Kubernetes Using Cloud Shell: Deploy a Java Helidon Application

In this tutorial, you use an Oracle Cloud Infrastructure account to set up a Kubernetes cluster. Then, you deploy a Java Helidon application to your cluster by using Cloud Shell. Key tasks include how to:

  • Set up an authentication token.
  • Set up a Kubernetes cluster on OCI.
  • Build a Java Helidon application and Docker image.
  • Push your image to OCIR.
  • Use Cloud Shell to deploy your Docker application to your cluster.
  • Connect to your application from the internet.
A diagram of the components needed to run a Helidon app on Oracle Cloud Infrastructure Container Engine by using Cloud Shell

For additional information, see:

Before You Begin

To successfully perform this tutorial, you must have the following:

1. Gather Required Information

Prepare the information you need from the Oracle Cloud Infrastructure Console.

  1. Check your service limits:
    • Regions: minimum 2

      In the top navigation bar, expand <region>. Example: US East (Ashburn) and US West (Phoenix).

    • Compute instances: minimum 3

      Click your profile avatar. Select Tenancy. Go to Service Limits and expand Compute.

    • Block Volume: minimum 50 GBs

      In the Service Limits section, expand Block Volume.

    • Load Balancer: available

      In the Service Limits section, expand Networking.

  2. Have a compartment for your cluster.
  3. Create an authorization token:
    • In the top navigation bar, click your user avatar.
    • Select your username.
    • Click Auth Tokens.
    • Click Generate Token.
    • Give it a description.
    • Click Generate Token.
    • Copy the token and save it.

    Make sure you save your token right after you create it. You will not have access to it later.
  4. Find your region identifier and region key from Regions and Availability Domains. Example: us-ashburn-1 and iad for Ashburn.
  5. Collect the following information and copy them into your notepad.
    • Auth Token: <auth-token> from step 3.
    • Region: <region-identifier> from step 4. Example: us-ashburn-1.
    • Region Key: <region-key> from step 4. Example: iad.
    • Tenancy name: <tenancy-name> from your user avatar.
    • Tenancy OCID: <tenancy-ocid> from your user avatar, go to Tenancy:<your-tenancy> and copy OCID.
    • Username: <user-name> from your user avatar.
    • User OCID: <user-ocid> from your user avatar, go to User Settings and copy OCID.

2. Create SSH Encryption Keys

Create ssh encryption keys to connect to your compute instance.

  1. Open a terminal window:
    • MacOS or Linux: Open a terminal window in the directory where you want to store your keys.
    • Windows: Right-click on the directory where you want to store your keys and select Git Bash Here.

    If you are using Windows Subsystem for Linux (WSL), ensure that the directory for the keys is directly on your Linux machine and not in a /mnt folder (windows file system).
  2. Issue the following OpenSSH command:
    ssh-keygen -t rsa -N "" -b 2048 -C <your-ssh-key-name> -f <your-ssh-key-name>

    The command generates some random text art used to generate the keys. When complete, you have two files:

    • The private key file: <your-ssh-key-name>
    • The public key file: <your-ssh-key-name>.pub

    You use these files to connect to your compute instance.

You have generated the required encryption keys.

See Creating a Key Pair for more detailed information on generating ssh encryption keys.

3. Create your Virtual Cloud Network (VCN)

Setup a VCN to connect your Linux instance to the internet. You configure all the components needed to create your virtual network.

  1. From the main landing page, select Set up a network with a wizard. Quick action menu from the main Free Tier landing page
  2. In the Start VCN Wizard workflow, select VCN with Internet Connectivity and then click Start VCN Wizard .
  3. In the configuration dialog, fill in the VCN Name for your VCN. Your Compartment is already set to the last compartment you were working in, or if it's your first time, to its default value of <your-tenancy> (root).
  4. In the Configure VCN and Subnets section, keep the default values for the CIDR blocks:

    Notice the public and private subnets have different network addresses.
  5. For DNS RESOLUTION uncheck USE DNS HOSTNAMES IN THIS VCN.Picture shows the USE DNS HOSTNAMES IN THIS VCN option is unchecked.
  6. Click Next.

