Merge branch 'main' into emcc_sizing

Author: FalcoVerus

app-dev/devops-and-containers/devops/ansible-jenkins/README.md

@@ -18,5 +18,5 @@ can eventually be modified or forked.
 
 Although these limitations might not fit every use case, the code can be used as a reference and there are ways to lift them.
 
-[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/raw/main/app-dev/devops/ansible-jenkins/ansible-jenkins-rm.zip)
+[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/raw/main/app-dev/devops-and-containers/devops/ansible-jenkins/ansible-jenkins-rm.zip)
 

app-dev/devops-and-containers/oke/README.md

@@ -51,6 +51,7 @@ Reviewed: 20.12.2023
 - [Selecting a cloud native microservice framework](https://louwersj.medium.com/selecting-a-cloud-native-microservice-framework-9974e9534da1)
 - [Deploying a spring boot microservice in K8s](https://techdozo.dev/deploying-a-restful-spring-boot-microservice-on-kubernetes/)
 - [Collection of Labs](https://oracle.github.io/cloudtestdrive/AppDev/cloud-native/livelabs/)
+- [OKE policies](./oke-policies/policies.md)
 
 # Reusable Assets Overview
 

app-dev/devops-and-containers/oke/oke-policies/policies.md

@@ -0,0 +1,146 @@
+## OKE Policies
+
+  
+
+### VCN NATIVE CNI
+
+When network compartment is not the same as OKE compartment AND OKE is using VCN\_NATIVE CNI
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpodnetworking\_topic-OCI\_CNI\_plugin.htm](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpodnetworking_topic-OCI_CNI_plugin.htm)  
+
+```
+Allow any-user to manage instances in compartment <compartment-ocid-of-nodepool> where all { request.principal.id = '<cluster-ocid>' }
+Allow any-user to use private-ips in compartment <compartment-ocid-of-network-resources> where all { request.principal.id = '<cluster-ocid>' }
+Allow any-user to use network-security-groups in compartment <compartment-ocid-of-network-resources> where all { request.principal.id = '<cluster-ocid>' }
+```
+
+  
+
+### USE IPv6 WITH VCN NATIVE CNI
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpodnetworking\_topic-OCI\_CNI\_plugin.htm](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpodnetworking_topic-OCI_CNI_plugin.htm)  
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/conteng\_ipv4-and-ipv6.htm](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/conteng_ipv4-and-ipv6.htm)  
+
+UNCLEAR: Maybe this policy is necessary for every IPv6 cluster
+
+```
+Allow any-user to use ipv6s in compartment <compartment-ocid-of-network-resources> where all { request.principal.id = '<cluster-ocid>' }
+```
+
+  
+
+### ENCRYPT BOOT VOLUME WITH KEY
+
+To encrypt OKE worker nodes boot volume with a key that is in a different compartment than the worker nodes
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpolicyconfig.htm#contengpolicyconfig\_topic\_Create\_Policies\_for\_User\_Managed\_Encryption](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpolicyconfig.htm#contengpolicyconfig_topic_Create_Policies_for_User_Managed_Encryption)  
+
+```
+Allow any-user to use key-delegates in <compartment-key> where ALL {request.principal.type='nodepool', target.key.id = '<key_OCID>'}
+Allow service blockstorage to use keys in compartment <compartment-key> where target.key.id = '<key_OCID>'
+Allow any-user to use key-delegates in compartment <compartment-key> where ALL {request.principal.type='nodepool', target.key.id = '<key_OCID>'}
+```
+
+  
+
+### ENCRYPT BLOCK VOLUME WITH KEY
+
+To enable encryption on block volumes with a key in a different compartment than the worker nodes
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpolicyconfig.htm#contengpolicyconfig\_topic\_Create\_Policies\_for\_User\_Managed\_Encryption](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpolicyconfig.htm#contengpolicyconfig_topic_Create_Policies_for_User_Managed_Encryption)  
+
+```
+Allow service blockstorage to use keys in compartment <compartment-key> where target.key.id = '<key-ocid>'
+Allow any-user to use key-delegates in compartment <compartment-key> where ALL {request.principal.type = 'cluster', target.key.id = '<key-ocid>'}
+```
+
+  
+
+### ENCRYPT FILE SYSTEM
+
+To enable in-transit/in-place encryption of FSS
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpolicyconfig.htm#contengpolicyconfig\_topic\_Create\_Policies\_for\_User\_Managed\_Encryption](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengpolicyconfig.htm#contengpolicyconfig_topic_Create_Policies_for_User_Managed_Encryption)  
