSTALL \ - -group_common $OPTION_GROUP_NAME \ - -infra_as_code $OPTION_INFRA_AS_CODE \ - -shape $OPTION_SHAPE \ - -tls $OPTION_TLS \ - -compartment_ocid $EX_COMPARTMENT_OCID > ${TEST_DIR}.log 2>&1 - fi -# -db_compartment_ocid $EX_COMPARTMENT_OCID \ - rm $TEST_HOME/oci_starter_busy - - RESULT=$? - if [ $RESULT -eq 0 ] && [ -d output ]; then - mkdir output/target - cp $TEST_HOME/group_common/target/ssh* output/target/. - rm -Rf $TEST_DIR - if [ -f ${TEST_DIR}_time.txt ]; then - rm ${TEST_DIR}_* + add_inprogress_rerun + + # Prevent to have undeleted resource when rerunning the test_suite + if [ -d $TEST_DIR/target ]; then + if [ "$TEST_RERUN_REFRESH" == "" ]; then + cd $TEST_DIR + ./starter.sh destroy --auto-approve > destroy_before_refresh.log 2>&1 + if [ -d $TEST_DIR/target ]; then + echo "ERROR: Existing target directory detected. Destroy failed." + exit 1 + fi + else + if [ -d /tmp/$TEST_DIR/target ]; then + echo "ERROR: Existing target directory detected (/tmp/$TEST_DIR/target). Refresh failed." + exit 1 + else + rm -Rf /tmp/$TEST_DIR + mv $TEST_DIR /tmp/$TEST_DIR + fi + fi + fi + + # Prevent to start test build if the group_common was not finished + if [ ! -f $TEST_HOME/group_common_env.sh ]; then + echo "ERROR: $TEST_HOME/group_common_env.sh not found" + exit 1 + fi + + # Avoid 2 parallel creations of code + while [ -f $TEST_HOME/oci_starter_busy ]; do + echo "FOUND oci_starter_busy - Waiting" + sleep 5 + done + touch $TEST_HOME/oci_starter_busy + + cd $TEST_HOME/oci-starter + if [ "$OPTION_GROUP_NAME" == "dummy" ]; then + PREFIX=$NAME + echo ./oci_starter.sh\ + -prefix $PREFIX \ + -deploy $OPTION_DEPLOY \ + -ui $OPTION_UI \ + -language $OPTION_LANG \ + -build_host $OPTION_BUILD_HOST \ + -java_framework $OPTION_JAVA_FRAMEWORK \ + -java_vm $OPTION_JAVA_VM \ + -python_framework $OPTION_PYTHON_FRAMEWORK \ + -database $OPTION_DB \ + -db_password $TEST_DB_PASSWORD \ + -db_install $OPTION_DB_INSTALL \ + -group_common $OPTION_GROUP_NAME \ + -infra_as_code $OPTION_INFRA_AS_CODE \ + -shape $OPTION_SHAPE \ + -tls $OPTION_TLS \ + -compartment_ocid $EX_COMPARTMENT_OCID \ + -vcn_ocid $TF_VAR_vcn_ocid \ + -web_subnet_ocid $TF_VAR_web_subnet_ocid \ + -app_subnet_ocid $TF_VAR_app_subnet_ocid \ + -db_subnet_ocid $TF_VAR_db_subnet_ocid \ + -oke_ocid $OKE_OCID \ + -atp_ocid $TF_VAR_atp_ocid \ + -db_ocid $TF_VAR_db_ocid \ + -mysql_ocid $TF_VAR_mysql_ocid \ + -psql_ocid $TF_VAR_psql_ocid \ + -opensearch_ocid $TF_VAR_opensearch_ocid \ + -nosql_ocid $TF_VAR_nosql_ocid \ + -apigw_ocid $TF_VAR_apigw_ocid \ + -bastion_ocid $TF_VAR_bastion_ocid \ + -fnapp_ocid $TF_VAR_fnapp_ocid > ${TEST_DIR}.log 2>&1 + ./oci_starter.sh \ + -prefix $PREFIX \ + -deploy $OPTION_DEPLOY \ + -ui $OPTION_UI \ + -language $OPTION_LANG \ + -build_host $OPTION_BUILD_HOST \ + -java_framework $OPTION_JAVA_FRAMEWORK \ + -java_vm $OPTION_JAVA_VM \ + -python_framework $OPTION_PYTHON_FRAMEWORK \ + -database $OPTION_DB \ + -db_password $TEST_DB_PASSWORD \ + -db_install $OPTION_DB_INSTALL \ + -group_common $OPTION_GROUP_NAME \ + -infra_as_code $OPTION_INFRA_AS_CODE \ + -shape $OPTION_SHAPE \ + -tls $OPTION_TLS \ + -compartment_ocid $EX_COMPARTMENT_OCID \ + -vcn_ocid $TF_VAR_vcn_ocid \ + -web_subnet_ocid $TF_VAR_web_subnet_ocid \ + -app_subnet_ocid $TF_VAR_app_subnet_ocid \ + -db_subnet_ocid $TF_VAR_db_subnet_ocid \ + -oke_ocid $OKE_OCID \ + -atp_ocid $TF_VAR_atp_ocid \ + -db_ocid $TF_VAR_db_ocid \ + -mysql_ocid $TF_VAR_mysql_ocid \ + -psql_ocid $TF_VAR_psql_ocid \ + -opensearch_ocid $TF_VAR_opensearch_ocid \ + -nosql_ocid $TF_VAR_nosql_ocid \ + -apigw_ocid $TF_VAR_apigw_ocid \ + -bastion_ocid $TF_VAR_bastion_ocid \ + -fnapp_ocid $TF_VAR_fnapp_ocid >> ${TEST_DIR}.log 2>&1 + else + # Unique name to allow more generations of TLS certificates. The prefix is used as hostname for TLS http_01. + OPTION_TSONE_ID=$((OPTION_TSONEID+1)) + PREFIX=tsone${OPTION_TSONE_ID} + ./oci_starter.sh \ + -prefix $PREFIX \ + -deploy $OPTION_DEPLOY \ + -ui $OPTION_UI \ + -language $OPTION_LANG \ + -java_framework $OPTION_JAVA_FRAMEWORK \ + -java_vm $OPTION_JAVA_VM \ + -database $OPTION_DB \ + -db_password $TEST_DB_PASSWORD \ + -db_install $OPTION_DB_INSTALL \ + -group_common $OPTION_GROUP_NAME \ + -infra_as_code $OPTION_INFRA_AS_CODE \ + -shape $OPTION_SHAPE \ + -tls $OPTION_TLS \ + -compartment_ocid $EX_COMPARTMENT_OCID > ${TEST_DIR}.log 2>&1 + fi + # -db_compartment_ocid $EX_COMPARTMENT_OCID \ + rm $TEST_HOME/oci_starter_busy + + RESULT=$? + if [ $RESULT -eq 0 ] && [ -d output ]; then + mkdir output/target + cp $TEST_HOME/group_common/target/ssh* output/target/. + rm -Rf $TEST_DIR + if [ -f ${TEST_DIR}_time.txt ]; then + rm ${TEST_DIR}_* + fi + mv output $TEST_DIR + mv $TEST_DIR/src/done.sh $TEST_DIR/src/done_orig.sh + cp $SCRIPT_DIR/test_done.sh $TEST_DIR/src/done.sh + if [ "$TEST_RERUN_REFRESH" != "" ]; then + mv /tmp/$TEST_DIR/target $TEST_DIR/. + echo "Refresh done" + exit 0 + fi + if [ -z $GENERATE_ONLY ]; then + build_test_destroy + fi + else + echo -e "\u274C ERROR ./oci_starter.sh failed." + echo "Check ${TEST_DIR}.log" + add_errors_rerun + fi + + # Stop after finding the TEST_DIRECTORY_ONLY + if [ "$TEST_DIRECTORY_ONLY" != "" ]; then + exit fi - mv output $TEST_DIR - mv $TEST_DIR/src/done.sh $TEST_DIR/src/done_orig.sh - cp $SCRIPT_DIR/test_done.sh $TEST_DIR/src/done.sh - if [ -z $GENERATE_ONLY ]; then - build_test_destroy - fi - else - echo -e "\u274C ERROR ./oci_starter.sh failed." - echo "Check ${TEST_DIR}.log" - add_errors_rerun - fi - - # Stop after finding the TEST_DIRECTORY_ONLY - if [ "$TEST_DIRECTORY_ONLY" != "" ]; then - exit - fi } # Create the $OPTION_DEPLOY directory mkdir_deploy() { - if [ ! -d $TEST_HOME/$OPTION_DEPLOY ]; then - mkdir $TEST_HOME/$OPTION_DEPLOY - echo '. $PROJECT_DIR/../../group_common_env.sh' > $TEST_HOME/$OPTION_DEPLOY/group_common_env.sh - chmod +x $TEST_HOME/$OPTION_DEPLOY/group_common_env.sh - fi + if [ ! -d $TEST_HOME/$OPTION_DEPLOY ]; then + mkdir $TEST_HOME/$OPTION_DEPLOY + echo '. $PROJECT_DIR/../../group_common_env.sh' > $TEST_HOME/$OPTION_DEPLOY/group_common_env.sh + chmod +x $TEST_HOME/$OPTION_DEPLOY/group_common_env.sh + fi } pre_test_suite() { - if [ -d $TEST_HOME ]; then - echo "$TEST_HOME directory already exists" - exit; - fi - - - # Avoid already set variables - unset "${!TF_VAR@}" - - mkdir $TEST_HOME - cd $TEST_HOME - git clone https://github.com/mgueury/oci-starter - touch inprogress_rerun.sh - touch ok_rerun.sh - - SHAPE_GROUP="amd" - if [[ `arch` == "aarch64" ]]; then - SHAPE_GROUP="arm" - fi - GROUP_NAME="ts${SHAPE_GROUP}" - - cd $TEST_HOME/oci-starter - ./oci_starter.sh -group_name $GROUP_NAME -group_common atp,mysql,psql,opensearch,nosql,database,fnapp,apigw,oke -compartment_ocid $EX_COMPARTMENT_OCID -db_password $TEST_DB_PASSWORD -shape $SHAPE_GROUP - exit_on_error "oci_starter.sh" - mv output/group_common ../group_common - cd $TEST_HOME/group_common - echo "# Test Suite use 2 nodes to avoid error: Too Many Pods (110 pods/node K8s limit)" >> terraform.tfvars - echo "node_pool_size=2" >> terraform.tfvars - echo "" >> terraform.tfvars - ./starter.sh build --auto-approve - exit_on_error "starter.sh build" - date - echo "CSV_DATE,OPTION_DEPLOY,OPTION_LANG,OPTION_JAVA_FRAMEWORK,OPTION_JAVA_VM,OPTION_DB,OPTION_DB_INSTALL,OPTION_UI,OPTION_SHAPE,CSV_NAME,CSV_HTML_OK,CSV_JSON_OK,CSV_BUILD_SECOND,CSV_DESTROY_SECOND,CSV_RUN100_OK,CSV_RUN100_SECOND" > $TEST_HOME/result.csv + if [ -d $TEST_HOME ]; then + echo "$TEST_HOME directory already exists" + exit; + fi + + + # Avoid already set variables + unset "${!TF_VAR@}" + + mkdir $TEST_HOME + cd $TEST_HOME + git clone https://github.com/mgueury/oci-starter + touch inprogress_rerun.sh + touch ok_rerun.sh + + SHAPE_GROUP="amd" + if [[ `arch` == "aarch64" ]]; then + SHAPE_GROUP="arm" + fi + GROUP_NAME="ts${SHAPE_GROUP}" + + cd $TEST_HOME/oci-starter + ./oci_starter.sh -group_name $GROUP_NAME -group_common atp,mysql,psql,opensearch,nosql,database,fnapp,apigw,oke -compartment_ocid $EX_COMPARTMENT_OCID -db_password $TEST_DB_PASSWORD -shape $SHAPE_GROUP + exit_on_error "oci_starter.sh" + mv output/group_common ../group_common + cd $TEST_HOME/group_common + echo "# Test Suite use 2 nodes to avoid error: Too Many Pods (110 pods/node K8s limit)" >> terraform.tfvars + echo "node_pool_size=2" >> terraform.tfvars + echo "" >> terraform.tfvars + ./starter.sh build --auto-approve + exit_on_error "starter.sh build" + date + echo "CSV_DATE,OPTION_DEPLOY,OPTION_LANG,OPTION_JAVA_FRAMEWORK,OPTION_JAVA_VM,OPTION_DB,OPTION_DB_INSTALL,OPTION_UI,OPTION_SHAPE,CSV_NAME,CSV_HTML_OK,CSV_JSON_OK,CSV_BUILD_SECOND,CSV_DESTROY_SECOND,CSV_RUN100_OK,CSV_RUN100_SECOND" > $TEST_HOME/result.csv } pre_git_refresh() { - cd $TEST_HOME/oci-starter - git pull origin main - echo "----------------------------------------------------------------------------" >> $TEST_HOME/errors_rerun.sh + cd $TEST_HOME/oci-starter + git pull origin main + echo "----------------------------------------------------------------------------" >> $TEST_HOME/errors_rerun.sh } post_test_suite() { - date + date - cd $TEST_HOME/group_common - ./starter.sh destroy --auto-approve + cd $TEST_HOME/group_common + ./starter.sh destroy --auto-approve } From d50303d1b3dc84dc813870d20fb4f46898b56188 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 22 Apr 2026 16:05:38 +0200 Subject: [PATCH 002/115] v5.0 --- test_suite/test_no_destroy.sh | 27 --------------------------- test_suite/test_suite.sh | 4 ++-- 2 files changed, 2 insertions(+), 29 deletions(-) delete mode 100755 test_suite/test_no_destroy.sh diff --git a/test_suite/test_no_destroy.sh b/test_suite/test_no_destroy.sh deleted file mode 100755 index 214c9e0d..00000000 --- a/test_suite/test_no_destroy.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -cd $SCRIPT_DIR - -if [ "$#" -lt 1 ]; then - echo "Usage: test_rerun.sh " - exit 1 -fi - -echo "Mode" -echo "[1] ./test_rerun.sh destroy_refresh_build_destroy" -echo "[2] ./test_rerun.sh destroy_refresh_build" -echo "[3] ./test_rerun.sh refresh" -read -p "Enter choice [1/4]: " MODE_ID -if [ "$MODE_ID" == "1" ]; then - ; -elif [ "$MODE_ID" == "2" ]; then - export TEST_RERUN_NO_DESTROY=TRUE -elif [ "$MODE_ID" == "3" ]; then - export TEST_RERUN_REFRESH=TRUE -else - echo "ERROR: Unknown choice" - exit 1 -fi - -export TEST_DIRECTORY_ONLY=$1 -./test_suite.sh diff --git a/test_suite/test_suite.sh b/test_suite/test_suite.sh index ff785fcd..048a2cca 100755 --- a/test_suite/test_suite.sh +++ b/test_suite/test_suite.sh @@ -283,8 +283,8 @@ fi if [ -d $TEST_HOME ]; then pre_git_refresh - if [ ! -f $TEST_HOME/group_common_env.sh ]; then - echo "ERROR: $TEST_HOME/group_common_env.sh not detected" + if [ ! -f ${TEST_HOME}/group_common_env.sh ]; then + echo "ERROR: ${TEST_HOME}/group_common_env.sh not detected" exit fi else From 67dae5f06d3c0a2bf64417bb78f3cbc9347b704a Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 22 Apr 2026 16:06:29 +0200 Subject: [PATCH 003/115] v5.0 --- test_suite/test_rerun.sh | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/test_suite/test_rerun.sh b/test_suite/test_rerun.sh index 781a4ce7..214c9e0d 100755 --- a/test_suite/test_rerun.sh +++ b/test_suite/test_rerun.sh @@ -2,9 +2,25 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) cd $SCRIPT_DIR -if [ -z "$1" ]; then - echo "Usage: test_rerun.sh " - exit +if [ "$#" -lt 1 ]; then + echo "Usage: test_rerun.sh " + exit 1 +fi + +echo "Mode" +echo "[1] ./test_rerun.sh destroy_refresh_build_destroy" +echo "[2] ./test_rerun.sh destroy_refresh_build" +echo "[3] ./test_rerun.sh refresh" +read -p "Enter choice [1/4]: " MODE_ID +if [ "$MODE_ID" == "1" ]; then + ; +elif [ "$MODE_ID" == "2" ]; then + export TEST_RERUN_NO_DESTROY=TRUE +elif [ "$MODE_ID" == "3" ]; then + export TEST_RERUN_REFRESH=TRUE +else + echo "ERROR: Unknown choice" + exit 1 fi export TEST_DIRECTORY_ONLY=$1 From 0479f3abd42f2edf0ef1c50f8223d8297054da29 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 22 Apr 2026 16:07:28 +0200 Subject: [PATCH 004/115] v5.0 --- test_suite/test_rerun.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_suite/test_rerun.sh b/test_suite/test_rerun.sh index 214c9e0d..41217c00 100755 --- a/test_suite/test_rerun.sh +++ b/test_suite/test_rerun.sh @@ -13,7 +13,7 @@ echo "[2] ./test_rerun.sh destroy_refresh_build" echo "[3] ./test_rerun.sh refresh" read -p "Enter choice [1/4]: " MODE_ID if [ "$MODE_ID" == "1" ]; then - ; + echo "-" elif [ "$MODE_ID" == "2" ]; then export TEST_RERUN_NO_DESTROY=TRUE elif [ "$MODE_ID" == "3" ]; then From 7a600710b1f0d8e13731698d7a8fd619d59549da Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 22 Apr 2026 16:09:40 +0200 Subject: [PATCH 005/115] v5.0 --- test_suite/test_suite_shared.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test_suite/test_suite_shared.sh b/test_suite/test_suite_shared.sh index cf19cd1f..7da6cf76 100755 --- a/test_suite/test_suite_shared.sh +++ b/test_suite/test_suite_shared.sh @@ -247,6 +247,7 @@ build_option() { # Prevent to have undeleted resource when rerunning the test_suite if [ -d $TEST_DIR/target ]; then if [ "$TEST_RERUN_REFRESH" == "" ]; then + echo "target directory found. Destroying." cd $TEST_DIR ./starter.sh destroy --auto-approve > destroy_before_refresh.log 2>&1 if [ -d $TEST_DIR/target ]; then @@ -254,6 +255,7 @@ build_option() { exit 1 fi else + echo "TEST_RERUN_REFRESH=$TEST_RERUN_REFRESH - backup up directory." if [ -d /tmp/$TEST_DIR/target ]; then echo "ERROR: Existing target directory detected (/tmp/$TEST_DIR/target). Refresh failed." exit 1 From 3bd5377de108aba22765ed4cae5bec3cbaa14755 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 22 Apr 2026 16:46:22 +0200 Subject: [PATCH 006/115] v5.0 --- basis/bin/compute/shared_compute.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/basis/bin/compute/shared_compute.sh b/basis/bin/compute/shared_compute.sh index f50ae52d..f5cc841c 100755 --- a/basis/bin/compute/shared_compute.sh +++ b/basis/bin/compute/shared_compute.sh @@ -137,7 +137,9 @@ install_java() { # cd - # sudo update-alternatives --set java $JAVA_LATEST_PATH/bin/java fi + export JAVA_HOME=$(dirname $(dirname $(readlink -f $(which java)))) fi + echo "export JAVA_HOME=${JAVA_HOME}" >> $HOME/.bashrc # JMS agent deploy (to fleet_ocid ) if [ -f jms_agent_deploy.sh ]; then From 948f506ea44b084b8b2e9d3dc0043c1a9f26d7dc Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 23 Apr 2026 09:00:39 +0200 Subject: [PATCH 007/115] v5.0 --- basis/bin/oci_starter.sh | 338 ++++++++++++++++++++------------------- 1 file changed, 173 insertions(+), 165 deletions(-) diff --git a/basis/bin/oci_starter.sh b/basis/bin/oci_starter.sh index b78febe7..188c9d86 100755 --- a/basis/bin/oci_starter.sh +++ b/basis/bin/oci_starter.sh @@ -2,17 +2,19 @@ # Should be called from starter.sh if [ "$PROJECT_DIR" == "" ]; then - echo "ERROR: PROJECT_DIR not set" - exit 1 + echo "ERROR: PROJECT_DIR not set" + exit 1 fi if [ "$BIN_DIR" == "" ]; then - export BIN_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + export BIN_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) fi export TARGET_DIR=$PROJECT_DIR/target mkdir -p $TARGET_DIR/logs -DATE_POSTFIX=`date '+%Y%m%d-%H%M%S'` +if [ "$DATE_POSTFIX" == "" ]; then + DATE_POSTFIX=`date '+%Y%m%d-%H%M%S'` +fi set -o pipefail export ARG1=$1 @@ -20,192 +22,198 @@ export ARG2=$2 export ARG3=$3 if [ -z $ARG1 ]; then - COMMAND_FILE=$TARGET_DIR/command.txt - if [ -f $COMMAND_FILE ]; then - rm $COMMAND_FILE - fi - if [ ! -f $COMMAND_FILE ]; then - python3 $BIN_DIR/starter_menu.py + COMMAND_FILE=$TARGET_DIR/command.txt if [ -f $COMMAND_FILE ]; then - COMMAND=$(cat $COMMAND_FILE) - rm $COMMAND_FILE - # Execute the command from bash to avoid issue with terminal prompt - eval "$COMMAND" + rm $COMMAND_FILE + fi + if [ ! -f $COMMAND_FILE ]; then + python3 $BIN_DIR/starter_menu.py + if [ -f $COMMAND_FILE ]; then + COMMAND=$(cat $COMMAND_FILE) + rm $COMMAND_FILE + # Execute the command from bash to avoid issue with terminal prompt + eval "$COMMAND" + fi fi - fi elif [ "$ARG1" == "help" ]; then - echo "--- BUILD ------------------------------------------------------------------------------------" - echo "./starter.sh build - Build and deploy all" - echo "./starter.sh build app - Build the application (APP)" - echo "./starter.sh build ui - Build the user interface (UI)" - echo "--- DESTROY ----------------------------------------------------------------------------------" - echo "./starter.sh destroy - Destroy all" - echo "--- SSH --------------------------------------------------------------------------------------" - echo "target/ssh_key_starter - SSH private key" - echo "./starter.sh ssh compute - SSH to compute (Deployment: Compute)" - echo "./starter.sh ssh bastion - SSH to bastion" - echo "./starter.sh ssh db_node - SSH to DB_NODE (Database: Oracle DB)" - echo "--- START/STOP -------------------------------------------------------------------------------" - echo "./starter.sh start - Start all resources" - echo "./starter.sh stop - Stop all resources" - echo "--- TERRAFORM (or RESOURCE MANAGER ) ---------------------------------------------------------" - echo "./starter.sh terraform plan - Plan" - echo "./starter.sh terraform apply - Apply" - echo "./starter.sh terraform destroy - Destroy" - echo "--- GENERATE ---------------------------------------------------------------------------------" - echo "./starter.sh generate auth_token - Create OCI Auth Token (ex: docker login)" - echo "--- DEPLOY -----------------------------------------------------------------------------------" - echo "./starter.sh deploy bastion - Deploy the bastion (+create DB tables)" - echo "./starter.sh deploy compute - Deploy APP and UI on Compute (Deployment: Compute)" - echo "./starter.sh deploy oke - Deploy APP and UI on OKE (Deployment: Kubernetes)" - echo "--- KUBECTL ----------------------------------------------------------------------------------" - echo "./starter.sh env - Set environment variable like KUBECONFIG for Kubernetes" - echo "kubectl get pods - Example of a command to check the PODs" - echo "--- LOGS -------------------------------------------------------------------------------------" - echo "cat target/build.log - Show last build log" - echo "cat target/destroy.log - Show last destroy log" - echo "--- HELP -------------------------------------------------------------------------------------" - echo "https://www.ocistarter.com/" - echo "https://www.ocistarter.com/help (tutorial + how to customize)" - echo - exit + echo "--- BUILD ------------------------------------------------------------------------------------" + echo "./starter.sh build - Build and deploy all" + echo "./starter.sh build app - Build the application (APP)" + echo "./starter.sh build ui - Build the user interface (UI)" + echo "--- DESTROY ----------------------------------------------------------------------------------" + echo "./starter.sh destroy - Destroy all" + echo "--- SSH --------------------------------------------------------------------------------------" + echo "target/ssh_key_starter - SSH private key" + echo "./starter.sh ssh compute - SSH to compute (Deployment: Compute)" + echo "./starter.sh ssh bastion - SSH to bastion" + echo "./starter.sh ssh db_node - SSH to DB_NODE (Database: Oracle DB)" + echo "--- START/STOP -------------------------------------------------------------------------------" + echo "./starter.sh start - Start all resources" + echo "./starter.sh stop - Stop all resources" + echo "--- TERRAFORM (or RESOURCE MANAGER ) ---------------------------------------------------------" + echo "./starter.sh terraform plan - Plan" + echo "./starter.sh terraform apply - Apply" + echo "./starter.sh terraform destroy - Destroy" + echo "--- GENERATE ---------------------------------------------------------------------------------" + echo "./starter.sh generate auth_token - Create OCI Auth Token (ex: docker login)" + echo "--- DEPLOY -----------------------------------------------------------------------------------" + echo "./starter.sh deploy bastion - Deploy the bastion (+create DB tables)" + echo "./starter.sh deploy compute - Deploy APP and UI on Compute (Deployment: Compute)" + echo "./starter.sh deploy oke - Deploy APP and UI on OKE (Deployment: Kubernetes)" + echo "--- KUBECTL ----------------------------------------------------------------------------------" + echo "./starter.sh env - Set environment variable like KUBECONFIG for Kubernetes" + echo "kubectl get pods - Example of a command to check the PODs" + echo "--- LOGS -------------------------------------------------------------------------------------" + echo "cat target/build.log - Show last build log" + echo "cat target/destroy.log - Show last destroy log" + echo "--- HELP -------------------------------------------------------------------------------------" + echo "https://www.ocistarter.com/" + echo "https://www.ocistarter.com/help (tutorial + how to customize)" + echo + exit elif [ "$ARG1" == "build" ]; then - if [ "$ARG2" == "app" ]; then - # Build all apps - for APP_NAME in `app_name_list_build`; do - src/app/$APP_NAME/build.sh ${@:2} - exit_on_error "Build App $APP_NAME" - done - elif [ "$ARG2" == "ui" ]; then - $PROJECT_DIR/src/app/build_ui.sh ${@:2} - else - export LOG_NAME=$TARGET_DIR/logs/build.${DATE_POSTFIX}.log - # Show the log and save it to target/build.log and target/logs - ln -sf $LOG_NAME $TARGET_DIR/build.log - $BIN_DIR/build_all.sh ${@:2} 2>&1 | tee $LOG_NAME - fi + if [ "$ARG2" == "app" ]; then + # Build all apps + for APP_NAME in `app_name_list_build`; do + src/app/$APP_NAME/build.sh ${@:2} + exit_on_error "Build App $APP_NAME" + done + elif [ "$ARG2" == "ui" ]; then + $PROJECT_DIR/src/app/build_ui.sh ${@:2} + else + export LOG_NAME=$TARGET_DIR/logs/build.${DATE_POSTFIX}.log + # Show the log and save it to target/build.log and target/logs + ln -sf $LOG_NAME $TARGET_DIR/build.log + $BIN_DIR/build_all.sh ${@:2} 2>&1 | tee $LOG_NAME + fi elif [ "$ARG1" == "rm" ]; then - if [ "$ARG2" == "build" ]; then - export TF_VAR_infra_as_code="build_resource_manager" - $BIN_DIR/terraform_apply.sh - elif [ "$ARG2" == "create" ]; then - export TF_VAR_infra_as_code="create_resource_manager" - $BIN_DIR/terraform_apply.sh - elif [ "$ARG2" == "" ]; then - export TF_VAR_infra_as_code="distribute_resource_manager" - $BIN_DIR/terraform_apply.sh - else - echo "Unknown command: $ARG1 $ARG2" - fi + if [ "$ARG2" == "build" ]; then + export TF_VAR_infra_as_code="build_resource_manager" + $BIN_DIR/terraform_apply.sh + elif [ "$ARG2" == "create" ]; then + export TF_VAR_infra_as_code="create_resource_manager" + $BIN_DIR/terraform_apply.sh + elif [ "$ARG2" == "" ]; then + export TF_VAR_infra_as_code="distribute_resource_manager" + $BIN_DIR/terraform_apply.sh + else + echo "Unknown command: $ARG1 $ARG2" + fi elif [ "$ARG1" == "destroy" ]; then - if [ -f $TARGET_DIR/resource_manager_stackid ]; then - # From the shell that created a RM Stack - $BIN_DIR/terraform_destroy.sh - elif [ "$TF_VAR_infra_as_code" == "from_resource_manager" ] && [ "$2" != "--called_by_resource_manager" ]; then - # ./starter.sh destroy - # - with terraform stack in resource_manager (=from_resource_manager) - # - called from Command Line - # - and not called by the resource_manager - $BIN_DIR/terraform_destroy.sh - else - LOG_NAME=$TARGET_DIR/logs/destroy.${DATE_POSTFIX}.log - # Show the log and save it to target/build.log and target/logs - ln -sf $LOG_NAME $TARGET_DIR/destroy.log - $BIN_DIR/destroy_all.sh ${@:2} 2>&1 | tee $LOG_NAME - fi + if [ -f $TARGET_DIR/resource_manager_stackid ]; then + # From the shell that created a RM Stack + $BIN_DIR/terraform_destroy.sh + elif [ "$TF_VAR_infra_as_code" == "from_resource_manager" ] && [ "$2" != "--called_by_resource_manager" ]; then + # ./starter.sh destroy + # - with terraform stack in resource_manager (=from_resource_manager) + # - called from Command Line + # - and not called by the resource_manager + $BIN_DIR/terraform_destroy.sh + else + LOG_NAME=$TARGET_DIR/logs/destroy.${DATE_POSTFIX}.log + # Show the log and save it to target/build.log and target/logs + ln -sf $LOG_NAME $TARGET_DIR/destroy.log + $BIN_DIR/destroy_all.sh ${@:2} 2>&1 | tee $LOG_NAME + fi elif [ "$ARG1" == "ssh" ]; then - if [ "$ARG2" == "compute" ]; then - $BIN_DIR/ssh_compute.sh - elif [ "$ARG2" == "bastion" ]; then - $BIN_DIR/ssh_bastion.sh - elif [ "$ARG2" == "db_node" ]; then - $BIN_DIR/ssh_db_node.sh - else - echo "Unknown command: $ARG1 $ARG2" - fi + if [ "$ARG2" == "compute" ]; then + $BIN_DIR/ssh_compute.sh + elif [ "$ARG2" == "bastion" ]; then + $BIN_DIR/ssh_bastion.sh + elif [ "$ARG2" == "db_node" ]; then + $BIN_DIR/ssh_db_node.sh + else + echo "Unknown command: $ARG1 $ARG2" + fi elif [ "$ARG1" == "rebuild" ]; then - . $BIN_DIR/shared_bash_function.sh + . $BIN_DIR/shared_bash_function.sh - # Destroy - LOG_NAME=$TARGET_DIR/logs/destroy.${DATE_POSTFIX}.log - ln -sf $LOG_NAME $TARGET_DIR/destroy.log - $BIN_DIR/destroy_all.sh ${@:2} 2>&1 | tee $LOG_NAME - exit_on_error "destroy_all.sh" - - # Double check - if [ -f $TARGET_DIR ]; then - error_exit "target dir is still there..." - fi + # Destroy + LOG_NAME=$TARGET_DIR/logs/destroy.${DATE_POSTFIX}.log + ln -sf $LOG_NAME $TARGET_DIR/destroy.log + $BIN_DIR/destroy_all.sh ${@:2} 2>&1 | tee $LOG_NAME + exit_on_error "destroy_all.sh" + + # Double check + if [ -f $TARGET_DIR ]; then + error_exit "target dir is still there..." + fi - # Pull - git pull - exit_on_error "git pull" - - # Cleanup target dir - mkdir -p $TARGET_DIR/logs + # Pull + git pull + exit_on_error "git pull" + + # Cleanup target dir + mkdir -p $TARGET_DIR/logs - # Build - LOG_NAME=$TARGET_DIR/logs/build.${DATE_POSTFIX}.log - ln -sf $LOG_NAME $TARGET_DIR/build.log - $BIN_DIR/build_all.sh ${@:2} 2>&1 | tee $LOG_NAME + # Build + LOG_NAME=$TARGET_DIR/logs/build.${DATE_POSTFIX}.log + ln -sf $LOG_NAME $TARGET_DIR/build.log + $BIN_DIR/build_all.sh ${@:2} 2>&1 | tee $LOG_NAME elif [ "$ARG1" == "terraform" ]; then - if [ "$ARG2" == "plan" ]; then - $BIN_DIR/terraform_plan.sh ${@:3} - elif [ "$ARG2" == "apply" ]; then - $BIN_DIR/terraform_apply.sh ${@:3} - elif [ "$ARG2" == "destroy" ]; then - $BIN_DIR/terraform_destroy.sh ${@:3} - else - echo "Unknown command: $ARG1 $ARG2" - fi + if [ "$ARG2" == "plan" ]; then + $BIN_DIR/terraform_plan.sh ${@:3} + elif [ "$ARG2" == "apply" ]; then + $BIN_DIR/terraform_apply.sh ${@:3} + elif [ "$ARG2" == "destroy" ]; then + $BIN_DIR/terraform_destroy.sh ${@:3} + else + echo "Unknown command: $ARG1 $ARG2" + fi elif [ "$ARG1" == "frm" ]; then # From Resource Manager - . $BIN_DIR/shared_bash_function.sh - export CALLED_BY_TERRAFORM="TRUE" + . $BIN_DIR/shared_bash_function.sh + export CALLED_BY_TERRAFORM="TRUE" - if [ "$ARG2" == "before_terraform" ]; then - export LOG_NAME=$TARGET_DIR/frm_before_terraform.log - $BIN_DIR/build_all.sh --before_terraform | tee $LOG_NAME - exit_on_error "build_all.sh --before_terraform" - fi - . shared_infra_as_code.sh - . ./starter.sh env -silent - resource_manager_variables_json + if [ "$ARG2" == "before_terraform" ]; then + export LOG_NAME=$TARGET_DIR/frm_before_terraform.log + $BIN_DIR/build_all.sh --before_terraform | tee $LOG_NAME + exit_on_error "build_all.sh --before_terraform" + fi + . shared_infra_as_code.sh + . ./starter.sh env -silent + resource_manager_variables_json elif [ "$ARG1" == "start" ]; then $BIN_DIR/start_stop.sh start $ARG1 $ARG2 elif [ "$ARG1" == "stop" ]; then $BIN_DIR/start_stop.sh start $ARG1 $ARG2 elif [ "$ARG1" == "generate" ]; then - if [ "$ARG2" == "auth_token" ]; then - $BIN_DIR/gen_auth_token.sh - else - echo "Unknown command: $ARG1 $ARG2" - fi + if [ "$ARG2" == "auth_token" ]; then + $BIN_DIR/gen_auth_token.sh + else + echo "Unknown command: $ARG1 $ARG2" + fi elif [ "$ARG1" == "deploy" ]; then - if [ "$ARG2" == "compute" ]; then - $BIN_DIR/deploy_compute.sh - elif [ "$ARG2" == "bastion" ]; then - $BIN_DIR/deploy_bastion.sh - else - echo "Unknown command: $ARG1 $ARG2" - exit 1 - fi + if [ "$ARG2" == "compute" ]; then + $BIN_DIR/deploy_compute.sh + elif [ "$ARG2" == "bastion" ]; then + $BIN_DIR/deploy_bastion.sh + else + echo "Unknown command: $ARG1 $ARG2" + exit 1 + fi elif [ "$ARG1" == "env" ]; then - # Check if sourced or not - (return 0 2>/dev/null) && SOURCED=1 || SOURCED=0 - if [ "$SOURCED" == "1" ]; then - . $BIN_DIR/auto_env.sh ${@:2} - return - else - bash --rcfile $BIN_DIR/auto_env.sh ${@:2} - fi + # Check if sourced or not + (return 0 2>/dev/null) && SOURCED=1 || SOURCED=0 + if [ "$SOURCED" == "1" ]; then + . $BIN_DIR/auto_env.sh ${@:2} + return + else + bash --rcfile $BIN_DIR/auto_env.sh ${@:2} + fi elif [ "$ARG1" == "upgrade" ]; then - $BIN_DIR/upgrade.sh + $BIN_DIR/upgrade.sh else - echo "Unknown command: $ARG1" - exit 1 + echo "Unknown command: $ARG1" + exit 1 fi + +created_epoch=$(date -d "$DATE_POSTFIX" +%s) +now_epoch=$(date +%s) +elapsed=$((now_epoch - created_epoch)) +echo "Elapsed time: ${elapsed} seconds" + # Return the exit code -exit ${PIPESTATUS[0]} \ No newline at end of file +exit ${PIPESTATUS[0]} From f2ebeebd38e5dfc41b7188919843184352899ec4 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 23 Apr 2026 17:49:30 +0200 Subject: [PATCH 008/115] v5.0 --- basis/bin/compute/compute_install.