    The Create a VCN with Internet Connectivity configuration dialog is displayed (not shown here) confirming all the values you just entered.

  7. Click Create to create your VCN.

    The Creating Resources dialog is displayed (not shown here) showing all VCN components being created.

  8. Click View Virtual Cloud Network to view your new VCN.

    Your new VCN is displayed. Now you need to add a security rule to allow HTTP connections on port 8080, the default port for your applications.

  9. With your new VCN displayed, click your Public subnet link.

    The public subnet information is displayed with the Security Lists at the bottom of the page. There should be a link to the Default Security List for your VCN.

  10. Click on the Default Security List link.

    The default Ingress Rules for your VCN are displayed.

  11. Click Add Ingress Rules.

    An Add Ingress Rules dialog is displayed.

  12. Fill in the ingress rule with the following information. Once all the data is entered, click Add Ingress Rules.

    Fill in the ingress rule as follows:

    • Stateless: Checked
    • Source Type: CIDR
    • Source CIDR:
    • IP Protocol: TCP
    • Source port range: (leave-blank)
    • Destination Port Range: 8080
    • Description: VCN for applications

    Once you click Add Ingress Rule, HTTP connections are allowed to your public subnet.


To open a different port, replace 8080 in the last step with the port number.
You have successfully created a VCN that will make your applications available from the internet.

4. Install your Ubuntu VM

Install an Ubuntu VM to host your applications. This is a Free Tier VM and using it is free, no cost forever.

  1. Open the navigation menu and click Compute. Under Compute, click Instances.
  2. From the list of instances screen, click Create Instance.

    The Create Compute Instance dialog is displayed.

  3. Fill in the fields for the Create Compute Instance dialog with the following data:

    Initial Options

    • Name: <name-for-the-instance>
    • Availability domain: <Select-an-always-free-eligible-domain>
    • Image: Click Change Image, then select Canonical Ubuntu 18.04
    • Shape: VM.Standard.E2.1.Micro: Virtual Machine, 1 core OCPU, 1 GB Memory, 0.48 Gbps network bandwidth

    If you select an Always Free Eligible availability domain, the shape should default to VM.Standard.E2.1.Micro. However, if the shape is not automatically selected, click Change Shape. From the Shape Series select Specialty and Previous Generation and then VM.Standard.E2.1.Micro.

    If you plan to use this VM for other applications, make sure that the 1 GB of memory is adequate for your applications.

    Networking: Select Select existing virtual cloud network, and then enter the following data:

    • Virtual cloud network: <VCN-you-created> in <your-compartment>
    • Subnet: <public-subnet-you-created> in <your-compartment>
    • Assign a public IPv4 address: Selected/Checked

    Additional Options

    • Add SSH Keys: Add the public key file (.pub) you created in the beginning of this tutorial.
    • Boot Volume: All options Unchecked
  4. Click Create to create the instance.

    Provisioning the system may take several minutes.

You have successfully created an Ubuntu Linux VM to build and test your applications.

5. Run an Application on Helidon Server

Next, set up Helidon on your Ubuntu Linux VM.

By default, Ubuntu 18.04 does not come with Java, Maven or Docker. To setup Helidon, perform the following steps:

  1. Open the navigation menu and click Compute. Under Compute, click Instances.
  2. Click the link to the instance you created in the previous step.

    From the Instance Details page look under the Primary VNIC Information section. Copy the public IP address the system created for you. You will use this IP address to connect to your instance.

  3. Open a Terminal or Command Prompt window.
  4. Change into the directory where you stored the ssh encryption keys you created for this tutorial.
  5. Connect to your VM with this ssh command
    ssh -i <your-private-key-file> ubuntu@<x.x.x.x>

    Since you identified your public key when you created the VM, this command should log you into your VM. You can now issue sudo commands to install and start your server.

