Learn about the Oracle Cloud Infrastructure components that comprise Oracle WebLogic Server for OKE.
- Oracle WebLogic Server
- Resource Manager
- Container Engine for Kubernetes
- WebLogic Server Kubernetes Operator
- Virtual Cloud Network
- Load Balancer
Figure 1-1 Components of a typical Oracle WebLogic Server for OKE deployment
Figure 1-2 Components of a typical Oracle WebLogic Server for OKE deployment in Verrazzano
Oracle WebLogic Server
An Oracle WebLogic Server domain consists of one administration server and one or more managed servers to host your Java application deployments.
Oracle WebLogic Server for OKE supports these Oracle WebLogic Server editions:
- Oracle WebLogic Server Enterprise
- Includes clustering for high availability and scalability of Java resources and applications
- Includes Oracle Java SE Advanced (Java Mission Control and Java Flight Recorder) for diagnosing problems in development and production
- Oracle WebLogic Suite
- Includes all features and benefits of Oracle WebLogic Server Enterprise Edition
- Includes Verrazzano for managing WebLogic workloads
- Includes Oracle Coherence for increased performance and scalability
- Includes Active Gridlink for RAC for advanced database connectivity
Oracle WebLogic Server for OKE supports Oracle WebLogic Server 18.104.22.168.0 and 22.214.171.124.0 releases. See About Oracle WebLogic Server for OKE for specific version information.
Oracle WebLogic Server for OKE can create a basic domain that does not require a database.
Domains created with Oracle WebLogic Server for OKE do not utilize the Node Manager. Server health monitoring and lifecycle operations are performed by the WebLogic Server Kubernetes Operator.
Oracle WebLogic Server for OKE is accessed as a collection of applications in the Oracle Cloud Infrastructure Marketplace.
Oracle Cloud Infrastructure Marketplace is an online store that's available in the Oracle Cloud Infrastructure console. When you launch an Oracle WebLogic Server for OKE application from Marketplace, it prompts you for some basic information, and then directs you to Resource Manager to complete the configuration of your Oracle WebLogic Server stack and supporting cloud resources.
Choose an Oracle WebLogic Server for OKE application that meets your functional and licensing requirements.
See Overview of Marketplace in the Oracle Cloud Infrastructure documentation.
Oracle WebLogic Server for OKE uses Resource Manager in Oracle Cloud Infrastructure to provision the Kubernetes cluster, networks and other cloud resources that support your Oracle WebLogic Server stack.
Resource Manager is an Oracle Cloud Infrastructure service that uses Terraform to provision, update, and destroy a collection of related cloud resources as a single unit called a stack. Resource Manager supports most resource types in Oracle Cloud Infrastructure, but a stack in Oracle WebLogic Server for OKE is comprised of these components:
- A Kubernetes cluster running the WebLogic Server stack and Jenkins
- An administration compute instance that includes
kubectland other domain management tools
- A bastion compute instance that provides public access to the administration compute instance
- A virtual cloud network (VCN), including subnets, route tables, and security lists (optional)
- Load balancers
See Overview of Resource Manager in the Oracle Cloud Infrastructure documentation.
Container Engine for Kubernetes
Oracle WebLogic Server for OKE uses Oracle Container Engine for Kubernetes for container management and orchestration.
Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications across a cluster of hosts. A Kubernetes cluster is comprised of a controller node and one or more agent nodes. The worker nodes create and manage containers. Kubernetes groups the containers that make up an application into logical units called pods for easy management and discovery.
Oracle Container Engine for Kubernetes is an Oracle Cloud Infrastructure service that allows you to easily create, manage, and deploy applications to Kubernetes clusters. The nodes in a Kubernetes cluster are Oracle Cloud Infrastructure compute instances.
You can access the Kubernetes API on the cluster control plane through a private endpoint hosted in a subnet of an existing VCN. This Kubernetes API endpoint subnet is assigned a private IP address. See Kubernetes Cluster Control Plane and Kubernetes API.
When you create a stack and then a domain with Oracle WebLogic Server for OKE, it provisions two node pools: WebLogic node pool and non-WebLogic node pool. By default, each node pool is created with one worker node. However, during provisioning, you can specify the number of worker nodes you want in each node pool.