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/basis/bin/compute/compute_install.sh b/basis/bin/compute/compute_install.sh index b62e149a..0f444032 100755 --- a/basis/bin/compute/compute_install.sh +++ b/basis/bin/compute/compute_install.sh @@ -34,16 +34,18 @@ if ! grep -q "export LC_CTYPE" $HOME/.bashrc; then # Resize the boot volume (if >47GB) sudo /usr/libexec/oci-growfs -y +fi - # Build_host = bastion +if ! grep -q "# Build Bastion" $HOME/.bashrc; then if [ "$TF_VAR_build_host" == "bastion" ]; then - # Kubernetes - if [ "$TF_VAR_deploy_type" == "kubernetes" ]; then + echo "# Build Bastion" >> $HOME/.bashrc# Build_host = bastion + # Kubernetes + if [ "$TF_VAR_oke_ocid" != "" ]; then install_docker_tools echo "export KUBECONFIG=$HOME/compute/kubeconfig_starter" >> $HOME/.bashrc fi - # Kubernetes - if [ "$TF_VAR_language" == "java" ]; then + # Java + if [ "$TF_VAR_language" == "java" ] || [ "$TF_VAR_oke_ocid" != "" ]; then install_java fi # Create a git branch From 253cb24f689cd9a59a68dc4a9a302d9daf7aad03 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 24 Apr 2026 12:06:51 +0200 Subject: [PATCH 009/115] v5.0 --- basis/bin/compute/shared_compute.sh | 5 +++-- basis/bin/oci_starter.sh | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/basis/bin/compute/shared_compute.sh b/basis/bin/compute/shared_compute.sh index f5cc841c..d88d8d9b 100755 --- a/basis/bin/compute/shared_compute.sh +++ b/basis/bin/compute/shared_compute.sh @@ -116,7 +116,6 @@ install_java() { # sudo update-alternatives --set native-image $JAVA_HOME/lib/svm/bin/native-image fi sudo update-alternatives --set java $JAVA_HOME/bin/java - echo "export JAVA_HOME=${JAVA_HOME}" >> $HOME/.bashrc else # JDK # Needed due to concurrency @@ -244,7 +243,9 @@ export -f install_python # -- install_libreoffice --------------------------------------------------- install_libreoffice() { export STABLE_VERSIONS=`curl -s https://download.documentfoundation.org/libreoffice/stable/` - export LIBREOFFICE_VERSION=`echo $STABLE_VERSIONS | sed 's/.*//' | sed 's/\/<\/a>.*//' | sed 's/.*\/">//'` + # export LIBREOFFICE_VERSION=`echo $STABLE_VERSIONS | sed 's/.*//' | sed 's/\/<\/a>.*//' | sed 's/.*\/">//'` + # Version 26.2 is incompatible with RHEL8... + export LIBREOFFICE_VERSION=`echo $STABLE_VERSIONS | sed 's/.*>25.8/25.8/' | sed 's/\/<\/a>.*//' | sed 's/.*\/">//'` echo LIBREOFFICE_VERSION=$LIBREOFFICE_VERSION cd /tmp export LIBREOFFICE_TGZ="LibreOffice_${LIBREOFFICE_VERSION}_Linux_x86-64_rpm.tar.gz" diff --git a/basis/bin/oci_starter.sh b/basis/bin/oci_starter.sh index 188c9d86..a44890af 100755 --- a/basis/bin/oci_starter.sh +++ b/basis/bin/oci_starter.sh @@ -14,6 +14,7 @@ export TARGET_DIR=$PROJECT_DIR/target mkdir -p $TARGET_DIR/logs if [ "$DATE_POSTFIX" == "" ]; then DATE_POSTFIX=`date '+%Y%m%d-%H%M%S'` + START_EPOCH=`date '+%s'` fi set -o pipefail @@ -210,9 +211,8 @@ else exit 1 fi -created_epoch=$(date -d "$DATE_POSTFIX" +%s) now_epoch=$(date +%s) -elapsed=$((now_epoch - created_epoch)) +elapsed=$((now_epoch - START_EPOCH)) echo "Elapsed time: ${elapsed} seconds" # Return the exit code From dff414231c9dc90af88be16bcc2c42983eb28b2b Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 24 Apr 2026 16:19:27 +0200 Subject: [PATCH 010/115] v5.0 --- basis/bin/compute/rebuild.sh | 2 +- basis/bin/compute/shared_compute.sh | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/basis/bin/compute/rebuild.sh b/basis/bin/compute/rebuild.sh index b0ac7931..d7079858 100755 --- a/basis/bin/compute/rebuild.sh +++ b/basis/bin/compute/rebuild.sh @@ -27,7 +27,7 @@ for APP_DIR in `app_dir_list`; do # Database title "Rebuild - $APP_NAME: Install" ${APP_DIR}/install.sh - elif [ -f $APP_DIR/install.sh ] && [ is_deploy_compute ]; then + elif [ -f $APP_DIR/install.sh ] && is_deploy_compute; then # Build in terraform - compute title "Rebuild: $APP_NAME: Install" ${APP_DIR}/install.sh diff --git a/basis/bin/compute/shared_compute.sh b/basis/bin/compute/shared_compute.sh index d88d8d9b..4271c0cf 100755 --- a/basis/bin/compute/shared_compute.sh +++ b/basis/bin/compute/shared_compute.sh @@ -229,7 +229,9 @@ install_python() { sudo dnf install -y python3.12 python3.12-pip python3-devel wget sudo update-alternatives --set python /usr/bin/python3.12 curl -LsSf https://astral.sh/uv/install.sh | sh - uv venv myenv + if [ ! -d myenv ]; then + uv venv myenv + fi source myenv/bin/activate if [ -f requirements.txt ]; then uv pip install -r requirements.txt @@ -300,6 +302,8 @@ install_instant_client() { } export -f install_instant_client +# -- create_self_signed_ip_certificate -------------------------------------- + create_self_signed_ip_certificate() { mkdir -p certificate @@ -370,7 +374,8 @@ EOF } export -f create_self_signed_ip_certificate -# -- Install NGINX ------------------------------------------------------------------ +# -- install_ngnix ---------------------------------------------------------- + install_ngnix() { title "NGINX" sudo dnf install nginx -y > /tmp/dnf_nginx.log @@ -534,6 +539,8 @@ is_deploy_compute() { fi } +export -f is_deploy_compute + # -- build_ui --------------------------------------------------------------- build_ui() { cd $SCRIPT_DIR From 7a3b050f93285233d70e4b4d89fda89a98c51fda Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 24 Apr 2026 16:22:50 +0200 Subject: [PATCH 011/115] v5.0 --- basis/bin/compute/compute_install.sh | 6 ++++++ test_suite/install_dev.sh | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/basis/bin/compute/compute_install.sh b/basis/bin/compute/compute_install.sh index 0f444032..078bc747 100755 --- a/basis/bin/compute/compute_install.sh +++ b/basis/bin/compute/compute_install.sh @@ -17,6 +17,12 @@ if ! grep -q "export LC_CTYPE" $HOME/.bashrc; then # Set VI and NANO in utf8 echo "export LC_CTYPE=en_US.UTF-8" >> $HOME/.bashrc echo "shopt -s direxpand" >> $HOME/.bashrc + cat >> $HOME/.vimrc <<'EOT' +set tabstop=4 +set expandtab +set shiftwidth=4 +set paste +EOT if [ "$TF_VAR_your_public_ssh_key" != "" ]; then if ! grep -q "$TF_VAR_your_public_ssh_key" $HOME/.ssh/authorized_keys; then diff --git a/test_suite/install_dev.sh b/test_suite/install_dev.sh index 78da04f3..21614e78 100755 --- a/test_suite/install_dev.sh +++ b/test_suite/install_dev.sh @@ -84,8 +84,8 @@ sudo dnf install -y tmux # VIM cat >> $HOME/.vimrc <<'EOT' -set tabstop=2 +set tabstop=4 set expandtab -set shiftwidth=2 +set shiftwidth=4 set paste EOT From 62fcc38a59feb7b652291a765844d4b42d0e03fb Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 24 Apr 2026 17:16:23 +0200 Subject: [PATCH 012/115] v5.0 --- basis/bin/compute/rebuild.sh | 4 +++ ...deploy_bastion.sh => deploy_bastion.j2.sh} | 6 +++++ py_oci_starter.py | 5 +++- test_suite/test_bastion_lock.sh | 26 +++++++++++++++++++ test_suite/test_suite_shared.sh | 6 +++-- 5 files changed, 44 insertions(+), 3 deletions(-) rename basis/bin/{deploy_bastion.sh => deploy_bastion.j2.sh} (89%) create mode 100644 test_suite/test_bastion_lock.sh diff --git a/basis/bin/compute/rebuild.sh b/basis/bin/compute/rebuild.sh index d7079858..543a6f42 100755 --- a/basis/bin/compute/rebuild.sh +++ b/basis/bin/compute/rebuild.sh @@ -42,6 +42,10 @@ for APP_DIR in `app_dir_list`; do fi done +if [ -f $HOME/bastion_lock ]; then + rm $HOME/bastion_lock +fi + end_time=$(date +%s) echo echo " Time taken: $((end_time - start_time)) seconds" \ No newline at end of file diff --git a/basis/bin/deploy_bastion.sh b/basis/bin/deploy_bastion.j2.sh similarity index 89% rename from basis/bin/deploy_bastion.sh rename to basis/bin/deploy_bastion.j2.sh index f5eb2613..c0d9fa58 100755 --- a/basis/bin/deploy_bastion.sh +++ b/basis/bin/deploy_bastion.j2.sh @@ -29,6 +29,11 @@ function scp_bastion() { if [ "$TF_VAR_deploy_type" == "kubernetes" ]; then cp $TARGET_DIR/kubeconfig_starter $BASTION_DIR/compute fi + {%- if test_name %} + # Get Lock CleanUp + ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$BASTION_IP "bash compute/test_bastion_lock.sh + {%- endif %} + elif [ -d src/app/db ]; then cp -R src/app/db $BASTION_DIR/app/. fi @@ -38,6 +43,7 @@ function scp_bastion() { scp_or_rsync $BASTION_DIR/compute } + # Try 5 times to copy the files / wait 5 secs between each try i=0 while [ true ]; do diff --git a/py_oci_starter.py b/py_oci_starter.py index 4fb837f1..17dac9d9 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -92,7 +92,7 @@ def mandatory_options(mode): '-atp_ocid', '-db_ocid', '-db_compartment_ocid', '-pdb_ocid', '-mysql_ocid', '-psql_ocid', '-opensearch_ocid', '-nosql_ocid', '-db_user', '-fnapp_ocid', '-apigw_ocid', '-bastion_ocid', '-auth_token', '-tls', '-subnet_ocid','-web_subnet_ocid','-app_subnet_ocid','-db_subnet_ocid','-shape','-db_install', - '-ui', '-deploy', '-database', '-license'] + '-ui', '-deploy', '-database', '-license', '-test_name'] # hidden_options - allowed but not advertised hidden_options = ['-zip', '-group_common','-group_name'] @@ -861,6 +861,9 @@ def create_output_dir(): if params.get('deploy_type') == "function": output_copy_tree("option/src/app/fn/fn_common", "src/app") + if params.get('test_name'): + output_copy("test_suite/test_bastion_lock.sh", "bin/compute") + # Generic version for Oracle DB if os.path.exists("option/src/app/"+app): output_copy_tree("option/src/app/"+app, "src/app") diff --git a/test_suite/test_bastion_lock.sh b/test_suite/test_bastion_lock.sh new file mode 100644 index 00000000..e9203081 --- /dev/null +++ b/test_suite/test_bastion_lock.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +LOCKFILE="$HOME/bastion_lock" +TIMEOUT=100 +WAIT=5 +ELAPSED=0 + +while [ "$ELAPSED" -lt "$TIMEOUT" ]; do + if [ -e "$LOCKFILE" ]; then + echo "bastion_lock file exists, waiting..." + else + # Try to create the lock atomically + if ( set -o noclobber; > "$LOCKFILE" ) 2> /dev/null; then + echo "Lock acquired." + exit 0 + else + echo "Race condition, retrying..." + fi + fi + + sleep "$WAIT" + ELAPSED=$((ELAPSED + WAIT)) +done + +echo "Failed to acquire lock after ${TIMEOUT} seconds." +exit 1 \ No newline at end of file diff --git a/test_suite/test_suite_shared.sh b/test_suite/test_suite_shared.sh index 7da6cf76..1530b7c1 100755 --- a/test_suite/test_suite_shared.sh +++ b/test_suite/test_suite_shared.sh @@ -312,7 +312,8 @@ build_option() { -nosql_ocid $TF_VAR_nosql_ocid \ -apigw_ocid $TF_VAR_apigw_ocid \ -bastion_ocid $TF_VAR_bastion_ocid \ - -fnapp_ocid $TF_VAR_fnapp_ocid > ${TEST_DIR}.log 2>&1 + -fnapp_ocid $TF_VAR_fnapp_ocid \ + -test_name $TEST_NAME > ${TEST_DIR}.log 2>&1 ./oci_starter.sh \ -prefix $PREFIX \ -deploy $OPTION_DEPLOY \ @@ -343,7 +344,8 @@ build_option() { -nosql_ocid $TF_VAR_nosql_ocid \ -apigw_ocid $TF_VAR_apigw_ocid \ -bastion_ocid $TF_VAR_bastion_ocid \ - -fnapp_ocid $TF_VAR_fnapp_ocid >> ${TEST_DIR}.log 2>&1 + -fnapp_ocid $TF_VAR_fnapp_ocid \ + -test_name $TEST_NAME >> ${TEST_DIR}.log 2>&1 else # Unique name to allow more generations of TLS certificates. The prefix is used as hostname for TLS http_01. OPTION_TSONE_ID=$((OPTION_TSONEID+1)) From 68faef5d98fd38ea35eb99d0bf59f2bc73756bca Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 24 Apr 2026 17:39:58 +0200 Subject: [PATCH 013/115] v5.0 --- test_suite/test_bastion_lock.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/test_suite/test_bastion_lock.sh b/test_suite/test_bastion_lock.sh index e9203081..c359c06d 100644 --- a/test_suite/test_bastion_lock.sh +++ b/test_suite/test_bastion_lock.sh @@ -12,6 +12,7 @@ while [ "$ELAPSED" -lt "$TIMEOUT" ]; do # Try to create the lock atomically if ( set -o noclobber; > "$LOCKFILE" ) 2> /dev/null; then echo "Lock acquired." + rm -Rf $HOME/app/* exit 0 else echo "Race condition, retrying..." From b9f225ce2eabd50468fc59daed6d59f4ddc990b2 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 24 Apr 2026 17:54:37 +0200 Subject: [PATCH 014/115] v5.0 --- py_oci_starter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 17dac9d9..f7a99f2a 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -908,7 +908,7 @@ def create_output_dir(): if params.get('java_vm') == "graalvm": params['java_docker'] = 'container-registry.oracle.com/graalvm/jdk:25' else: - params['java_docker'] = 'eclipse-temurin:25' + params['java_docker'] = 'container-registry.oracle.com/eclipse-temurin:25' # Check if any script exists that is NOT build_rest.sh has_build_rest = False From f89a5659843c04195d8e4d03557641ed464bebd4 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 24 Apr 2026 18:05:16 +0200 Subject: [PATCH 015/115] v5.0 --- basis/bin/deploy_bastion.j2.sh | 12 ++++++------ test_suite/test_bastion_lock.sh | 1 + 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/basis/bin/deploy_bastion.j2.sh b/basis/bin/deploy_bastion.j2.sh index c0d9fa58..91b01319 100755 --- a/basis/bin/deploy_bastion.j2.sh +++ b/basis/bin/deploy_bastion.j2.sh @@ -29,18 +29,18 @@ function scp_bastion() { if [ "$TF_VAR_deploy_type" == "kubernetes" ]; then cp $TARGET_DIR/kubeconfig_starter $BASTION_DIR/compute fi - {%- if test_name %} - # Get Lock CleanUp - ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$BASTION_IP "bash compute/test_bastion_lock.sh - {%- endif %} - elif [ -d src/app/db ]; then cp -R src/app/db $BASTION_DIR/app/. fi cp $TARGET_DIR/tf_env.sh $BASTION_DIR/compute/. - scp_or_rsync $BASTION_DIR/app scp_or_rsync $BASTION_DIR/compute + {%- if test_name %} + # Get Lock CleanUp + ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$BASTION_IP "bash compute/test_bastion_lock.sh $TEST_NAME" + {%- endif %} + scp_or_rsync $BASTION_DIR/app + } diff --git a/test_suite/test_bastion_lock.sh b/test_suite/test_bastion_lock.sh index c359c06d..de496290 100644 --- a/test_suite/test_bastion_lock.sh +++ b/test_suite/test_bastion_lock.sh @@ -12,6 +12,7 @@ while [ "$ELAPSED" -lt "$TIMEOUT" ]; do # Try to create the lock atomically if ( set -o noclobber; > "$LOCKFILE" ) 2> /dev/null; then echo "Lock acquired." + echo "$1" >> bastion_lock_history rm -Rf $HOME/app/* exit 0 else From ee1fd7008be9d17f4e0fcf4b0447ea00d20de2d0 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 24 Apr 2026 18:23:36 +0200 Subject: [PATCH 016/115] v5.0 --- basis/bin/compute/compute_install.sh | 4 ++-- basis/bin/compute/shared_compute.sh | 3 +++ py_oci_starter.py | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/basis/bin/compute/compute_install.sh b/basis/bin/compute/compute_install.sh index 078bc747..0c3a6257 100755 --- a/basis/bin/compute/compute_install.sh +++ b/basis/bin/compute/compute_install.sh @@ -17,12 +17,12 @@ if ! grep -q "export LC_CTYPE" $HOME/.bashrc; then # Set VI and NANO in utf8 echo "export LC_CTYPE=en_US.UTF-8" >> $HOME/.bashrc echo "shopt -s direxpand" >> $HOME/.bashrc - cat >> $HOME/.vimrc <<'EOT' + cat >> $HOME/.vimrc <" get_docker_prefix # Login only if needed if ! docker system info 2>/dev/null | grep -q "Username"; then @@ -484,6 +486,7 @@ docker_login() { fi exit_on_error "Docker Login" } +export -f docker_login # -- ocir_docker_push_app ------------------------------------------------------- ocir_docker_push_app() { diff --git a/py_oci_starter.py b/py_oci_starter.py index f7a99f2a..67b1b0d7 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -908,7 +908,7 @@ def create_output_dir(): if params.get('java_vm') == "graalvm": params['java_docker'] = 'container-registry.oracle.com/graalvm/jdk:25' else: - params['java_docker'] = 'container-registry.oracle.com/eclipse-temurin:25' + params['java_docker'] = 'docker.io/library/eclipse-temurin:25' # Check if any script exists that is NOT build_rest.sh has_build_rest = False From 189aad96747e3bb53254bc74d253371dfa24eda0 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 24 Apr 2026 18:53:42 +0200 Subject: [PATCH 017/115] v5.0 --- test_suite/test_bastion_lock.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/test_suite/test_bastion_lock.sh b/test_suite/test_bastion_lock.sh index de496290..33c70354 100644 --- a/test_suite/test_bastion_lock.sh +++ b/test_suite/test_bastion_lock.sh @@ -1,9 +1,12 @@ #!/usr/bin/env bash LOCKFILE="$HOME/bastion_lock" -TIMEOUT=100 +TIMEOUT=300 WAIT=5 ELAPSED=0 +DATE_POSTFIX=`date '+%Y%m%d-%H%M%S'` +NAME=$DATE_POSTFIX - $1" +echo "$NAME" >> bastion_lock_waiting while [ "$ELAPSED" -lt "$TIMEOUT" ]; do if [ -e "$LOCKFILE" ]; then @@ -12,7 +15,7 @@ while [ "$ELAPSED" -lt "$TIMEOUT" ]; do # Try to create the lock atomically if ( set -o noclobber; > "$LOCKFILE" ) 2> /dev/null; then echo "Lock acquired." - echo "$1" >> bastion_lock_history + sed -i "s&$NAME&$NAME - $ELAPSED secs" bastion_lock_waiting rm -Rf $HOME/app/* exit 0 else @@ -24,5 +27,6 @@ while [ "$ELAPSED" -lt "$TIMEOUT" ]; do ELAPSED=$((ELAPSED + WAIT)) done +sed -i "s&$NAME&$NAME - ERROR TIMEOUT" bastion_lock_waiting echo "Failed to acquire lock after ${TIMEOUT} seconds." exit 1 \ No newline at end of file From 1b241ee2b4776a00919d0d3fc659bd1838727629 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 24 Apr 2026 19:16:13 +0200 Subject: [PATCH 018/115] v5.0 --- option/src/app/python_langgraph/after_auto_env.sh | 0 test_suite/test_bastion_lock.sh | 6 +++--- 2 files changed, 3 insertions(+), 3 deletions(-) mode change 100644 => 100755 option/src/app/python_langgraph/after_auto_env.sh mode change 100644 => 100755 test_suite/test_bastion_lock.sh diff --git a/option/src/app/python_langgraph/after_auto_env.sh b/option/src/app/python_langgraph/after_auto_env.sh old mode 100644 new mode 100755 diff --git a/test_suite/test_bastion_lock.sh b/test_suite/test_bastion_lock.sh old mode 100644 new mode 100755 index 33c70354..0494390c --- a/test_suite/test_bastion_lock.sh +++ b/test_suite/test_bastion_lock.sh @@ -5,7 +5,7 @@ TIMEOUT=300 WAIT=5 ELAPSED=0 DATE_POSTFIX=`date '+%Y%m%d-%H%M%S'` -NAME=$DATE_POSTFIX - $1" +NAME="$DATE_POSTFIX - $1" echo "$NAME" >> bastion_lock_waiting while [ "$ELAPSED" -lt "$TIMEOUT" ]; do @@ -15,7 +15,7 @@ while [ "$ELAPSED" -lt "$TIMEOUT" ]; do # Try to create the lock atomically if ( set -o noclobber; > "$LOCKFILE" ) 2> /dev/null; then echo "Lock acquired." - sed -i "s&$NAME&$NAME - $ELAPSED secs" bastion_lock_waiting + sed -i "s/$NAME/$NAME - $ELAPSED secs/" bastion_lock_waiting rm -Rf $HOME/app/* exit 0 else @@ -27,6 +27,6 @@ while [ "$ELAPSED" -lt "$TIMEOUT" ]; do ELAPSED=$((ELAPSED + WAIT)) done -sed -i "s&$NAME&$NAME - ERROR TIMEOUT" bastion_lock_waiting +sed -i "s/$NAME/$NAME - ERROR TIMEOUT/" bastion_lock_waiting echo "Failed to acquire lock after ${TIMEOUT} seconds." exit 1 \ No newline at end of file From 5a6ee67cc67ffc72a1c5c464bf8d3c4ead792039 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 24 Apr 2026 19:20:20 +0200 Subject: [PATCH 019/115] v5.0 --- test_suite/test_bastion_lock.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test_suite/test_bastion_lock.sh b/test_suite/test_bastion_lock.sh index 0494390c..b80c13bf 100755 --- a/test_suite/test_bastion_lock.sh +++ b/test_suite/test_bastion_lock.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash +cd $HOME -LOCKFILE="$HOME/bastion_lock" +LOCKFILE="bastion_lock" TIMEOUT=300 WAIT=5 ELAPSED=0 From 86a73e7fae938affdc319832e456b2e143c3a5f5 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 24 Apr 2026 20:35:16 +0200 Subject: [PATCH 020/115] v5.0 --- basis/bin/deploy_bastion.j2.sh | 4 ++-- basis/bin/deploy_compute.sh | 2 +- todo_oci_bastion/deploy_compute.sh | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/basis/bin/deploy_bastion.j2.sh b/basis/bin/deploy_bastion.j2.sh index 91b01319..e0b9ed3c 100755 --- a/basis/bin/deploy_bastion.j2.sh +++ b/basis/bin/deploy_bastion.j2.sh @@ -58,5 +58,5 @@ while [ true ]; do i=$(($i+1)) done -ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$BASTION_IP "bash compute/compute_install.sh 2>&1 | tee -a compute/compute_install.log" -exit_on_error "Deploy Bastion -" +ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$BASTION_IP "bash compute/compute_install.sh 2>&1 | tee compute/compute_install.log" +exit_on_error "Deploy Bastion - ssh" diff --git a/basis/bin/deploy_compute.sh b/basis/bin/deploy_compute.sh index bb792860..ef32e58a 100755 --- a/basis/bin/deploy_compute.sh +++ b/basis/bin/deploy_compute.sh @@ -12,6 +12,6 @@ echo "COMPUTE_IP=$COMPUTE_IP" cp $TARGET_DIR/tf_env.sh $TARGET_DIR/compute/compute/. scp_via_bastion "target/compute/*" opc@$COMPUTE_IP:/home/opc/. -ssh -o StrictHostKeyChecking=no -oProxyCommand="$BASTION_PROXY_COMMAND" opc@$COMPUTE_IP "bash compute/compute_install.sh 2>&1 | tee -a compute/compute_install.log" +ssh -o StrictHostKeyChecking=no -oProxyCommand="$BASTION_PROXY_COMMAND" opc@$COMPUTE_IP "bash compute/compute_install.sh 2>&1 | tee compute/compute_install.log" exit_on_error "Deploy Compute - ssh" diff --git a/todo_oci_bastion/deploy_compute.sh b/todo_oci_bastion/deploy_compute.sh index 52f23888..b2d3f9eb 100755 --- a/todo_oci_bastion/deploy_compute.sh +++ b/todo_oci_bastion/deploy_compute.sh @@ -20,5 +20,5 @@ eval "$(ssh-agent -s)" ssh-add $TF_VAR_ssh_private_path scp -r -o StrictHostKeyChecking=no -oProxyCommand="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p $BASTION_USER_HOST" target/compute/* opc@$BASTION_IP:/home/opc/. -ssh -o StrictHostKeyChecking=no -oProxyCommand="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p $BASTION_USER_HOST" opc@$BASTION_IP "export TF_VAR_java_version=\"$TF_VAR_java_version\";export TF_VAR_java_vm=\"$TF_VAR_java_vm\";export TF_VAR_language=\"$TF_VAR_language\";export JDBC_URL=\"$JDBC_URL\";export DB_URL=\"$DB_URL\";export DB_USER=\"$TF_VAR_db_user\";export DB_PASSWORD=\"$TF_VAR_db_password\";export TF_VAR_namespace=\"$TF_VAR_namespace\";export TF_VAR_prefix=\"$TF_VAR_prefix\";bash compute/compute_install.sh 2>&1 | tee -a compute/compute_install.log" +ssh -o StrictHostKeyChecking=no -oProxyCommand="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p $BASTION_USER_HOST" opc@$BASTION_IP "export TF_VAR_java_version=\"$TF_VAR_java_version\";export TF_VAR_java_vm=\"$TF_VAR_java_vm\";export TF_VAR_language=\"$TF_VAR_language\";export JDBC_URL=\"$JDBC_URL\";export DB_URL=\"$DB_URL\";export DB_USER=\"$TF_VAR_db_user\";export DB_PASSWORD=\"$TF_VAR_db_password\";export TF_VAR_namespace=\"$TF_VAR_namespace\";export TF_VAR_prefix=\"$TF_VAR_prefix\";bash compute/compute_install.sh 2>&1 | tee compute/compute_install.log" From afff827b3395ca646a190fabb4102abd1db763ce Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 01:15:09 +0200 Subject: [PATCH 021/115] v5.0 --- basis/src/app/rest/k8s.j2.yaml | 7 +++++++ option/src/app/python_langgraph/rest/start.sh | 1 + .../python_responses/rest/{start.sh => start.j2.sh} | 6 ++++++ .../src/app/python_responses/ui/nginx_app.locations | 11 +++++++++++ 4 files changed, 25 insertions(+) rename option/src/app/python_responses/rest/{start.sh => start.j2.sh} (58%) create mode 100644 option/src/app/python_responses/ui/nginx_app.locations diff --git a/basis/src/app/rest/k8s.j2.yaml b/basis/src/app/rest/k8s.j2.yaml index f7f096a0..6d24986d 100644 --- a/basis/src/app/rest/k8s.j2.yaml +++ b/basis/src/app/rest/k8s.j2.yaml @@ -66,6 +66,13 @@ spec: secretKeyRef: name: {{ prefix }}-db-secret key: TF_VAR_nosql_endpoint +{%- endif %} +{%- if python_framework == "langgraph" %} + - name: MCP_URL + value: "http://{{ prefix }}-mcp-server-service:2025/mcp" +{%- elif python_framework == "responses" %} + - name: MCP_URL + value: "https://##TF_VAR_ingress_ip##/##TF_VAR_prefix##/mcp_server/mcp" {%- endif %} imagePullSecrets: - name: ocirsecret diff --git a/option/src/app/python_langgraph/rest/start.sh b/option/src/app/python_langgraph/rest/start.sh index 6870493a..c1ba1a95 100755 --- a/option/src/app/python_langgraph/rest/start.sh +++ b/option/src/app/python_langgraph/rest/start.sh @@ -4,6 +4,7 @@ cd $SCRIPT_DIR export PATH=~/.local/bin/:$PATH . $HOME/compute/tf_env.sh +export MCP_SERVER_URL="http://localhost:2025/mcp" # Start LangGraph CompiledStateGraph on port 2024 source myenv/bin/activate diff --git a/option/src/app/python_responses/rest/start.sh b/option/src/app/python_responses/rest/start.j2.sh similarity index 58% rename from option/src/app/python_responses/rest/start.sh rename to option/src/app/python_responses/rest/start.j2.sh index ee83b8cc..4d101e87 100755 --- a/option/src/app/python_responses/rest/start.sh +++ b/option/src/app/python_responses/rest/start.j2.sh @@ -5,6 +5,12 @@ export PATH=~/.local/bin/:$PATH . $HOME/compute/tf_env.sh +{%- if deploy_type == "public_compute" %} +export MCP_URL="http://$BASTION_IP/mcp_server/mcp" +{%- else %} +export MCP_URL="https://$APIGW_HOSTNAME/$PREFIX/mcp_server/mcp" +{%- endif %} + # Default port is 2025 source myenv/bin/activate python responses.py 2>&1 | tee rest.log diff --git a/option/src/app/python_responses/ui/nginx_app.locations b/option/src/app/python_responses/ui/nginx_app.locations new file mode 100644 index 00000000..1880c950 --- /dev/null +++ b/option/src/app/python_responses/ui/nginx_app.locations @@ -0,0 +1,11 @@ + + location /app/ { + proxy_http_version 1.1; + proxy_pass http://localhost:8080/; + } + + location /mcp_server/ { + proxy_http_version 1.1; + proxy_pass http://localhost:2025/; + } + From 025a2ff51764e25f31376869798997654cf74891 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 01:18:16 +0200 Subject: [PATCH 022/115] v5.0 --- option/src/app/python_langgraph/after_auto_env.sh | 9 --------- 1 file changed, 9 deletions(-) delete mode 100755 option/src/app/python_langgraph/after_auto_env.sh diff --git a/option/src/app/python_langgraph/after_auto_env.sh b/option/src/app/python_langgraph/after_auto_env.sh deleted file mode 100755 index 530540e9..00000000 --- a/option/src/app/python_langgraph/after_auto_env.sh +++ /dev/null @@ -1,9 +0,0 @@ -XXXXX -# Kubernetes -if [ "$TF_VAR_deploy_type" == "kubernetes" ]; then - append_tf_env "export LANGGRAPH_URL=\"http://langgraph-service:2024\"" - append_tf_env "export MCP_SERVER_URL=\"http://mcp-server-service:2025/mcp\"" -else - append_tf_env "export LANGGRAPH_URL=\"http://127.0.0.1:2024\"" - append_tf_env "export MCP_SERVER_URL=\"http://localhost:2025/mcp\"" -fi \ No newline at end of file From bc0fc9b8f1ed2c0aac643e912391126f0d458d89 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 09:42:11 +0200 Subject: [PATCH 023/115] v5.0 --- basis/src/app/rest/k8s.j2.yaml | 4 ++-- option/src/app/python_responses/rest/start.j2.sh | 4 ++-- option/src/ui/langgraph/ui/html/chat.css | 5 +++++ option/src/ui/langgraph/ui/html/chat.js | 4 ++-- test_suite/test_done.sh | 3 ++- 5 files changed, 13 insertions(+), 7 deletions(-) diff --git a/basis/src/app/rest/k8s.j2.yaml b/basis/src/app/rest/k8s.j2.yaml index 6d24986d..f3cf5d85 100644 --- a/basis/src/app/rest/k8s.j2.yaml +++ b/basis/src/app/rest/k8s.j2.yaml @@ -68,10 +68,10 @@ spec: key: TF_VAR_nosql_endpoint {%- endif %} {%- if python_framework == "langgraph" %} - - name: MCP_URL + - name: MCP_SERVER_URL value: "http://{{ prefix }}-mcp-server-service:2025/mcp" {%- elif python_framework == "responses" %} - - name: MCP_URL + - name: MCP_SERVER_URL value: "https://##TF_VAR_ingress_ip##/##TF_VAR_prefix##/mcp_server/mcp" {%- endif %} imagePullSecrets: diff --git a/option/src/app/python_responses/rest/start.j2.sh b/option/src/app/python_responses/rest/start.j2.sh index 4d101e87..53c599b1 100755 --- a/option/src/app/python_responses/rest/start.j2.sh +++ b/option/src/app/python_responses/rest/start.j2.sh @@ -6,9 +6,9 @@ export PATH=~/.local/bin/:$PATH . $HOME/compute/tf_env.sh {%- if deploy_type == "public_compute" %} -export MCP_URL="http://$BASTION_IP/mcp_server/mcp" +export MCP_SERVER_URL="http://$BASTION_IP/mcp_server/mcp" {%- else %} -export MCP_URL="https://$APIGW_HOSTNAME/$PREFIX/mcp_server/mcp" +export MCP_SERVER_URL="https://$APIGW_HOSTNAME/$PREFIX/mcp_server/mcp" {%- endif %} # Default port is 2025 diff --git a/option/src/ui/langgraph/ui/html/chat.css b/option/src/ui/langgraph/ui/html/chat.css index dc5220e6..61ebac31 100644 --- a/option/src/ui/langgraph/ui/html/chat.css +++ b/option/src/ui/langgraph/ui/html/chat.css @@ -82,9 +82,14 @@ body { border-bottom-right-radius: 18px; border-top-right-radius: 18px; border-top-left-radius: 18px; + overflow: visible; +} + +.bubble-content { overflow: auto; } + form { display: flex; gap: 8px; diff --git a/option/src/ui/langgraph/ui/html/chat.js b/option/src/ui/langgraph/ui/html/chat.js index ed47548e..e1a11041 100644 --- a/option/src/ui/langgraph/ui/html/chat.js +++ b/option/src/ui/langgraph/ui/html/chat.js @@ -117,10 +117,10 @@ async function renderMessage(msgObj) { let innerHTML = ''; // Human message if (msgObj.type === 'human') { - innerHTML = `