  6. Update firewall settings.
    The Ubuntu firewall is disabled by default. However, it is still necessary to update your iptables configuration to allow HTTP traffic. Execute the following commands to update iptables.
    sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 8080 -j ACCEPT
    sudo netfilter-persistent save

    The commands add a rule to allow HTTP traffic through port 8080 and saves the changes to the iptables configuration files.

  7. Install JDK 11.
    sudo apt update
    sudo apt install openjdk-11-jdk-headless
    java -version

    You may need to type "y" a few times to accept the packages that are installed to the VM.
  8. Set JAVA_HOME in .bashrc.

    Update the file:

    vi .bashrc

    In the file, append the following text and save the file:

    # set JAVA_HOME
    export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64

    Activate the above command in the current window.

    source ~/.bashrc
  9. Next, install Apache Maven 3.6+.
    sudo apt install maven
    mvn --version
  10. Run the following Maven Archetype which creates a Maven project template to start with. This project uses the helidon-quickstart-mp example from the Helidon website.
    mvn archetype:generate -DinteractiveMode=false \
        -DarchetypeGroupId=io.helidon.archetypes \
        -DarchetypeArtifactId=helidon-quickstart-mp \
        -DarchetypeVersion=1.4.4 \
        -DgroupId=io.helidon.examples \
        -DartifactId=helidon-quickstart-mp \

    The Archetype creates a Maven project under the current directory. You should get the following output:

    [INFO] Project created from Archetype in dir: /home/ubuntu/helidon-quickstart-mp
  11. Change to the helidon-quickstart-mp directory.
    cd helidon-quickstart-mp
  12. Build the application.
    mvn package

    You should get a message of success.

  13. Run the application.
    java -jar target/helidon-quickstart-mp.jar
  14. Test the application using the command line or a browser:
    • To test with curl, from a new terminal, connect to your Ubuntu VM with your SSH keys, and then in the command line enter:
      curl -X GET http://localhost:8080/greet
    • From a browser, connect to the public IP address assigned to your VM: http://<x.x.x.x>:8080/greet.

    You should see {"message":"Hello World!"} on your VM, or in your browser.

  15. Enter a name for the greeting.
    From the terminal, enter:
    curl -X GET http://localhost:8080/greet/Mike
    Or, from your browser, enter: http://<x.x.x.x>:8080/greet/Mike.

    You should see {"message":"Hello Mike!"} on your VM, or in your browser.

  16. Update the greeting.

    From the terminal, enter:

    curl -X PUT -H "Content-Type: application/json" -d '{"greeting" : "Aloha"}' http://localhost:8080/greet/greeting

    This updates the Hello in the message to Aloha.

  17. Test the updated greeting.
    From the browser, enter: http://<x.x.x.x>:8080/greet/Mike.

    You should see {"message":"Aloha Mike!"} on your VM, or in your browser.

  18. Enter the following commands in your browser to get health and metrics from your Helidon application.
    To get metrics in JSON, from the terminal, enter:
    curl -H 'Accept: application/json' -X GET http://localhost:8080/metrics

Congratulations! You have successfully created a Hello World application using the Helidon MicroProfile service, on your Oracle Cloud Infrastructure VM. Next step is to build a Docker image for your application.


6. Build and Push your Java Helidon Docker Image

Next, create a Docker image on your Ubuntu Linux VM and then push it to Oracle Cloud Infrastructure Registry.

Install Docker

Install Docker on your Oracle Linux VM.

  1. Install Docker 18.0.6+ on your VM:
    sudo snap install docker
    docker --version

    This snap build requires all files that Docker uses, such as Dockerfiles, to be in $HOME or a sub-directory of it. Keep the files there, for commands such as docker build, docker save and docker load.

Build a Docker Image

Build a Docker image for your application.

  1. First, make sure you are in the helidon-quickstart-mp directory.
  2. Build a Docker image: sudo docker build -t helidon-quickstart-mp .

    You should get a message of success.