Note:All other pods can run on either of the two node pools and are not restricted to a node pool. Only the following listed pods are restricted to run on the specified node pool.
- WebLogic node pool:
- A pod running the domain's administration server
- A pod running each managed server in the domain (maximum is 9)
- A pod running the Jenkins agent
- Non-WebLogic node pool:
- A pod running the Jenkins controller
You can add a maximum of four managed servers in the node pool for the WebLogic Server node pods that does not contain an administration server. If you want to add another managed server, you must add a node in the node pool for the WebLogic Server node pods.
Note:If you set the Java Virtual Machine (JVM) heap size in the WebLogic Server pods, you must decide on the number of managed servers to be added in the node pool. See Set the JVM Arguments Definition to set the JVM heap size.
You cannot add more than three managed servers in the node pool for the WebLogic Server node pods that contains an administration server.
Oracle WebLogic Server for
creates a separate compute instance that includes the
line utility. You can use
kubectl to manage and monitor the cluster and
See Overview of Container Engine for Kubernetes in the Oracle Cloud Infrastructure documentation.
Oracle WebLogic Server for OKE manages the container images for your domain in Oracle Cloud Infrastructure Registry.
Oracle Cloud Infrastructure Registry lets developers store, share, and manage development artifacts like container images. An image is a read-only template with instructions for creating a container.
During the deployment of an application to a Kubernetes cluster, each pod's configuration can specify which images to pull from the registry. You provide the credentials that Kubernetes uses to access the registry.
The images in the registry are organized into named repositories. Repositories can be private or public. Any user with Internet access and knowledge of the appropriate URL can pull images from a public repository. When an image is pushed to the registry, a new private repository is created automatically if it doesn't already exist.
When you create a domain, Oracle WebLogic Server for OKE pushes a default image to the registry, which is used to provision the pods for your domain. From the administration compute instance, you can update this default image and then apply those changes using Kubernetes.
See Overview of Registry in the Oracle Cloud Infrastructure documentation.
WebLogic Server Kubernetes Operator
Your Oracle WebLogic Server for OKE domain includes the open-source WebLogic Server Kubernetes Operator, which has several key features to assist you with managing domains in a Kubernetes environment.
A WebLogic Server domain is modeled as a custom resource in the Kubernetes configuration file. The operator uses this configuration and the Kubernetes API to automate WebLogic Server operations such as provisioning, starting or stopping servers, patching, scaling, and security.
Oracle WebLogic Server for
and configures the operator in the Kubernetes cluster, and you can use the operator with
kubectl on the administration compute instance.
The operator supports the use of Kubernetes persistent volumes to store your domain files in an external file system. However, in Oracle WebLogic Server for OKE all of the files that are required to run your domain are stored in the container image for your domain. With this approach, you can easily share the domain with your entire development team, and also ensure that everyone uses a consistent configuration. You also don't need to manually replicate changes in different environments, like testing and production.
See WebLogic Kubernetes Operator documentation.
Helm is a package manager for Kubernetes. Use it to quickly install and manage Kubernetes applications, tools, and services for a Kubernetes cluster.
A chart is a package in Helm. A release is a running instance of a chart in a Kubernetes cluster.
When you create your Oracle WebLogic Server for OKE instance, the Helm client is installed on the administration compute instance, and uses Helm to install the chart for the Oracle WebLogic Server Kubernetes Operator.
See the Helm Documentation.
Oracle WebLogic Server for OKE allows easy installation of Verrazzano on the Kubernetes cluster for both BYOL and UCM billing modes. The Verrazzano version installed is 1.5.2.
Note:You can configure Verrazzano installation for WebLogic Suite Edition only.
Oracle Verrazzano is a container deployment and management platform that allows you to deploy and manage container workloads in Kubernetes. It leverages the Open Application Model (OAM) specification for building platform-agnostic container applications. See Verrazzano documentation.
Oracle WebLogic Server for OKE installs Verrazzano and creates a private load balancer to access the Verrazzano consoles. You can also create and manage your WebLogic domains in Verrazzano using the Jenkins Pipeline jobs. Verrazzano is configured to use Jenkins with Kubernetes plugin.
Oracle WebLogic Server for OKE uses Jenkins to automate the creation of custom images for your WebLogic Server domain, and the deployment of these images to the Kubernetes cluster.
If Verrazzano is installed on the Kubernetes cluster, Oracle WebLogic Server for OKE uses Jenkins to deploy WebLogic Open Application Model (OAM) components on Verrazzano. See Pipeline Jobs in Verrazzano.
Jenkins is an open-source automation engine that facilitates a development workflow based on Continuous Integration and Continuous Delivery (CI/CD). You create projects that perform a series of steps like checking out files from a source control system, compiling code, or running a script. Pipelines are a type of project that organize complex activities into stages, like building, testing, and deploying applications.
Note:The agent pod runs in the WebLogic node pool.
In addition to the Kubernetes cluster, Oracle WebLogic Server for OKE creates Oracle Cloud Infrastructure Compute instances to provide access to the cluster and for other administration tasks.
A Oracle WebLogic Server for OKE instance is comprised of these compute instances:
- The Kubernetes cluster compute instances host the worker nodes.
- The administration compute instance hosts
kubectland other tools to update and manage your domain in Kubernetes.
- The bastion compute instance provides external network access to the Kubernetes cluster and the administration instance, which are provisioned on private subnets.
During domain creation, the administration compute instance is also used to configure the new Kubernetes cluster and to deploy the pods for the domain.
When you create a domain, you assign a shape to each of the compute
instances. The shape determines the number of CPUs and the amount of memory allocated to
the compute instance. Oracle Cloud
Infrastructure offers a variety of bare metal (BM) and virtual machine (VM) shapes. However, Oracle WebLogic Server for
OKE only supports the
BM.Standard3.64, and the flexible shapes,
shapes might not be available in all regions.
For the flexible shapes, the maximum number of OCPUs are:
The memory, network bandwidth, and number of Virtual Network Interface Cards (VNICs) scale proportionately with the number of OCPUs. See Flexible Shapes.
You also assign a secure shell (SSH) public key to the compute instances for a domain. You can access and administer the operating system on the compute instances by using an SSH client and the matching private key.
An availability domain (AD) represents a data center within an Oracle Cloud Infrastructure region. Each availability domain contains three fault domains. The administration and bastion compute instances are created in a single availability domain. Oracle Container Engine for Kubernetes automatically distributes the worker nodes across all availability domains and fault domains in a region for high availability.
Your domain's files are stored locally within each pod in the Kubernetes cluster, but Oracle WebLogic Server for OKE also uses Oracle Cloud Infrastructure File Storage to support certain administration use cases.
When you create a stack, Oracle WebLogic Server for OKE also creates a shared file system and mounts it to the following components:
- The WebLogic Server pods in the Kubernetes cluster use it to store WebLogic Server log files.
- The Jenkins pods in the Kubernetes cluster use it to store pipeline data.
- The administration compute instance uses it to access the Jenkins pipeline data.
- The administration compute instance uses it during the creation of a domain to deploy the WebLogic Server operator to the Kubernetes cluster.
Oracle WebLogic Server for OKE exports the file system to a mount target in a specified availability domain, which can be a different availability domain than the one used for the domain's compute instances. If you don't have a mount target in the selected availability domain, the File Storage service creates one automatically. Also, the mount target and compute instances can be in different compartments or in a different compartment where the stack is available.
Clients access the file system using the Network File System version 3.0 (NFSv3) protocol. The File Storage service uses synchronous replication to provide high availability for all file systems.
See Overview of File Storage in the Oracle Cloud Infrastructure documentation.
Virtual Cloud Network
Oracle WebLogic Server for OKE assigns a domain's resources to specific subnets in a virtual cloud network (VCN).
A VCN in Oracle Cloud Infrastructure covers a single, contiguous CIDR block of your choice. A VCN includes one or more subnets, route tables, security lists, gateways, and DHCP options. A subnet is a subdivision of a VCN that consists of a contiguous range of IP addresses and does not overlap with other subnets in the VCN.
The following diagram illustrates the VCN for a domain created with Oracle WebLogic Server for OKE.
A subnet can be public or private. Any resources assigned to a private subnet can not be directly accessed from outside of Oracle Cloud. A service gateway allows resources in a private subnet to access other cloud services like Key Management and Autonomous Database, without using the public Internet. A NAT gateway allows outbound access to services that are not in Oracle Cloud.
A domain in Oracle WebLogic Server for OKE consists of the following subnets:
- A private subnet for the worker nodes in the Kubernetes cluster
- A private subnet for the administration compute instance
- A private subnet for the shared file system
- A public subnet for the bastion compute instance
- A public subnet for the load balancers
Oracle WebLogic Server for OKE can automatically create a VCN and subnets for a new domain, or you can create your own VCN and subnets before creating a domain. By default subnets span an entire region in Oracle Cloud Infrastructure. Alternatively, you can create subnets that are specific to one availability domain (AD) in a region.
See Overview of Networking in the Oracle Cloud Infrastructure documentation.
Oracle WebLogic Server for OKE uses the load balancing capabilities of Oracle Cloud Infrastructure Load Balancing and Oracle Container Engine for Kubernetes.
When you create a domain, Oracle WebLogic Server for OKE creates and configures two load balancers in Oracle Cloud Infrastructure:
- The public load balancer distributes traffic across the managed servers in your domain.
- The private load balancer provides access to the WebLogic Server administration console and the Jenkins console.
A load balancer consists of primary and standby instances but it is accessible from a single IP address. If the primary instance fails, traffic is automatically routed to the standby instance.
Note:By default, the reserved public IP address that you specify as the
loadBalancerIPproperty of the
LoadBalancerservice in the manifest file is expected to be a resource in the same compartment as the cluster. If you want to specify a reserved public IP address in a different compartment, add the following policy to the tenancy:
Allow any-user to read public-ips in tenancy where request.principal.type = 'cluster' Allow any-user to manage floating-ips in tenancy where request.principal.type = 'cluster'
If your region includes multiple availability domains (AD), the load balancer supports two networking options:
- Assign the load balancer to one regional subnet
- Assign the load balancer to two AD-specific subnets
Oracle WebLogic Server for OKE also creates an NGINX ingress controller in the Kubernetes cluster. NGINX is an open-source reverse proxy that controls the flow of traffic to pods within the Kubernetes cluster.
See the following topics in the Oracle Cloud Infrastructure documentation:
Oracle Cloud Infrastructure Vault enables you to manage sensitive information when creating an Oracle WebLogic Server domain.
A vault is a container for encryption keys and secrets. You create secrets for a domain's required passwords, and then Oracle WebLogic Server for OKE uses the same vault to decrypt the secrets when creating the domain.
Parameters for a new domain include the password for the default Oracle WebLogic Server administrator.
A standard vault is hosted on a hardware security module (HSM) partition with multiple tenants, and uses a more cost-efficient, key-based metric for billing purposes. A virtual private vault provides greater isolation and performance by allocating a dedicated partition on an HSM.
In order for the domain's Kubernetes cluster, compute instances, and file system to use your secrets, Oracle WebLogic Server for OKE automatically creates a dynamic group and policies in Oracle Cloud Infrastructure.
See these topics in the Oracle Cloud Infrastructure documentation:
Oracle Identity Cloud Service provides Oracle Cloud administrators with a central security platform to manage the relationships that users have with your applications.
By default, the Oracle WebLogic Server domain is configured to use the local WebLogic Server identity store to maintain administrators, application users, groups, and roles. These security elements are used to authenticate users, and to also authorize access to your applications and to tools like the WebLogic Server Administration Console.
Oracle WebLogic Server for OKE can configure a domain running WebLogic Server 12c to use Oracle Identity Cloud Service for authentication.
This configuration is supported only for Oracle Cloud accounts that include Oracle Identity Cloud Service 19.2.1 or later.
Oracle WebLogic Server for OKE configures an App Gateway in Oracle Identity Cloud Service. The App Gateway acts as a reverse proxy, intercepts HTTP requests to the domain, and ensures that the users are authenticated with Oracle Identity Cloud Service.
Oracle WebLogic Server for OKE creates two security applications in Oracle Identity Cloud Service to support the domain. A confidential application allows the domain to securely access the identity provider using the OAuth protocol. An enterprise application defines the URLs that are protected by the App Gateway.
See About Oracle Identity Cloud Service Concepts in Administering Oracle Identity Cloud Service.