+
+```
+Dynamic Group
+ALL { resource.type='filesystem', resource.compartment.id = '<file_system_compartment_OCID>' }
+
+Allow dynamic-group <domain>/<dynamic-group-name> to use keys in compartment <key-compartment-name>
+Allow any-user to use key-delegates in compartment <compartment-key> where ALL {request.principal.type = 'cluster', target.key.id = '<key_OCID>'}
+```
+
+  
+
+### ENABLE CCM TO MANAGE NSGs FOR LBs and NLBs
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer\_topic-Specifying\_Load\_Balancer\_Security\_Rule\_Management\_Annotation](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer_topic-Specifying_Load_Balancer_Security_Rule_Management_Annotation)
+
+```
+ALLOW any-user to manage network-security-groups in compartment <compartment-name> where request.principal.type = 'cluster'
+ALLOW any-user to manage vcns in compartment <compartment-name> where request.principal.type = 'cluster'
+ALLOW any-user to manage virtual-network-family in compartment <compartment-name> where request.principal.type = 'cluster'
+```
+
+  
+
+### TAGGING RESOURCES DIFFERENT COMPARTMENT
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengtaggingclusterresources\_iam-tag-namespace-policy.htm#contengtaggingclusterresources\_iam-tag-namespace-policy](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengtaggingclusterresources_iam-tag-namespace-policy.htm#contengtaggingclusterresources_iam-tag-namespace-policy)
+
+```
+Allow any-user to use tag-namespace in compartment <compartment-ocid-tag-namespace> where all { request.principal.id = '<cluster-ocid>' }
+```
+
+  
+
+### USE MANAGED NODE POOL WITH CAPACITY RESERVATION
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengmakingcapacityreservations.htm#contengmakingcapacityreservations\_topic\_Using\_capacity\_reservations](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengmakingcapacityreservations.htm#contengmakingcapacityreservations_topic_Using_capacity_reservations)  
+
+```
+Allow service oke to use compute-capacity-reservations in compartment id <compartment_capacity>
+Allow any-user to use compute-capacity-reservations in tenancy where request.principal.type = 'nodepool'
+```
+
+  
+
+### USE RESERVED PUBLIC IP IN DIFFERENT COMPARTMENTS THAN OKE
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer\_topic\_Specifying\_Load\_Balancer\_Reserved\_IP](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer_topic_Specifying_Load_Balancer_Reserved_IP)  
+
+If it is a LB:
+
+```
+ALLOW any-user to read public-ips in tenancy where request.principal.type = 'cluster'
+ALLOW any-user to manage floating-ips in tenancy where request.principal.type = 'cluster'
+```
+
+  
+
+If it is a NLB:
+
+```
+ALLOW any-user to use private-ips in TENANCY where ALL {request.principal.type = 'cluster', request.principal.compartment.id = 'target.compartment.id'}
+ALLOW any-user to manage public-ips in TENANCY where ALL {request.principal.type = 'cluster', request.principal.compartment.id = 'target.compartment.id'}
+```
+
+  
+
+### ATTACH NSGs WHEN THEY ARE IN DIFFERENT COMPARTMENTS THAN OKE
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer\_topic\_Specifying\_Load\_Balancer\_Network\_Security\_Group](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer_topic_Specifying_Load_Balancer_Network_Security_Group)  
+
+```
+Allow any-user to use network-security-groups in compartment <network-compartment-ocid> where all { request.principal.id = '<cluster-ocid>' }
+```
+
+### USE A STATICALLY PROVISIONED SNAPSHOT WHEN IT IS IN A DIFFERENT COMPARTMENT
+
+[https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengcreatingpersistentvolumeclaim_topic-Provisioning_PVCs_on_BV.htm#contengcreatingpersistentvolumeclaim_topic-Provisioning_PVCs_on_BV-PV_From_Snapshot_CSI__section_volume-snapshot-prerequisites](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengcreatingpersistentvolumeclaim_topic-Provisioning_PVCs_on_BV.htm#contengcreatingpersistentvolumeclaim_topic-Provisioning_PVCs_on_BV-PV_From_Snapshot_CSI__section_volume-snapshot-prerequisites)
+
+```
+ALLOW any-user to manage volume-backups in compartment <compartment-name> where request.principal.type = 'cluster'
+ALLOW any-user to use volumes in compartment <compartment-name> where request.principal.type = 'cluster'
+```