You
${renderMarkdown(msgObj.content)}
`; + innerHTML = `
You
${renderMarkdown(msgObj.content)}
`; } else if (msgObj.type === 'ai') { if (msgObj.content) { - innerHTML = `
AI
${await renderContent(msgObj.content)}
`; + innerHTML = `
AI
${await renderContent(msgObj.content)}
`; } else if (msgObj.tool_calls && msgObj.tool_calls.length > 0) { const toolNames = msgObj.tool_calls.map(t => t.name).join(' - '); let bubble = `
Tool Calls - ${toolNames}
`; diff --git a/test_suite/test_done.sh b/test_suite/test_done.sh index b5a06b35..d640848e 100755 --- a/test_suite/test_done.sh +++ b/test_suite/test_done.sh @@ -8,7 +8,8 @@ if [ "$UI_URL" != "" ]; then rm -Rf $TMP_PATH mkdir -p $TMP_PATH echo $UI_URL > $TMP_PATH/ui_url.txt - + echo "URL = $UI_URL" + if [ "$TF_VAR_deploy_type" == "kubernetes" ]; then kubectl wait --for=condition=ready pod ${TF_VAR_prefix}-app kubectl wait --for=condition=ready pod ${TF_VAR_prefix}-ui From 2423b5ff2562ef25a93f0ed433767b09cd8b4dbc Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 10:11:27 +0200 Subject: [PATCH 024/115] v5.0 --- test_suite/test_suite_shared.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test_suite/test_suite_shared.sh b/test_suite/test_suite_shared.sh index 1530b7c1..e486420e 100755 --- a/test_suite/test_suite_shared.sh +++ b/test_suite/test_suite_shared.sh @@ -50,7 +50,7 @@ test_run_100() { x=0 while [ $x -lt 100 ]; do curl $UI_URL/app/dept -s -D $TMP_PATH/speed_json.log > $TMP_PATH/speed.json - if grep -q -i "deptno" $TMP_PATH/speed.json; then + if grep -qiE "deptno|department" $TMP_PATH/speed.json; then CSV_RUN100_OK=$(( $CSV_RUN100_OK + 1 )) fi x=$(( $x + 1 )) @@ -88,13 +88,13 @@ build_test () { else echo -e "\u274C RESULT HTML - starter or deptno or messages not found. ***** BAD ******" fi - if grep -q -i "deptno" $TMP_PATH/result_dept.json; then - echo -e "\u2705 RESULT JSON: deptno found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 + if grep -qiE "deptno|department" $TMP_PATH/result_dept.json; then + echo -e "\u2705 RESULT JSON: deptno found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 CSV_JSON_OK=1 else echo -e "\u274C RESULT JSON: no deptno found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 fi - echo -e "\u2139 RESULT INFO: "`cat $TMP_PATH/result_info.html` | cut -c 1-100 + echo -e "\u2139 RESULT INFO: "`cat $TMP_PATH/result_info.html` | cut -c 1-100 else echo -e "\u274C ERROR: No file $TMP_PATH/result_html.html" fi From a94f7ca742b4c2732a83ff8f2d61cc2458bc1a13 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 10:11:48 +0200 Subject: [PATCH 025/115] v5.0 --- test_suite/test_done.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_suite/test_done.sh b/test_suite/test_done.sh index d640848e..c9f394fd 100755 --- a/test_suite/test_done.sh +++ b/test_suite/test_done.sh @@ -50,7 +50,7 @@ if [ "$UI_URL" != "" ]; then fi # Check (Same test is also done test_suite_shared) - if grep -q -i "deptno" $TMP_PATH/result_dept.json; then + if grep -qiE "deptno|department" $TMP_PATH/result_dept.json; then echo -e "\u2705 deptno detected" break else From e01ae2c1de808df5cc8403291e6d78a1c53de216 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 10:12:53 +0200 Subject: [PATCH 026/115] v5.0 --- test_suite/test_done.sh | 6 +++--- test_suite/test_suite_shared.sh | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test_suite/test_done.sh b/test_suite/test_done.sh index c9f394fd..8261924e 100755 --- a/test_suite/test_done.sh +++ b/test_suite/test_done.sh @@ -51,16 +51,16 @@ if [ "$UI_URL" != "" ]; then # Check (Same test is also done test_suite_shared) if grep -qiE "deptno|department" $TMP_PATH/result_dept.json; then - echo -e "\u2705 deptno detected" + echo -e "\u2705 deptno or department detected" break else - echo -e "Waiting 5 secs: deptno not found" + echo -e "Waiting 5 secs: deptno or department not found" fi sleep 5 x=$(( $x + 1 )) done if [ "$x" == "20" ]; then - echo -e "\u2705 deptno not detected in $UI_URL/app/dept" + echo -e "\u2705 deptno or department not detected in $UI_URL/app/dept" fi echo "See $TMP_PATH/result_dept.json" diff --git a/test_suite/test_suite_shared.sh b/test_suite/test_suite_shared.sh index e486420e..f378c0a6 100755 --- a/test_suite/test_suite_shared.sh +++ b/test_suite/test_suite_shared.sh @@ -89,10 +89,10 @@ build_test () { echo -e "\u274C RESULT HTML - starter or deptno or messages not found. ***** BAD ******" fi if grep -qiE "deptno|department" $TMP_PATH/result_dept.json; then - echo -e "\u2705 RESULT JSON: deptno found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 + echo -e "\u2705 RESULT JSON: deptno or department found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 CSV_JSON_OK=1 else - echo -e "\u274C RESULT JSON: no deptno found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 + echo -e "\u274C RESULT JSON: no deptno or department found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 fi echo -e "\u2139 RESULT INFO: "`cat $TMP_PATH/result_info.html` | cut -c 1-100 else From 15d124d71a66722d9bd501563bb63ab99f7d905d Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 10:30:35 +0200 Subject: [PATCH 027/115] v5.0 --- test_suite/test_suite_shared.sh | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/test_suite/test_suite_shared.sh b/test_suite/test_suite_shared.sh index f378c0a6..b2d9900c 100755 --- a/test_suite/test_suite_shared.sh +++ b/test_suite/test_suite_shared.sh @@ -59,7 +59,7 @@ test_run_100() { CSV_RUN100_SECOND=`echo "scale=2;($END-$START)/1" | bc` echo "Speed Test Result (100 runs):" echo "- Time in seconds: $CSV_RUN100_SECOND" - echo "- OK (results including deptno): $CSV_RUN100_OK" + echo "- OK (results including deptno or department): $CSV_RUN100_OK" } build_test () { @@ -81,6 +81,7 @@ build_test () { TMP_PATH="/tmp/$PREFIX" echo "build_secs_$BUILD_ID=$SECONDS" >> ${TEST_DIR}_time.txt + cat $TMP_PATH/ui_url.txt if [ -f $TMP_PATH/result_html.html ]; then if grep -qiE "starter|deptno|messages" "$TMP_PATH/result_html.html"; then echo -e "\u2705 RESULT HTML: OK" @@ -88,11 +89,15 @@ build_test () { else echo -e "\u274C RESULT HTML - starter or deptno or messages not found. ***** BAD ******" fi - if grep -qiE "deptno|department" $TMP_PATH/result_dept.json; then - echo -e "\u2705 RESULT JSON: deptno or department found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 - CSV_JSON_OK=1 + if [ -f $TMP_PATH/result_dept.json ]; then + if grep -qiE "deptno|department" $TMP_PATH/result_dept.json; then + echo -e "\u2705 RESULT JSON: deptno or department found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 + CSV_JSON_OK=1 + else + echo -e "\u274C RESULT JSON: no deptno or department found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 + fi else - echo -e "\u274C RESULT JSON: no deptno or department found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 + echo -e "\u274C ERROR: No file $TMP_PATH/result_dept.json" fi echo -e "\u2139 RESULT INFO: "`cat $TMP_PATH/result_info.html` | cut -c 1-100 else From d117ac9ab6ee50816994fe2c2acee29e68c265ef Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 11:02:53 +0200 Subject: [PATCH 028/115] v5.0 --- test_suite/test_suite_shared.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/test_suite/test_suite_shared.sh b/test_suite/test_suite_shared.sh index b2d9900c..67541ecc 100755 --- a/test_suite/test_suite_shared.sh +++ b/test_suite/test_suite_shared.sh @@ -91,15 +91,16 @@ build_test () { fi if [ -f $TMP_PATH/result_dept.json ]; then if grep -qiE "deptno|department" $TMP_PATH/result_dept.json; then - echo -e "\u2705 RESULT JSON: deptno or department found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 + RESULT=`cat $TMP_PATH/result_dept.json` | cut -c 1-100 + echo -e "\u2705 RESULT JSON: deptno or department found - $(cut -c 1-100 "$TMP_PATH/result_dept.json")" CSV_JSON_OK=1 else - echo -e "\u274C RESULT JSON: no deptno or department found - "`cat $TMP_PATH/result_dept.json` | cut -c 1-100 + echo -e "\u274C RESULT JSON: no deptno or department found - $(cut -c 1-100 "$TMP_PATH/result_dept.json")" fi else echo -e "\u274C ERROR: No file $TMP_PATH/result_dept.json" fi - echo -e "\u2139 RESULT INFO: "`cat $TMP_PATH/result_info.html` | cut -c 1-100 + echo -e "\u2139 RESULT INFO: - $(cut -c 1-100 "$TMP_PATH/result_info.html")" else echo -e "\u274C ERROR: No file $TMP_PATH/result_html.html" fi From d6495041d5e2f9345c8d6eca2b3a27f145fd302c Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 11:17:36 +0200 Subject: [PATCH 029/115] v5.0 --- test_suite/test_suite_shared.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test_suite/test_suite_shared.sh b/test_suite/test_suite_shared.sh index 67541ecc..14670eaf 100755 --- a/test_suite/test_suite_shared.sh +++ b/test_suite/test_suite_shared.sh @@ -105,12 +105,12 @@ build_test () { echo -e "\u274C ERROR: No file $TMP_PATH/result_html.html" fi - mv $TMP_PATH/result_html.html ${TEST_DIR}_${BUILD_ID}_result_html.html 2>/dev/null; - mv $TMP_PATH/result_dept.json ${TEST_DIR}_${BUILD_ID}_result_dept.json 2>/dev/null; - mv $TMP_PATH/result_info.html ${TEST_DIR}_${BUILD_ID}_result_info.html 2>/dev/null; - mv $TMP_PATH/result_html.log ${TEST_DIR}_${BUILD_ID}_result_html.log 2>/dev/null; - mv $TMP_PATH/result_dept.log ${TEST_DIR}_${BUILD_ID}_result_dept.log 2>/dev/null; - mv $TMP_PATH/result_info.log ${TEST_DIR}_${BUILD_ID}_result_info.log 2>/dev/null; + cp $TMP_PATH/result_html.html ${TEST_DIR}_${BUILD_ID}_result_html.html 2>/dev/null; + cp $TMP_PATH/result_dept.json ${TEST_DIR}_${BUILD_ID}_result_dept.json 2>/dev/null; + cp $TMP_PATH/result_info.html ${TEST_DIR}_${BUILD_ID}_result_info.html 2>/dev/null; + cp $TMP_PATH/result_html.log ${TEST_DIR}_${BUILD_ID}_result_html.log 2>/dev/null; + cp $TMP_PATH/result_dept.log ${TEST_DIR}_${BUILD_ID}_result_dept.log 2>/dev/null; + cp $TMP_PATH/result_info.log ${TEST_DIR}_${BUILD_ID}_result_info.log 2>/dev/null; if [ "$CSV_JSON_OK" == "1" ]; then test_run_100 From 29ee6e9658a54c15bf5f554e7f3317556b0996e0 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 11:41:00 +0200 Subject: [PATCH 030/115] v5.0 --- option/src/ui/langgraph/ui/html/chat.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/option/src/ui/langgraph/ui/html/chat.js b/option/src/ui/langgraph/ui/html/chat.js index e1a11041..e8d0a4db 100644 --- a/option/src/ui/langgraph/ui/html/chat.js +++ b/option/src/ui/langgraph/ui/html/chat.js @@ -5,10 +5,10 @@ mermaid.initialize({ startOnLoad: false }); // -- Variables ----------------------------------------------------------------- -let BASE_URL = '/app'; +let BASE_URL = 'app'; let currentBackend = 'LangGraph'; const backends = [ - { name: 'LangGraph', baseUrl: '/app' } + { name: 'LangGraph', baseUrl: 'app' } ]; let currentAgent = 'agent'; let currentUser = 'customer'; From 294fa2a645faa950df08af9294da88fae387dbda Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 11:43:08 +0200 Subject: [PATCH 031/115] v5.0 --- test_suite/test_suite_shared.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_suite/test_suite_shared.sh b/test_suite/test_suite_shared.sh index 14670eaf..2b970c33 100755 --- a/test_suite/test_suite_shared.sh +++ b/test_suite/test_suite_shared.sh @@ -81,7 +81,7 @@ build_test () { TMP_PATH="/tmp/$PREFIX" echo "build_secs_$BUILD_ID=$SECONDS" >> ${TEST_DIR}_time.txt - cat $TMP_PATH/ui_url.txt + echo "$(cat $TMP_PATH/ui_url.txt)/" if [ -f $TMP_PATH/result_html.html ]; then if grep -qiE "starter|deptno|messages" "$TMP_PATH/result_html.html"; then echo -e "\u2705 RESULT HTML: OK" From 6a9ba081fdbd723e7d72525f9d6b6e02ef5327b9 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 12:22:12 +0200 Subject: [PATCH 032/115] v5.0 --- basis/src/done.j2.sh | 8 ++++++-- option/src/app/python_responses/rest/start.j2.sh | 2 +- option/terraform/apigw.j2.tf | 2 ++ 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/basis/src/done.j2.sh b/basis/src/done.j2.sh index 5477edd4..93b4624f 100755 --- a/basis/src/done.j2.sh +++ b/basis/src/done.j2.sh @@ -18,8 +18,12 @@ if [ "$UI_URL" != "" ]; then if [ "$UI_HTTP" != "" ]; then append_done "- HTTP : $UI_HTTP/" fi - append_done "- REST: $UI_URL/app/dept" - append_done "- REST: $UI_URL/app/info" + if [ "$TF_VAR_ui_type" == "langgraph" ]; then + append_done "- REST: $UI_URL/app/dept" + append_done "- REST: $UI_URL/app/info" + else + append_done "- REST: $UI_URL/app/threads" + fi {%- if language=="java" and java_framework=="tomcat" %} append_done "- REST: $UI_URL/app/index.jsp" {%- endif %} diff --git a/option/src/app/python_responses/rest/start.j2.sh b/option/src/app/python_responses/rest/start.j2.sh index 53c599b1..11e95cc7 100755 --- a/option/src/app/python_responses/rest/start.j2.sh +++ b/option/src/app/python_responses/rest/start.j2.sh @@ -8,7 +8,7 @@ export PATH=~/.local/bin/:$PATH {%- if deploy_type == "public_compute" %} export MCP_SERVER_URL="http://$BASTION_IP/mcp_server/mcp" {%- else %} -export MCP_SERVER_URL="https://$APIGW_HOSTNAME/$PREFIX/mcp_server/mcp" +export MCP_SERVER_URL="https://$APIGW_HOSTNAME/$TF_VAR_prefix/mcp_server/mcp" {%- endif %} # Default port is 2025 diff --git a/option/terraform/apigw.j2.tf b/option/terraform/apigw.j2.tf index dbaee3e6..bf69b382 100644 --- a/option/terraform/apigw.j2.tf +++ b/option/terraform/apigw.j2.tf @@ -11,6 +11,7 @@ data "oci_apigateway_gateway" "starter_apigw" { locals { apigw_ocid = var.apigw_ocid apigw_ip = try(data.oci_apigateway_gateway.starter_apigw.ip_addresses[0].ip_address,"") + local_apigw_hostname = data.oci_apigateway_gateway.starter_apigw.hostname } {%- else %} @@ -41,6 +42,7 @@ resource "oci_apigateway_api" "starter_api" { locals { apigw_ocid = try(oci_apigateway_gateway.starter_apigw.id, "") apigw_ip = try(oci_apigateway_gateway.starter_apigw.ip_addresses[0].ip_address,"") + local_apigw_hostname = oci_apigateway_gateway.starter_apigw.hostname } {%- endif %} From 5535efb49d7b0369cb64a1203c5080eb83d33f7b Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 12:40:07 +0200 Subject: [PATCH 033/115] v5.0 --- option/src/app/python_langgraph/rest/Dockerfile | 11 +++++++++++ .../python_responses/rest/{responses.py => rest.py} | 0 option/src/app/python_responses/rest/start.j2.sh | 2 +- 3 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 option/src/app/python_langgraph/rest/Dockerfile rename option/src/app/python_responses/rest/{responses.py => rest.py} (100%) diff --git a/option/src/app/python_langgraph/rest/Dockerfile b/option/src/app/python_langgraph/rest/Dockerfile new file mode 100644 index 00000000..a430386e --- /dev/null +++ b/option/src/app/python_langgraph/rest/Dockerfile @@ -0,0 +1,11 @@ +FROM python:3-bookworm + +RUN pip install --upgrade pip + +WORKDIR /app +ENV PATH="/app/.local/bin:${PATH}" +COPY ./ /app/ +RUN pip3 install -r requirements.txt + +ENTRYPOINT ["langgraph", "dev", "--port 8080", "--host 0.0.0.0"] + diff --git a/option/src/app/python_responses/rest/responses.py b/option/src/app/python_responses/rest/rest.py similarity index 100% rename from option/src/app/python_responses/rest/responses.py rename to option/src/app/python_responses/rest/rest.py diff --git a/option/src/app/python_responses/rest/start.j2.sh b/option/src/app/python_responses/rest/start.j2.sh index 11e95cc7..36a934d4 100755 --- a/option/src/app/python_responses/rest/start.j2.sh +++ b/option/src/app/python_responses/rest/start.j2.sh @@ -13,4 +13,4 @@ export MCP_SERVER_URL="https://$APIGW_HOSTNAME/$TF_VAR_prefix/mcp_server/mcp" # Default port is 2025 source myenv/bin/activate -python responses.py 2>&1 | tee rest.log +python rest.py 2>&1 | tee rest.log From b3496ffcfd8c7aee5afcf55083f447f9a474b728 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 13:13:06 +0200 Subject: [PATCH 034/115] v5.0 --- basis/src/app/rest/k8s.j2.yaml | 14 ++++++++++++++ option/src/app/python_langgraph/rest/Dockerfile | 4 ++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/basis/src/app/rest/k8s.j2.yaml b/basis/src/app/rest/k8s.j2.yaml index f3cf5d85..f944a0b8 100644 --- a/basis/src/app/rest/k8s.j2.yaml +++ b/basis/src/app/rest/k8s.j2.yaml @@ -67,9 +67,23 @@ spec: name: {{ prefix }}-db-secret key: TF_VAR_nosql_endpoint {%- endif %} +{%- if python_framework in [ "langgraph", "responses" ] %} + - name: TF_VAR_region + valueFrom: + configMapKeyRef: + name: tf-env-configmap + key: TF_VAR_region + - name: TF_VAR_compartment_ocid + valueFrom: + configMapKeyRef: + name: tf-env-configmap + key: TF_VAR_compartment_ocid +{%- endif %} {%- if python_framework == "langgraph" %} - name: MCP_SERVER_URL value: "http://{{ prefix }}-mcp-server-service:2025/mcp" + - name: TF_VAR_region + value: "##TF_VAR_region##" {%- elif python_framework == "responses" %} - name: MCP_SERVER_URL value: "https://##TF_VAR_ingress_ip##/##TF_VAR_prefix##/mcp_server/mcp" diff --git a/option/src/app/python_langgraph/rest/Dockerfile b/option/src/app/python_langgraph/rest/Dockerfile index a430386e..ade6e9c3 100644 --- a/option/src/app/python_langgraph/rest/Dockerfile +++ b/option/src/app/python_langgraph/rest/Dockerfile @@ -6,6 +6,6 @@ WORKDIR /app ENV PATH="/app/.local/bin:${PATH}" COPY ./ /app/ RUN pip3 install -r requirements.txt - -ENTRYPOINT ["langgraph", "dev", "--port 8080", "--host 0.0.0.0"] +WORKDIR "/app/agent" +ENTRYPOINT ["langgraph", "dev", "--port", "8080", "--host "0.0.0.0"] From a11551ddf4772d756487d4bb74ea499e603be75b Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 13:33:08 +0200 Subject: [PATCH 035/115] v5.0 --- option/src/app/python_langgraph/rest/Dockerfile | 2 +- option/src/app/python_mcp_server/mcp_server/k8s.j2.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/option/src/app/python_langgraph/rest/Dockerfile b/option/src/app/python_langgraph/rest/Dockerfile index ade6e9c3..46ac0606 100644 --- a/option/src/app/python_langgraph/rest/Dockerfile +++ b/option/src/app/python_langgraph/rest/Dockerfile @@ -7,5 +7,5 @@ ENV PATH="/app/.local/bin:${PATH}" COPY ./ /app/ RUN pip3 install -r requirements.txt WORKDIR "/app/agent" -ENTRYPOINT ["langgraph", "dev", "--port", "8080", "--host "0.0.0.0"] +ENTRYPOINT ["langgraph", "dev", "--port", "8080", "--host", "0.0.0.0"] diff --git a/option/src/app/python_mcp_server/mcp_server/k8s.j2.yaml b/option/src/app/python_mcp_server/mcp_server/k8s.j2.yaml index 807cd7f1..4a729480 100644 --- a/option/src/app/python_mcp_server/mcp_server/k8s.j2.yaml +++ b/option/src/app/python_mcp_server/mcp_server/k8s.j2.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ prefix }}-dep + name: {{ prefix }}-mcp-server-dep labels: app: {{ prefix }}-mcp-server spec: @@ -16,7 +16,7 @@ spec: spec: containers: - name: app - image: ##DOCKER_PREFIX##/{{ prefix }}-mcp-server:##DOCKER_IMG_VERSION## + image: ##DOCKER_PREFIX##/{{ prefix }}-mcp_server:##DOCKER_IMG_VERSION## ports: - containerPort: 2025 name: app-port From 8878e93d2191122035bf71cc23674cddc3f057df Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 13:55:38 +0200 Subject: [PATCH 036/115] v5.0 --- option/src/app/python_mcp_server/mcp_server/mcp_server.py | 4 ++-- .../src/app/python_mcp_server/mcp_server/requirements.txt | 8 -------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/option/src/app/python_mcp_server/mcp_server/mcp_server.py b/option/src/app/python_mcp_server/mcp_server/mcp_server.py index 8199fa96..89edc5ac 100644 --- a/option/src/app/python_mcp_server/mcp_server/mcp_server.py +++ b/option/src/app/python_mcp_server/mcp_server/mcp_server.py @@ -24,8 +24,8 @@ def send_email(to: str, subject: str, body: str) -> dict[str, str]: def get_dept() -> list[dict[str, Any]]: """Return all rows from the DEPT table.""" log( "") - user = os.getenv("TF_VAR_db_user") - password = os.getenv("TF_VAR_db_password") + user = os.getenv("DB_USER") + password = os.getenv("DB_PASSWORD") dsn = os.getenv("DB_URL") if not user or not password or not dsn: diff --git a/option/src/app/python_mcp_server/mcp_server/requirements.txt b/option/src/app/python_mcp_server/mcp_server/requirements.txt index 18c5c56d..a4213de4 100644 --- a/option/src/app/python_mcp_server/mcp_server/requirements.txt +++ b/option/src/app/python_mcp_server/mcp_server/requirements.txt @@ -4,13 +4,5 @@ fastmcp #DB26ai oracledb -# Langgraph -langchain_oci -langchain_community -langchain_openai -oci-openai -langgraph-cli[inmem] -langchain_mcp_adapters - # OAuth Caching aiocache \ No newline at end of file From a817e0ae0717cfd67291f74836577f7be4b4fcd9 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 15:14:27 +0200 Subject: [PATCH 037/115] v5.0 --- basis/bin/config_oke.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/basis/bin/config_oke.sh b/basis/bin/config_oke.sh index bd5a7360..15c573fb 100755 --- a/basis/bin/config_oke.sh +++ b/basis/bin/config_oke.sh @@ -66,7 +66,6 @@ if [ ! -f $KUBECONFIG ]; then sleep 10 fi done - date kubectl get all -n ingress-nginx sleep 5 @@ -75,6 +74,9 @@ if [ ! -f $KUBECONFIG ]; then echo "OKE Deploy: Skipping creation of ingress" fi fi +if ! grep -q "TF_VAR_ingress_ip" $TARGET_DIR/tf_env.sh; then + echo "export TF_VAR_ingress_ip=$TF_VAR_ingress_ip" >> $TARGET_DIR/tf_env.sh +fi # Create secrets kubectl delete secret ${TF_VAR_prefix}-db-secret --ignore-not-found=true From 08ac460b23752acbf16ca0878ca0a7afa2cfc5c5 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 18:27:37 +0200 Subject: [PATCH 038/115] v5.0 --- basis/bin/config_oke.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/basis/bin/config_oke.sh b/basis/bin/config_oke.sh index 15c573fb..324364f7 100755 --- a/basis/bin/config_oke.sh +++ b/basis/bin/config_oke.sh @@ -74,7 +74,11 @@ if [ ! -f $KUBECONFIG ]; then echo "OKE Deploy: Skipping creation of ingress" fi fi + if ! grep -q "TF_VAR_ingress_ip" $TARGET_DIR/tf_env.sh; then + if [ "$TF_VAR_ingress_ip" == "" ]; then + export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + fi echo "export TF_VAR_ingress_ip=$TF_VAR_ingress_ip" >> $TARGET_DIR/tf_env.sh fi From fa238bf5a6a3d2bbf1ab0b6fcf4ba39ba89bcc1f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 18:39:57 +0200 Subject: [PATCH 039/115] v5.0 --- basis/src/app/rest/k8s.j2.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/basis/src/app/rest/k8s.j2.yaml b/basis/src/app/rest/k8s.j2.yaml index f944a0b8..e71dc12c 100644 --- a/basis/src/app/rest/k8s.j2.yaml +++ b/basis/src/app/rest/k8s.j2.yaml @@ -85,6 +85,11 @@ spec: - name: TF_VAR_region value: "##TF_VAR_region##" {%- elif python_framework == "responses" %} + - name: TF_VAR_project_ocid + valueFrom: + configMapKeyRef: + name: tf-env-configmap + key: TF_VAR_project_ocid - name: MCP_SERVER_URL value: "https://##TF_VAR_ingress_ip##/##TF_VAR_prefix##/mcp_server/mcp" {%- endif %} From 4656031080d735eb904adbb3ff499c51d5ee6f9f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 19:12:15 +0200 Subject: [PATCH 040/115] v5.0 --- basis/src/app/rest/k8s.j2.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/src/app/rest/k8s.j2.yaml b/basis/src/app/rest/k8s.j2.yaml index e71dc12c..1a65fcef 100644 --- a/basis/src/app/rest/k8s.j2.yaml +++ b/basis/src/app/rest/k8s.j2.yaml @@ -91,7 +91,7 @@ spec: name: tf-env-configmap key: TF_VAR_project_ocid - name: MCP_SERVER_URL - value: "https://##TF_VAR_ingress_ip##/##TF_VAR_prefix##/mcp_server/mcp" + value: "http://##TF_VAR_ingress_ip##/##TF_VAR_prefix##/mcp_server/mcp" {%- endif %} imagePullSecrets: - name: ocirsecret From c228d2bb37ccd4e0099547d901e8624e3579a574 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 22:08:59 +0200 Subject: [PATCH 041/115] v5.0 --- basis/bin/auto_env.sh | 5 + basis/src/app/rest/k8s.j2.yaml | 2 - .../terraform/container_instance_part2.j2.tf | 202 +++++++++++------- 3 files changed, 127 insertions(+), 82 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 41522789..c5c9e06c 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -325,6 +325,11 @@ if [ -f $STATE_FILE ]; then else export TF_VAR_docker_image_rest="busybox" fi + if [ -f $TARGET_DIR/docker_image_mcp_server.txt ]; then + export TF_VAR_docker_image_mcp_server=`cat $TARGET_DIR/docker_image_mcp_server.txt` + else + export TF_VAR_docker_image_mcp_server="busybox" + fi fi # export all OUTPUTS of the terraform file diff --git a/basis/src/app/rest/k8s.j2.yaml b/basis/src/app/rest/k8s.j2.yaml index 1a65fcef..55788c43 100644 --- a/basis/src/app/rest/k8s.j2.yaml +++ b/basis/src/app/rest/k8s.j2.yaml @@ -82,8 +82,6 @@ spec: {%- if python_framework == "langgraph" %} - name: MCP_SERVER_URL value: "http://{{ prefix }}-mcp-server-service:2025/mcp" - - name: TF_VAR_region - value: "##TF_VAR_region##" {%- elif python_framework == "responses" %} - name: TF_VAR_project_ocid valueFrom: diff --git a/option/terraform/container_instance_part2.j2.tf b/option/terraform/container_instance_part2.j2.tf index 2ba3d507..f1cec6c4 100644 --- a/option/terraform/container_instance_part2.j2.tf +++ b/option/terraform/container_instance_part2.j2.tf @@ -1,95 +1,137 @@ locals { - docker_image_ui=data.external.env_part2.result.docker_image_ui - docker_image_rest=data.external.env_part2.result.docker_image_rest + docker_image_ui=data.external.env_part2.result.docker_image_ui + docker_image_rest=data.external.env_part2.result.docker_image_rest + {%- if python_framework in [ "langgraph", "responses" ] %} + docker_image_mcp_server=data.external.env_part2.result.docker_image_mcp_server + {%- endif %} } resource oci_container_instances_container_instance starter_container_instance { - depends_on = [ local.docker_image_ui ] + depends_on = [ local.docker_image_ui ] - availability_domain = local.availability_domain_name - compartment_id = local.lz_app_cmp_ocid - container_restart_policy = "ALWAYS" - containers { - display_name = "rest" - image_url = local.docker_image_rest - is_resource_principal_disabled = "false" - environment_variables = { - {%- if db_type != "none" %} - "DB_URL" = local.local_db_url, - "JDBC_URL" = local.local_jdbc_url, - "DB_USER" = var.db_user != null ? var.db_user : "{{ db_user }}", - "DB_PASSWORD" = var.db_password, - "JAVAX_SQL_DATASOURCE_DS1_DATASOURCE_URL" = local.local_jdbc_url - {%- endif %} - {%- if db_type == "nosql" %} - "TF_VAR_compartment_ocid" = var.compartment_ocid, - # XXX Ideally it should be nosql.${region}.oci.${regionDomain} - "TF_VAR_nosql_endpoint" = "nosql.${var.region}.oci.oraclecloud.com", - {%- endif %} + availability_domain = local.availability_domain_name + compartment_id = local.lz_app_cmp_ocid + container_restart_policy = "ALWAYS" + containers { + display_name = "rest" + image_url = local.docker_image_rest + is_resource_principal_disabled = "false" + environment_variables = { + {%- if db_type != "none" %} + "DB_URL" = local.local_db_url, + "JDBC_URL" = local.local_jdbc_url, + "DB_USER" = var.db_user != null ? var.db_user : "{{ db_user }}", + "DB_PASSWORD" = var.db_password, + "JAVAX_SQL_DATASOURCE_DS1_DATASOURCE_URL" = local.local_jdbc_url + {%- endif %} + {%- if db_type == "nosql" %} + "TF_VAR_compartment_ocid" = var.compartment_ocid, + # XXX Ideally it should be nosql.${region}.oci.${regionDomain} + "TF_VAR_nosql_endpoint" = "nosql.${var.region}.oci.oraclecloud.com", + {%- endif %} + {%- if python_framework in [ "langgraph", "responses" ] %} + "TF_VAR_region" = var.region + "TF_VAR_compartment_ocid" = var.compartment_ocid, + {%- endif %} + {%- if python_framework == "langgraph" %} + "MCP_SERVER_URL" = "http://localhost:2025/mcp" + {%- elif python_framework == "responses" %} + "TF_VAR_project_ocid" = var.project_ocid + "MCP_SERVER_URL" = "https://${local.local_apigw_hostname}/${var.prefix}/mcp_server/mcp" + {%- endif %} + } + } + containers { + display_name = "ui" + image_url = local.docker_image_ui + is_resource_principal_disabled = "false" + } + {%- if python_framework in [ "langgraph", "responses" ] %} + containers { + display_name = "mcp_server" + image_url = local.docker_image_mcp_server + is_resource_principal_disabled = "false" + environment_variables = { + {%- if db_type != "none" %} + "DB_URL" = local.local_db_url, + "JDBC_URL" = local.local_jdbc_url, + "DB_USER" = var.db_user != null ? var.db_user : "{{ db_user }}", + "DB_PASSWORD" = var.db_password, + "JAVAX_SQL_DATASOURCE_DS1_DATASOURCE_URL" = local.local_jdbc_url + {%- endif %} + {%- if db_type == "nosql" %} + "TF_VAR_compartment_ocid" = var.compartment_ocid, + # XXX Ideally it should be nosql.${region}.oci.${regionDomain} + "TF_VAR_nosql_endpoint" = "nosql.${var.region}.oci.oraclecloud.com", + {%- endif %} + } } - } - containers { - display_name = "ui" - image_url = local.docker_image_ui - is_resource_principal_disabled = "false" - } - display_name = "${var.prefix}-ci" - graceful_shutdown_timeout_in_seconds = "0" - shape = startswith(var.instance_shape, "VM.Standard.A") ? "CI.Standard.A1.Flex" : "CI.Standard.E4.Flex" - shape_config { - memory_in_gbs = "4" - ocpus = "1" - } - state = "ACTIVE" - vnics { - display_name = "${var.prefix}-ci" - hostname_label = "${var.prefix}-ci" - skip_source_dest_check = "true" - subnet_id = data.oci_core_subnet.starter_app_subnet.id - } - freeform_tags = local.freeform_tags + {%- endif %} + display_name = "${var.prefix}-ci" + graceful_shutdown_timeout_in_seconds = "0" + shape = startswith(var.instance_shape, "VM.Standard.A") ? "CI.Standard.A1.Flex" : "CI.Standard.E4.Flex" + shape_config { + memory_in_gbs = "4" + ocpus = "1" + } + state = "ACTIVE" + vnics { + display_name = "${var.prefix}-ci" + hostname_label = "${var.prefix}-ci" + skip_source_dest_check = "true" + subnet_id = data.oci_core_subnet.starter_app_subnet.id + } + freeform_tags = local.freeform_tags } locals { - apigw_dest_private_ip = try(oci_container_instances_container_instance.starter_container_instance.vnics[0].private_ip, "") + apigw_dest_private_ip = try(oci_container_instances_container_instance.starter_container_instance.vnics[0].private_ip, "") } resource "oci_apigateway_deployment" "starter_apigw_deployment" { {%- if tls is defined %} - count = (var.certificate_ocid == null) ? 0 : 1 + count = (var.certificate_ocid == null) ? 0 : 1 {%- endif %} - compartment_id = local.lz_app_cmp_ocid - display_name = "${var.prefix}-apigw-deployment" - gateway_id = local.apigw_ocid - path_prefix = "/${var.prefix}" - specification { - logging_policies { - access_log { - is_enabled = true - } - execution_log { - #Optional - is_enabled = true - } - } - routes { - path = "/app/{pathname*}" - methods = [ "ANY" ] - backend { - type = "HTTP_BACKEND" - url = "##APP_URL##" - } - } - routes { - path = "/{pathname*}" - methods = [ "ANY" ] - backend { - type = "HTTP_BACKEND" - url = "http://${local.apigw_dest_private_ip}/$${request.path[pathname]}" - } + compartment_id = local.lz_app_cmp_ocid + display_name = "${var.prefix}-apigw-deployment" + gateway_id = local.apigw_ocid + path_prefix = "/${var.prefix}" + specification { + logging_policies { + access_log { + is_enabled = true + } + execution_log { + #Optional + is_enabled = true + } + } + routes { + path = "/app/{pathname*}" + methods = [ "ANY" ] + backend { + type = "HTTP_BACKEND" + url = "##APP_URL##" + } + } + {%- if python_framework in [ "langgraph", "responses" ] %} + routes { + path = "/mcp_server/{pathname*}" + methods = [ "ANY" ] + backend { + type = "HTTP_BACKEND" + url = "http://${local.apigw_dest_private_ip}:2025/$${request.path[pathname]}" + } + } + {%- endif %} + routes { + path = "/{pathname*}" + methods = [ "ANY" ] + backend { + type = "HTTP_BACKEND" + url = "http://${local.apigw_dest_private_ip}/$${request.path[pathname]}" + } + } } - } - freeform_tags = local.api_tags -} - - + freeform_tags = local.api_tags +} \ No newline at end of file From 23c7f2aeee91f601fab86b6f4f752d51d379d936 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 22:54:17 +0200 Subject: [PATCH 042/115] v5.0 --- .../src/app/python_langgraph/rest/agent/agent.py | 3 ++- option/terraform/container_instance_part2.j2.tf | 15 ++++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/option/src/app/python_langgraph/rest/agent/agent.py b/option/src/app/python_langgraph/rest/agent/agent.py index 65097339..1afe4838 100644 --- a/option/src/app/python_langgraph/rest/agent/agent.py +++ b/option/src/app/python_langgraph/rest/agent/agent.py @@ -16,6 +16,7 @@ MCP_SERVER_URL = os.getenv("MCP_SERVER_URL") or "http://localhost:2025/mcp" if REGION == "eu-amsterdam-1": REGION = "eu-frankfurt-1" +AUTH_TYPE = os.getenv("AUTH_TYPE") or "INSTANCE_PRINCIPAL" # auth = oci_openai.OciInstancePrincipalAuth() # llm = ChatOpenAI( @@ -29,7 +30,7 @@ # ) llm = ChatOCIGenAI( - auth_type="API_KEY" if "LIVELABS" in os.environ else "INSTANCE_PRINCIPAL", + auth_type="API_KEY" if "LIVELABS" in os.environ else AUTH_TYPE, model_id="openai.gpt-oss-120b", # model_id="meta.llama-4-scout-17b-16e-instruct", # model_id="cohere.command-a-03-2025", diff --git a/option/terraform/container_instance_part2.j2.tf b/option/terraform/container_instance_part2.j2.tf index f1cec6c4..9bf74ea8 100644 --- a/option/terraform/container_instance_part2.j2.tf +++ b/option/terraform/container_instance_part2.j2.tf @@ -18,20 +18,21 @@ resource oci_container_instances_container_instance starter_container_instance { is_resource_principal_disabled = "false" environment_variables = { {%- if db_type != "none" %} - "DB_URL" = local.local_db_url, - "JDBC_URL" = local.local_jdbc_url, - "DB_USER" = var.db_user != null ? var.db_user : "{{ db_user }}", - "DB_PASSWORD" = var.db_password, + "DB_URL" = local.local_db_url + "JDBC_URL" = local.local_jdbc_url + "DB_USER" = var.db_user != null ? var.db_user : "{{ db_user }}" + "DB_PASSWORD" = var.db_password "JAVAX_SQL_DATASOURCE_DS1_DATASOURCE_URL" = local.local_jdbc_url {%- endif %} {%- if db_type == "nosql" %} - "TF_VAR_compartment_ocid" = var.compartment_ocid, + "TF_VAR_compartment_ocid" = var.compartment_ocid # XXX Ideally it should be nosql.${region}.oci.${regionDomain} - "TF_VAR_nosql_endpoint" = "nosql.${var.region}.oci.oraclecloud.com", + "TF_VAR_nosql_endpoint" = "nosql.${var.region}.oci.oraclecloud.com" {%- endif %} {%- if python_framework in [ "langgraph", "responses" ] %} "TF_VAR_region" = var.region - "TF_VAR_compartment_ocid" = var.compartment_ocid, + "TF_VAR_compartment_ocid" = var.compartment_ocid + "AUTH_TYPE" = "RESOURCE_PRINCIPAL" {%- endif %} {%- if python_framework == "langgraph" %} "MCP_SERVER_URL" = "http://localhost:2025/mcp" From 79b8477779074fbdc7c14743ee9c3cfa15da6e80 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 25 Apr 2026 22:56:10 +0200 Subject: [PATCH 043/115] v5.0 --- option/src/app/python_responses/rest/rest.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/option/src/app/python_responses/rest/rest.py b/option/src/app/python_responses/rest/rest.py index d6a60564..4ee475a6 100644 --- a/option/src/app/python_responses/rest/rest.py +++ b/option/src/app/python_responses/rest/rest.py @@ -7,7 +7,7 @@ from fastapi.responses import StreamingResponse # OCI Auth -from oci_genai_auth import OciInstancePrincipalAuth +from oci_genai_auth import OciInstancePrincipalAuth, OciResourcePrincipalAuth import httpx REGION = os.getenv("TF_VAR_region") @@ -16,6 +16,10 @@ MODEL_ID = "openai.gpt-oss-120b" # REGION = "us-chicago-1" # MODEL_ID = "xai.grok-4-fast-non-reasoning" +if os.getenv("AUTH_TYPE")=="RESOURCE_PRINCIPAL": + auth = OciResourcePrincipalAuth() +else: + auth = OciInstancePrincipalAuth() PROJECT_OCID = os.environ.get("TF_VAR_project_ocid") COMPARTMENT_OCID = os.environ.get("TF_VAR_compartment_ocid") @@ -33,7 +37,7 @@ base_url=f"https://inference.generativeai.{REGION}.oci.oraclecloud.com/20231130/openai/v1", api_key="unused", http_client=httpx.Client( - auth=OciInstancePrincipalAuth(), + auth=auth, headers={ "opc-compartment-id": COMPARTMENT_OCID, }, From 984b8c183432570475c8ead7e8a08a4fe9ed4981 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 26 Apr 2026 08:21:05 +0200 Subject: [PATCH 044/115] v5.0 --- option/src/app/java_micronaut/rest/pom.j2.xml | 8 ++++---- option/terraform/network.j2.tf | 13 +++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/option/src/app/java_micronaut/rest/pom.j2.xml b/option/src/app/java_micronaut/rest/pom.j2.xml index 58809f95..0c163e88 100644 --- a/option/src/app/java_micronaut/rest/pom.j2.xml +++ b/option/src/app/java_micronaut/rest/pom.j2.xml @@ -10,13 +10,13 @@ io.micronaut.platform micronaut-parent - 4.2.1 + 4.10.12 jar - 17 - 17 - 4.2.1 + 25 + 25 + 4.10.12 false com.example.aot.generated true diff --git a/option/terraform/network.j2.tf b/option/terraform/network.j2.tf index 95ff455f..fb52fbff 100644 --- a/option/terraform/network.j2.tf +++ b/option/terraform/network.j2.tf @@ -315,6 +315,19 @@ resource "oci_core_security_list" "starter_security_list" { } } + // MCP Server + ingress_security_rules { + protocol = "6" // tcp + source = local.cidr_vcn + stateless = false + + tcp_options { + min = 2025 + max = 2025 + } + } + + freeform_tags = local.freeform_tags } From 2b97ff8f5f6c125a483278b4455f39e1fabda517 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 26 Apr 2026 08:25:52 +0200 Subject: [PATCH 045/115] v5.0 --- basis/bin/compute/shared_compute.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/basis/bin/compute/shared_compute.sh b/basis/bin/compute/shared_compute.sh index 745ca48f..4f88b1a0 100755 --- a/basis/bin/compute/shared_compute.sh +++ b/basis/bin/compute/shared_compute.sh @@ -148,7 +148,13 @@ install_java() { # Build on Bastion if [ "$TF_VAR_build_host" == "bastion" ]; then - sudo dnf install -y maven + # sudo dnf install -y maven + MVN_VERSION=3.9.15 + wget https://dlcdn.apache.org/maven/maven-3/$MVN_VERSION/binaries/apache-maven-$MVN_VERSION-bin.tar.gz + tar xfz apache-maven-$MVN_VERSION-bin.tar.gz + mv apache-maven-$MVN_VERSION $HOME/compute + rm apache-maven-$MVN_VERSION-bin.tar.gz + echo "export PATH=$HOME/compute/apache-maven-$MVN_VERSION/bin:$PATH" >> $HOME/.bashrc fi } export -f install_java From 4a7b119e026f05d13787a8fda0cfa9f8aad45b5c Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 26 Apr 2026 08:27:33 +0200 Subject: [PATCH 046/115] v5.0 --- basis/bin/compute/shared_compute.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/basis/bin/compute/shared_compute.sh b/basis/bin/compute/shared_compute.sh index 4f88b1a0..a3d508c9 100755 --- a/basis/bin/compute/shared_compute.sh +++ b/basis/bin/compute/shared_compute.sh @@ -152,9 +152,9 @@ install_java() { MVN_VERSION=3.9.15 wget https://dlcdn.apache.org/maven/maven-3/$MVN_VERSION/binaries/apache-maven-$MVN_VERSION-bin.tar.gz tar xfz apache-maven-$MVN_VERSION-bin.tar.gz - mv apache-maven-$MVN_VERSION $HOME/compute + mv apache-maven-$MVN_VERSION $HOME/maven rm apache-maven-$MVN_VERSION-bin.tar.gz - echo "export PATH=$HOME/compute/apache-maven-$MVN_VERSION/bin:$PATH" >> $HOME/.bashrc + echo "export PATH=$HOME/maven/bin:$PATH" >> $HOME/.bashrc fi } export -f install_java From 577dc3886379201c2501a469465e6cf7d4c9e006 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 26 Apr 2026 08:49:37 +0200 Subject: [PATCH 047/115] v5.0 --- basis/bin/compute/shared_compute.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/basis/bin/compute/shared_compute.sh b/basis/bin/compute/shared_compute.sh index a3d508c9..68013a31 100755 --- a/basis/bin/compute/shared_compute.sh +++ b/basis/bin/compute/shared_compute.sh @@ -154,6 +154,7 @@ install_java() { tar xfz apache-maven-$MVN_VERSION-bin.tar.gz mv apache-maven-$MVN_VERSION $HOME/maven rm apache-maven-$MVN_VERSION-bin.tar.gz + export PATH=$HOME/maven/bin:$PATH echo "export PATH=$HOME/maven/bin:$PATH" >> $HOME/.bashrc fi } From b1eb9a66fe3cd6a1aad785500678ce3718bc3ab5 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 26 Apr 2026 10:38:11 +0200 Subject: [PATCH 048/115] v5.0 --- basis/bin/compute/shared_compute.sh | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/basis/bin/compute/shared_compute.sh b/basis/bin/compute/shared_compute.sh index 68013a31..3067dfcb 100755 --- a/basis/bin/compute/shared_compute.sh +++ b/basis/bin/compute/shared_compute.sh @@ -149,13 +149,15 @@ install_java() { # Build on Bastion if [ "$TF_VAR_build_host" == "bastion" ]; then # sudo dnf install -y maven - MVN_VERSION=3.9.15 - wget https://dlcdn.apache.org/maven/maven-3/$MVN_VERSION/binaries/apache-maven-$MVN_VERSION-bin.tar.gz - tar xfz apache-maven-$MVN_VERSION-bin.tar.gz - mv apache-maven-$MVN_VERSION $HOME/maven - rm apache-maven-$MVN_VERSION-bin.tar.gz - export PATH=$HOME/maven/bin:$PATH - echo "export PATH=$HOME/maven/bin:$PATH" >> $HOME/.bashrc + if [ ! -d $HOME/maven ]; then + MVN_VERSION=3.9.15 + wget https://dlcdn.apache.org/maven/maven-3/$MVN_VERSION/binaries/apache-maven-$MVN_VERSION-bin.tar.gz + tar xfz apache-maven-$MVN_VERSION-bin.tar.gz + mv apache-maven-$MVN_VERSION $HOME/maven + rm apache-maven-$MVN_VERSION-bin.tar.gz + export PATH=$HOME/maven/bin:$PATH + echo "export PATH=$HOME/maven/bin:$PATH" >> $HOME/.bashrc + fi fi } export -f install_java From cb71246d54f50414f7b9f42a4dd709cda75998f0 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 26 Apr 2026 19:26:33 +0200 Subject: [PATCH 049/115] v5.0 --- basis/bin/deploy_bastion.j2.sh | 14 +++++++++++--- test_suite/test_suite_shared.sh | 1 - 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/basis/bin/deploy_bastion.j2.sh b/basis/bin/deploy_bastion.j2.sh index e0b9ed3c..23a08959 100755 --- a/basis/bin/deploy_bastion.j2.sh +++ b/basis/bin/deploy_bastion.j2.sh @@ -14,7 +14,7 @@ function scp_or_rsync() { fi } -function scp_bastion() { +function setup_bastion_dir() { if [ "$TF_VAR_deploy_type" == "public_compute" ] && [ "$TF_VAR_build_host" != "bastion" ]; then BASTION_DIR=$TARGET_DIR/compute else @@ -33,19 +33,26 @@ function scp_bastion() { cp -R src/app/db $BASTION_DIR/app/. fi cp $TARGET_DIR/tf_env.sh $BASTION_DIR/compute/. +} +function scp_bastion() { scp_or_rsync $BASTION_DIR/compute + RESULT=$? + if [ $RESULT -eq 0 ]; then + echo "Success - scp $BASTION_DIR/compute" + else + return 1 + fi {%- if test_name %} # Get Lock CleanUp ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$BASTION_IP "bash compute/test_bastion_lock.sh $TEST_NAME" {%- endif %} scp_or_rsync $BASTION_DIR/app - } - # Try 5 times to copy the files / wait 5 secs between each try i=0 +setup_bastion_dir while [ true ]; do scp_bastion if [ $? -eq 0 ]; then @@ -54,6 +61,7 @@ while [ true ]; do echo "deploy_bastion.sh: Maximum number of scp retries, ending." error_exit fi + echo "Warning - scp_bastion failed. Retrying in 5 secs." sleep 5 i=$(($i+1)) done diff --git a/test_suite/test_suite_shared.sh b/test_suite/test_suite_shared.sh index 2b970c33..373f4f83 100755 --- a/test_suite/test_suite_shared.sh +++ b/test_suite/test_suite_shared.sh @@ -91,7 +91,6 @@ build_test () { fi if [ -f $TMP_PATH/result_dept.json ]; then if grep -qiE "deptno|department" $TMP_PATH/result_dept.json; then - RESULT=`cat $TMP_PATH/result_dept.json` | cut -c 1-100 echo -e "\u2705 RESULT JSON: deptno or department found - $(cut -c 1-100 "$TMP_PATH/result_dept.json")" CSV_JSON_OK=1 else From 15d627da14baeffeec9ee6d112e38540a2fd89fc Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 26 Apr 2026 19:40:53 +0200 Subject: [PATCH 050/115] v5.0 --- test_suite/install_dev.sh | 9 ++++++++- test_suite/test_suite_shared.sh | 6 +++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/test_suite/install_dev.sh b/test_suite/install_dev.sh index 21614e78..97a38ea7 100755 --- a/test_suite/install_dev.sh +++ b/test_suite/install_dev.sh @@ -42,7 +42,14 @@ sudo update-alternatives --set java /usr/lib64/graalvm/graalvm-java25/bin/java echo "export JAVA_HOME=/usr/lib64/graalvm/graalvm-java25" >> $HOME/.bashrc # Maven -sudo dnf install -y maven +# sudo dnf install -y maven (too old version in OL8) +MVN_VERSION=3.9.15 +wget https://dlcdn.apache.org/maven/maven-3/$MVN_VERSION/binaries/apache-maven-$MVN_VERSION-bin.tar.gz +tar xfz apache-maven-$MVN_VERSION-bin.tar.gz +mv apache-maven-$MVN_VERSION $HOME/maven +rm apache-maven-$MVN_VERSION-bin.tar.gz +export PATH=$HOME/maven/bin:$PATH +echo "export PATH=$HOME/maven/bin:$PATH" >> $HOME/.bashrc # Node (JET/Angular/ReactJS) sudo dnf module enable -y nodejs:20 diff --git a/test_suite/test_suite_shared.sh b/test_suite/test_suite_shared.sh index 373f4f83..b5eaacda 100755 --- a/test_suite/test_suite_shared.sh +++ b/test_suite/test_suite_shared.sh @@ -99,7 +99,11 @@ build_test () { else echo -e "\u274C ERROR: No file $TMP_PATH/result_dept.json" fi - echo -e "\u2139 RESULT INFO: - $(cut -c 1-100 "$TMP_PATH/result_info.html")" + if [ -f $TMP_PATH/result_info.html ]; then + echo -e "\u2705 RESULT INFO: - $(cut -c 1-100 "$TMP_PATH/result_info.html")" + else + echo -e "\u274C ERROR: No file $TMP_PATH/result_info.html" + fi else echo -e "\u274C ERROR: No file $TMP_PATH/result_html.html" fi From 685856e05e989c31f4fd9c9542b066a26227f934 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 26 Apr 2026 19:43:06 +0200 Subject: [PATCH 051/115] v5.0 --- test_suite/test_suite_shared.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_suite/test_suite_shared.sh b/test_suite/test_suite_shared.sh index b5eaacda..4f72a96b 100755 --- a/test_suite/test_suite_shared.sh +++ b/test_suite/test_suite_shared.sh @@ -81,7 +81,6 @@ build_test () { TMP_PATH="/tmp/$PREFIX" echo "build_secs_$BUILD_ID=$SECONDS" >> ${TEST_DIR}_time.txt - echo "$(cat $TMP_PATH/ui_url.txt)/" if [ -f $TMP_PATH/result_html.html ]; then if grep -qiE "starter|deptno|messages" "$TMP_PATH/result_html.html"; then echo -e "\u2705 RESULT HTML: OK" @@ -107,6 +106,7 @@ build_test () { else echo -e "\u274C ERROR: No file $TMP_PATH/result_html.html" fi + echo "URL = $(cat $TMP_PATH/ui_url.txt)/" cp $TMP_PATH/result_html.html ${TEST_DIR}_${BUILD_ID}_result_html.html 2>/dev/null; cp $TMP_PATH/result_dept.json ${TEST_DIR}_${BUILD_ID}_result_dept.json 2>/dev/null; From 3f1a0c5b465c22db206dfa2d30e7319a6689b87a Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 26 Apr 2026 20:58:12 +0200 Subject: [PATCH 052/115] v5.0 --- option/src/app/java_micronaut/rest/pom.j2.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/option/src/app/java_micronaut/rest/pom.j2.xml b/option/src/app/java_micronaut/rest/pom.j2.xml index 0c163e88..d2ac012e 100644 --- a/option/src/app/java_micronaut/rest/pom.j2.xml +++ b/option/src/app/java_micronaut/rest/pom.j2.xml @@ -14,8 +14,8 @@ jar - 25 - 25 + 17 + 17 4.10.12 false com.example.aot.generated From 8dd3080fd5fdbea63072e25f5c5bbd4380a7362c Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 26 Apr 2026 22:29:07 +0200 Subject: [PATCH 053/115] v5.0 --- option/terraform/oke.j2.tf | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 40f9cc61..2dc6709d 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -473,6 +473,23 @@ resource oci_containerengine_addon starter_oke_addon_certmanager { remove_addon_resources_on_delete = "true" } +# CertManager +resource oci_containerengine_addon starter_oke_addon_ingress { + addon_name = "NativeIngressController" + cluster_id = oci_containerengine_cluster.starter_oke.id + remove_addon_resources_on_delete = "true" + configurations = [ + { + key = "compartmentId" + value = local.lz_app_cmp_ocid + }, + { + key = "loadBalancerSubnetId" + value = oci_core_subnet.starter_lb_subnet.id + } + ] +} + #---------------------------------------------------------------------------- # OUTPUTS From e71b414ade187e96c29b383d12ec268e467eded3 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 26 Apr 2026 22:29:24 +0200 Subject: [PATCH 054/115] v5.0 --- option/terraform/oke.j2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 2dc6709d..89bd0ffa 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -473,7 +473,7 @@ resource oci_containerengine_addon starter_oke_addon_certmanager { remove_addon_resources_on_delete = "true" } -# CertManager +# NativeIngressController resource oci_containerengine_addon starter_oke_addon_ingress { addon_name = "NativeIngressController" cluster_id = oci_containerengine_cluster.starter_oke.id From 92fdf156addbc7d9ef3f9102135c9d080301d68d Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 26 Apr 2026 23:13:49 +0200 Subject: [PATCH 055/115] v5.0 --- test_suite/test_suite_shared.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_suite/test_suite_shared.sh b/test_suite/test_suite_shared.sh index 4f72a96b..520d4ebd 100755 --- a/test_suite/test_suite_shared.sh +++ b/test_suite/test_suite_shared.sh @@ -99,7 +99,7 @@ build_test () { echo -e "\u274C ERROR: No file $TMP_PATH/result_dept.json" fi if [ -f $TMP_PATH/result_info.html ]; then - echo -e "\u2705 RESULT INFO: - $(cut -c 1-100 "$TMP_PATH/result_info.html")" + echo -e "\u2705 RESULT INFO: $(cut -c 1-100 "$TMP_PATH/result_info.html")" else echo -e "\u274C ERROR: No file $TMP_PATH/result_info.html" fi From ebfa3eefe58b49b82741fb72faf24ad5479dec36 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 26 Apr 2026 23:21:15 +0200 Subject: [PATCH 056/115] v5.0 --- option/terraform/oke.j2.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 89bd0ffa..1dbde4db 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -472,8 +472,8 @@ resource oci_containerengine_addon starter_oke_addon_certmanager { cluster_id = oci_containerengine_cluster.starter_oke.id remove_addon_resources_on_delete = "true" } - -# NativeIngressController + +# NativeIngressController - resource oci_containerengine_addon starter_oke_addon_ingress { addon_name = "NativeIngressController" cluster_id = oci_containerengine_cluster.starter_oke.id From 227573b264ec1317c4ba9d516a91d6298da17a9d Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 07:22:36 +0200 Subject: [PATCH 057/115] v5.0 --- option/terraform/oke.j2.tf | 48 +++++++++++++++++++++++++++++++------- 1 file changed, 39 insertions(+), 9 deletions(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 1dbde4db..9cdb7c40 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -473,21 +473,23 @@ resource oci_containerengine_addon starter_oke_addon_certmanager { remove_addon_resources_on_delete = "true" } -# NativeIngressController - +# NativeIngressController resource oci_containerengine_addon starter_oke_addon_ingress { - addon_name = "NativeIngressController" - cluster_id = oci_containerengine_cluster.starter_oke.id - remove_addon_resources_on_delete = "true" - configurations = [ - { + addon_name = "NativeIngressController" + cluster_id = oci_containerengine_cluster.starter_oke.id + remove_addon_resources_on_delete = "true" + configurations { key = "compartmentId" value = local.lz_app_cmp_ocid - }, - { + } + configurations { key = "loadBalancerSubnetId" value = oci_core_subnet.starter_lb_subnet.id } - ] + configurations { + key = "authType" + value = "instance" + } } #---------------------------------------------------------------------------- @@ -514,3 +516,31 @@ locals { output "oke_ocid" { value = local.local_oke_ocid } + +# Doc: https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengsettingupnativeingresscontroller-addon-prereqs.htm#contengsettingupnativeingresscontroller-addon-permissions +resource "oci_identity_policy" "starter_oke_policy" { + provider = oci.home + name = "${var.prefix}-oke-virtual-node-policy" + description = "${var.prefix}-oke-virtual-node-policy" + compartment_id = var.tenancy_ocid + statements = [ + "allow any-user to manage load-balancers in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to use virtual-network-family in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to manage cabundles in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to manage cabundle-associations in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to manage leaf-certificates in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to read leaf-certificate-bundles in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to manage leaf-certificate-versions in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to manage certificate-associations in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to read certificate-authorities in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to manage certificate-authority-associations in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to read certificate-authority-bundles in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to read public-ips in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to manage floating-ips in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to manage waf-family in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to read cluster-family in compartment id ${local.lz_app_cmp_ocid}", + "allow any-user to use tag-namespaces in compartment id ${local.lz_app_cmp_ocid}", + ] + freeform_tags = local.freeform_tags +} + From 7983b73b82fb8a0b1d362b1b3cd6cc9c708ff632 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 07:24:28 +0200 Subject: [PATCH 058/115] v5.0 --- option/terraform/oke.j2.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 9cdb7c40..8a6397d9 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -520,8 +520,8 @@ output "oke_ocid" { # Doc: https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengsettingupnativeingresscontroller-addon-prereqs.htm#contengsettingupnativeingresscontroller-addon-permissions resource "oci_identity_policy" "starter_oke_policy" { provider = oci.home - name = "${var.prefix}-oke-virtual-node-policy" - description = "${var.prefix}-oke-virtual-node-policy" + name = "${var.prefix}-oke-policy" + description = "${var.prefix}-oke-policy" compartment_id = var.tenancy_ocid statements = [ "allow any-user to manage load-balancers in compartment id ${local.lz_app_cmp_ocid}", From 81721905cb8beb1b10756f469743ecea7f6c49db Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 07:24:44 +0200 Subject: [PATCH 059/115] v5.0 --- option/terraform/oke.j2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 8a6397d9..cbb8870c 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -520,7 +520,7 @@ output "oke_ocid" { # Doc: https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengsettingupnativeingresscontroller-addon-prereqs.htm#contengsettingupnativeingresscontroller-addon-permissions resource "oci_identity_policy" "starter_oke_policy" { provider = oci.home - name = "${var.prefix}-oke-policy" + name = "${var.prefix}-oke-policy-${random_string.id.result}" description = "${var.prefix}-oke-policy" compartment_id = var.tenancy_ocid statements = [ From 1184d09f378f100a4d327461c48aeef18836bce6 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 07:33:51 +0200 Subject: [PATCH 060/115] v5.0 --- basis/bin/config_oke.sh | 20 ++++++++++---------- option/oke/native-ingress.yaml | 24 ++++++++++++++++++++++++ option/terraform/oke.j2.tf | 1 + 3 files changed, 35 insertions(+), 10 deletions(-) create mode 100644 option/oke/native-ingress.yaml diff --git a/basis/bin/config_oke.sh b/basis/bin/config_oke.sh index 324364f7..a3f9172b 100755 --- a/basis/bin/config_oke.sh +++ b/basis/bin/config_oke.sh @@ -29,11 +29,11 @@ if [ ! -f $KUBECONFIG ]; then # echo LATEST_INGRESS_CONTROLLER=$LATEST_INGRESS_CONTROLLER # kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/$LATEST_INGRESS_CONTROLLER/deploy/static/provider/cloud/deploy.yaml if [ "$TF_VAR_tls" == "new_http_01" ]; then - helm install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx \ - --namespace ingress-nginx \ - --create-namespace \ - --set controller.enableExternalDNS=true - wait_ingress + # helm install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx \ + # --namespace ingress-nginx \ + # --create-namespace \ + # --set controller.enableExternalDNS=true + # wait_ingress # ccm-letsencrypt-prod.yaml sed "s&##CERTIFICATE_EMAIL##&${TF_VAR_certificate_email}&" src/oke/tls/ccm-letsencrypt-prod.yaml > $TARGET_OKE/ccm-letsencrypt-prod.yaml @@ -50,11 +50,11 @@ if [ ! -f $KUBECONFIG ]; then sed "s&##COMPARTMENT_OCID##&${TF_VAR_compartment_ocid}&" src/oke/tls/external-dns.yaml > $TARGET_OKE/external-dns.tmp sed "s&##REGION##&${TF_VAR_region}&" $TARGET_OKE/external-dns.tmp > $TARGET_OKE/external-dns.yaml kubectl apply -f $TARGET_OKE/external-dns.yaml - else - helm install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx \ - --namespace ingress-nginx \ - --create-namespace - wait_ingress + # else + # helm install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx \ + # --namespace ingress-nginx \ + # --create-namespace + # wait_ingress fi # Wait for the ingress external IP diff --git a/option/oke/native-ingress.yaml b/option/oke/native-ingress.yaml new file mode 100644 index 00000000..7084be08 --- /dev/null +++ b/option/oke/native-ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: "ingress.oraclecloud.com/v1beta1" +kind: IngressClassParameters +metadata: + name: native-ingress-class-params +spec: + compartmentId: "##TF_VAR_compartment_ocid##" + subnetId: "##TF_VAR_oke_lb_subnet_app_ocid##" + loadBalancerName: "##TF_VAR_prefix##-native-ingress-lb" + isPrivate: false + maxBandwidthMbps: 400 + minBandwidthMbps: 100 +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: native-ingress-class + annotations: + ingressclass.kubernetes.io/is-default-class: "true" +spec: + controller: oci.oraclecloud.com/native-ingress-controller + parameters: + apiGroup: ingress.oraclecloud.com + kind: ingressclassparameters + name: native-ingress-class-params \ No newline at end of file diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index cbb8870c..997fcab0 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -510,6 +510,7 @@ output "node_pool" { locals { local_oke_ocid = oci_containerengine_cluster.starter_oke.id + local_oke_lb_subnet_ocid = oci_core_subnet.starter_lb_subnet.id } {%- endif %} From b90eb7a9af4df365de1e2cf324616ce40f68fcc4 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 07:37:36 +0200 Subject: [PATCH 061/115] v5.0 --- basis/bin/config_oke.