Access Resources

Learn how to access the administration console, Jenkins, and the Verrazzano consoles using the tools provided with Oracle WebLogic Server for OKE.

Topics:

Access the Administration Instance

Access the administration compute instance for a Oracle WebLogic Server for OKE.

From the administration compute instance, you can access the shared file system at /u01/shared. It also includes the following software:

kubectl - Deploy and manage pods in the Kubernetes cluster for this stack.
docker - Download, modify and update container images in Oracle Cloud Infrastructure Registry. Use the login command to connect to the registry.
oci - View, create and update resources in Oracle Cloud Infrastructure.

This compute instance is on a private subnet and cannot be directly accessed from the public Internet. You can use the bastion instance, which is on a public subnet, and the proxy option of a secure shell (SSH) utility.

Sign in to the Oracle Cloud Infrastructure Console.
Click the navigation menu , select Developer Services. Under the Resource Manager group, click Stacks.
Select the Compartment in which your domain is created.
Click the stack for your domain.
Click Jobs.
In the Jobs table, click the Apply job for the stack.
Click Application Information.
Identify and make a note of the following IP addresses:
- Bastion Instance Public IP - The public IP address of the bastion compute instance
- Admin Instance Private IP - The private IP address of the administration compute instance
From your computer, create an SSH connection to the administration instance's IP address, and also specify the bastion instance's IP address as a proxy.
Connect as the opc user.

Provide the path to the private key that corresponds to the public key that you specified when you created the stack.

The SSH command format is:
```
ssh -i <path_to_private_key> -o ProxyCommand="ssh -W %h:%p –i <path_to_private_key> opc@<bastion_public_ip>" opc@<admin_ip>
```
For example:
```
ssh -i ~/.ssh/mykey.openssh -o ProxyCommand="ssh -W %h:%p -i ~/.ssh/mykey.openssh opc@203.0.113.13" opc@198.51.100.1
```
On a Windows platform, you can use Windows PowerShell to run the SSH command.
If prompted, enter the passphrase for the private key.

Access the Jenkins Console

Access the Jenkins build engine for a stack in which you configured Verrazzano with Oracle WebLogic Server for OKE.

Jenkins runs as a pod in the Kubernetes cluster and is hosted on the Verrazzano's private load balancer. This load balancer cannot be directly accessed from the public Internet. Jenkins is and can be accessed through socks proxy securely.

Sign in to the Oracle Cloud Infrastructure Console.
Click the navigation menu , select Developer Services. Under the Resource Manager group, click Stacks.
Select the Compartment in which your domain is created.
Click the stack for your domain.
Click Jobs.
Click the Apply job for the stack.
Click Outputs.
Identify the public IP address of the bastion compute instance, bastion_instance_public_ip.
Click Logs.
Search for the attribute jenkins_console_url. Copy the URL.
The URL format is:
```
http://jenkins.<resource_name_prefix>.<internal_lb_ip>.<wildcard_DNS_provider>/jenkins
```
If you specify the environment name during stack creation with Verrazzano, the URL format is:
```
http://jenkins.<environment_name>.<internal_lb_ip>.<wildcard_DNS_provider>/jenkins
```
Examples:
- ```
http://jenkins.abc.<internal_lb_ip>.nip.io/jenkins
```
  where, abc is the specified environment name for the Verrazzano installation and nip.io is the default wildcard DNS service.
- ```
http://jenkins.abc.<internal_lb_ip>.sslip.io/jenkins
```
  where, abc is the specified environment name for the Verrazzano installation and sslip.io is the wildcard DNS service that is configured during Verrazzano installation.
To know more about the DNS services, see Customize DNS.
Note:

If you provision a domain without a bastion instance, you must obtain the internal load balancer IP address to use in the Jenkins URL.
To get the internal load balancer IP address, access the administration instance for your stack (see Access the Administration Instance) and run the following command:
kubectl get svc -A
The private load balancer is listed with the namespace wlsoke-ingress-nginx and name okename-internal.
From your computer, open an SSH tunnel to an unused port on the bastion compute instance as the opc user.
For example, you can use port 1088 for SOCKS proxy.

Specify the -D option to use dynamic port forwarding. Provide the path to the private key that corresponds to the public key that you specified when you created the domain.

The SSH command format is:
```
ssh -D <port_for_socks_proxy> -fCqN -i <path_to_private_key> opc@<bastion_public_ip>
```
For example:
```
ssh -D 1088 -fCqN -i ~/.ssh/mykey.openssh opc@198.51.100.1
```
On a Windows platform, you can use Windows PowerShell to run the SSH command.
In your browser settings, set up the SOCKS (version 5) proxy configuration. Specify your local computer and the same SOCKS port that you used in your SSH command.
Browse to the Jenkins console URL.
If this is the first time using the Jenkins console, you are prompted to create a new admin user.

Access the Verrazzano Consoles

Access the Verrazzano consoles for a stack in which you configured Verrazzano with Oracle WebLogic Server for OKE.

Verrazzano installs several consoles. To access these consoles:

Sign in to the Oracle Cloud Infrastructure Console.
Click the navigation menu , select Developer Services. Under the Resource Manager group, click Stacks.
Select the Compartment in which your domain is created.
Click the stack for your domain.
Click Jobs.
Click the Apply job for the stack.
Click Outputs.
Identify the public IP address of the bastion compute instance, bastion_instance_public_ip.
Click Logs.
Search for the attribute consoleUrl.
The following are the console URL formats with the default wildcard DNS provider, nip.io:

Note:
If you do not specify the environment name during stack creation with Verrazzano, the resource name prefix is used as the environment name.
- Verrazzano - https://verrazzano.<resource_name_prefix>.<internal_lb_ip>.nip.io
- ElasticSearch - https://elasticsearch.vmi.system.<resource_name_prefix>.<internal_lb_ip>.nip.io
- Grafana - https://grafana.vmi.system.<resource_name_prefix>.<internal_lb_ip>.nip.io
- KeyCloak - https://keycloak.<resource_name_prefix>.<internal_lb_ip>.nip.io
- Kiali - https://kiali.vmi.system.<resource_name_prefix>.<internal_lb_ip>.nip.io
- Kibana - https://kibana.vmi.system.<resource_name_prefix>.<internal_lb_ip>.nip.io
- Prometheus - https://prometheus.vmi.system.<resource_name_prefix>.<internal_lb_ip>.nip.io
- Rancher - https://rancher.<resource_name_prefix>.<internal_lb_ip>.nip.io
where, internal_lb_ip is the internal load balancer IP address.

An example of Verrazzano console URL format with abc environment name and default wildcard DNS provider, nip.io:
```
https://verrazzano.<environment_name>.<internal_lb_ip>.nip.io
```
An example of ElasticSearch console URL format with abc environment name and sslip.io wildcard DNS provider configured during Verrazzano installation.
```
https://elasticsearch.vmi.system.abc.<internal_lb_ip>.sslip.io
```
Note:

If you provision a domain without a bastion instance, you must obtain the internal load balancer IP address to use in the Verrazzano console URLs.
To get the internal load balancer IP address, access the administration instance for your stack (see Access the Administration Instance) and run the following command:
kubectl get svc -A
The private load balancer is listed with the namespace wlsoke-ingress-nginx and name okename-internal.
From your computer, open an SSH tunnel to an unused port on the bastion compute instance as the opc user.
For example, you can use port 1088 for SOCKS proxy.

Specify the -D option to use dynamic port forwarding. Provide the path to the private key that corresponds to the public key that you specified when you created the domain.

The SSH command format is:
```
ssh -D <port_for_socks_proxy> -fCqN -i <path_to_private_key> opc@<bastion_public_ip>
```
For example:
```
ssh -D 1088 -fCqN -i ~/.ssh/mykey.openssh opc@198.51.100.1
```
On a Windows platform, you can use Windows PowerShell to run the SSH command.
In your browser settings, set up the SOCKS (version 5) proxy configuration. Specify your local computer and the same SOCKS port that you used in your SSH command.
Browse to the console URLs.
To know the preconfigured users and to get the password for the consoles, see Get Console Credentials.

Access the WebLogic Console

Access the WebLogic Server Administration Console for a domain that you created with Oracle WebLogic Server for OKE with Verrazzano.

Note:

Before you access the WebLogic console, you must have created a WebLogic domain. See Create a WebLogic Domain.
Do not use the WebLogic console to make any configuration changes. All configuration changes should be should done through jobs, this ensure that the changes are persistent.
Security check warnings are displayed at the top of the console. See About the Security Checkup Tool for the warnings and how to handle them.

You must have installed OCI CLI and kubectl in your local computer. If you do not have them installed, see Install CLI and Install kubectl.

Note:

The following instructions are applicable only if your local computer has access to the Kubernetes API endpoint.

From your computer, create an SSH connection to the administration instance's IP address, and also specify the bastion instance's IP address as a proxy.
Connect as the opc user.

Provide the path to the private key that corresponds to the public key that you specified when you created the stack.

The SSH command format is:
```
ssh -i <path_to_private_key> -o ProxyCommand="ssh -W %h:%p –i <path_to_private_key> opc@<bastion_public_ip>" opc@<admin_ip>
```
For example:
```
ssh -i ~/.ssh/mykey.openssh -o ProxyCommand="ssh -W %h:%p -i ~/.ssh/mykey.openssh opc@203.0.113.13" opc@198.51.100.1
```
On a Windows platform, you can use Windows PowerShell to run the SSH command.
Navigate to the .kube/config folder.
Open the config file and copy the contents of the config file.
In your local computer, under $HOME/.kube directory, create a config folder, and copy the contents of the config file.
Note:
If you do not have the directory to contain the kubeconfig file, then create the directory using the following command:
```
$ mkdir -p $HOME/.kube
```
Sign in to the Oracle Cloud Infrastructure Console.
Click the navigation menu , select Developer Services. Under Containers, click Kubernetes Clusters (OKE).
Select the Compartment containing the cluster.
On the Cluster List page, click the name of the cluster you want to access using kubectl. The Cluster page shows details of the cluster.
Click Access Cluster.
On the Access Your Cluster dialog box, click Local Access.
Run the Oracle Cloud Infrastructure CLI command to set up the kubeconfig file and save it in a location accessible to kubectl.
For example, on Linux, enter the following command (or copy and paste it from the Access Your Cluster dialog box) in a local terminal window:
```
oci ce cluster create-kubeconfig --cluster-id <OCID of the current cluster> --file /.kube/config --region <region_name> --token-version 2.0.0 --kube-endpoint PRIVATE_ENDPOINT
```
Set the value of the KUBECONFIG environment variable to point to the name and location of the kubeconfig file.
```
export KUBECONFIG=$HOME/.kube/config
```

Set up port forwarding to the administration server that you want to connect.

$ kubectl port-forward pods/<admin_server_pod_name> 7001:7001 -n <namespace>

Example:

$ kubectl port-forward pods/oci-domain-uid-ocidomain-adminserver 7001:7001 -n <namespace>

Browse to the WebLogic Server Administration Console URL.
```
http://localhost:7001/<domain_name>/console
```
Sign in using the administrator credentials for your domain.