cloud-architecture/oracle-apps-hyperion-siebel-gbu/gbu/README.md

@@ -6,7 +6,7 @@ These resources aim to offer guidance throughout your migration, enabling you to
 
 Explore these materials to enhance your migration strategy. We appreciate your participation and are committed to supporting your cloud migration journey.
 
-Reviewed: 24.10.2024
+Reviewed: 26.02.2025
 
 # Table of Contents
 

cloud-architecture/oracle-apps-hyperion-siebel-gbu/gbu/construction-engineering/README.md

@@ -6,7 +6,7 @@ These resources aim to offer guidance throughout your migration, enabling you to
 
 Explore these materials to enhance your migration strategy. We appreciate your participation and are committed to supporting your cloud migration journey.
 
-Reviewed: 9.9.2024
+Reviewed: 7.02.2025
 
 # Table of Contents
 
@@ -22,7 +22,8 @@ The reusable assets available in this repository:
 
 # Useful Links
 
-- Primavera P6 EPPM 23.12 is available for download from [E-deliver site](https://edelivery.oracle.com/osdc/faces/SoftwareDelivery). Read more about the latest release in [the Documentation Library](https://docs.oracle.com/en/industries/construction-engineering/index.html)
+- Primavera P6 EPPM 24.12 (December 2024) is available for download from [E-deliver site](https://edelivery.oracle.com/osdc/faces/SoftwareDelivery). Read more about the latest release in [the Documentation Library](https://docs.oracle.com/en/industries/construction-engineering/index.html)
+- [Primavera P6 24.12 Tested Configurations](https://docs.oracle.com/cd/F88967_01/English/tested_configurations/p6_eppm_tested_config.pdf)
 - [Oracle Construction and Engineering Applications documentation](https://docs.oracle.com/en/industries/construction-engineering/index.html)
 - [Oracle Construction and Engineering Applications Lifetime Support Policy](https://www.oracle.com/us/assets/lifetime-support-applications-069216.pdf)
 - [Oracle Primavera P6 EPPM Deployment Categories](https://docs.oracle.com/cd/F51302_01/English/Planning/p6_eppm_performance_sizing/index.htm)
@@ -31,7 +32,7 @@ The reusable assets available in this repository:
 
 # License
 
-Copyright (c) 2024 Oracle and/or its affiliates.
+Copyright (c) 2025 Oracle and/or its affiliates.
 
 Licensed under the Universal Permissive License (UPL), Version 1.0.
 

cloud-architecture/oracle-apps-hyperion-siebel-gbu/gbu/construction-engineering/construction-engineering-discovery-questionnaire/README.md

@@ -2,7 +2,7 @@
 
 This asset helps the customer and/or the partner to conduct a thorough discovery phase gathering all the necessary information for a proper design of Oracle Construction and Engineering applications on OCI.
 
-Reviewed: 18.11.2024
+Reviewed: 7.02.2025
 
 # When to use this asset?
 
@@ -14,7 +14,7 @@ The information is generic in nature and not specified for a particular customer
 
 # License
 
-Copyright (c) 2024 Oracle and/or its affiliates.
+Copyright (c) 2025 Oracle and/or its affiliates.
 
 Licensed under the Universal Permissive License (UPL), Version 1.0.
 

cloud-architecture/oracle-apps-hyperion-siebel-gbu/gbu/construction-engineering/primavera-solution-definition/README.md

@@ -2,7 +2,7 @@
 
 This repository contains an in-depth guide for Oracle Primavera migration projects. It offers a high-level solution definition for migrating or establishing Primavera Workloads on Oracle Cloud Infrastructure (OCI). With a comprehensive representation of the current state, prospective state, potential project scope, and anticipated timeline, this document aims to provide a precise understanding of the project's scope and intention to all participating entities.
 
-Reviewed: 18.11.2024
+Reviewed: 7.02.2025
 
 # When to use this asset?
 
@@ -20,7 +20,7 @@ The Primavera Solution Definition is expected to serve as a definitive guide to
 
 # License
 
-Copyright (c) 2024 Oracle and/or its affiliates.
+Copyright (c) 2025 Oracle and/or its affiliates.
 
 Licensed under the Universal Permissive License (UPL), Version 1.0.
 

cloud-architecture/oracle-apps-hyperion-siebel-gbu/gbu/financial-services/README.md

@@ -6,7 +6,7 @@ These resources aim to offer guidance throughout your migration, enabling you to
 
 Explore these materials to enhance your migration strategy. We appreciate your participation and are committed to supporting your cloud migration journey.
 
-Reviewed: 24.10.2024
+Reviewed: 7.02.2025
 
 # Table of Contents
 
@@ -21,14 +21,17 @@ The reusable assets available in this repository:
 
 # Useful Links
 
+- [Flexcube Patchset Release 14.7.5.0.0 Innovation - September 2024](https://docs.oracle.com/cd/G14514_01/index.htm)
 - [Flexcube on OCI Architecture](https://docs.oracle.com/en/solutions/flexcube-oci/index.html)
+- [Use OCI Full Stack Disaster Recovery Service with Oracle WebLogic Server domains](https://docs.oracle.com/en/solutions/full-stack-dr-weblogic-platform/index.html)
+- [Flexcube Patchset releases](https://docs.oracle.com/cd/E56849_01/fcubsptsets.htm)
 - [Oracle Financial Services documentation](https://docs.oracle.com/en/industries/financial-services/index.html)
 - [Oracle Applications Lifetime Support Policy](https://www.oracle.com/us/assets/lifetime-support-applications-069216.pdf)
 - [Financial Services on Oracle Cloud Infrastructure](https://www.oracle.com/financial-services/cloud/)
 
 # License
 
-Copyright (c) 2024 Oracle and/or its affiliates.
+Copyright (c) 2025 Oracle and/or its affiliates.
 
 Licensed under the Universal Permissive License (UPL), Version 1.0.
 

cloud-architecture/oracle-apps-hyperion-siebel-gbu/gbu/financial-services/financial-services-discovery-questionnaire/README.md

@@ -2,7 +2,7 @@
 
 This asset helps the customer and/or the partner to conduct a thorough discovery phase gathering all the necessary information for a proper design of Financial Services applications on OCI.
 
-Reviewed: 18.11.2024
+Reviewed: 7.02.2025
 
 # When to use this asset?
 
@@ -14,7 +14,7 @@ The information is generic in nature and not specified for a particular customer
 
 # License
 
-Copyright (c) 2024 Oracle and/or its affiliates.
+Copyright (c) 2025 Oracle and/or its affiliates.
 
 Licensed under the Universal Permissive License (UPL), Version 1.0.
 

cloud-architecture/oracle-apps-hyperion-siebel-gbu/gbu/financial-services/flexcube-solution-definition/README.md

@@ -2,7 +2,7 @@
 
 This repository contains an in-depth guide for Oracle Flexcube migration projects. It offers a high-level solution definition for migrating or establishing Flexcube Workloads on Oracle Cloud Infrastructure (OCI). With a comprehensive representation of the current state, prospective state, potential project scope, and anticipated timeline, this document aims to provide a precise understanding of the project's scope and intention to all participating entities.
 
-Reviewed: 18.11.2024
+Reviewed: 7.02.2025
 
 # When to use this asset?
 
@@ -19,7 +19,7 @@ The Flexcube Solution Definition is expected to serve as a definitive guide to t
 
 # License
 
-Copyright (c) 2024 Oracle and/or its affiliates.
+Copyright (c) 2025 Oracle and/or its affiliates.
 
 Licensed under the Universal Permissive License (UPL), Version 1.0.