    Successfully tagged helidon-quickstart-mp:latest
  3. Run the Docker image:
    sudo docker run --rm -p 8080:8080 helidon-quickstart-mp:latest
  4. Test the application using the command line or a browser:
    • To test with curl, from a new terminal, connect to your Ubuntu VM with your SSH keys, and then in the command line enter: curl -X GET http://localhost:8080/greet
    • From a browser, connect to the public IP address assigned to your VM: http://<x.x.x.x>:8080/greet.
    If you see Hello World! in the terminal, or in your browser, then the Docker image is running. Now you can push the image to Oracle Cloud Infrastructure Registry (OCIR).

Push your Docker image to OCIR

With your Docker image created, now you need to push it to OCIR.

  1. Open a terminal window.
  2. Use <region-key> from the gather information section to log Docker into OCIR:
    sudo docker login <region-key>.ocir.io

    You are prompted for your login name and password.

    • Username: <tenancy-name>/<user-name>
    • Password: <auth-token>
  3. List your local Docker images.
    sudo docker images

    The Docker images on your system are displayed. Identify the image you created in the last section: helidon-quickstart-mp.

  4. Before you push your local image to OCIR, you must reference it with a new name that includes the path to OCIR. Then you can push the image with the new name to OCIR. Use the Docker tag command to create a shortcut to your image using the new name:
    sudo docker tag <your-local-image> <registry-image>

    The registry image consists of: <region-key>.ocir.io/<tenancy-name>/<image-folder>/<image-name>

    Example: sudo docker tag helidon-quickstart-mp iad.ocir.io/<tenancy-name>/<image-folder>/helidon-quickstart-mp


    The <image-folder> is a string of your choosing that is used to group your images. For example, a short version of your username is often used. "John Doe" might use: sudo docker tag helidon-quickstart-mp iad.ocir.io/<tenancy-name>/johnd/helidon-quickstart-mp.
  5. Check your Docker images to see if the reference has been created.
    sudo docker images

    The new image has the same image ID as your local image.
  6. Push the image to OCIR.
    sudo docker push <registry-image>:latest

    Example: sudo docker push iad.ocir.io/<tenancy-name>/<image-folder>/helidon-quickstart-mp:latest

    You should see your image in OCIR after the push command is complete.

View the OCIR Repository you Created

  1. In the Console, from the navigation menu, click Developer Services, and then click Registry (OCIR).
  2. In the list of registries, expand your registry: <image-folder>/helidon-quickstart-mp. You may need to scroll to the right, to get a second scrollbar, to find your registry.
    You should see:

    Access: Private

    By default, your repository is created with private access.

  3. Click latest.
    You should see:

    Full Path: <region-key>.ocir.io/<tenancy-name>/<image-folder>/helidon-quickstart-mp

Congratulations! You created a Java Helidon Docker image. Now you can create a Kubernetes cluster and deploy this image to your cluster.

7. Create your Kubernetes Cluster

Set up the Kubernetes cluster you will deploy your application to. You will use a wizard to set up your first cluster.

  1. From the navigation menu, click Developer Services, and then click Container Clusters.
  2. Click Create Cluster.
  3. Select Quick Create.
  4. Click Launch Workflow.

    The Cluster Creation dialog is displayed.

  5. Fill in the following information:
    • Name: <your-cluster-name>
    • Compartment: <your-compartment-name>
    • Kubernetes Version: <take-default>
    • Visibility Type: <Private>
    • Shape: VM.Standard.E2.1
    • Number of Nodes: 3
    • Add Ons: <none-selected>
  6. Click Next.

    All your choices are displayed. Review them to make sure everything is configurated correctly.

  7. Click Create Cluster.

    The services set up for your cluster are displayed.

  8. Click Close.
  9. Get a cup of coffee. It may take a few minutes for the cluster to be created.
You have successfully created a Kubernetes cluster.

8. Manage your Kubernetes Cluster with Cloud Shell

You can access your Kubernetes cluster and manage your deployments from Oracle Cloud Infrastructure Cloud Shell (Cloud Shell). To do that, complete the following steps:

  1. From the navigation menu, click Developer Services, and then click Kubernetes Clusters (OKE).
  2. Click the link to <your-cluster>.

    The information about your cluster is displayed.

  3. Click Access Cluster.
  4. Select Cloud Shell Access.
  5. Follow the steps provided in the dialog. They are reprinted here for your reference.

    All the required tools are installed in your cloud shell environment.
    • Launch Cloud Shell
    • Make a .kube directory if it doesn't exist.

      mkdir -p $HOME/.kube
    • To access the kubeconfig for your cluster, copy the following command to Cloud Shell:
      oci ce cluster create-kubeconfig <copy-data-from-dialog>
  6. Test your cluster configuration with the following command:

    List clusters:

    kubectl get service

    Note: If you have existing clusters, the new cluster information is merged with your $HOME/.kube/config file.

With your cluster configured, you are now ready to prepare your application for deployment.

9. Deploy your Docker Image to your Cluster with Cloud Shell

Now, create a manifest file to include information about the following resources and then create the resources with Kubernetes:
  • Deployment: Pull and deploy the image from registry.
  • Load Balancer Service: Make the application available with a public IP address.

Perform the following steps in Cloud Shell:

Create a Registry Secret
  1. Create a registry secret for your application. The container engine uses this secret to authenticate when it pulls an image from the registry to the cluster.

    Fill in the information in this template to create your secret with the name ocirsecret.

    kubectl create secret docker-registry ocirsecret --docker-server=<region-code>.ocir.io  --docker-username='<tenancy-name>/<user-name>' --docker-password='<auth-token>' --docker-email='<email-address>'

    After executing the command, you should get message: secret/ocirsecret created.

  2. Verify the secret was created. Issue the following command.
    kubectl get secret ocirsecret --output=yaml

    The output includes information about your secret is shown in the yaml format.

Create a Manifest File
  1. From the home directory, create a directory called helidon-quickstart-mp.
    mkdir helidon-quickstart-mp
  2. Change to the helidon-quickstart-mp directory.
    cd helidon-quickstart-mp
  3. Determine the host URL to your registry image using the following template.
  4. Create a file called app.yaml.
    vi app.yaml
  5. Copy the following information in your app.yaml.

    Your code must have the exact same indentation. The deployment and load balancer service are separated with ---.

    Here are some of the parameters that you will set for the deployment section:

    • replicas: 3
    • image: <your-image-url>
    • imagePullPolicy: Always
    • protocol: TCP
    • imagePullSecrets:
      • name: ocirsecret
    kind: Deployment
    apiVersion: extensions/v1beta1
      name: helidon-quickstart-mp
      replicas: 3
            app: helidon-quickstart-mp
            version: v1
          - name: helidon-quickstart-mp
            image: <your-image-url>
            imagePullPolicy: Always
            - containerPort: 8080
              protocol: TCP
            - name: ocirsecret
    apiVersion: v1
    kind: Service
      name: helidon-quickstart-lb
        app: helidon-quickstart-mp
      type: LoadBalancer
      - port: 8080
        app: helidon-quickstart-mp      
  6. Deploy your application with the following command:
    kubectl create -f app.yaml
Test your App

Your load balancer may take a few seconds to load after issuing the command.

  1. Check for your load balancer to deploy.
    kubectl get service

    Repeat the command until the load balancer is assigned an external IP address.

  2. Using the IP address for the load balancer connect to your app in a browser, http://x.x.x.x:8080/greet

Clean up the Application

After you are done, clean up and remove the services you created.

  1. Delete your application deployment and load balancer service:
    kubectl delete -f app.yaml
    The following messages are returned:
    service "helidon-quickstart-lb" deleted
    deployment.extensions "helidon-quickstart-mp" deleted
  2. To check that the service is removed:
    kubectl get service
Congratulations! You installed and deployed a Helidon application to a Kubernetes cluster on Oracle Cloud Infrastructure.

What's Next

You have successfully created a Hello World application, deployed it to a Kubernetes cluster and made it accessible on the internet, using the Helidon MicroProfile service.

To explore more information about development with Oracle products check out these sites: