Create a Stack

Use Oracle WebLogic Server for OKE to create a stack that includes a basic Oracle WebLogic Server domain, network resources, Kubernetes cluster, compute instances, and load balancers.

Launch a new stack from Marketplace. For a basic domain, you do not specify a database.

Before you create a domain, you must first perform the following tasks:

Oracle WebLogic Server for OKE can create the virtual cloud network (VCN) and subnets for your new domain. If you want to use an existing VCN or existing subnets for the domain, then they must meet certain requirements. See:

Tutorial iconTutorial

Launch a Stack

Sign in to Marketplace and specify initial stack information.

  1. Sign in to the Oracle Cloud Infrastructure Console.
  2. Click the navigation menu Navigation Menu icon and select Marketplace.
  3. Select an application that matches the edition of Oracle WebLogic Server that you want to provision.
    • Oracle WebLogic Server Enterprise Edition for OKE BYOL
    • Oracle WebLogic Server Enterprise Edition for OKE UCM
    • Oracle WebLogic Suite for OKE BYOL
    • Oracle WebLogic Suite for OKE UCM
  4. Select a required Oracle WebLogic Server version to use from the list of Model in Image or Domain in Image images.

    To identify whether a version uses the Model in Image or the Domain in Image WLS Operator pattern, see the Supported Image column in Patches Included in Oracle WebLogic Server for OKE.

  5. Select the compartment in which to create the stack.

    By default the stack compartment is used to contain the compute instances and network resources. If later on you specify a network compartment on the Configure Variables page of the Create Stack wizard, then the compute instances and load balancers are created in the stack compartment that you select here.

  6. Select the Oracle Standard Terms and Restrictions check box, and then click Launch Stack.

    The Create Stack wizard is displayed.

Configure Stack Information

Specify the name, description, and tags for the stack.

  1. On the Stack Information page of the Create Stack wizard, enter a name for your stack.
  2. Enter a description for the stack (optional).
  3. Specify one or more tags for your stack (optional).
  4. Click Next.

    The Configure Variables page opens.

Configure WebLogic Server on Container Cluster

Specify the parameters needed to configure the WebLogic Server domain in a Kubernetes cluster.

  1. In the WebLogic Server on Container Cluster section of the Configure Variables page, enter the resource name prefix.

    The maximum character length is 16.

    This prefix is used by all the created resources, except load balancers.
  2. Enter the SSH public key, by either uploading the SSH key file or copy-pasting the SSH key information.
  3. Select the number of running managed servers in the domain you want to create. You can specify up to 9.

    The number of running managed servers is also the number of WebLogic Server pods in the Kubernetes cluster. Each managed server runs in a separate pod in the Kubernetes cluster.

    Managed servers are members of a WebLogic Server cluster.

  4. Enter a user name for the WebLogic Server administrator.
  5. Enter the OCID of the secret for the password for the WebLogic Server administrator. See Create Secrets with Passwords.
  6. If required, change the default domain name.

Configure the Network

Define the Virtual Cloud Network (VCN) and the subnets configuration for the basic domain.

  1. In the Network section of the Configure Variables page, select the Network Compartment in which to create the network resources for this domain.

    If you don't specify a network compartment, then all the network resources and compute instances are created in the stack compartment that you selected earlier upon launching the stack. Select a network compartment if you want the network resources to be in a different compartment than the compute instances.

  2. You can either create a new VCN, use an existing VCN but create new subnet resources, or an existing VCN and existing subnets.

    For an existing VCN and existing subnet, you can configure a bastion compute instance to provide access to the WebLogic Server compute instances on a private subnet. However, creating the bastion node on public subnet is optional.

    • To create resources in a new VCN, select Create New VCN from the Virtual Cloud Network Strategy dropdown, and then specify the following:
      • A CIDR for the new VCN
      • A shape for the private load balancer
      • A shape for the public load balancer.

        Note:

        If you want to use a public load balancer with a reserved public IP, specify the OCID of the public IP for the load balancer.
        By default, the reserved public IP address that you specify as the loadBalancerIP property of the LoadBalancer service in the manifest file is expected to be a resource in the same compartment as the cluster. If you want to specify a reserved public IP address in a different compartment, add the following policy to the tenancy:
        Allow any-user to read public-ips in tenancy where request.principal.type = 'cluster'
        Allow any-user to manage floating-ips in tenancy where request.principal.type = 'cluster'

        See Specifying Load Balancer Reserved Public IP Addresses.