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/basis/bin/config_oke.sh b/basis/bin/config_oke.sh index a3f9172b..a8d0d417 100755 --- a/basis/bin/config_oke.sh +++ b/basis/bin/config_oke.sh @@ -57,6 +57,8 @@ if [ ! -f $KUBECONFIG ]; then # wait_ingress fi + copy_replace_apply_target_oke src/oke/native-ingress.yaml config + # Wait for the ingress external IP TF_VAR_ingress_ip="" while [ -z $TF_VAR_ingress_ip ]; do From b3f558dc274c532a9ecb2598a9b0fecbb9d70206 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 08:07:02 +0200 Subject: [PATCH 062/115] v5.0 --- option/oke/native-ingress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/oke/native-ingress.yaml b/option/oke/native-ingress.yaml index 7084be08..6e13b4a8 100644 --- a/option/oke/native-ingress.yaml +++ b/option/oke/native-ingress.yaml @@ -4,7 +4,7 @@ metadata: name: native-ingress-class-params spec: compartmentId: "##TF_VAR_compartment_ocid##" - subnetId: "##TF_VAR_oke_lb_subnet_app_ocid##" + subnetId: "##OKE_LB_SUBNET_OCID##" loadBalancerName: "##TF_VAR_prefix##-native-ingress-lb" isPrivate: false maxBandwidthMbps: 400 From f9e2257435dc0254c79c66914d06416a7aebba83 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 08:27:28 +0200 Subject: [PATCH 063/115] v5.0 --- option/oke/native-ingress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/oke/native-ingress.yaml b/option/oke/native-ingress.yaml index 6e13b4a8..7e57f8d9 100644 --- a/option/oke/native-ingress.yaml +++ b/option/oke/native-ingress.yaml @@ -5,7 +5,7 @@ metadata: spec: compartmentId: "##TF_VAR_compartment_ocid##" subnetId: "##OKE_LB_SUBNET_OCID##" - loadBalancerName: "##TF_VAR_prefix##-native-ingress-lb" + loadBalancerName: "##TF_VAR_prefix##-oke-lb" isPrivate: false maxBandwidthMbps: 400 minBandwidthMbps: 100 From cc39339d30bd4dcdf9b54fb13862588f50fb685b Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 08:27:49 +0200 Subject: [PATCH 064/115] v5.0 --- option/terraform/oke.j2.tf | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 997fcab0..98324377 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -512,6 +512,44 @@ locals { local_oke_ocid = oci_containerengine_cluster.starter_oke.id local_oke_lb_subnet_ocid = oci_core_subnet.starter_lb_subnet.id } + +resource "oci_load_balancer" "starter_oke_lb" { + shape = "flexible" + compartment_id = local.lz_app_cmp_ocid + subnet_ids = [ data.oci_core_subnet.starter_web_subnet.id ] + shape_details { + #Required + minimum_bandwidth_in_mbps = 10 + maximum_bandwidth_in_mbps = 100 + } + + display_name ="${var.prefix}-oke-lb" +} + +resource "oci_load_balancer_backend_set" "starter_oke_backend_set" { + name = "${substr(var.prefix,0,8)}-oke-bes" + load_balancer_id = oci_load_balancer.starter_oke_lb.id + policy = "ROUND_ROBIN" + + health_checker { + port = "80" + protocol = "HTTP" + response_body_regex = ".*" + url_path = "/" + } +} + +resource "oci_load_balancer_listener" "starter_oke_lb_listener" { + load_balancer_id = oci_load_balancer.starter_oke_lb.id + name = "HTTP-80" + default_backend_set_name = oci_load_balancer_backend_set.starter_pool_backend_set.name + port = 80 + protocol = "HTTP" +{%- if tls == "new" %} + path_route_set_name = oci_load_balancer_path_route_set.starter-bastion-routeset.name +{%- endif %} +} + {%- endif %} output "oke_ocid" { From 33409648271eff75fe81bbfc11b05c098a06957f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 08:29:08 +0200 Subject: [PATCH 065/115] v5.0 --- option/terraform/oke.j2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 98324377..cb2985c5 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -542,7 +542,7 @@ resource "oci_load_balancer_backend_set" "starter_oke_backend_set" { resource "oci_load_balancer_listener" "starter_oke_lb_listener" { load_balancer_id = oci_load_balancer.starter_oke_lb.id name = "HTTP-80" - default_backend_set_name = oci_load_balancer_backend_set.starter_pool_backend_set.name + default_backend_set_name = oci_load_balancer_backend_set.starter_oke_backend_set.name port = 80 protocol = "HTTP" {%- if tls == "new" %} From 701c138f3e07e2d184a832594707453419b724e6 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 11:48:48 +0200 Subject: [PATCH 066/115] v5.0 --- option/oke/native-ingress.yaml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/option/oke/native-ingress.yaml b/option/oke/native-ingress.yaml index 7e57f8d9..06d7759d 100644 --- a/option/oke/native-ingress.yaml +++ b/option/oke/native-ingress.yaml @@ -1,24 +1,27 @@ apiVersion: "ingress.oraclecloud.com/v1beta1" kind: IngressClassParameters metadata: - name: native-ingress-class-params + name: native-ic-params + namespace: default spec: compartmentId: "##TF_VAR_compartment_ocid##" subnetId: "##OKE_LB_SUBNET_OCID##" loadBalancerName: "##TF_VAR_prefix##-oke-lb" isPrivate: false - maxBandwidthMbps: 400 - minBandwidthMbps: 100 + maxBandwidthMbps: 50 + minBandwidthMbps: 10 --- apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: - name: native-ingress-class + name: native-ic-ingress-class annotations: ingressclass.kubernetes.io/is-default-class: "true" spec: controller: oci.oraclecloud.com/native-ingress-controller parameters: + scope: Namespace + namespace: default apiGroup: ingress.oraclecloud.com kind: ingressclassparameters - name: native-ingress-class-params \ No newline at end of file + name: native-ic-params \ No newline at end of file From 7b348cf1bfc6a7483b2917b66cdc439c4afc4e89 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 13:20:25 +0200 Subject: [PATCH 067/115] v5.0 --- option/oke/native-ingress.yaml | 2 +- option/terraform/oke.j2.tf | 47 +++------------------------------- 2 files changed, 5 insertions(+), 44 deletions(-) diff --git a/option/oke/native-ingress.yaml b/option/oke/native-ingress.yaml index 06d7759d..a183dc56 100644 --- a/option/oke/native-ingress.yaml +++ b/option/oke/native-ingress.yaml @@ -8,7 +8,7 @@ spec: subnetId: "##OKE_LB_SUBNET_OCID##" loadBalancerName: "##TF_VAR_prefix##-oke-lb" isPrivate: false - maxBandwidthMbps: 50 + maxBandwidthMbps: 20 minBandwidthMbps: 10 --- apiVersion: networking.k8s.io/v1 diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index cb2985c5..b0d5b11e 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -345,7 +345,6 @@ resource "oci_core_subnet" "starter_api_subnet" { freeform_tags = local.freeform_tags } -/* resource "oci_core_subnet" "starter_pod_subnet" { #Required cidr_block = "10.0.40.0/24" @@ -358,7 +357,6 @@ resource "oci_core_subnet" "starter_pod_subnet" { route_table_id = data.oci_core_vcn.starter_vcn.default_route_table_id freeform_tags = local.freeform_tags } -*/ #---------------------------------------------------------------------------- # CLUSTER @@ -437,10 +435,10 @@ resource "oci_containerengine_node_pool" "starter_node_pool" { } size = var.node_pool_size==null ? 1 : var.node_pool_size - # node_pool_pod_network_option_details { - # cni_type = "OCI_VCN_IP_NATIVE" - # pod_subnet_ids = [ oci_core_subnet.starter_pod_subnet.id ] - # } + node_pool_pod_network_option_details { + cni_type = "OCI_VCN_IP_NATIVE" + pod_subnet_ids = [ oci_core_subnet.starter_pod_subnet.id ] + } } ssh_public_key = local.ssh_public_key @@ -513,43 +511,6 @@ locals { local_oke_lb_subnet_ocid = oci_core_subnet.starter_lb_subnet.id } -resource "oci_load_balancer" "starter_oke_lb" { - shape = "flexible" - compartment_id = local.lz_app_cmp_ocid - subnet_ids = [ data.oci_core_subnet.starter_web_subnet.id ] - shape_details { - #Required - minimum_bandwidth_in_mbps = 10 - maximum_bandwidth_in_mbps = 100 - } - - display_name ="${var.prefix}-oke-lb" -} - -resource "oci_load_balancer_backend_set" "starter_oke_backend_set" { - name = "${substr(var.prefix,0,8)}-oke-bes" - load_balancer_id = oci_load_balancer.starter_oke_lb.id - policy = "ROUND_ROBIN" - - health_checker { - port = "80" - protocol = "HTTP" - response_body_regex = ".*" - url_path = "/" - } -} - -resource "oci_load_balancer_listener" "starter_oke_lb_listener" { - load_balancer_id = oci_load_balancer.starter_oke_lb.id - name = "HTTP-80" - default_backend_set_name = oci_load_balancer_backend_set.starter_oke_backend_set.name - port = 80 - protocol = "HTTP" -{%- if tls == "new" %} - path_route_set_name = oci_load_balancer_path_route_set.starter-bastion-routeset.name -{%- endif %} -} - {%- endif %} output "oke_ocid" { From 29ac585379753a9304f11551454b64054b11ac52 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 13:39:49 +0200 Subject: [PATCH 068/115] v5.0 --- option/terraform/oke.j2.tf | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index b0d5b11e..2b7178a4 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -374,6 +374,10 @@ resource "oci_containerengine_cluster" "starter_oke" { subnet_id = oci_core_subnet.starter_api_subnet.id is_public_ip_enabled = "true" } + cluster_pod_network_options { + #Required + cni_type = OCI_VCN_IP_NATIVE + } options { service_lb_subnet_ids = [oci_core_subnet.starter_lb_subnet.id] @@ -435,10 +439,11 @@ resource "oci_containerengine_node_pool" "starter_node_pool" { } size = var.node_pool_size==null ? 1 : var.node_pool_size - node_pool_pod_network_option_details { - cni_type = "OCI_VCN_IP_NATIVE" - pod_subnet_ids = [ oci_core_subnet.starter_pod_subnet.id ] - } + # node_pool_pod_network_option_details { + # cni_type = "OCI_VCN_IP_NATIVE" + # pod_subnet_ids = [ oci_core_subnet.starter_pod_subnet.id ] + # } + } ssh_public_key = local.ssh_public_key From f8987440c5ad433d47d5d832f663fa4185ab33ad Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 13:40:46 +0200 Subject: [PATCH 069/115] v5.0 --- option/terraform/oke.j2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 2b7178a4..dc742d52 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -376,7 +376,7 @@ resource "oci_containerengine_cluster" "starter_oke" { } cluster_pod_network_options { #Required - cni_type = OCI_VCN_IP_NATIVE + cni_type = "OCI_VCN_IP_NATIVE" } options { From af4a32dc15d62f67e3373e58dccb432e7c7a5089 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 15:22:11 +0200 Subject: [PATCH 070/115] v5.0 --- basis/bin/upgrade.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/upgrade.sh b/basis/bin/upgrade.sh index df2b4b3e..9dc3d302 100755 --- a/basis/bin/upgrade.sh +++ b/basis/bin/upgrade.sh @@ -83,7 +83,7 @@ if [ -f src/terraform/build.tf ]; then # Output the required export command echo "export $KEY=\"$VALUE\"" export $KEY=$VALUE - else + elif [[ "$LINE" =~ chmod ]]; then # Stop reading when a line does not match the expected pattern PARSING_STATE=2 break From 62ba8d24eda17147c7e97db4b06337c4273077f4 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 15:55:33 +0200 Subject: [PATCH 071/115] v5.0 --- basis/src/app/rest/k8s.j2.yaml | 1 + basis/src/app/ui/k8s.yaml | 1 + option/src/app/apex/apex/k8s.j2.yaml | 1 + option/src/app/ords/rest/k8s.j2.yaml | 1 + .../python_mcp_server/mcp_server/k8s.j2.yaml | 1 + option/terraform/oke.j2.tf | 30 ++++++++++++++----- 6 files changed, 28 insertions(+), 7 deletions(-) diff --git a/basis/src/app/rest/k8s.j2.yaml b/basis/src/app/rest/k8s.j2.yaml index 55788c43..a40a5397 100644 --- a/basis/src/app/rest/k8s.j2.yaml +++ b/basis/src/app/rest/k8s.j2.yaml @@ -99,6 +99,7 @@ kind: Service metadata: name: {{ prefix }}-rest-service spec: + type: NodePort selector: app: {{ prefix }}-rest ports: diff --git a/basis/src/app/ui/k8s.yaml b/basis/src/app/ui/k8s.yaml index 1b7701ad..ffdc4013 100644 --- a/basis/src/app/ui/k8s.yaml +++ b/basis/src/app/ui/k8s.yaml @@ -19,6 +19,7 @@ kind: Service metadata: name: ##TF_VAR_prefix##-ui-service spec: + type: NodePort selector: app: ##TF_VAR_prefix##-ui ports: diff --git a/option/src/app/apex/apex/k8s.j2.yaml b/option/src/app/apex/apex/k8s.j2.yaml index 67127216..70511fc5 100644 --- a/option/src/app/apex/apex/k8s.j2.yaml +++ b/option/src/app/apex/apex/k8s.j2.yaml @@ -3,6 +3,7 @@ apiVersion: v1 metadata: name: {{ prefix }}-app-service spec: + type: NodePort type: ExternalName externalName: ##ORDS_HOST## ports: diff --git a/option/src/app/ords/rest/k8s.j2.yaml b/option/src/app/ords/rest/k8s.j2.yaml index 1e8d1ebd..0e4536d4 100644 --- a/option/src/app/ords/rest/k8s.j2.yaml +++ b/option/src/app/ords/rest/k8s.j2.yaml @@ -3,6 +3,7 @@ apiVersion: v1 metadata: name: {{ prefix }}-rest-service spec: + type: NodePort type: ExternalName externalName: ##ORDS_HOST## ports: diff --git a/option/src/app/python_mcp_server/mcp_server/k8s.j2.yaml b/option/src/app/python_mcp_server/mcp_server/k8s.j2.yaml index 4a729480..a20af44f 100644 --- a/option/src/app/python_mcp_server/mcp_server/k8s.j2.yaml +++ b/option/src/app/python_mcp_server/mcp_server/k8s.j2.yaml @@ -60,6 +60,7 @@ kind: Service metadata: name: {{ prefix }}-mcp-server-service spec: + type: NodePort selector: app: {{ prefix }}-mcp-server ports: diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index dc742d52..1927dcb4 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -117,6 +117,7 @@ resource "oci_core_security_list" "starter_seclist_node" { protocol = "all" stateless = "false" } + egress_security_rules { description = "Access to Kubernetes API Endpoint" destination = local.oke_cidr_api @@ -187,6 +188,7 @@ resource "oci_core_security_list" "starter_seclist_node" { source_type = "CIDR_BLOCK" stateless = "false" } + ingress_security_rules { description = "Path discovery" icmp_options { @@ -198,6 +200,7 @@ resource "oci_core_security_list" "starter_seclist_node" { source_type = "CIDR_BLOCK" stateless = "false" } + ingress_security_rules { description = "TCP access from Kubernetes Control Plane" protocol = "6" @@ -205,6 +208,7 @@ resource "oci_core_security_list" "starter_seclist_node" { source_type = "CIDR_BLOCK" stateless = "false" } + ingress_security_rules { description = "Inbound SSH traffic to worker nodes" protocol = "6" @@ -217,6 +221,19 @@ resource "oci_core_security_list" "starter_seclist_node" { } } + ingress_security_rules { + description = "NodePort" + description = "NodePort with OCI Native Ingress" + protocol = "6" + source = "0.0.0.0/0" + source_type = "CIDR_BLOCK" + stateless = "false" + tcp_options { + max = "30000" + min = "32767" + } + } + freeform_tags = local.freeform_tags } @@ -268,6 +285,7 @@ resource oci_core_security_list starter_seclist_api { min = "6443" } } + ingress_security_rules { description = "Kubernetes worker to control plane communication" protocol = "6" @@ -279,6 +297,7 @@ resource oci_core_security_list starter_seclist_api { min = "12250" } } + ingress_security_rules { description = "Path discovery" icmp_options { @@ -345,6 +364,7 @@ resource "oci_core_subnet" "starter_api_subnet" { freeform_tags = local.freeform_tags } +/* resource "oci_core_subnet" "starter_pod_subnet" { #Required cidr_block = "10.0.40.0/24" @@ -357,6 +377,7 @@ resource "oci_core_subnet" "starter_pod_subnet" { route_table_id = data.oci_core_vcn.starter_vcn.default_route_table_id freeform_tags = local.freeform_tags } +*/ #---------------------------------------------------------------------------- # CLUSTER @@ -374,10 +395,6 @@ resource "oci_containerengine_cluster" "starter_oke" { subnet_id = oci_core_subnet.starter_api_subnet.id is_public_ip_enabled = "true" } - cluster_pod_network_options { - #Required - cni_type = "OCI_VCN_IP_NATIVE" - } options { service_lb_subnet_ids = [oci_core_subnet.starter_lb_subnet.id] @@ -440,10 +457,9 @@ resource "oci_containerengine_node_pool" "starter_node_pool" { size = var.node_pool_size==null ? 1 : var.node_pool_size # node_pool_pod_network_option_details { - # cni_type = "OCI_VCN_IP_NATIVE" - # pod_subnet_ids = [ oci_core_subnet.starter_pod_subnet.id ] + # cni_type = "OCI_VCN_IP_NATIVE" + # pod_subnet_ids = [ oci_core_subnet.starter_pod_subnet.id ] # } - } ssh_public_key = local.ssh_public_key From 7203e29acfadc50b33463e6378d7584c7f6784b5 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 15:56:41 +0200 Subject: [PATCH 072/115] v5.0 --- option/terraform/oke.j2.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 1927dcb4..b342bdf9 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -223,7 +223,6 @@ resource "oci_core_security_list" "starter_seclist_node" { ingress_security_rules { description = "NodePort" - description = "NodePort with OCI Native Ingress" protocol = "6" source = "0.0.0.0/0" source_type = "CIDR_BLOCK" From 3a934ee5172ea40ca629cd45a27a6a4dc7a6c44e Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 27 Apr 2026 16:02:29 +0200 Subject: [PATCH 073/115] v5.0 --- option/terraform/oke.j2.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index b342bdf9..41ab295b 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -125,8 +125,8 @@ resource "oci_core_security_list" "starter_seclist_node" { protocol = "6" stateless = "false" tcp_options { - max = "6443" min = "6443" + max = "6443" } } egress_security_rules { @@ -136,8 +136,8 @@ resource "oci_core_security_list" "starter_seclist_node" { protocol = "6" stateless = "false" tcp_options { - max = "12250" min = "12250" + max = "12250" } } egress_security_rules { @@ -158,8 +158,8 @@ resource "oci_core_security_list" "starter_seclist_node" { protocol = "6" stateless = "false" tcp_options { - max = "443" min = "443" + max = "443" } } egress_security_rules { @@ -216,8 +216,8 @@ resource "oci_core_security_list" "starter_seclist_node" { source_type = "CIDR_BLOCK" stateless = "false" tcp_options { - max = "22" min = "22" + max = "22" } } @@ -228,8 +228,8 @@ resource "oci_core_security_list" "starter_seclist_node" { source_type = "CIDR_BLOCK" stateless = "false" tcp_options { - max = "30000" - min = "32767" + min = "30000" + max = "32767" } } From 6bdb52c81adfffef01f2ee515bf71af074b55d1f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 08:37:34 +0200 Subject: [PATCH 074/115] v5.0 --- basis/bin/config_oke.sh | 77 ++++++-------------- basis/bin/config_oke_ingress_nginx.sh | 101 ++++++++++++++++++++++++++ option/oke/gateway.yaml | 17 +++++ option/oke/istio_addon.json | 9 +++ option/oke/native-ingress.yaml | 27 ------- option/terraform/oke.j2.tf | 22 +----- 6 files changed, 152 insertions(+), 101 deletions(-) create mode 100755 basis/bin/config_oke_ingress_nginx.sh create mode 100644 option/oke/gateway.yaml create mode 100644 option/oke/istio_addon.json delete mode 100644 option/oke/native-ingress.yaml diff --git a/basis/bin/config_oke.sh b/basis/bin/config_oke.sh index a8d0d417..a5a194dd 100755 --- a/basis/bin/config_oke.sh +++ b/basis/bin/config_oke.sh @@ -8,78 +8,47 @@ title "Config OKE" export TARGET_OKE=$TARGET_DIR/oke mkdir -p $TARGET_OKE -function wait_ingress() { - # Wait for the ingress deployment - echo "Waiting for Ingress Controller Pods..." - kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=600s - kubectl wait --namespace ingress-nginx --for=condition=Complete job/ingress-nginx-admission-patch -} - # One time configuration if [ ! -f $KUBECONFIG ]; then create_kubeconfig - # Check if Ingress Controller is installed - kubectl get service ingress-nginx-controller -n ingress-nginx + # Check if Gateway Controller is installed + kubectl get gateway oke-gateway -n default if [ "$?" != "0" ]; then # Deploy Latest ingress-nginx kubectl create clusterrolebinding starter_clst_adm --clusterrole=cluster-admin --user=$TF_VAR_current_user_ocid echo "OKE Deploy: Role Binding created" - # LATEST_INGRESS_CONTROLLER=`curl --silent "https://api.github.com/repos/kubernetes/ingress-nginx/releases/latest" | jq -r .name` - # echo LATEST_INGRESS_CONTROLLER=$LATEST_INGRESS_CONTROLLER - # kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/$LATEST_INGRESS_CONTROLLER/deploy/static/provider/cloud/deploy.yaml - if [ "$TF_VAR_tls" == "new_http_01" ]; then - # helm install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx \ - # --namespace ingress-nginx \ - # --create-namespace \ - # --set controller.enableExternalDNS=true - # wait_ingress - # ccm-letsencrypt-prod.yaml - sed "s&##CERTIFICATE_EMAIL##&${TF_VAR_certificate_email}&" src/oke/tls/ccm-letsencrypt-prod.yaml > $TARGET_OKE/ccm-letsencrypt-prod.yaml - kubectl apply -f $TARGET_OKE/ccm-letsencrypt-prod.yaml --timeout=600s - sed "s&##CERTIFICATE_EMAIL##&${TF_VAR_certificate_email}&" src/oke/tls/ccm-letsencrypt-staging.yaml > $TARGET_OKE/ccm-letsencrypt-staging.yaml - kubectl apply -f $TARGET_OKE/ccm-letsencrypt-staging.yaml + # See: https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengworkingwithistioaddonforgatewayapi.htm - # external-dns-config.yaml - sed "s&##COMPARTMENT_OCID##&${TF_VAR_compartment_ocid}&" src/oke/tls/external-dns-config.yaml > $TARGET_OKE/external-dns-config.tmp - sed "s&##REGION##&${TF_VAR_region}&" $TARGET_OKE/external-dns-config.tmp > $TARGET_OKE/external-dns-config.yaml - kubectl create secret generic external-dns-config --from-file=$TARGET_OKE/external-dns-config.yaml + # Install Gateway API CRDs + kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml + kubectl get crd gateways.gateway.networking.k8s.io + # Deploy the Istio cluster add-on + oci ce cluster install-addon --addon-name Istio --cluster-id $OKE_OCID --from-json file://src/oke/istio_addon.json + oci ce cluster list-addons --cluster-id $OKE_OCID + # Wait istiod + echo "Waiting for istiod pod to be Running..." + kubectl wait --for=condition=Ready pod -l app=istiod -n istio-system --timeout=300s - # external-dns.yaml - sed "s&##COMPARTMENT_OCID##&${TF_VAR_compartment_ocid}&" src/oke/tls/external-dns.yaml > $TARGET_OKE/external-dns.tmp - sed "s&##REGION##&${TF_VAR_region}&" $TARGET_OKE/external-dns.tmp > $TARGET_OKE/external-dns.yaml - kubectl apply -f $TARGET_OKE/external-dns.yaml - # else - # helm install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx \ - # --namespace ingress-nginx \ - # --create-namespace - # wait_ingress - fi - - copy_replace_apply_target_oke src/oke/native-ingress.yaml config + # Create a Gateway + kubectl apply -f src/oke/gateway.yaml + # Wait + echo "Waiting for Gateway to be ready..." + kubectl wait --for=condition=Programmed gateway/oke-gateway -n default --timeout=120s + exit_on_error "Gateway not reacing Programmed State" - # Wait for the ingress external IP - TF_VAR_ingress_ip="" - while [ -z $TF_VAR_ingress_ip ]; do - echo "Waiting for Ingress IP..." - TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - if [ -z "$TF_VAR_ingress_ip" ]; then - sleep 10 - fi - done - date - kubectl get all -n ingress-nginx - sleep 5 - echo "Ingress ready: $TF_VAR_ingress_ip" + # Get the IP + TF_VAR_ingress_ip=$(kubectl get gateway oke-gateway -n default -o jsonpath='{.status.addresses[0].value}' 2>/dev/null) + echo "Gateway ready: $TF_VAR_ingress_ip" else - echo "OKE Deploy: Skipping creation of ingress" + echo "OKE Deploy: Skipping creation of Gateway" fi fi if ! grep -q "TF_VAR_ingress_ip" $TARGET_DIR/tf_env.sh; then if [ "$TF_VAR_ingress_ip" == "" ]; then - export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + export TF_VAR_ingress_ip=$(kubectl get gateway oke-gateway -n default -o jsonpath='{.status.addresses[0].value}' 2>/dev/null) fi echo "export TF_VAR_ingress_ip=$TF_VAR_ingress_ip" >> $TARGET_DIR/tf_env.sh fi diff --git a/basis/bin/config_oke_ingress_nginx.sh b/basis/bin/config_oke_ingress_nginx.sh new file mode 100755 index 00000000..324364f7 --- /dev/null +++ b/basis/bin/config_oke_ingress_nginx.sh @@ -0,0 +1,101 @@ +#!/usr/bin/env bash +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +. $SCRIPT_DIR/../starter.sh env -no-auto -silent +. $BIN_DIR/build_common.sh +cd $SCRIPT_DIR/.. +title "Config OKE" + +export TARGET_OKE=$TARGET_DIR/oke +mkdir -p $TARGET_OKE + +function wait_ingress() { + # Wait for the ingress deployment + echo "Waiting for Ingress Controller Pods..." + kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=600s + kubectl wait --namespace ingress-nginx --for=condition=Complete job/ingress-nginx-admission-patch +} + +# One time configuration +if [ ! -f $KUBECONFIG ]; then + create_kubeconfig + + # Check if Ingress Controller is installed + kubectl get service ingress-nginx-controller -n ingress-nginx + if [ "$?" != "0" ]; then + # Deploy Latest ingress-nginx + kubectl create clusterrolebinding starter_clst_adm --clusterrole=cluster-admin --user=$TF_VAR_current_user_ocid + echo "OKE Deploy: Role Binding created" + # LATEST_INGRESS_CONTROLLER=`curl --silent "https://api.github.com/repos/kubernetes/ingress-nginx/releases/latest" | jq -r .name` + # echo LATEST_INGRESS_CONTROLLER=$LATEST_INGRESS_CONTROLLER + # kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/$LATEST_INGRESS_CONTROLLER/deploy/static/provider/cloud/deploy.yaml + if [ "$TF_VAR_tls" == "new_http_01" ]; then + helm install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx \ + --namespace ingress-nginx \ + --create-namespace \ + --set controller.enableExternalDNS=true + wait_ingress + + # ccm-letsencrypt-prod.yaml + sed "s&##CERTIFICATE_EMAIL##&${TF_VAR_certificate_email}&" src/oke/tls/ccm-letsencrypt-prod.yaml > $TARGET_OKE/ccm-letsencrypt-prod.yaml + kubectl apply -f $TARGET_OKE/ccm-letsencrypt-prod.yaml --timeout=600s + sed "s&##CERTIFICATE_EMAIL##&${TF_VAR_certificate_email}&" src/oke/tls/ccm-letsencrypt-staging.yaml > $TARGET_OKE/ccm-letsencrypt-staging.yaml + kubectl apply -f $TARGET_OKE/ccm-letsencrypt-staging.yaml + + # external-dns-config.yaml + sed "s&##COMPARTMENT_OCID##&${TF_VAR_compartment_ocid}&" src/oke/tls/external-dns-config.yaml > $TARGET_OKE/external-dns-config.tmp + sed "s&##REGION##&${TF_VAR_region}&" $TARGET_OKE/external-dns-config.tmp > $TARGET_OKE/external-dns-config.yaml + kubectl create secret generic external-dns-config --from-file=$TARGET_OKE/external-dns-config.yaml + + # external-dns.yaml + sed "s&##COMPARTMENT_OCID##&${TF_VAR_compartment_ocid}&" src/oke/tls/external-dns.yaml > $TARGET_OKE/external-dns.tmp + sed "s&##REGION##&${TF_VAR_region}&" $TARGET_OKE/external-dns.tmp > $TARGET_OKE/external-dns.yaml + kubectl apply -f $TARGET_OKE/external-dns.yaml + else + helm install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx \ + --namespace ingress-nginx \ + --create-namespace + wait_ingress + fi + + # Wait for the ingress external IP + TF_VAR_ingress_ip="" + while [ -z $TF_VAR_ingress_ip ]; do + echo "Waiting for Ingress IP..." + TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + if [ -z "$TF_VAR_ingress_ip" ]; then + sleep 10 + fi + done + date + kubectl get all -n ingress-nginx + sleep 5 + echo "Ingress ready: $TF_VAR_ingress_ip" + else + echo "OKE Deploy: Skipping creation of ingress" + fi +fi + +if ! grep -q "TF_VAR_ingress_ip" $TARGET_DIR/tf_env.sh; then + if [ "$TF_VAR_ingress_ip" == "" ]; then + export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + fi + echo "export TF_VAR_ingress_ip=$TF_VAR_ingress_ip" >> $TARGET_DIR/tf_env.sh +fi + +# Create secrets +kubectl delete secret ${TF_VAR_prefix}-db-secret --ignore-not-found=true +kubectl create secret generic ${TF_VAR_prefix}-db-secret --from-literal=db_user=$TF_VAR_db_user --from-literal=db_password=$TF_VAR_db_password --from-literal=db_url=$DB_URL --from-literal=jdbc_url=$JDBC_URL --from-literal=TF_VAR_compartment_ocid=$TF_VAR_compartment_ocid --from-literal=TF_VAR_nosql_endpoint=$TF_VAR_nosql_endpoint + +kubectl delete secret ocirsecret --ignore-not-found=true +if [ "$TF_VAR_auth_token" == "" ]; then + # Create a temporary docker auth_token (valid for 1 hour)... + export TOKEN=`oci raw-request --region $TF_VAR_region --http-method GET --target-uri "https://${OCIR_HOST}/20180419/docker/token" | jq -r .data.token` + echo "TOKEN=$TOKEN" | cut -c 1-50 + kubectl create secret docker-registry ocirsecret --docker-server=$OCIR_HOST --docker-username="BEARER_TOKEN" --docker-password="$TOKEN" --docker-email="$TF_VAR_email" +else + kubectl create secret docker-registry ocirsecret --docker-server=$OCIR_HOST --docker-username="$OBJECT_STORAGE_NAMESPACE/$TF_VAR_username" --docker-password="$TF_VAR_auth_token" --docker-email="$TF_VAR_email" +fi + +# TF_ENV +tf_env_configmap +kubectl apply -f $TARGET_OKE/tf_env_configmap.yaml diff --git a/option/oke/gateway.yaml b/option/oke/gateway.yaml new file mode 100644 index 00000000..8f19459b --- /dev/null +++ b/option/oke/gateway.yaml @@ -0,0 +1,17 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: my-gateway + namespace: test-gateway + annotations: + # OCI specific annotation for Network Load Balancer (Layer 4) + oci.oraclecloud.com/load-balancer-type: "nlb" +spec: + gatewayClassName: istio + listeners: + - name: http + port: 80 + protocol: HTTP + allowedRoutes: + namespaces: + from: Same \ No newline at end of file diff --git a/option/oke/istio_addon.json b/option/oke/istio_addon.json new file mode 100644 index 00000000..479e39fc --- /dev/null +++ b/option/oke/istio_addon.json @@ -0,0 +1,9 @@ +{ + "addonName": "Istio", + "configurations": [ + { + "key": "enableIngressGateway", + "value": "false" + } + ] +} \ No newline at end of file diff --git a/option/oke/native-ingress.yaml b/option/oke/native-ingress.yaml deleted file mode 100644 index a183dc56..00000000 --- a/option/oke/native-ingress.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: "ingress.oraclecloud.com/v1beta1" -kind: IngressClassParameters -metadata: - name: native-ic-params - namespace: default -spec: - compartmentId: "##TF_VAR_compartment_ocid##" - subnetId: "##OKE_LB_SUBNET_OCID##" - loadBalancerName: "##TF_VAR_prefix##-oke-lb" - isPrivate: false - maxBandwidthMbps: 20 - minBandwidthMbps: 10 ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: native-ic-ingress-class - annotations: - ingressclass.kubernetes.io/is-default-class: "true" -spec: - controller: oci.oraclecloud.com/native-ingress-controller - parameters: - scope: Namespace - namespace: default - apiGroup: ingress.oraclecloud.com - kind: ingressclassparameters - name: native-ic-params \ No newline at end of file diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 41ab295b..7e606b20 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -490,25 +490,7 @@ resource oci_containerengine_addon starter_oke_addon_certmanager { cluster_id = oci_containerengine_cluster.starter_oke.id remove_addon_resources_on_delete = "true" } - -# NativeIngressController -resource oci_containerengine_addon starter_oke_addon_ingress { - addon_name = "NativeIngressController" - cluster_id = oci_containerengine_cluster.starter_oke.id - remove_addon_resources_on_delete = "true" - configurations { - key = "compartmentId" - value = local.lz_app_cmp_ocid - } - configurations { - key = "loadBalancerSubnetId" - value = oci_core_subnet.starter_lb_subnet.id - } - configurations { - key = "authType" - value = "instance" - } -} + #---------------------------------------------------------------------------- # OUTPUTS @@ -542,7 +524,7 @@ resource "oci_identity_policy" "starter_oke_policy" { provider = oci.home name = "${var.prefix}-oke-policy-${random_string.id.result}" description = "${var.prefix}-oke-policy" - compartment_id = var.tenancy_ocid + compartment_id = local.lz_app_cmp_ocid statements = [ "allow any-user to manage load-balancers in compartment id ${local.lz_app_cmp_ocid}", "allow any-user to use virtual-network-family in compartment id ${local.lz_app_cmp_ocid}", From 894667b7db5898f79b362f905d82fb717188ed84 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 12:00:13 +0200 Subject: [PATCH 075/115] v5.0 --- basis/bin/compute/shared_compute.sh | 4 +- basis/bin/config_oke.sh | 18 +++- basis/bin/config_oke_ingress_nginx.sh | 101 ------------------ basis/src/app/rest/k8s-httproute.j2.yaml | 58 ++++++++++ basis/src/app/ui/k8s-httproute.j2.yaml | 32 ++++++ option/oke/{gateway.yaml => gateway.j2.yaml} | 16 ++- .../mcp_server/k8s-httproute.j2.yaml | 25 +++++ 7 files changed, 147 insertions(+), 107 deletions(-) delete mode 100755 basis/bin/config_oke_ingress_nginx.sh create mode 100644 basis/src/app/rest/k8s-httproute.j2.yaml create mode 100644 basis/src/app/ui/k8s-httproute.j2.yaml rename option/oke/{gateway.yaml => gateway.j2.yaml} (52%) create mode 100644 option/src/app/python_mcp_server/mcp_server/k8s-httproute.j2.yaml diff --git a/basis/bin/compute/shared_compute.sh b/basis/bin/compute/shared_compute.sh index 3067dfcb..4744a99e 100755 --- a/basis/bin/compute/shared_compute.sh +++ b/basis/bin/compute/shared_compute.sh @@ -536,8 +536,8 @@ oke_deploy_app() { if [ -f k8s.yaml ]; then copy_replace_apply_target_oke k8s.yaml $APP fi - if [ -f k8s-ingress.yaml ]; then - copy_replace_apply_target_oke k8s-ingress.yaml $APP + if [ -f k8s-httproute.yaml ]; then + copy_replace_apply_target_oke k8s-httproute.yaml $APP fi } export -f oke_deploy_app diff --git a/basis/bin/config_oke.sh b/basis/bin/config_oke.sh index a5a194dd..fb9a06f1 100755 --- a/basis/bin/config_oke.sh +++ b/basis/bin/config_oke.sh @@ -29,7 +29,23 @@ if [ ! -f $KUBECONFIG ]; then oci ce cluster list-addons --cluster-id $OKE_OCID # Wait istiod echo "Waiting for istiod pod to be Running..." - kubectl wait --for=condition=Ready pod -l app=istiod -n istio-system --timeout=300s + + ELAPSED=0 + while true; do + STATUS=$(kubectl get pods -n istio-system -l app=istiod -o jsonpath='{.items[0].status.phase}' 2>/dev/null) + + if [ "$STATUS" = "Running" ]; then + echo "istiod is Running!" + break + fi + ELAPSED=$((ELAPSED + 5 )) + if [ $ELAPSED -gt 300 ]; then + exit_error "Istiod not started after 300 secs" + fi + echo "Waiting 5 secs..." + sleep 5 + done + echo "Istiod is Running ($ELAPSED secs)" # Create a Gateway kubectl apply -f src/oke/gateway.yaml diff --git a/basis/bin/config_oke_ingress_nginx.sh b/basis/bin/config_oke_ingress_nginx.sh deleted file mode 100755 index 324364f7..00000000 --- a/basis/bin/config_oke_ingress_nginx.sh +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/env bash -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -. $SCRIPT_DIR/../starter.sh env -no-auto -silent -. $BIN_DIR/build_common.sh -cd $SCRIPT_DIR/.. -title "Config OKE" - -export TARGET_OKE=$TARGET_DIR/oke -mkdir -p $TARGET_OKE - -function wait_ingress() { - # Wait for the ingress deployment - echo "Waiting for Ingress Controller Pods..." - kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=600s - kubectl wait --namespace ingress-nginx --for=condition=Complete job/ingress-nginx-admission-patch -} - -# One time configuration -if [ ! -f $KUBECONFIG ]; then - create_kubeconfig - - # Check if Ingress Controller is installed - kubectl get service ingress-nginx-controller -n ingress-nginx - if [ "$?" != "0" ]; then - # Deploy Latest ingress-nginx - kubectl create clusterrolebinding starter_clst_adm --clusterrole=cluster-admin --user=$TF_VAR_current_user_ocid - echo "OKE Deploy: Role Binding created" - # LATEST_INGRESS_CONTROLLER=`curl --silent "https://api.github.com/repos/kubernetes/ingress-nginx/releases/latest" | jq -r .name` - # echo LATEST_INGRESS_CONTROLLER=$LATEST_INGRESS_CONTROLLER - # kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/$LATEST_INGRESS_CONTROLLER/deploy/static/provider/cloud/deploy.yaml - if [ "$TF_VAR_tls" == "new_http_01" ]; then - helm install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx \ - --namespace ingress-nginx \ - --create-namespace \ - --set controller.enableExternalDNS=true - wait_ingress - - # ccm-letsencrypt-prod.yaml - sed "s&##CERTIFICATE_EMAIL##&${TF_VAR_certificate_email}&" src/oke/tls/ccm-letsencrypt-prod.yaml > $TARGET_OKE/ccm-letsencrypt-prod.yaml - kubectl apply -f $TARGET_OKE/ccm-letsencrypt-prod.yaml --timeout=600s - sed "s&##CERTIFICATE_EMAIL##&${TF_VAR_certificate_email}&" src/oke/tls/ccm-letsencrypt-staging.yaml > $TARGET_OKE/ccm-letsencrypt-staging.yaml - kubectl apply -f $TARGET_OKE/ccm-letsencrypt-staging.yaml - - # external-dns-config.yaml - sed "s&##COMPARTMENT_OCID##&${TF_VAR_compartment_ocid}&" src/oke/tls/external-dns-config.yaml > $TARGET_OKE/external-dns-config.tmp - sed "s&##REGION##&${TF_VAR_region}&" $TARGET_OKE/external-dns-config.tmp > $TARGET_OKE/external-dns-config.yaml - kubectl create secret generic external-dns-config --from-file=$TARGET_OKE/external-dns-config.yaml - - # external-dns.yaml - sed "s&##COMPARTMENT_OCID##&${TF_VAR_compartment_ocid}&" src/oke/tls/external-dns.yaml > $TARGET_OKE/external-dns.tmp - sed "s&##REGION##&${TF_VAR_region}&" $TARGET_OKE/external-dns.tmp > $TARGET_OKE/external-dns.yaml - kubectl apply -f $TARGET_OKE/external-dns.yaml - else - helm install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx \ - --namespace ingress-nginx \ - --create-namespace - wait_ingress - fi - - # Wait for the ingress external IP - TF_VAR_ingress_ip="" - while [ -z $TF_VAR_ingress_ip ]; do - echo "Waiting for Ingress IP..." - TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - if [ -z "$TF_VAR_ingress_ip" ]; then - sleep 10 - fi - done - date - kubectl get all -n ingress-nginx - sleep 5 - echo "Ingress ready: $TF_VAR_ingress_ip" - else - echo "OKE Deploy: Skipping creation of ingress" - fi -fi - -if ! grep -q "TF_VAR_ingress_ip" $TARGET_DIR/tf_env.sh; then - if [ "$TF_VAR_ingress_ip" == "" ]; then - export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - fi - echo "export TF_VAR_ingress_ip=$TF_VAR_ingress_ip" >> $TARGET_DIR/tf_env.sh -fi - -# Create secrets -kubectl delete secret ${TF_VAR_prefix}-db-secret --ignore-not-found=true -kubectl create secret generic ${TF_VAR_prefix}-db-secret --from-literal=db_user=$TF_VAR_db_user --from-literal=db_password=$TF_VAR_db_password --from-literal=db_url=$DB_URL --from-literal=jdbc_url=$JDBC_URL --from-literal=TF_VAR_compartment_ocid=$TF_VAR_compartment_ocid --from-literal=TF_VAR_nosql_endpoint=$TF_VAR_nosql_endpoint - -kubectl delete secret ocirsecret --ignore-not-found=true -if [ "$TF_VAR_auth_token" == "" ]; then - # Create a temporary docker auth_token (valid for 1 hour)... - export TOKEN=`oci raw-request --region $TF_VAR_region --http-method GET --target-uri "https://${OCIR_HOST}/20180419/docker/token" | jq -r .data.token` - echo "TOKEN=$TOKEN" | cut -c 1-50 - kubectl create secret docker-registry ocirsecret --docker-server=$OCIR_HOST --docker-username="BEARER_TOKEN" --docker-password="$TOKEN" --docker-email="$TF_VAR_email" -else - kubectl create secret docker-registry ocirsecret --docker-server=$OCIR_HOST --docker-username="$OBJECT_STORAGE_NAMESPACE/$TF_VAR_username" --docker-password="$TF_VAR_auth_token" --docker-email="$TF_VAR_email" -fi - -# TF_ENV -tf_env_configmap -kubectl apply -f $TARGET_OKE/tf_env_configmap.yaml diff --git a/basis/src/app/rest/k8s-httproute.j2.yaml b/basis/src/app/rest/k8s-httproute.j2.yaml new file mode 100644 index 00000000..8f390c47 --- /dev/null +++ b/basis/src/app/rest/k8s-httproute.j2.yaml @@ -0,0 +1,58 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: ##TF_VAR_prefix##-rest-route +spec: + parentRefs: + - name: oke-gateway + hostnames: +{%- if tls == "new_http_01" %} + - "##TF_VAR_dns_name##" +{%- endif %} + rules: + - matches: + - path: + type: RegularExpression + value: /##TF_VAR_prefix##/app(/|$)(.*) + filters: +{%- if language in [ "apex", "ords" ] %} + - type: RequestHeaderModifier + requestHeaderModifier: + set: + - name: Host + value: ##ORDS_HOST## +{%- endif %} +{%- if language == "apex" %} + - type: URLRewrite + urlRewrite: + path: + type: ReplaceFullPath + replaceFullPath: /ords/r/apex_app/apex_app/$2 + +{%- elif language == "ords" %} + - type: URLRewrite + urlRewrite: + path: + type: ReplaceFullPath + replaceFullPath: /ords/starter/module/$2 +{%- elif language == "java" and java_framework == "tomcat" %} + - type: URLRewrite + urlRewrite: + path: + type: ReplaceFullPath + replaceFullPath: /starter-1.0/$2 +{%- else %} + - type: URLRewrite + urlRewrite: + path: + type: ReplaceFullPath + replaceFullPath: /$2 +{%- endif %} + backendRefs: + - name: ##TF_VAR_prefix##-rest-service + port: +{%- if language in [ "apex", "ords" ] %} + 443 +{%- else %} + 80 +{%- endif %} \ No newline at end of file diff --git a/basis/src/app/ui/k8s-httproute.j2.yaml b/basis/src/app/ui/k8s-httproute.j2.yaml new file mode 100644 index 00000000..6e5ad4f7 --- /dev/null +++ b/basis/src/app/ui/k8s-httproute.j2.yaml @@ -0,0 +1,32 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: ##TF_VAR_prefix##-ui-route +{%- if tls == "new_http_01" %} + annotations: + # These remain controller-specific (not part of Gateway API) + cert-manager.io/issuer: "letsencrypt-prod" + external-dns.alpha.kubernetes.io/hostname: ##TF_VAR_dn_name## +{%- endif %} +spec: + parentRefs: + - name: oke-gateway +{%- if tls == "new_http_01" %} + hostnames: + - "##TF_VAR_dn_name##" +{%- endif %} + rules: + - matches: + - path: + type: RegularExpression + value: /##TF_VAR_prefix##(/|$)(.*) + + filters: + - type: URLRewrite + urlRewrite: + path: + type: ReplaceFullPath + replaceFullPath: /$2 + backendRefs: + - name: ##TF_VAR_prefix##-ui-service + port: 80 \ No newline at end of file diff --git a/option/oke/gateway.yaml b/option/oke/gateway.j2.yaml similarity index 52% rename from option/oke/gateway.yaml rename to option/oke/gateway.j2.yaml index 8f19459b..99b8b7f8 100644 --- a/option/oke/gateway.yaml +++ b/option/oke/gateway.j2.yaml @@ -1,8 +1,8 @@ apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: - name: my-gateway - namespace: test-gateway + name: oke-gateway + namespace: default annotations: # OCI specific annotation for Network Load Balancer (Layer 4) oci.oraclecloud.com/load-balancer-type: "nlb" @@ -14,4 +14,14 @@ spec: protocol: HTTP allowedRoutes: namespaces: - from: Same \ No newline at end of file + from: Same +{%- if tls == "new_http_01" %} + - name: https + port: 443 + protocol: HTTPS + hostname: ##TF_VAR_dns_name## + tls: + mode: Terminate + certificateRefs: + - name: ##TF_VAR_prefix##-tls-secret +{%- endif %} \ No newline at end of file diff --git a/option/src/app/python_mcp_server/mcp_server/k8s-httproute.j2.yaml b/option/src/app/python_mcp_server/mcp_server/k8s-httproute.j2.yaml new file mode 100644 index 00000000..214cad2f --- /dev/null +++ b/option/src/app/python_mcp_server/mcp_server/k8s-httproute.j2.yaml @@ -0,0 +1,25 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: ##TF_VAR_prefix##-mcp-server-route +spec: + parentRefs: + - name: oke-gateway +{%- if tls == "new_http_01" %} + hostnames: + - "##TF_VAR_dns_name##" +{%- endif %} + rules: + - matches: + - path: + type: RegularExpression + value: /##TF_VAR_prefix##/mcp_server(/|$)(.*) + filters: + - type: URLRewrite + urlRewrite: + path: + type: ReplaceFullPath + replaceFullPath: /$2 + backendRefs: + - name: ##TF_VAR_prefix##-mcp-server-service + port: 2025 \ No newline at end of file From d86e7ced3176bec698daf11a94d78fc73af42628 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 12:19:48 +0200 Subject: [PATCH 076/115] v5.0 --- basis/bin/auto_env.sh | 3 +-- basis/bin/config_oke.sh | 29 ++++++++++++++--------------- basis/bin/destroy_oke.sh | 4 ++-- basis/bin/shared_bash_function.sh | 6 +++--- basis/src/app/rest/k8s.j2.yaml | 2 +- 5 files changed, 21 insertions(+), 23 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index c5c9e06c..1a67c2fc 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -365,8 +365,7 @@ if [ -f $STATE_FILE ]; then if [ "$TF_VAR_deploy_type" == "kubernetes" ] || [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then # OKE if [ -f $KUBECONFIG ]; then - export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - export INGRESS_LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$TF_VAR_ingress_ip'") | .id'` + export TF_VAR_gateway_ip=$(kubectl get gateway oke-gateway -n default -o jsonpath='{.status.addresses[0].value}' 2>/dev/null) fi fi diff --git a/basis/bin/config_oke.sh b/basis/bin/config_oke.sh index fb9a06f1..c166713c 100755 --- a/basis/bin/config_oke.sh +++ b/basis/bin/config_oke.sh @@ -15,7 +15,7 @@ if [ ! -f $KUBECONFIG ]; then # Check if Gateway Controller is installed kubectl get gateway oke-gateway -n default if [ "$?" != "0" ]; then - # Deploy Latest ingress-nginx + # Deploy Latest istio-gateway kubectl create clusterrolebinding starter_clst_adm --clusterrole=cluster-admin --user=$TF_VAR_current_user_ocid echo "OKE Deploy: Role Binding created" @@ -35,17 +35,16 @@ if [ ! -f $KUBECONFIG ]; then STATUS=$(kubectl get pods -n istio-system -l app=istiod -o jsonpath='{.items[0].status.phase}' 2>/dev/null) if [ "$STATUS" = "Running" ]; then - echo "istiod is Running!" + echo "Istiod is Running ($ELAPSED secs)" break fi - ELAPSED=$((ELAPSED + 5 )) - if [ $ELAPSED -gt 300 ]; then - exit_error "Istiod not started after 300 secs" - fi - echo "Waiting 5 secs..." - sleep 5 + ELAPSED=$((ELAPSED + 5 )) + if [ $ELAPSED -gt 300 ]; then + exit_error "Istiod not started after 300 secs" + fi + echo "Waiting 5 secs..." + sleep 5 done - echo "Istiod is Running ($ELAPSED secs)" # Create a Gateway kubectl apply -f src/oke/gateway.yaml @@ -55,18 +54,18 @@ if [ ! -f $KUBECONFIG ]; then exit_on_error "Gateway not reacing Programmed State" # Get the IP - TF_VAR_ingress_ip=$(kubectl get gateway oke-gateway -n default -o jsonpath='{.status.addresses[0].value}' 2>/dev/null) - echo "Gateway ready: $TF_VAR_ingress_ip" + TF_VAR_gateway_ip=$(kubectl get gateway oke-gateway -n default -o jsonpath='{.status.addresses[0].value}' 2>/dev/null) + echo "Gateway ready: $TF_VAR_gateway_ip" else echo "OKE Deploy: Skipping creation of Gateway" fi fi -if ! grep -q "TF_VAR_ingress_ip" $TARGET_DIR/tf_env.sh; then - if [ "$TF_VAR_ingress_ip" == "" ]; then - export TF_VAR_ingress_ip=$(kubectl get gateway oke-gateway -n default -o jsonpath='{.status.addresses[0].value}' 2>/dev/null) +if ! grep -q "TF_VAR_gateway_ip" $TARGET_DIR/tf_env.sh; then + if [ "$TF_VAR_gateway_ip" == "" ]; then + export TF_VAR_gateway_ip=$(kubectl get gateway oke-gateway -n default -o jsonpath='{.status.addresses[0].value}' 2>/dev/null) fi - echo "export TF_VAR_ingress_ip=$TF_VAR_ingress_ip" >> $TARGET_DIR/tf_env.sh + echo "export TF_VAR_gateway_ip=$TF_VAR_gateway_ip" >> $TARGET_DIR/tf_env.sh fi # Create secrets diff --git a/basis/bin/destroy_oke.sh b/basis/bin/destroy_oke.sh index b10c4652..6117dea8 100755 --- a/basis/bin/destroy_oke.sh +++ b/basis/bin/destroy_oke.sh @@ -30,10 +30,10 @@ fi # The goal is to destroy all LoadBalancers created by OKE in OCI before to delete OKE. # # Delete all ingress, services -kubectl delete ingress,services --all +kubectl delete httproute,services --all # Delete the ingress controller -helm uninstall ingress-nginx --namespace ingress-nginx +# helm uninstall ingress-nginx --namespace ingress-nginx # kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml # Rename kubeconfig. Avoid to reuse if a new OKE is created for the same directory. diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 58907d76..0bfaf5a1 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -285,8 +285,8 @@ get_ui_url() { if [ ! -f $KUBECONFIG ]; then create_kubeconfig fi - export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - export UI_URL=http://${TF_VAR_ingress_ip}/${TF_VAR_prefix} + export TF_VAR_gateway_ip=$(kubectl get gateway oke-gateway -n default -o jsonpath='{.status.addresses[0].value}' 2>/dev/null) + export UI_URL=http://${TF_VAR_gateway_ip}/${TF_VAR_prefix} if [ "$TF_VAR_tls" != "" ] && [ "$TF_VAR_dns_name" != "" ]; then export UI_HTTP=$UI_URL export UI_URL=https://${TF_VAR_dns_name}/${TF_VAR_prefix} @@ -589,7 +589,7 @@ certificate_post_deploy() { echo "Skip: TLS - Kubernetes - HTTP_01" fi elif [ "$TF_VAR_deploy_type" == "kubernetes" ]; then - # Set the TF_VAR_ingress_ip + # Set the TF_VAR_gateway_ip get_ui_url $BIN_DIR/terraform_apply.sh --auto-approve -no-color exit_on_error "certificate_post_deploy - terraform apply" diff --git a/basis/src/app/rest/k8s.j2.yaml b/basis/src/app/rest/k8s.j2.yaml index a40a5397..ca5b982d 100644 --- a/basis/src/app/rest/k8s.j2.yaml +++ b/basis/src/app/rest/k8s.j2.yaml @@ -89,7 +89,7 @@ spec: name: tf-env-configmap key: TF_VAR_project_ocid - name: MCP_SERVER_URL - value: "http://##TF_VAR_ingress_ip##/##TF_VAR_prefix##/mcp_server/mcp" + value: "http://##TF_VAR_gateway_ip##/##TF_VAR_prefix##/mcp_server/mcp" {%- endif %} imagePullSecrets: - name: ocirsecret From ef8d2a7883fb48fe546ca71da03083e7584372b5 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 12:22:44 +0200 Subject: [PATCH 077/115] v5.0 --- basis/src/done.j2.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/basis/src/done.j2.sh b/basis/src/done.j2.sh index 93b4624f..107a9615 100755 --- a/basis/src/done.j2.sh +++ b/basis/src/done.j2.sh @@ -19,10 +19,10 @@ if [ "$UI_URL" != "" ]; then append_done "- HTTP : $UI_HTTP/" fi if [ "$TF_VAR_ui_type" == "langgraph" ]; then + append_done "- REST: $UI_URL/app/threads" + else append_done "- REST: $UI_URL/app/dept" append_done "- REST: $UI_URL/app/info" - else - append_done "- REST: $UI_URL/app/threads" fi {%- if language=="java" and java_framework=="tomcat" %} append_done "- REST: $UI_URL/app/index.jsp" From 6f45ab4acdf51ae7ff71a1e5850da5a7878f0a1e Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 12:25:08 +0200 Subject: [PATCH 078/115] v5.0 --- basis/src/app/rest/k8s.j2.yaml | 1 - basis/src/app/ui/k8s.yaml | 1 - option/src/app/apex/apex/k8s.j2.yaml | 1 - option/src/app/ords/rest/k8s.j2.yaml | 1 - option/src/app/python_mcp_server/mcp_server/k8s.j2.yaml | 1 - 5 files changed, 5 deletions(-) diff --git a/basis/src/app/rest/k8s.j2.yaml b/basis/src/app/rest/k8s.j2.yaml index ca5b982d..36f7f179 100644 --- a/basis/src/app/rest/k8s.j2.yaml +++ b/basis/src/app/rest/k8s.j2.yaml @@ -99,7 +99,6 @@ kind: Service metadata: name: {{ prefix }}-rest-service spec: - type: NodePort selector: app: {{ prefix }}-rest ports: diff --git a/basis/src/app/ui/k8s.yaml b/basis/src/app/ui/k8s.yaml index ffdc4013..1b7701ad 100644 --- a/basis/src/app/ui/k8s.yaml +++ b/basis/src/app/ui/k8s.yaml @@ -19,7 +19,6 @@ kind: Service metadata: name: ##TF_VAR_prefix##-ui-service spec: - type: NodePort selector: app: ##TF_VAR_prefix##-ui ports: diff --git a/option/src/app/apex/apex/k8s.j2.yaml b/option/src/app/apex/apex/k8s.j2.yaml index 70511fc5..67127216 100644 --- a/option/src/app/apex/apex/k8s.j2.yaml +++ b/option/src/app/apex/apex/k8s.j2.yaml @@ -3,7 +3,6 @@ apiVersion: v1 metadata: name: {{ prefix }}-app-service spec: - type: NodePort type: ExternalName externalName: ##ORDS_HOST## ports: diff --git a/option/src/app/ords/rest/k8s.j2.yaml b/option/src/app/ords/rest/k8s.j2.yaml index 0e4536d4..1e8d1ebd 100644 --- a/option/src/app/ords/rest/k8s.j2.yaml +++ b/option/src/app/ords/rest/k8s.j2.yaml @@ -3,7 +3,6 @@ apiVersion: v1 metadata: name: {{ prefix }}-rest-service spec: - type: NodePort type: ExternalName externalName: ##ORDS_HOST## ports: diff --git a/option/src/app/python_mcp_server/mcp_server/k8s.j2.yaml b/option/src/app/python_mcp_server/mcp_server/k8s.j2.yaml index a20af44f..4a729480 100644 --- a/option/src/app/python_mcp_server/mcp_server/k8s.j2.yaml +++ b/option/src/app/python_mcp_server/mcp_server/k8s.j2.yaml @@ -60,7 +60,6 @@ kind: Service metadata: name: {{ prefix }}-mcp-server-service spec: - type: NodePort selector: app: {{ prefix }}-mcp-server ports: From 73c9097a0f86f5c168d19173073638a6b58ad796 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 14:57:02 +0200 Subject: [PATCH 079/115] v5.0 --- basis/bin/auto_env.sh | 2 +- basis/bin/compute/shared_compute.sh | 9 +++++++++ basis/bin/config_oke.sh | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 1a67c2fc..b47c88b5 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -365,7 +365,7 @@ if [ -f $STATE_FILE ]; then if [ "$TF_VAR_deploy_type" == "kubernetes" ] || [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then # OKE if [ -f $KUBECONFIG ]; then - export TF_VAR_gateway_ip=$(kubectl get gateway oke-gateway -n default -o jsonpath='{.status.addresses[0].value}' 2>/dev/null) + oke_get_gateway_ip fi fi diff --git a/basis/bin/compute/shared_compute.sh b/basis/bin/compute/shared_compute.sh index 4744a99e..5eb1b052 100755 --- a/basis/bin/compute/shared_compute.sh +++ b/basis/bin/compute/shared_compute.sh @@ -542,6 +542,15 @@ oke_deploy_app() { } export -f oke_deploy_app +# -- oke_get_gateway_ip ----------------------------------------------------- + +oke_get_gateway_ip() { + if [ "$TF_VAR_gateway_ip" == "" ]; then + export TF_VAR_gateway_ip=$(kubectl get gateway oke-gateway -n default -o json | jq -r '.status.addresses[].value | select(startswith("10.") | not)') + fi +} +export -f oke_get_gateway_ip + # -- is_deploy_compute ------------------------------------------------------ is_deploy_compute() { if [ "$TF_VAR_deploy_type" == "public_compute" ] || [ "$TF_VAR_deploy_type" == "private_compute" ] || [ "$TF_VAR_deploy_type" == "instance_pool" ]; then diff --git a/basis/bin/config_oke.sh b/basis/bin/config_oke.sh index c166713c..4a0c0392 100755 --- a/basis/bin/config_oke.sh +++ b/basis/bin/config_oke.sh @@ -54,7 +54,7 @@ if [ ! -f $KUBECONFIG ]; then exit_on_error "Gateway not reacing Programmed State" # Get the IP - TF_VAR_gateway_ip=$(kubectl get gateway oke-gateway -n default -o jsonpath='{.status.addresses[0].value}' 2>/dev/null) + oke_get_gateway_ip echo "Gateway ready: $TF_VAR_gateway_ip" else echo "OKE Deploy: Skipping creation of Gateway" From 8b2920ad17f3636b9551c829a43a7503b37bc711 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 14:58:10 +0200 Subject: [PATCH 080/115] v5.0 --- basis/bin/config_oke.sh | 4 +--- basis/bin/shared_bash_function.sh | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/basis/bin/config_oke.sh b/basis/bin/config_oke.sh index 4a0c0392..5b383b82 100755 --- a/basis/bin/config_oke.sh +++ b/basis/bin/config_oke.sh @@ -62,9 +62,7 @@ if [ ! -f $KUBECONFIG ]; then fi if ! grep -q "TF_VAR_gateway_ip" $TARGET_DIR/tf_env.sh; then - if [ "$TF_VAR_gateway_ip" == "" ]; then - export TF_VAR_gateway_ip=$(kubectl get gateway oke-gateway -n default -o jsonpath='{.status.addresses[0].value}' 2>/dev/null) - fi + oke_get_gateway_ip echo "export TF_VAR_gateway_ip=$TF_VAR_gateway_ip" >> $TARGET_DIR/tf_env.sh fi diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 0bfaf5a1..36e7318c 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -285,7 +285,7 @@ get_ui_url() { if [ ! -f $KUBECONFIG ]; then create_kubeconfig fi - export TF_VAR_gateway_ip=$(kubectl get gateway oke-gateway -n default -o jsonpath='{.status.addresses[0].value}' 2>/dev/null) + oke_get_gateway_ip export UI_URL=http://${TF_VAR_gateway_ip}/${TF_VAR_prefix} if [ "$TF_VAR_tls" != "" ] && [ "$TF_VAR_dns_name" != "" ]; then export UI_HTTP=$UI_URL From 36ab21f1050fa42f32ab435d1b914f0b0e08e39a Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 18:04:27 +0200 Subject: [PATCH 081/115] v5.0 --- basis/src/app/rest/k8s-httproute.j2.yaml | 27 +++++++++++-------- basis/src/app/ui/k8s-httproute.j2.yaml | 12 ++++----- .../mcp_server/k8s-httproute.j2.yaml | 8 +++--- 3 files changed, 26 insertions(+), 21 deletions(-) diff --git a/basis/src/app/rest/k8s-httproute.j2.yaml b/basis/src/app/rest/k8s-httproute.j2.yaml index 8f390c47..ae822d82 100644 --- a/basis/src/app/rest/k8s-httproute.j2.yaml +++ b/basis/src/app/rest/k8s-httproute.j2.yaml @@ -12,8 +12,8 @@ spec: rules: - matches: - path: - type: RegularExpression - value: /##TF_VAR_prefix##/app(/|$)(.*) + type: PathPrefix + value: /##TF_VAR_prefix##/app filters: {%- if language in [ "apex", "ords" ] %} - type: RequestHeaderModifier @@ -22,32 +22,37 @@ spec: - name: Host value: ##ORDS_HOST## {%- endif %} + {%- if language == "apex" %} - type: URLRewrite urlRewrite: path: - type: ReplaceFullPath - replaceFullPath: /ords/r/apex_app/apex_app/$2 - + type: ReplacePrefixMatch + replacePrefixMatch: /ords/r/apex_app/apex_app + {%- elif language == "ords" %} - type: URLRewrite urlRewrite: path: - type: ReplaceFullPath - replaceFullPath: /ords/starter/module/$2 + type: ReplacePrefixMatch + replacePrefixMatch: /ords/starter/module + {%- elif language == "java" and java_framework == "tomcat" %} - type: URLRewrite urlRewrite: path: - type: ReplaceFullPath - replaceFullPath: /starter-1.0/$2 + type: ReplacePrefixMatch + replacePrefixMatch: /starter-1.0 + {%- else %} - type: URLRewrite urlRewrite: path: - type: ReplaceFullPath - replaceFullPath: /$2 + type: ReplacePrefixMatch + replacePrefixMatch: / + {%- endif %} + backendRefs: - name: ##TF_VAR_prefix##-rest-service port: diff --git a/basis/src/app/ui/k8s-httproute.j2.yaml b/basis/src/app/ui/k8s-httproute.j2.yaml index 6e5ad4f7..3d354d3f 100644 --- a/basis/src/app/ui/k8s-httproute.j2.yaml +++ b/basis/src/app/ui/k8s-httproute.j2.yaml @@ -18,15 +18,15 @@ spec: rules: - matches: - path: - type: RegularExpression - value: /##TF_VAR_prefix##(/|$)(.*) - + type: PathPrefix + value: /##TF_VAR_prefix## filters: - type: URLRewrite urlRewrite: path: - type: ReplaceFullPath - replaceFullPath: /$2 + type: ReplacePrefixMatch + replacePrefixMatch: / backendRefs: - name: ##TF_VAR_prefix##-ui-service - port: 80 \ No newline at end of file + port: 80 + diff --git a/option/src/app/python_mcp_server/mcp_server/k8s-httproute.j2.yaml b/option/src/app/python_mcp_server/mcp_server/k8s-httproute.j2.yaml index 214cad2f..1c01fe81 100644 --- a/option/src/app/python_mcp_server/mcp_server/k8s-httproute.j2.yaml +++ b/option/src/app/python_mcp_server/mcp_server/k8s-httproute.j2.yaml @@ -12,14 +12,14 @@ spec: rules: - matches: - path: - type: RegularExpression - value: /##TF_VAR_prefix##/mcp_server(/|$)(.*) + type: PathPrefix + value: /##TF_VAR_prefix##/mcp_server filters: - type: URLRewrite urlRewrite: path: - type: ReplaceFullPath - replaceFullPath: /$2 + type: ReplacePrefixMatch + replacePrefixMatch: / backendRefs: - name: ##TF_VAR_prefix##-mcp-server-service port: 2025 \ No newline at end of file From 3e484405eeffe8ec8efab59482b74174bc0d755f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 18:16:46 +0200 Subject: [PATCH 082/115] v5.0 --- basis/bin/compute/rebuild.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/compute/rebuild.sh b/basis/bin/compute/rebuild.sh index 543a6f42..eada64bd 100755 --- a/basis/bin/compute/rebuild.sh +++ b/basis/bin/compute/rebuild.sh @@ -23,7 +23,7 @@ for APP_DIR in `app_dir_list`; do # Build in bastion $APP_NAME/build.sh fi - if [ "APP_NAME" == "db" ]; then + if [ "$APP_NAME" == "db" ]; then # Database title "Rebuild - $APP_NAME: Install" ${APP_DIR}/install.sh From aaede49cb533a4573efda6558d34d2f8e353bbce Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 18:23:19 +0200 Subject: [PATCH 083/115] v5.0 --- test_suite/test_suite.sh | 439 ++++++++++++++++++++------------------- 1 file changed, 222 insertions(+), 217 deletions(-) diff --git a/test_suite/test_suite.sh b/test_suite/test_suite.sh index 048a2cca..cb1ad0b2 100755 --- a/test_suite/test_suite.sh +++ b/test_suite/test_suite.sh @@ -6,170 +6,170 @@ export TEST_HOME=$SCRIPT_DIR/test_group_all export BUILD_COUNT=1 loop_ui() { - if [ "$OPTION_LANG" == "php" ]; then - OPTION_UI=php - build_option - elif [ "$OPTION_LANG" == "apex" ]; then - OPTION_UI=apex - build_option - else - OPTION_UI=html - build_option - # Test all the UIs with ORDS only - if [ "$OPTION_DEPLOY" == "kubernetes" ] && [ "$OPTION_LANG" == "ords" ]; then - OPTION_UI=reactjs - build_option - OPTION_UI=angular - build_option - OPTION_UI=jet - build_option - fi - if [ "$OPTION_JAVA_FRAMEWORK" == "tomcat" ]; then - OPTION_UI=jsp - build_option - fi - if [ "$OPTION_LANG" == "node" ] && [ "$OPTION_DB" == "atp" ]; then - OPTION_UI=api - build_option - fi - fi + if [ "$OPTION_LANG" == "php" ]; then + OPTION_UI=php + build_option + elif [ "$OPTION_LANG" == "apex" ]; then + OPTION_UI=apex + build_option + else + OPTION_UI=html + build_option + # Test all the UIs with ORDS only + if [ "$OPTION_DEPLOY" == "kubernetes" ] && [ "$OPTION_LANG" == "ords" ]; then + OPTION_UI=reactjs + build_option + OPTION_UI=angular + build_option + OPTION_UI=jet + build_option + fi + if [ "$OPTION_JAVA_FRAMEWORK" == "tomcat" ]; then + OPTION_UI=jsp + build_option + fi + if [ "$OPTION_LANG" == "node" ] && [ "$OPTION_DB" == "atp" ]; then + OPTION_UI=api + build_option + fi + fi } loop_shape() { - if [ `arch` == "aarch64" ]; then - OPTION_SHAPE=ampere - loop_ui - else - OPTION_SHAPE=amd - loop_ui - fi + if [ `arch` == "aarch64" ]; then + OPTION_SHAPE=ampere + loop_ui + else + OPTION_SHAPE=amd + loop_ui + fi } loop_db() { - if [ "$OPTION_DEPLOY" != "instance_pool" ] ; then - # OPTION_DB=database - # loop_ui - OPTION_DB=atp - loop_shape - OPTION_DB=psql - loop_shape - OPTION_DB=mysql - loop_shape - OPTION_DB=opensearch + if [ "$OPTION_DEPLOY" != "instance_pool" ] ; then + # OPTION_DB=database + # loop_ui + OPTION_DB=atp + loop_shape + OPTION_DB=psql + loop_shape + OPTION_DB=mysql + loop_shape + OPTION_DB=opensearch + loop_shape + # NoSQL has no PHP Support + if [ "$OPTION_LANG" != "php" ]; then + OPTION_DB=nosql + loop_shape + fi + fi + OPTION_DB=none loop_shape - # NoSQL has no PHP Support - if [ "$OPTION_LANG" != "php" ]; then - OPTION_DB=nosql - loop_shape - fi - fi - OPTION_DB=none - loop_shape - # Build Host Bastion - if [ "$OPTION_DEPLOY" == "public_compute" ] || [ "$OPTION_DEPLOY" == "kubernetes" ]; then - OPTION_BUILD_HOST=bastion - OPTION_DB=atp - loop_shape - OPTION_BUILD_HOST=terraform - fi -} + # Build Host Bastion + if [ "$OPTION_DEPLOY" == "public_compute" ] || [ "$OPTION_DEPLOY" == "kubernetes" ]; then + OPTION_BUILD_HOST=bastion + OPTION_DB=atp + loop_shape + OPTION_BUILD_HOST=terraform + fi + } -loop_java_vm() { - OPTION_JAVA_VM=jdk - loop_db - if [ "$OPTION_JAVA_FRAMEWORK" == "springboot" ] ; then - OPTION_JAVA_VM=graalvm + loop_java_vm() { + OPTION_JAVA_VM=jdk loop_db - fi + if [ "$OPTION_JAVA_FRAMEWORK" == "springboot" ] ; then + OPTION_JAVA_VM=graalvm + loop_db + fi - if [ -n "$TEST_GRAALVM_NATIVE" ] && [ "$OPTION_JAVA_FRAMEWORK" != "tomcat" ] ; then - if [ "$OPTION_DEPLOY" == "private_compute" ] || [ "$OPTION_DEPLOY" == "kubernetes" ]; then - OPTION_JAVA_VM=graalvm-native - loop_db - fi - fi + if [ -n "$TEST_GRAALVM_NATIVE" ] && [ "$OPTION_JAVA_FRAMEWORK" != "tomcat" ] ; then + if [ "$OPTION_DEPLOY" == "private_compute" ] || [ "$OPTION_DEPLOY" == "kubernetes" ]; then + OPTION_JAVA_VM=graalvm-native + loop_db + fi + fi } loop_java_framework () { - OPTION_JAVA_FRAMEWORK=springboot - loop_java_vm - OPTION_JAVA_FRAMEWORK=helidon - loop_java_vm - OPTION_JAVA_FRAMEWORK=micronaut - loop_java_vm - OPTION_JAVA_VM=jdk - OPTION_JAVA_FRAMEWORK=tomcat - loop_db - # Reset the value to default - OPTION_JAVA_FRAMEWORK=springboot + OPTION_JAVA_FRAMEWORK=springboot + loop_java_vm + OPTION_JAVA_FRAMEWORK=helidon + loop_java_vm + OPTION_JAVA_FRAMEWORK=micronaut + loop_java_vm + OPTION_JAVA_VM=jdk + OPTION_JAVA_FRAMEWORK=tomcat + loop_db + # Reset the value to default + OPTION_JAVA_FRAMEWORK=springboot } loop_lang () { - OPTION_LANG=java - OPTION_JAVA_VM=jdk - if [ "$OPTION_DEPLOY" == "function" ]; then - # Dummy value, not used - OPTION_JAVA_FRAMEWORK=helidon + OPTION_LANG=java + OPTION_JAVA_VM=jdk + if [ "$OPTION_DEPLOY" == "function" ]; then + # Dummy value, not used + OPTION_JAVA_FRAMEWORK=helidon + loop_db + else + loop_java_framework + fi + # OCI Function has no PHP support + if [ "$OPTION_DEPLOY" != "function" ]; then + OPTION_LANG=php + loop_db + fi + if [ "$OPTION_DEPLOY" == "private_compute" ]; then + OPTION_LANG=apex + OPTION_DB=atp + loop_shape + OPTION_DB=database + loop_shape + fi + OPTION_LANG=go + loop_db + OPTION_LANG=node loop_db - else - loop_java_framework - fi - # OCI Function has no PHP support - if [ "$OPTION_DEPLOY" != "function" ]; then - OPTION_LANG=php + OPTION_LANG=python + OPTION_PYTHON_FRAMEWORK=fastapi loop_db - fi - if [ "$OPTION_DEPLOY" == "private_compute" ]; then - OPTION_LANG=apex - OPTION_DB=atp - loop_shape - OPTION_DB=database - loop_shape - fi - OPTION_LANG=go - loop_db - OPTION_LANG=node - loop_db - OPTION_LANG=python - OPTION_PYTHON_FRAMEWORK=fastapi - loop_db - if [ "$OPTION_DEPLOY" != "function" ]; then - OPTION_PYTHON_FRAMEWORK=langgraph + if [ "$OPTION_DEPLOY" != "function" ]; then + OPTION_PYTHON_FRAMEWORK=langgraph + OPTION_DB=atp + loop_ui + OPTION_PYTHON_FRAMEWORK=responses + loop_ui + OPTION_PYTHON_FRAMEWORK=fastapi + fi + OPTION_LANG=dotnet + loop_db + # XXXX ORDS works only with ATP (DBSystems is not test/done) + OPTION_LANG=ords OPTION_DB=atp loop_ui - OPTION_PYTHON_FRAMEWORK=responses - loop_ui - OPTION_PYTHON_FRAMEWORK=fastapi - fi - OPTION_LANG=dotnet - loop_db - # XXXX ORDS works only with ATP (DBSystems is not test/done) - OPTION_LANG=ords - OPTION_DB=atp - loop_ui } loop_compute_other() { - # Public compute / LiveLabs Green Button - OPTION_SHAPE=amd - OPTION_LANG=java - OPTION_JAVA_VM=jdk - OPTION_JAVA_FRAMEWORK=springboot - OPTION_DEPLOY=public_compute - OPTION_UI=html - OPTION_DB=db_free - build_option - OPTION_DB=mysql - build_option + # Public compute / LiveLabs Green Button + OPTION_SHAPE=amd + OPTION_LANG=java + OPTION_JAVA_VM=jdk + OPTION_JAVA_FRAMEWORK=springboot + OPTION_DEPLOY=public_compute + OPTION_UI=html + OPTION_DB=db_free + build_option + OPTION_DB=mysql + build_option - # Resource Manager - OPTION_DEPLOY=private_compute - OPTION_DB_INSTALL=default - OPTION_DB=atp - OPTION_INFRA_AS_CODE=resource_manager - build_option - OPTION_INFRA_AS_CODE=terraform_local + # Resource Manager + OPTION_DEPLOY=private_compute + OPTION_DB_INSTALL=default + OPTION_DB=atp + OPTION_INFRA_AS_CODE=resource_manager + build_option + OPTION_INFRA_AS_CODE=terraform_local # From Resource Manager # OPTION_INFRA_AS_CODE=from_resource_manager @@ -185,110 +185,115 @@ loop_compute_other() { # build_option # OPTION_INFRA_AS_CODE=terraform_local - # Pluggable DB - OPTION_DB=pdb - build_option + # Pluggable DB + OPTION_DB=pdb + build_option - # Helidon 4 - OPTION_JAVA_FRAMEWORK=helidon4 - OPTION_DB=atp - build_option + # Helidon 4 + OPTION_JAVA_FRAMEWORK=helidon4 + OPTION_DB=atp + build_option - # Java Compute ATP / No Compartment - # XXX Not possible in tenancy XXX + # Java Compute ATP / No Compartment + # XXX Not possible in tenancy XXX } loop_tls_deploy() { - # Maybe remove one compute when all is working - OPTION_DEPLOY=public_compute - build_option - OPTION_DEPLOY=private_compute - build_option - OPTION_DEPLOY=kubernetes - build_option - OPTION_DEPLOY=instance_pool - build_option - OPTION_DEPLOY=container_instance - build_option - OPTION_DEPLOY=function - build_option + # Maybe remove one compute when all is working + OPTION_DEPLOY=public_compute + build_option + OPTION_DEPLOY=private_compute + build_option + OPTION_DEPLOY=kubernetes + build_option + OPTION_DEPLOY=instance_pool + build_option + OPTION_DEPLOY=container_instance + build_option + OPTION_DEPLOY=function + build_option } loop_tls() { - # TLS - OPTION_GROUP_NAME=none - OPTION_LANG=java - OPTION_JAVA_VM=jdk - OPTION_JAVA_FRAMEWORK=springboot - OPTION_UI=html - OPTION_DB=none - OPTION_TLS=existing_dir - loop_tls_deploy - # existing_ocid is part of existing_dir + # TLS + OPTION_GROUP_NAME=none + OPTION_LANG=java + OPTION_JAVA_VM=jdk + OPTION_JAVA_FRAMEWORK=springboot + OPTION_UI=html + OPTION_DB=none + OPTION_TLS=existing_dir + loop_tls_deploy + # existing_ocid is part of existing_dir - OPTION_DEPLOY=public_compute - OPTION_TLS=new_http_01 - build_option - OPTION_DB_INSTALL=default + OPTION_DEPLOY=public_compute + OPTION_TLS=new_http_01 + build_option + OPTION_DB_INSTALL=default - OPTION_TLS=new_http_01 - OPTION_DEPLOY=kubernetes - build_option + OPTION_TLS=new_http_01 + OPTION_DEPLOY=kubernetes + build_option - OPTION_TLS=new_dns_01 - OPTION_DEPLOY=container_instance - build_option + OPTION_TLS=new_dns_01 + OPTION_DEPLOY=container_instance + build_option - OPTION_GROUP_NAME=dummy - OPTION_TLS=none + OPTION_GROUP_NAME=dummy + OPTION_TLS=none } loop_deploy() { - # Maybe remove one compute type when all is working - OPTION_DEPLOY=public_compute - loop_lang - OPTION_DEPLOY=private_compute - loop_compute_other - loop_lang - OPTION_DEPLOY=kubernetes - loop_lang - OPTION_DEPLOY=instance_pool - OPTION_LANG=java - OPTION_JAVA_FRAMEWORK=springboot - OPTION_DB=atp - loop_shape - OPTION_DEPLOY=container_instance - loop_lang - OPTION_DEPLOY=function - loop_lang + # Maybe remove one compute type when all is working + OPTION_DEPLOY=public_compute + loop_lang + OPTION_DEPLOY=private_compute + loop_compute_other + loop_lang + OPTION_DEPLOY=kubernetes + loop_lang + OPTION_DEPLOY=instance_pool + OPTION_LANG=java + OPTION_JAVA_FRAMEWORK=springboot + OPTION_DB=atp + loop_shape + OPTION_DEPLOY=container_instance + loop_lang + OPTION_DEPLOY=function + loop_lang - loop_tls + loop_tls } generate_only() { - if [ -d $TEST_HOME ]; then - echo "$TEST_HOME directory detected" - else - echo "ERROR: $TEST_HOME does not exist" - exit - fi - rm -rf $TEST_HOME/compute $TEST_HOME/kubernetes $TEST_HOME/container_instance $TEST_HOME/function - export GENERATE_ONLY=true + if [ -d $TEST_HOME ]; then + echo "$TEST_HOME directory detected" + else + echo "ERROR: $TEST_HOME does not exist" + exit + fi + rm -rf $TEST_HOME/compute $TEST_HOME/kubernetes $TEST_HOME/container_instance $TEST_HOME/function + export GENERATE_ONLY=true } if [ "$PROJECT_DIR" != "" ]; then - echo "ERROR: PROJECT_DIR set. Exiting." - exit 1 + echo "ERROR: PROJECT_DIR set. Exiting." + exit 1 fi if [ -d $TEST_HOME ]; then - pre_git_refresh - if [ ! -f ${TEST_HOME}/group_common_env.sh ]; then - echo "ERROR: ${TEST_HOME}/group_common_env.sh not detected" - exit - fi + pre_git_refresh + while [ ! -f "${TEST_HOME}/group_common_env.sh" ] && [ $ELAPSED -lt 600 ]; do + echo "Waiting 10 secs that group_common_env.sh is available." + sleep 10 + ELAPSED=$((ELAPSED + 10)) + done + if [ ! -f "${TEST_HOME}/group_common_env.sh" ]; then + echo "ERROR: ${TEST_HOME}/group_common_env.sh not detected after 600 secs" + exit 1 + fi else - pre_test_suite + pre_test_suite fi # generate_only cd $TEST_HOME From 958796d424d8dfc25e8b192011718e7cab045a1e Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 18:24:50 +0200 Subject: [PATCH 084/115] v5.0 --- test_suite/test_suite.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test_suite/test_suite.sh b/test_suite/test_suite.sh index cb1ad0b2..5e8cac55 100755 --- a/test_suite/test_suite.sh +++ b/test_suite/test_suite.sh @@ -282,7 +282,7 @@ if [ "$PROJECT_DIR" != "" ]; then fi if [ -d $TEST_HOME ]; then - pre_git_refresh + ELAPSED=0 while [ ! -f "${TEST_HOME}/group_common_env.sh" ] && [ $ELAPSED -lt 600 ]; do echo "Waiting 10 secs that group_common_env.sh is available." sleep 10 @@ -292,6 +292,8 @@ if [ -d $TEST_HOME ]; then echo "ERROR: ${TEST_HOME}/group_common_env.sh not detected after 600 secs" exit 1 fi + + pre_git_refresh else pre_test_suite fi From d50d246a3e0160d02af22f465bd448d4f42592c0 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 18:28:45 +0200 Subject: [PATCH 085/115] v5.0 --- test_suite/test_suite.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test_suite/test_suite.sh b/test_suite/test_suite.sh index 5e8cac55..ddc1601d 100755 --- a/test_suite/test_suite.sh +++ b/test_suite/test_suite.sh @@ -283,13 +283,13 @@ fi if [ -d $TEST_HOME ]; then ELAPSED=0 - while [ ! -f "${TEST_HOME}/group_common_env.sh" ] && [ $ELAPSED -lt 600 ]; do + while [ ! -f "${TEST_HOME}/group_common_env.sh" ] && [ $ELAPSED -lt 1200 ]; do echo "Waiting 10 secs that group_common_env.sh is available." sleep 10 ELAPSED=$((ELAPSED + 10)) done if [ ! -f "${TEST_HOME}/group_common_env.sh" ]; then - echo "ERROR: ${TEST_HOME}/group_common_env.sh not detected after 600 secs" + echo "ERROR: ${TEST_HOME}/group_common_env.sh not detected after 1200 secs" exit 1 fi From 4d797544798b66701cbb86909e7c71c1e890921d Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 18:29:52 +0200 Subject: [PATCH 086/115] v5.0 --- test_suite/test_suite.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test_suite/test_suite.sh b/test_suite/test_suite.sh index ddc1601d..db75ae2b 100755 --- a/test_suite/test_suite.sh +++ b/test_suite/test_suite.sh @@ -283,13 +283,13 @@ fi if [ -d $TEST_HOME ]; then ELAPSED=0 - while [ ! -f "${TEST_HOME}/group_common_env.sh" ] && [ $ELAPSED -lt 1200 ]; do + while [ ! -f "${TEST_HOME}/group_common_env.sh" ] && [ $ELAPSED -lt 1800 ]; do echo "Waiting 10 secs that group_common_env.sh is available." sleep 10 ELAPSED=$((ELAPSED + 10)) done if [ ! -f "${TEST_HOME}/group_common_env.sh" ]; then - echo "ERROR: ${TEST_HOME}/group_common_env.sh not detected after 1200 secs" + echo "ERROR: ${TEST_HOME}/group_common_env.sh not detected after 1800 secs" exit 1 fi From 1b8146da144727d42227176555d8b2d3c519f226 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 18:36:56 +0200 Subject: [PATCH 087/115] v5.0 --- option/terraform/oke.j2.tf | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 7e606b20..5b8bf68e 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -72,6 +72,7 @@ locals { #---------------------------------------------------------------------------- # SECURITY LISTS +# See: https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengnetworkconfigexample.htm resource "oci_core_security_list" "starter_seclist_lb" { compartment_id = local.lz_network_cmp_ocid @@ -233,6 +234,18 @@ resource "oci_core_security_list" "starter_seclist_node" { } } + ingress_security_rules { + description = "Allow load balancer to communicate with kube-proxy on worker nodes." + protocol = "6" + source = "0.0.0.0/0" + source_type = "CIDR_BLOCK" + stateless = "false" + tcp_options { + min = "10256" + max = "10256" + } + } + freeform_tags = local.freeform_tags } From adb3ae85c67d4f4918d9effac87a6834b1e77eb1 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 28 Apr 2026 18:38:31 +0200 Subject: [PATCH 088/115] v5.0 --- test_suite/test_suite.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test_suite/test_suite.sh b/test_suite/test_suite.sh index db75ae2b..1d23cad3 100755 --- a/test_suite/test_suite.sh +++ b/test_suite/test_suite.sh @@ -283,13 +283,13 @@ fi if [ -d $TEST_HOME ]; then ELAPSED=0 - while [ ! -f "${TEST_HOME}/group_common_env.sh" ] && [ $ELAPSED -lt 1800 ]; do + while [ ! -f "${TEST_HOME}/group_common_env.sh" ] && [ $ELAPSED -lt 3600 ]; do echo "Waiting 10 secs that group_common_env.sh is available." sleep 10 ELAPSED=$((ELAPSED + 10)) done if [ ! -f "${TEST_HOME}/group_common_env.sh" ]; then - echo "ERROR: ${TEST_HOME}/group_common_env.sh not detected after 1800 secs" + echo "ERROR: ${TEST_HOME}/group_common_env.sh not detected after 3600 secs" exit 1 fi From 9678f24734d098296732f77486f2a4529273ba57 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 08:56:19 +0200 Subject: [PATCH 089/115] v5.0 --- option/terraform/oke.j2.tf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 5b8bf68e..51d4cd7a 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -43,7 +43,8 @@ locals { for v in data.oci_containerengine_cluster_option.starter_cluster_option.kubernetes_versions : v if !endswith(v, ".0") ] - oke_latest_stable_version=local.oke_stable_versions[length(local.oke_stable_versions)-1] + # oke_latest_stable_version=local.oke_stable_versions[length(local.oke_stable_versions)-1] + # oke_latest_stable_version=local.oke_stable_versions[length(local.oke_stable_versions)-1] } data "oci_containerengine_node_pool_option" "starter_node_pool_option" { @@ -254,7 +255,7 @@ resource "oci_core_security_list" "starter_seclist_node" { resource oci_core_security_list starter_seclist_api { compartment_id = local.lz_network_cmp_ocid vcn_id = data.oci_core_vcn.starter_vcn.id - display_name = "${var.prefix}-seclist-node" + display_name = "${var.prefix}-seclist-api" egress_security_rules { description = "Allow Kubernetes Control Plane to communicate with OKE" @@ -352,7 +353,7 @@ resource "oci_core_subnet" "starter_lb_subnet" { # Provider code tries to maintain compatibility with old versions. # security_list_ids = [data.oci_core_vcn.starter_vcn.default_security_list_id, oci_core_security_list.starter_security_list.id] - security_list_ids = [data.oci_core_vcn.starter_vcn.default_security_list_id] + security_list_ids = [data.oci_core_vcn.starter_vcn.default_security_list_id,oci_core_security_list.starter_seclist_lb.id] display_name = "${var.prefix}-oke-lb-subnet" route_table_id = data.oci_core_vcn.starter_vcn.default_route_table_id From 265e0bbbdf2da0c0545b4ba87d07f5e1018eb4df Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 10:40:07 +0200 Subject: [PATCH 090/115] v5.0 --- option/terraform/oke.j2.tf | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 51d4cd7a..4008e463 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -37,16 +37,6 @@ data "oci_containerengine_cluster_option" "starter_cluster_option" { cluster_option_id = "all" } -# Do not use versions ending with .0 (K8s Preview versions) -locals { - oke_stable_versions = [ - for v in data.oci_containerengine_cluster_option.starter_cluster_option.kubernetes_versions : v - if !endswith(v, ".0") - ] - # oke_latest_stable_version=local.oke_stable_versions[length(local.oke_stable_versions)-1] - # oke_latest_stable_version=local.oke_stable_versions[length(local.oke_stable_versions)-1] -} - data "oci_containerengine_node_pool_option" "starter_node_pool_option" { node_pool_option_id = "all" } @@ -63,6 +53,30 @@ data "oci_core_images" "shape_specific_images" { } locals { + oke_stable_versions = [ + for v in data.oci_containerengine_cluster_option.starter_cluster_option.kubernetes_versions : v + if !endswith(v, ".0") + ] + oke_latest_stable_version=local.oke_stable_versions[length(local.oke_stable_versions)-1] + k8s_version = replace(local.oke_latest_stable_version, "v", "") + + // Does not work for ARM64... XXXXXXXX + oke_images = [ + for s in oke_stable_versions : s + if !can(regex("aarch64|GPU", s.sourceName)) + && can(regex("OKE-${local.k8s_version}", s.sourceName)) + ] + + oke_image_id = element( + [ + for s in sort(local.oke_images[*].sourceName) : + one([for x in local.oke_images : x.imageId if x.sourceName == s]) + ], + length(local.oke_images) - 1 + ) + + latest_image_id = length(local.matching_images) > 0 ? local.matching_images[0].image_id : data.oci_core_images.oraclelinux.images.0.id + # all_images = "${data.oci_core_images.shape_specific_images.images}" # all_sources = "${data.oci_containerengine_node_pool_option.starter_node_pool_option.sources}" # compartment_images = [for image in local.all_images : image.id if length(regexall("Oracle-Linux-[0-9]*.[0-9]*-20[0-9]*",image.display_name)) > 0 ] From 1cafb12409f21ad321355713fcc9336d65ce7be9 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 10:40:37 +0200 Subject: [PATCH 091/115] v5.0 --- option/terraform/oke.j2.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 4008e463..2bc8e2e2 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -84,6 +84,10 @@ locals { # image_id = tolist(setintersection( toset(local.compartment_images), toset(local.oracle_linux_images)))[0] image_id = data.oci_core_images.oraclelinux.images.0.id } + +output latest_image_id { + value=local.latest_image_id +} #---------------------------------------------------------------------------- # SECURITY LISTS From dba9b08f79cb8f84a356fb2d04b063034eb869e6 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 10:55:03 +0200 Subject: [PATCH 092/115] v5.0 --- option/terraform/oke.j2.tf | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 2bc8e2e2..c08b1e91 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -67,15 +67,13 @@ locals { && can(regex("OKE-${local.k8s_version}", s.sourceName)) ] - oke_image_id = element( + oke_image_id = length(local.oke_images) > 0 ? element( [ for s in sort(local.oke_images[*].sourceName) : one([for x in local.oke_images : x.imageId if x.sourceName == s]) ], length(local.oke_images) - 1 - ) - - latest_image_id = length(local.matching_images) > 0 ? local.matching_images[0].image_id : data.oci_core_images.oraclelinux.images.0.id + ) : data.oci_core_images.oraclelinux.images.0.id # all_images = "${data.oci_core_images.shape_specific_images.images}" # all_sources = "${data.oci_containerengine_node_pool_option.starter_node_pool_option.sources}" From 094f3f93baa2702a947f656fb903167b22d685db Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 11:29:43 +0200 Subject: [PATCH 093/115] v5.0 --- option/terraform/oke.j2.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index c08b1e91..635fd339 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -83,8 +83,8 @@ locals { image_id = data.oci_core_images.oraclelinux.images.0.id } -output latest_image_id { - value=local.latest_image_id +output oke_image_id { + value=local.oke_image_id } #---------------------------------------------------------------------------- From 5c6441f98b254d394c3e3843328e7a8719d1e7d2 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 12:47:21 +0200 Subject: [PATCH 094/115] v5.0 --- option/terraform/oke.j2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 635fd339..055b0989 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -62,7 +62,7 @@ locals { // Does not work for ARM64... XXXXXXXX oke_images = [ - for s in oke_stable_versions : s + for s in local.oke_stable_versions : s if !can(regex("aarch64|GPU", s.sourceName)) && can(regex("OKE-${local.k8s_version}", s.sourceName)) ] From bccd215072b1b402a12cdcbd95c019426eb12cd6 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 13:52:06 +0200 Subject: [PATCH 095/115] v5.0 --- option/terraform/oke.j2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 055b0989..7f5bc25c 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -470,7 +470,7 @@ resource "oci_containerengine_node_pool" "starter_node_pool" { node_source_details { #Required - image_id = local.image_id + image_id = local.oke_image_id source_type = "IMAGE" } From 47d5cefc7b82f2fe82e08e8e6aff47a527006d8d Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 18:40:40 +0200 Subject: [PATCH 096/115] v5.0 --- option/terraform/oke.j2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 7f5bc25c..defbae9c 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -62,7 +62,7 @@ locals { // Does not work for ARM64... XXXXXXXX oke_images = [ - for s in local.oke_stable_versions : s + for s in data.oci_containerengine_node_pool_option.starter_cluster_option.sources : s if !can(regex("aarch64|GPU", s.sourceName)) && can(regex("OKE-${local.k8s_version}", s.sourceName)) ] From 7bf2de4c1cef20c242e6e6502a2ea999bb4c9edd Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 18:41:49 +0200 Subject: [PATCH 097/115] v5.0 --- option/terraform/oke.j2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index defbae9c..7136b99b 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -62,7 +62,7 @@ locals { // Does not work for ARM64... XXXXXXXX oke_images = [ - for s in data.oci_containerengine_node_pool_option.starter_cluster_option.sources : s + for s in data.oci_containerengine_node_pool_option.starter_node_pool_option.sources : s if !can(regex("aarch64|GPU", s.sourceName)) && can(regex("OKE-${local.k8s_version}", s.sourceName)) ] From 2b7cac9af50a88da80131fc3507426bdd6303f23 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 18:43:07 +0200 Subject: [PATCH 098/115] v5.0 --- option/terraform/oke.j2.tf | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 7136b99b..747cfbc8 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -83,10 +83,13 @@ locals { image_id = data.oci_core_images.oraclelinux.images.0.id } -output oke_image_id { +output oke_image_id2 { value=local.oke_image_id } - +output image_id { + value=local.image_id +} + #---------------------------------------------------------------------------- # SECURITY LISTS # See: https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengnetworkconfigexample.htm From 03756dd19c26f90f61ef5ba8ac87346b266494cf Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 19:00:07 +0200 Subject: [PATCH 099/115] v5.0 --- option/terraform/oke.j2.tf | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 747cfbc8..84803c44 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -63,14 +63,15 @@ locals { // Does not work for ARM64... XXXXXXXX oke_images = [ for s in data.oci_containerengine_node_pool_option.starter_node_pool_option.sources : s - if !can(regex("aarch64|GPU", s.sourceName)) - && can(regex("OKE-${local.k8s_version}", s.sourceName)) + if !can(regex("aarch64|GPU", s.source_name)) + && can(regex("OKE-${local.k8s_version}", s.source_name)) + && can(regex("Linux-8", s.source_name)) ] oke_image_id = length(local.oke_images) > 0 ? element( [ - for s in sort(local.oke_images[*].sourceName) : - one([for x in local.oke_images : x.imageId if x.sourceName == s]) + for s in sort(local.oke_images[*].source_name) : + one([for x in local.oke_images : x.image_id if x.source_name == s]) ], length(local.oke_images) - 1 ) : data.oci_core_images.oraclelinux.images.0.id @@ -80,15 +81,9 @@ locals { # compartment_images = [for image in local.all_images : image.id if length(regexall("Oracle-Linux-[0-9]*.[0-9]*-20[0-9]*",image.display_name)) > 0 ] # oracle_linux_images = [for source in local.all_sources : source.image_id if length(regexall("Oracle-Linux-[0-9]*.[0-9]*-20[0-9]*",source.source_name)) > 0] # image_id = tolist(setintersection( toset(local.compartment_images), toset(local.oracle_linux_images)))[0] - image_id = data.oci_core_images.oraclelinux.images.0.id + # image_id = data.oci_core_images.oraclelinux.images.0.id } -output oke_image_id2 { - value=local.oke_image_id -} -output image_id { - value=local.image_id -} #---------------------------------------------------------------------------- # SECURITY LISTS From 0be5860ba1b4ae619fde465b6562f960b409ef8c Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 19:25:49 +0200 Subject: [PATCH 100/115] v5.0 --- basis/bin/destroy_oke.sh | 1 + option/terraform/oke.j2.tf | 12 ++++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/basis/bin/destroy_oke.sh b/basis/bin/destroy_oke.sh index 6117dea8..e237038a 100755 --- a/basis/bin/destroy_oke.sh +++ b/basis/bin/destroy_oke.sh @@ -30,6 +30,7 @@ fi # The goal is to destroy all LoadBalancers created by OKE in OCI before to delete OKE. # # Delete all ingress, services +kubectl delete -f src/oke/gateway.yaml kubectl delete httproute,services --all # Delete the ingress controller diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 84803c44..771ddc17 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -60,13 +60,21 @@ locals { oke_latest_stable_version=local.oke_stable_versions[length(local.oke_stable_versions)-1] k8s_version = replace(local.oke_latest_stable_version, "v", "") - // Does not work for ARM64... XXXXXXXX - oke_images = [ + # Get the image id from data.oci_containerengine_cluster_option.starter_cluster_option.kubernetes_versions + # Ex: Oracle-Linux-8.10-2026.02.28-0-OKE-1.35.2-1392 -> ocid..... + oke_images_amd = [ for s in data.oci_containerengine_node_pool_option.starter_node_pool_option.sources : s if !can(regex("aarch64|GPU", s.source_name)) && can(regex("OKE-${local.k8s_version}", s.source_name)) && can(regex("Linux-8", s.source_name)) ] + oke_images_ampere = [ + for s in data.oci_containerengine_node_pool_option.starter_node_pool_option.sources : s + if can(regex("aarch64", s.source_name)) + && can(regex("OKE-${local.k8s_version}", s.source_name)) + && can(regex("Linux-8", s.source_name)) + ] + oke_images = (var.instance_shape=="VM.Standard.A1.Flex")?local.oke_images_ampere:local.oke_images_amd oke_image_id = length(local.oke_images) > 0 ? element( [ From 5276245eee02b6441b9e2d6af986fa2c9d19508a Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 22:54:59 +0200 Subject: [PATCH 101/115] v5.0 --- basis/bin/destroy_oke.sh | 2 +- option/terraform/oke.j2.tf | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/basis/bin/destroy_oke.sh b/basis/bin/destroy_oke.sh index e237038a..b4b99cd0 100755 --- a/basis/bin/destroy_oke.sh +++ b/basis/bin/destroy_oke.sh @@ -30,8 +30,8 @@ fi # The goal is to destroy all LoadBalancers created by OKE in OCI before to delete OKE. # # Delete all ingress, services -kubectl delete -f src/oke/gateway.yaml kubectl delete httproute,services --all +kubectl delete -f src/oke/gateway.yaml # Delete the ingress controller # helm uninstall ingress-nginx --namespace ingress-nginx diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 771ddc17..eacb6dbb 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -456,6 +456,8 @@ resource "oci_containerengine_cluster" "starter_oke" { # } } + depends_on = [ oci_identity_policy.starter_oke_policy ] + freeform_tags = local.freeform_tags } From b93fb9607e63d3293ff21c19beaadaf492b998dd Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 23:36:15 +0200 Subject: [PATCH 102/115] v5.0 --- option/terraform/oke.j2.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index eacb6dbb..f4d98f6e 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -482,6 +482,11 @@ resource "oci_containerengine_node_pool" "starter_node_pool" { source_type = "IMAGE" } + node_eviction_node_pool_settings { + eviction_grace_duration = "0" + is_force_delete_after_grace_duration = "true" + } + node_config_details { #Required placement_configs { From 1a32c67e2f35eb261944a25302c144c9c0336e9f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 23:50:50 +0200 Subject: [PATCH 103/115] v5.0 --- basis/bin/destroy_all.sh | 1 - basis/bin/destroy_oke.sh | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/basis/bin/destroy_all.sh b/basis/bin/destroy_all.sh index 5ee0e021..00cc3137 100755 --- a/basis/bin/destroy_all.sh +++ b/basis/bin/destroy_all.sh @@ -87,7 +87,6 @@ if [ "$TF_VAR_infra_as_code" != "from_resource_manager" ]; then # OKE if [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then - title "OKE Destroy" $BIN_DIR/destroy_oke.sh --auto-approve fi diff --git a/basis/bin/destroy_oke.sh b/basis/bin/destroy_oke.sh index b4b99cd0..bb1c26b7 100755 --- a/basis/bin/destroy_oke.sh +++ b/basis/bin/destroy_oke.sh @@ -4,14 +4,14 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) . $BIN_DIR/build_common.sh cd $PROJECT_DIR +title "OKE Destroy" + if [ ! -f $PROJECT_DIR/src/terraform/oke.tf ]; then echo "oke.tf not found" echo "Nothing to delete. This was an existing OKE installation" exit fi -echo "OKE DESTROY" - if [ "$1" != "--auto-approve" ]; then error_exit "Please call this script via ./starter.sh destroy" fi From f284c01d15cfcedc40e3a794a5d65f7088e3ce26 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 29 Apr 2026 23:53:07 +0200 Subject: [PATCH 104/115] v5.0 --- option/terraform/oke.j2.tf | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index f4d98f6e..1d03ac38 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -482,11 +482,6 @@ resource "oci_containerengine_node_pool" "starter_node_pool" { source_type = "IMAGE" } - node_eviction_node_pool_settings { - eviction_grace_duration = "0" - is_force_delete_after_grace_duration = "true" - } - node_config_details { #Required placement_configs { @@ -503,6 +498,12 @@ resource "oci_containerengine_node_pool" "starter_node_pool" { # pod_subnet_ids = [ oci_core_subnet.starter_pod_subnet.id ] # } } + + node_eviction_node_pool_settings { + eviction_grace_duration = "0" + is_force_delete_after_grace_duration = "true" + } + ssh_public_key = local.ssh_public_key freeform_tags = local.freeform_tags From 16b173e53b92f1ee72408e612925dde47b9ad608 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 30 Apr 2026 00:53:01 +0200 Subject: [PATCH 105/115] v5.0 --- basis/bin/destroy_oke.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/basis/bin/destroy_oke.sh b/basis/bin/destroy_oke.sh index bb1c26b7..05b2d947 100755 --- a/basis/bin/destroy_oke.sh +++ b/basis/bin/destroy_oke.sh @@ -1,7 +1,6 @@ #!/usr/bin/env bash SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -. $SCRIPT_DIR/../starter.sh env -no-auto -silent -. $BIN_DIR/build_common.sh +. $SCRIPT_DIR/../starter.sh env -silent cd $PROJECT_DIR title "OKE Destroy" From b1f6ac0a97109fd19bf91663950b448680f93d08 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 30 Apr 2026 00:56:04 +0200 Subject: [PATCH 106/115] v5.0 --- basis/bin/oci_starter.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/oci_starter.sh b/basis/bin/oci_starter.sh index a44890af..9759d697 100755 --- a/basis/bin/oci_starter.sh +++ b/basis/bin/oci_starter.sh @@ -213,7 +213,7 @@ fi now_epoch=$(date +%s) elapsed=$((now_epoch - START_EPOCH)) -echo "Elapsed time: ${elapsed} seconds" +echo "Elapsed time: ${elapsed} secs" # Return the exit code exit ${PIPESTATUS[0]} From 431f110475219dff5cafcc6ec2cfdcfc042cc769 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 30 Apr 2026 01:59:35 +0200 Subject: [PATCH 107/115] v5.0 --- option/terraform/oke.j2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/terraform/oke.j2.tf b/option/terraform/oke.j2.tf index 1d03ac38..29fc3225 100644 --- a/option/terraform/oke.j2.tf +++ b/option/terraform/oke.j2.tf @@ -500,7 +500,7 @@ resource "oci_containerengine_node_pool" "starter_node_pool" { } node_eviction_node_pool_settings { - eviction_grace_duration = "0" + eviction_grace_duration = "PT0S" is_force_delete_after_grace_duration = "true" } From a83eeb3698fb015989824a5c94a93e33ce7f3d7d Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 30 Apr 2026 02:05:50 +0200 Subject: [PATCH 108/115] v5.0 --- basis/bin/config_oke.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/config_oke.sh b/basis/bin/config_oke.sh index 5b383b82..8d1c6923 100755 --- a/basis/bin/config_oke.sh +++ b/basis/bin/config_oke.sh @@ -51,7 +51,7 @@ if [ ! -f $KUBECONFIG ]; then # Wait echo "Waiting for Gateway to be ready..." kubectl wait --for=condition=Programmed gateway/oke-gateway -n default --timeout=120s - exit_on_error "Gateway not reacing Programmed State" + exit_on_error "Gateway Programmed State" # Get the IP oke_get_gateway_ip From c97017557f3db65dd1574a1bb705ac2e8af22774 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 30 Apr 2026 02:10:47 +0200 Subject: [PATCH 109/115] v5.0 --- basis/bin/shared_bash_function.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 36e7318c..6e7bdc91 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -58,7 +58,7 @@ build_function() { # Create KUBECONFIG file create_kubeconfig() { oci ce cluster create-kubeconfig --cluster-id $OKE_OCID --file $KUBECONFIG --region $TF_VAR_region --token-version 2.0.0 --kube-endpoint PUBLIC_ENDPOINT - exit_on_error "create_kubeconfig - failed.... $OKE_OCID / $TF_VAR_region" + exit_on_error "create_kubeconfig - $OKE_OCID / $TF_VAR_region" chmod 600 $KUBECONFIG } From 33a4c431723a974dd60356dc1858f74b2bcecce8 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 30 Apr 2026 10:00:13 +0200 Subject: [PATCH 110/115] v5.0 --- test_suite/cleanup_ocir.sh | 5 +++++ test_suite/test_rerun.sh | 19 ++++++++++++++----- 2 files changed, 19 insertions(+), 5 deletions(-) create mode 100644 test_suite/cleanup_ocir.sh diff --git a/test_suite/cleanup_ocir.sh b/test_suite/cleanup_ocir.sh new file mode 100644 index 00000000..c3728a37 --- /dev/null +++ b/test_suite/cleanup_ocir.sh @@ -0,0 +1,5 @@ +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +cd $SCRIPT_DIR + +. $HOME/.oci_starter_profile +python3 cleanup_ocir.py \ No newline at end of file diff --git a/test_suite/test_rerun.sh b/test_suite/test_rerun.sh index 41217c00..a162f686 100755 --- a/test_suite/test_rerun.sh +++ b/test_suite/test_rerun.sh @@ -7,11 +7,20 @@ if [ "$#" -lt 1 ]; then exit 1 fi -echo "Mode" -echo "[1] ./test_rerun.sh destroy_refresh_build_destroy" -echo "[2] ./test_rerun.sh destroy_refresh_build" -echo "[3] ./test_rerun.sh refresh" -read -p "Enter choice [1/4]: " MODE_ID +if [ "$2" == "destroy_refresh_build_destroy" ]; then + MODE_ID=1 +elif [ "$2" == "destroy_refresh_build" ]; then + MODE_ID=2 +elif [ "$2" == "refresh" ]; then + MODE_ID=3 +else + echo "Mode" + echo "[1] ./test_rerun.sh destroy_refresh_build_destroy" + echo "[2] ./test_rerun.sh destroy_refresh_build" + echo "[3] ./test_rerun.sh refresh" + read -p "Enter choice [1/3]: " MODE_ID +fi + if [ "$MODE_ID" == "1" ]; then echo "-" elif [ "$MODE_ID" == "2" ]; then From 53f84b3ccc7a22ec3e72a2ae89e9b84cb643f0d5 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 30 Apr 2026 10:05:44 +0200 Subject: [PATCH 111/115] v5.0 --- test_suite/cleanup_ocir.py | 4 ++-- test_suite/cleanup_ocir.sh | 0 2 files changed, 2 insertions(+), 2 deletions(-) mode change 100644 => 100755 test_suite/cleanup_ocir.sh diff --git a/test_suite/cleanup_ocir.py b/test_suite/cleanup_ocir.py index a4188b08..a6b77c5f 100644 --- a/test_suite/cleanup_ocir.py +++ b/test_suite/cleanup_ocir.py @@ -22,7 +22,7 @@ def main(): # List all container repositories repos = list_call_get_all_results( artifacts_client.list_container_repositories, - compartment_ocid=compartment_ocid + compartment_id=compartment_ocid ).data if not repos: @@ -35,7 +35,7 @@ def main(): # List all image versions in the repository images = list_call_get_all_results( artifacts_client.list_container_images, - compartment_ocid=compartment_ocid, + compartment_id=compartment_ocid, repository_id=repo.id ).data diff --git a/test_suite/cleanup_ocir.sh b/test_suite/cleanup_ocir.sh old mode 100644 new mode 100755 From 6a7971c7cb3eef01dec0f0a68f8a7e156fee1719 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 1 May 2026 14:48:44 +0200 Subject: [PATCH 112/115] v5.0 --- basis/bin/destroy_all.sh | 139 ++++++++++++++++++++------------------- 1 file changed, 72 insertions(+), 67 deletions(-) diff --git a/basis/bin/destroy_all.sh b/basis/bin/destroy_all.sh index 00cc3137..873d116a 100755 --- a/basis/bin/destroy_all.sh +++ b/basis/bin/destroy_all.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash if [ "$PROJECT_DIR" == "" ]; then - echo "ERROR: PROJECT_DIR undefined. Please use starter.sh destroy" - exit 1 + echo "ERROR: PROJECT_DIR undefined. Please use starter.sh destroy" + exit 1 fi cd $PROJECT_DIR SECONDS=0 @@ -11,25 +11,25 @@ SECONDS=0 # Confidential APP disableConfidentialApp() { - # Disable the app before destroy... (Bug?) if not destroy fails... - CONFIDENTIAL_APP_OCID=$1 - echo "Confidential app: set active to false. APP_ID=$CONFIDENTIAL_APP_OCID" - # Remove trailing / - IDCS_URL=${IDCS_URL::-1} - oci identity-domains app-status-changer put --force --active false --app-status-changer-id $CONFIDENTIAL_APP_OCID --schemas '["urn:ietf:params:scim:schemas:oracle:idcs:AppStatusChanger"]' --endpoint $IDCS_URL --force - exit_on_error "disableConfidentialApp" + # Disable the app before destroy... (Bug?) if not destroy fails... + CONFIDENTIAL_APP_OCID=$1 + echo "Confidential app: set active to false. APP_ID=$CONFIDENTIAL_APP_OCID" + # Remove trailing / + IDCS_URL=${IDCS_URL::-1} + oci identity-domains app-status-changer put --force --active false --app-status-changer-id $CONFIDENTIAL_APP_OCID --schemas '["urn:ietf:params:scim:schemas:oracle:idcs:AppStatusChanger"]' --endpoint $IDCS_URL --force + exit_on_error "disableConfidentialApp" } # Buckets cleanBucket() { - BUCKET_NAME=$1 - export TF_OBJECT_STORAGE=`cat $STATE_FILE | jq -r '.resources[] | select(.instances[0].attributes.name=="'${BUCKET_NAME}'") | .instances[].attributes.bucket_id'` - if [ "$TF_OBJECT_STORAGE" != "" ] && [ "$TF_OBJECT_STORAGE" != "null" ]; then - title "Delete Object Storage" - oci os bucket delete --bucket-name $BUCKET_NAME --namespace-name $TF_VAR_namespace --empty --force - else - echo "No Object storage $BUCKET_NAME" - fi + BUCKET_NAME=$1 + export TF_OBJECT_STORAGE=`cat $STATE_FILE | jq -r '.resources[] | select(.instances[0].attributes.name=="'${BUCKET_NAME}'") | .instances[].attributes.bucket_id'` + if [ "$TF_OBJECT_STORAGE" != "" ] && [ "$TF_OBJECT_STORAGE" != "null" ]; then + title "Delete Object Storage" + oci os bucket delete --bucket-name $BUCKET_NAME --namespace-name $TF_VAR_namespace --empty --force + else + echo "No Object storage $BUCKET_NAME" + fi } # cleanUp @@ -44,67 +44,72 @@ cleanUp() { if [ "$TF_VAR_infra_as_code" != "from_resource_manager" ]; then - # Check if there is something to destroy. - title "OCI Starter - Destroy" - echo - echo "Warning: This will destroy all the resources created by Terraform." - echo - if [ "$1" != "--auto-approve" ] && [ "$1" != "--called_by_resource_manager" ]; then - read -p "Do you want to proceed? (yes/no) " yn - case $yn in - yes ) echo Deleting;; - no ) echo Exiting...; - exit 1;; - * ) echo Invalid response; - exit 1;; - esac - fi - . starter.sh env + # Check if there is something to destroy. + title "OCI Starter - Destroy" + echo + echo "Warning: This will destroy all the resources created by Terraform." + echo + if [ "$1" != "--auto-approve" ] && [ "$1" != "--called_by_resource_manager" ]; then + read -p "Do you want to proceed? (yes/no) " yn + case $yn in + yes ) echo Deleting;; + no ) echo Exiting...; + exit 1;; + * ) echo Invalid response; + exit 1;; + esac + fi + . starter.sh env - # Check if there is something to destroy. - if [ -f $STATE_FILE ]; then - export TF_RESOURCE=`cat $STATE_FILE | jq ".resources | length"` - if [ "$TF_RESOURCE" == "0" ]; then - echo "No resource in terraform state file. Nothing to destroy." - cleanUp + # Check if there is something to destroy. + if [ -f $STATE_FILE ]; then + export TF_RESOURCE=`cat $STATE_FILE | jq ".resources | length"` + if [ "$TF_RESOURCE" == "0" ]; then + echo "No resource in terraform state file. Nothing to destroy." + cleanUp + exit 0 + fi + else + echo "File $STATE_FILE does not exist. Nothing to destroy." + cleanUp exit 0 fi - else - echo "File $STATE_FILE does not exist. Nothing to destroy." - cleanUp - exit 0 - fi - # before_destroy.sh - if [ -f src/before_destroy.sh ]; then - src/before_destroy.sh - fi + # before_destroy.sh + if [ -f src/before_destroy.sh ]; then + src/before_destroy.sh + fi - for CONFIDENTIAL_APP_OCID in `cat $STATE_FILE | jq -r '.resources[] | select(.type=="oci_identity_domains_app") | .instances[].attributes.id'`; - do - disableConfidentialApp $CONFIDENTIAL_APP_OCID - done; + for CONFIDENTIAL_APP_OCID in `cat $STATE_FILE | jq -r '.resources[] | select(.type=="oci_identity_domains_app") | .instances[].attributes.id'`; + do + disableConfidentialApp $CONFIDENTIAL_APP_OCID + done; # OKE - if [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then - $BIN_DIR/destroy_oke.sh --auto-approve - fi + if [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then + $BIN_DIR/destroy_oke.sh --auto-approve + fi - for BUCKET_NAME in `cat $STATE_FILE | jq -r '.resources[] | select(.type=="oci_objectstorage_bucket") | .instances[].attributes.name'`; - do - cleanBucket $BUCKET_NAME - done; + # Remove created pods and httproute + if [ -d $TARGET_DIR/oke ]; then + kubectl delete -f *k8s* + fi + + for BUCKET_NAME in `cat $STATE_FILE | jq -r '.resources[] | select(.type=="oci_objectstorage_bucket") | .instances[].attributes.name'`; + do + cleanBucket $BUCKET_NAME + done; fi if [ "$1" != "--called_by_resource_manager" ]; then - title "Terraform Destroy" - $BIN_DIR/terraform_destroy.sh --auto-approve -no-color - exit_on_error "terraform_destroy.sh" + title "Terraform Destroy" + $BIN_DIR/terraform_destroy.sh --auto-approve -no-color + exit_on_error "terraform_destroy.sh" - export TF_RESOURCE=`cat $STATE_FILE | jq ".resources | length"` - if [ "$TF_RESOURCE" == "0" ]; then - cleanUp - fi + export TF_RESOURCE=`cat $STATE_FILE | jq ".resources | length"` + if [ "$TF_RESOURCE" == "0" ]; then + cleanUp + fi - echo "Destroy time: ${SECONDS} secs" + echo "Destroy time: ${SECONDS} secs" fi \ No newline at end of file From 7241d4c5c4e8b0853affbd6549fe1b4414cbcc2f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 1 May 2026 14:49:30 +0200 Subject: [PATCH 113/115] v5.0 --- basis/bin/deploy_bastion.j2.sh | 4 ++-- basis/bin/deploy_ci.sh | 12 ++++++------ basis/bin/deploy_compute.sh | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/basis/bin/deploy_bastion.j2.sh b/basis/bin/deploy_bastion.j2.sh index 23a08959..a739c82d 100755 --- a/basis/bin/deploy_bastion.j2.sh +++ b/basis/bin/deploy_bastion.j2.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash if [ "$PROJECT_DIR" == "" ]; then - echo "ERROR: PROJECT_DIR undefined. Please use starter.sh deploy bastion" - exit 1 + echo "ERROR: PROJECT_DIR undefined. Please use starter.sh deploy bastion" + exit 1 fi cd $PROJECT_DIR . starter.sh env -silent diff --git a/basis/bin/deploy_ci.sh b/basis/bin/deploy_ci.sh index 3f9836b9..d82d6614 100755 --- a/basis/bin/deploy_ci.sh +++ b/basis/bin/deploy_ci.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash if [ "$PROJECT_DIR" == "" ]; then - echo "ERROR: PROJECT_DIR undefined. Please use starter.sh" - exit 1 + echo "ERROR: PROJECT_DIR undefined. Please use starter.sh" + exit 1 fi cd $PROJECT_DIR . starter.sh env -no-auto @@ -11,8 +11,8 @@ cd $PROJECT_DIR ocir_docker_push if [ "$CALLED_BY_TERRAFORM" == "" ]; then - # Run terraform a second time - cd $PROJECT_DIR - . starter.sh env - $BIN_DIR/terraform_apply.sh --auto-approve -no-color + # Run terraform a second time + cd $PROJECT_DIR + . starter.sh env + $BIN_DIR/terraform_apply.sh --auto-approve -no-color fi \ No newline at end of file diff --git a/basis/bin/deploy_compute.sh b/basis/bin/deploy_compute.sh index ef32e58a..b9dfef9e 100755 --- a/basis/bin/deploy_compute.sh +++ b/basis/bin/deploy_compute.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash if [ "$PROJECT_DIR" == "" ]; then - echo "ERROR: PROJECT_DIR undefined. Please use starter.sh deploy compute" - exit 1 + echo "ERROR: PROJECT_DIR undefined. Please use starter.sh deploy compute" + exit 1 fi cd $PROJECT_DIR . starter.sh env -silent From 65f538a4b595d1a63da2cf959f98b2f410721b09 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 1 May 2026 18:30:11 +0200 Subject: [PATCH 114/115] v5.0 --- basis/src/app/rest/k8s-httproute.j2.yaml | 32 ++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/basis/src/app/rest/k8s-httproute.j2.yaml b/basis/src/app/rest/k8s-httproute.j2.yaml index ae822d82..92947e96 100644 --- a/basis/src/app/rest/k8s-httproute.j2.yaml +++ b/basis/src/app/rest/k8s-httproute.j2.yaml @@ -20,7 +20,7 @@ spec: requestHeaderModifier: set: - name: Host - value: ##ORDS_HOST## + value: ##ORDS_HOST## {%- endif %} {%- if language == "apex" %} @@ -60,4 +60,32 @@ spec: 443 {%- else %} 80 -{%- endif %} \ No newline at end of file +{%- endif %} + +{%- if language in [ "apex", "ords" ] %} +--- +apiVersion: networking.istio.io/v1beta1 +kind: ServiceEntry +metadata: + name: ##TF_VAR_prefix##-service-entry +spec: + hosts: + - ##ORDS_HOST## + ports: + - number: 443 + name: https + protocol: HTTPS + resolution: DNS + location: MESH_EXTERNAL +--- +apiVersion: networking.istio.io/v1beta1 +kind: DestinationRule +metadata: + name: ##TF_VAR_prefix##-destination-rule +spec: + host: ##ORDS_HOST## + trafficPolicy: + tls: + mode: SIMPLE + sni: ##ORDS_HOST## +{%- endif %} \ No newline at end of file From b888432c90839f1a4ca8b8c8f81fb8ebb783570a Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 1 May 2026 19:01:31 +0200 Subject: [PATCH 115/115] v5.0 --- basis/src/app/rest/k8s-ingress.j2.yaml | 47 ------------------- basis/src/app/ui/k8s-ingress.j2.yaml | 39 --------------- .../mcp_server/k8s-ingress.j2.yaml | 31 ------------ 3 files changed, 117 deletions(-) delete mode 100644 basis/src/app/rest/k8s-ingress.j2.yaml delete mode 100644 basis/src/app/ui/k8s-ingress.j2.yaml delete mode 100644 option/src/app/python_mcp_server/mcp_server/k8s-ingress.j2.yaml diff --git a/basis/src/app/rest/k8s-ingress.j2.yaml b/basis/src/app/rest/k8s-ingress.j2.yaml deleted file mode 100644 index 809e259d..00000000 --- a/basis/src/app/rest/k8s-ingress.j2.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# Use 2 Ingress since the parameter replacement work differently in NGINX for / and /app (see annotation) -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: ##TF_VAR_prefix##-rest-ingress - annotations: -{%- if language == "apex" %} - nginx.ingress.kubernetes.io/rewrite-target: /ords/r/apex_app/apex_app/$2 - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - nginx.ingress.kubernetes.io/upstream-vhost: "##ORDS_HOST##" -{%- elif language == "ords" %} - nginx.ingress.kubernetes.io/rewrite-target: /ords/starter/module/$2 - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - nginx.ingress.kubernetes.io/upstream-vhost: "##ORDS_HOST##" -{%- elif language == "java" and java_framework == "tomcat" %} - nginx.ingress.kubernetes.io/rewrite-target: /starter-1.0/$2 -{%- else %} - nginx.ingress.kubernetes.io/rewrite-target: /$2 -{%- endif %} - # nginx.ingress.kubernetes.io/affinity: "cookie" - # nginx.ingress.kubernetes.io/session-cookie-path: "/" -spec: - ingressClassName: nginx -{%- if tls == "new_http_01" %} - tls: - - hosts: - - ##TF_VAR_dns_name## - secretName: ##TF_VAR_prefix##-tls-secret - rules: - - host: ##TF_VAR_dns_name## - http: -{%- else %} - rules: - - http: -{%- endif %} - paths: - - path: /##TF_VAR_prefix##/app(/|$)(.*) - pathType: ImplementationSpecific - backend: - service: - name: ##TF_VAR_prefix##-rest-service - port: -{%- if language in [ "apex", "ords" ] %} - number: 443 -{%- else %} - number: 80 -{%- endif %} diff --git a/basis/src/app/ui/k8s-ingress.j2.yaml b/basis/src/app/ui/k8s-ingress.j2.yaml deleted file mode 100644 index 36a793be..00000000 --- a/basis/src/app/ui/k8s-ingress.j2.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: ##TF_VAR_prefix##-ui-ingress - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$2 - # nginx.ingress.kubernetes.io/affinity: "cookie" - # nginx.ingress.kubernetes.io/session-cookie-path: "/" -{%- if tls == "new_http_01" %} - cert-manager.io/issuer: "letsencrypt-prod" - # Logs: - # - kubectl get certificate - # - kubectl get certificaterequest - # - kubectl describe issuer letsencrypt-prod - external-dns.alpha.kubernetes.io/hostname: ##TF_VAR_dn_name## - # Logs: kubectl logs external-dns-xxxx -{%- endif %} -spec: - ingressClassName: nginx -{%- if tls == "new_http_01" %} - tls: - - hosts: - - ##TF_VAR_dn_name## - secretName: ##TF_VAR_prefix##-tls-secret - rules: - - host: ##TF_VAR_dn_name## - http: -{%- else %} - rules: - - http: -{%- endif %} - paths: - - path: /##TF_VAR_prefix##(/|$)(.*) - pathType: ImplementationSpecific - backend: - service: - name: ##TF_VAR_prefix##-ui-service - port: - number: 80 diff --git a/option/src/app/python_mcp_server/mcp_server/k8s-ingress.j2.yaml b/option/src/app/python_mcp_server/mcp_server/k8s-ingress.j2.yaml deleted file mode 100644 index b97fe1a5..00000000 --- a/option/src/app/python_mcp_server/mcp_server/k8s-ingress.j2.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Use 2 Ingress since the parameter replacement work differently in NGINX for / and /app (see annotation) -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: ##TF_VAR_prefix##-mcp-server-ingress - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$2 - # nginx.ingress.kubernetes.io/affinity: "cookie" - # nginx.ingress.kubernetes.io/session-cookie-path: "/" -spec: - ingressClassName: nginx -{%- if tls == "new_http_01" %} - tls: - - hosts: - - ##TF_VAR_dns_name## - secretName: ##TF_VAR_prefix##-tls-secret - rules: - - host: ##TF_VAR_dns_name## - http: -{%- else %} - rules: - - http: -{%- endif %} - paths: - - path: /##TF_VAR_prefix##/mcp_server(/|$)(.*) - pathType: ImplementationSpecific - backend: - service: - name: ##TF_VAR_prefix##-mcp-server-service - port: - number: 2025