    • To use an existing VCN but create new subnet resources, select Use Existing VCN from the Virtual Cloud Network Strategy dropdown, then do the following:
      1. From the Existing Network dropdown, select the name of an existing VCN.
      2. Do not select the Use Existing Subnet check box.
      3. Specify public subnet CIDRs for the bastion host and load balancers.
      4. Specify private subnet CIDRs for administration host, file system and mount target (storage) host, and Kubernetes cluster and node pool.
      5. Enter the Oracle Cloud Identifier (OCID) for an existing NAT gateway or service gateway.
      6. Select a minimum and maximum flexible shape for a private load balancer.

        By default, the minimum bandwidth size is set to 10 Mbps and maximum to 100 Mbps.

        Note:

        You can update the shape to a maximum of 8000 Mbps. Before you select the maximum bandwidth, ensure to check the available service limit for the flexible private load balancer bandwidth.
      7. Select a minimum and maximum flexible shape for a public load balancer.

        By default, the minimum bandwidth size is set to 10 Mbps and maximum to 400 Mbps.

        Note:

        You can update the shape to a maximum of 8000 Mbps. Before you select the maximum bandwidth, ensure to check the available service limit for the flexible public load balancer bandwidth.
      8. If you want to use a public load balancer with a reserved public IP, specify the OCID of the public IP for the load balancer.

        Note:

        By default, the reserved public IP address that you specify as the loadBalancerIP property of the LoadBalancer service in the manifest file is expected to be a resource in the same compartment as the cluster. If you want to specify a reserved public IP address in a different compartment, add the following policy to the tenancy:
        Allow any-user to read public-ips in tenancy where request.principal.type = 'cluster'
        Allow any-user to manage floating-ips in tenancy where request.principal.type = 'cluster'

        See Specifying Load Balancer Reserved Public IP Addresses.

    • To use an existing VCN and existing subnets with bastion configuration, select Use Existing VCN from the Virtual Cloud Network Strategy dropdown, then do the following:
      1. From the Existing Network dropdown, select the name of an existing VCN.
      2. Select the Use Existing Subnet check box.
      3. Select the Subnet Compartment to use for the existing subnet.

        The subnet compartment is different than the VCN compartment. The subnets for the bastion host, load balancers, Kubernetes cluster and node pool, administration host, and the file system and mount target host, use this same subnet compartment.

        Note:

        You can specify the subnet compartment only if you're using an existing subnet.
      4. Keep the default selection for Provision Bastion node on Public Subnet check box.
      5. Select the name of an existing public subnet for the bastion host.
      6. Select the names of existing private subnets for the Kubernetes cluster and node pool, administration host, and the file system and mount target (storage) host.
      7. Select the name of an existing public subnet for the load balancer.
      8. Enter the Oracle Cloud Identifier (OCID) for an existing NAT gateway or service gateway.
      9. Select a minimum and maximum flexible shape for a private load balancer.

        By default, the minimum bandwidth size is set to 10 Mbps and maximum to 100 Mbps.

        Note:

        You can update the shape to a maximum of 8000 Mbps. Before you select the maximum bandwidth, ensure to check the available service limit for the flexible private load balancer bandwidth.
      10. Select a minimum and maximum flexible shape for a public load balancer.

        By default, the minimum bandwidth size is set to 10 Mbps and maximum to 400 Mbps.

        Note:

        You can update the shape to a maximum of 8000 Mbps. Before you select the maximum bandwidth, ensure to check the available service limit for the flexible public load balancer bandwidth.
      11. If you want to use a public load balancer with a reserved public IP, specify the OCID of the public IP for the load balancer.

        Note:

        By default, the reserved public IP address that you specify as the loadBalancerIP property of the LoadBalancer service in the manifest file is expected to be a resource in the same compartment as the cluster. If you want to specify a reserved public IP address in a different compartment, add the following policy to the tenancy:
        Allow any-user to read public-ips in tenancy where request.principal.type = 'cluster'
        Allow any-user to manage floating-ips in tenancy where request.principal.type = 'cluster'

        See Specifying Load Balancer Reserved Public IP Addresses.

    • To use an existing VCN and existing subnets without bastion configuration, select Use Existing VCN from the Virtual Cloud Network Strategy dropdown, then do the following:
      1. From the Existing Network dropdown, select the name of an existing VCN.
      2. Select the Use Existing Subnet check box.
      3. Select the Subnet Compartment to use for the existing subnet.

        The subnet compartment is different than the VCN compartment. The subnets for the bastion host, load balancers, Kubernetes cluster and node pool, administration host, and the file system and mount target host, use this same subnet compartment.

        Note:

        You can specify the subnet compartment only if you're using an existing subnet.
      4. Deselect the Provision Bastion node on Public Subnet check box.

        Note:

        It is recommended to deselect the Provision Bastion Node on Public Subnet check box only in network with fast connect setup.

        In this case, no status is returned for provisioning, then you must check the status of provisioning in the Logs under Application Information of the stack, and view the error or success messages in the /u01/logs/provisioning.log file on the administration instance.

        To get the internal and external load balancer IP addresses for acessing the Jenkins Console, WebLogic Console, and the WebLogic Cluster Load Balancer, see Access the Load Balancer IP for No Bastion Host.

      5. Select the names of existing private subnets for the Kubernetes cluster and node pool, administration host, and the file system and mount target (storage) host.
      6. Select the name of an existing public subnet for the load balancer.
      7. Enter the Oracle Cloud Identifier (OCID) for an existing NAT gateway or service gateway.
      8. Select a minimum and maximum flexible shape for a private load balancer.

        By default, the minimum bandwidth size is set to 10 Mbps and maximum to 100 Mbps.

        Note:

        You can update the shape to a maximum of 8000 Mbps. Before you select the maximum bandwidth, ensure to check the available service limit for the flexible private load balancer bandwidth.
      9. Select a minimum and maximum flexible shape for a public load balancer.

        By default, the minimum bandwidth size is set to 10 Mbps and maximum to 400 Mbps.

        Note:

        You can update the shape to a maximum of 8000 Mbps. Before you select the maximum bandwidth, ensure to check the available service limit for the flexible public load balancer bandwidth.
      10. If you want to use a public load balancer with a reserved public IP, specify the OCID of the public IP for the load balancer.

        Note:

        By default, the reserved public IP address that you specify as the loadBalancerIP property of the LoadBalancer service in the manifest file is expected to be a resource in the same compartment as the cluster. If you want to specify a reserved public IP address in a different compartment, add the following policy to the tenancy:
        Allow any-user to read public-ips in tenancy where request.principal.type = 'cluster'
        Allow any-user to manage floating-ips in tenancy where request.principal.type = 'cluster'

        See Specifying Load Balancer Reserved Public IP Addresses.

Configure the Container Cluster

You can specify the parameters needed to create a container cluster or configure the WebLogic Server domain to use an existing container cluster for an existing VCN and an existing subnet only.

Create a Container Cluster

  1. In the Container Cluster Configuration section of the Configure Variables page, enter a Kubernetes Version to run on the cluster nodes.

    Note:

    The latest Kubernetes version is displayed by default. Check the Kubernetes version that is certified and compatible with WebLogic Server Kubernetes Operator. See Oracle WebLogic Server Kubernetes Operator.

    If you enter a Kubernetes version that is not available, the stack provisioning fails.

  2. Select a shape for each node in the Kubernetes cluster node pool, for WebLogic and non-WebLogic node pools.

    In the WebLogic node pool: For 2 or more running managed servers, select a shape with 2 or more OCPUs. For example, VM.Standard2.2 instead of VM.Standard2.1.

  3. Specify a CIDR for the pods in the Kubernetes cluster.
  4. Specify a CIDR for the Kubernetes services that are exposed.
  5. Optional: To encrypt the Kubernetes secrets at rest in etcd by using the master encryption key in the OCI vault service, select Kubernetes Secret Encryption and enter the vault key OCID.
    If you do not select this option, then the standard block storage encryption is used for etcd.

    Caution:

    • If you use Kubernetes Secret Encryption, then ensure that you do not disable or delete the vault key, which you used to encrypt the Kubernetes secrets.
    • If you disable or delete the vault key, you cannot perform any administrative commands on the administration server. like, kubectl get pods -A. The only option is to destroy and recreate the domain.
    • If you disable the vault key, the changes are immediate and you would not be able to access the domain.
    • If you have scheduled the key for deletion, it is in the Pending Deletion state until it is deleted permanently on the scheduled deletion date. You can cancel the key deletion schedule to restore access to the Kubernetes secrets. See Managing Secrets.

Use an Existing Cluster

  1. In the Container Cluster Configuration section of the Configure Variables page, select the Use existing cluster check box.
  2. Enter the OCID of the existing Kubernetes cluster.

    Ensure that this Kubernetes cluster exists in the compartment that you selected upon launching the stack, and in the specified existing VCN.

    You must not use the same Kubernetes cluster to create multiple Oracle WebLogic Server for OKE instances. If you want to use the cluster for multiple instances, you must delete the resources and the stack. See Delete the Resources and Stack.

Configure the Administration Instances

Specify where you want to create the Oracle WebLogic Server for OKE administration instances and select the shapes to use.

  1. In the Container Cluster Administration Instances section of the Configure Variables page, select the availability domain in which to create the bastion and Kubernetes administration compute instances.
  2. Select a shape for the Kubernetes administration compute instance.
  3. Select a shape for the bastion compute instance.

    Note:

    This option is not available if you deselect the Provision Bastion Node on Public Subnet check box.

Configure the Database

A basic domain does not require a database.

In the Database section of the Configure Variables page, for Database Strategy, select No Database if you are creating a basic domain.

To create a domain that uses an existing database, see Create a JRF-Enabled Domain.

Configure the File System

Specify where you want to create the shared file system.

  1. Select the availability domain where you want to create the shared file system and mount target.

    Note:

    Shared file system and mount target can be in a different availability domain than the WebLogic instances.
  2. Enter the existing mount target ID (optional).

    When you use an existing subnet to provision an Oracle WebLogic Server for OKE cluster, you can specify the existing mount target OCID. If not specified, a new mount target is created for the file system. This mount target should be in the same subnet where the new file system is created.

  3. Select the compartment for the existing mount target (optional).

    You can use this option to create the mount target in a different compartment than the stack compartment.

Configure the Registry

Specify the credentials that Oracle WebLogic Server for OKE uses to access container images in the Oracle Cloud Infrastructure Registry (OCIR).

  1. In the Registry User Name field, enter a user name that Kubernetes uses to access the image in the registry.
  2. In the Secrets OCID for Registry Authentication Token field, enter the OCID for the secret for the auth token generated for the registry user.

Create OCI Policies

When you create a basic domain, by default the OCI Policies check box is selected and Oracle WebLogic Server for OKE creates a dynamic group and relevant root-level (tenancy) policies for you.

If you are not an administrator, the necessary groups and policies must be in place before you can create a domain.

Before you deselect the check box, ask your administrator to create the required dynamic group and relevant policies, as described in Create a Dynamic Group and Create Policies for the Dynamic Group.

Configure WebLogic Authentication with Oracle Identity Cloud Service

You have the option to use Oracle Identity Cloud Service to authenticate application users for your domain.

To use Oracle Identity Cloud Service for authentication:

  1. Select Enable Authentication Using Identity Cloud Service.

    The default values of the IDCS host name and port name are displayed. If required, you can override the default domain name and port that you use to access Oracle Identity Cloud Service.

  2. Enter your Oracle Identity Cloud Service (IDCS) tenant name, which is also referred to as the instance ID.
    This ID is typically found in the URL that you use to access Oracle Identity Cloud Service, and has the format idcs-<GUID>.
  3. Enter the client ID, and OCID of the secret that contains the client secret of an existing confidential application in this Oracle Identity Cloud Service instance.

    You can override the default port used for the Oracle Identity Cloud Service App Gateway, if required.

Create the Stack

After you have specified the parameters for your basic domain, finish creating the stack.

On the Review page of the Create Stack wizard, review the information you have provided, and then click Create. This runs the stack creation job.

The Job Details page of the stack in Resource Manager is displayed. A stack creation job name has the format ormjobyyyymmddnnnnnn. For example, ormjob20200922125850. Periodically monitor the progress of the job until it is finished. If an email address is associated with your user profile, you will receive an email notification.

Use Your New Domain

Access and manage your new basic domain after creating a stack.

Typical tasks that you might perform after creating a domain: