Oracle by Example brandingGet Started with Oracle WebLogic Server for Oracle Cloud Infrastructure Container Engine for Kubernetes

section 0Before You Begin

This 30-minute tutorial shows you how to provision an Oracle WebLogic Server domain using Oracle Cloud Infrastructure Container Engine for Kubernetes, Marketplace and Resource Manager.

Background

Oracle WebLogic Server for Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) is available as a set of applications in the Oracle Cloud Infrastructure Marketplace. You use an Oracle WebLogic Server for OKE to provision a WebLogic Server domain, with the WebLogic administration server and each managed server running in different pods in Kubernetes cluster. The application also provisions a public load balancer to distribute traffic across the managed servers in your domain, and a private load balancer to provide access to the WebLogic Server administration console and the Jenkins console. Marketplace uses Resource Manager to provision the network, compute instances, load balancers, and Kubernetes components as a single unit called a stack.

Oracle Cloud Infrastructure Marketplace offers separate applications for:

  • Oracle WebLogic Server Enterprise Edition
  • Oracle WebLogic Suite

This tutorial uses Oracle WebLogic Server for OKE to create a virtual cloud network (VCN) and subnets in Oracle Cloud Infrastructure to support WebLogic Server, Kubernetes, and the load balancers. But you can also use an existing VCN and existing subnets if desired. Note that Oracle WebLogic Server for OKE creates administration host compute instance, public subnets for the load balancers and the bastion compute instance, and private subnets for the Kubernetes components and file storage. We recommend you follow the same architecture when using existing subnets.

This tutorial creates a basic WebLogic Server domain configuration, which does not require a database. Oracle WebLogic Server for Oracle Cloud Infrastructure can also be used to create a JRF-enabled domain, if you want to build applications with Oracle Application Development Framework (ADF). An existing Oracle Autonomous Transaction Processing database or Oracle Cloud Infrastructure DB System is required in order to provision a JRF-enabled domain.

Provisioning a domain in Oracle WebLogic Server for OKE requires one or more secrets in Oracle Cloud Infrastructure Vault. Each secret stores only one password and you would require the password when creating a WebLogic Server cluster. This tutorial uses a standard vault, which is hosted on a hardware security module (HSM) partition with multiple tenants, and uses a more cost-efficient, key-based metric for billing purposes. A virtual private vault provides greater isolation and performance by allocating a dedicated partition on an HSM. Each type of vault has a separate service limit in your Oracle Cloud Infrastructure tenancy. The limit for secrets spans all vaults. See Service Limits and Oracle Cloud Infrastructure Vault FAQ.

You can estimate the cost of the resources and services that you want to use to provision your instance. See Oracle Cloud Cost Estimator.

What Do You Need?

  • Your Oracle Cloud Infrastructure administrator user name and password.
  • Your Oracle Cloud Infrastructure authentication token. See Managing User Credentials.
  • An Oracle Cloud Infrastructure compartment. See Managing Compartments.
  • An SSH public key and corresponding private key.
  •  Service limits for the components in your tenancy. See Service Requirements.

section 1Create a Vault and a Key

  1. Sign in to the Oracle Cloud Infrastructure console.
  2. Click the navigation menu Menu icon, under Governance and Administration, select Security, and then click Vault.
  3. Select your Compartment, if not already selected.
  4. Click Create Vault.
  5. Enter WebLogicOKEVault in the Name field.
  6. Click Create.

    Wait for the vault to be created.

  7. Click the new vault.
  8. Click Master Encryption Keys, and then click Create Key.
  9. For Name, enter WebLogicOKEKey.
  10. Click Create Key.

    Wait for the key to be created and enabled before you create a secret.


section 2Create Secrets for WebLogic Password and Registry User

  1. In the vault, click Secrets, and then click Create Secret.
  2. Enter WebLogicAdminSecret in the Name field.
  3. Select the key WebLogicOKEKey that you created.
  4. For Secret Contents, enter the password you want to use for the WebLogic Server administrator.

    The password must start with a letter, is between 8 and 30 characters long, contain at least one number, and, optionally, any number of the special characters ($ # _).

  5. Click Create Secret.

    Wait for the secret to be created.

  6. Click the secret name.
  7. Copy the OCID of the secret for the WebLogic administrator password.
  8. Click the vault name.
  9. Click Secrets, and then click Create Secret.
  10. Enter TokenSecret in the Name field.
  11. For Secret Contents, enter your authentication token.
  12. Click Create Secret.

    Wait for the secret to be created.

  13. Click the secret name.
  14. Copy the OCID of the secret for the authentication token associated with your Oracle Cloud Infrastructure user name.

section 3Create the Stack

  1. Click the navigation menu Menu icon. Under the Solutions and Platform group, go to Marketplace and click Applications.
  2. Click one of the following Oracle WebLogic applications:
    • Oracle WebLogic Server Enterprise Edition for OKE BYOL
    • Oracle WebLogic Suite for OKE BYOL
  3. Select a Version of WebLogic Server to run on your domain.
  4. Select the Compartment in which to create the stack.
  5. Select the Oracle Standard Terms and Restrictions check box, and then click Launch Stack.

    The Create Stack page displays.

  6. Enter mylwlsokestack in the Name field.
  7. Click Next.

    The Configure Variables page displays.

  8. Enter mywlsoke in the Resource Name Prefix field.

    You must use lowercase characters for the resource name prefix.

  9. For SSH Public Key, browse to select the SSH public key file and upload the file, or paste the contents of the SSH public key file.

    After creating the stack, you can connect to the WebLogic Server compute instances by using an SSH client and the corresponding private key.

  10. For Managed Server Count, select 2.

    This is the number of running managed servers in the domain.

  11. Enter the administrator user name for the new WebLogic Server domain in the Administration User Name field.

    The user name must be minimum eight characters long and begin with a letter, and not contain special characters.

  12. Enter the OCID of the secret you created to contain the password for the WebLogic Server administrator in the Secrets OCID for Administration Password field.
  13. For Kubernetes Version, enter the version to use.

    The latest Kubernetes version is displayed by default.

  14. For Weblogic Node Pool Shape, select the shape of the compute instances with 2 or more OPCUs.
  15. For Nodes in the Node Pool for WebLogic Pods, select 2.
  16. For Non-Weblogic Node Pool Shape, select the shape of the compute instances.
  17. For Nodes in the Node Pool for Non-WebLogic Pods, select 2.
  18. For network configuration of Kubernetes:
    • Enter the network address to be used for the Kubernetes pods in Pods CIDR field.
    • Enter the network address to be used for the Kubernetes services in Pods CIDR field.
    • Ensure that the CIDR blocks for pods and services do not overlap with the VCN CIDR block.

  19. For Availability Domain for Compute Instances, select the availability domain in which to create the compute instances.
  20. For Administration Instance Compute Shape and Bastion Instance Shape, select the shape of each instance type.

    See Compute Shapes.

  21. For Virtual Cloud Network Strategy, select Create New VCN.

    Oracle WebLogic Server for OKE can create a new network and subnets to support this stack.

    This tutorial uses the same compartment for Network Compartment.
  22. For WebLogic Server Network CIDR, enter the network address to assign to the new VCN for the Kubernetes cluster, compute instances, and load balancers.
  23. For Minimum Bandwidth for Administration Console Load Balancer and for Maximum Bandwidth for Administration Console Load Balancer, retain the default values.

    This creates a flexible Administration Console load balancer with the specified minimum and maximum bandwidth.

  24. For Minimum Bandwidth for WebLogic Cluster Load Balancer and for Maximum Bandwidth for WebLogic Cluster Load Balancer, retain the default values.

    This creates a flexible WebLogic Cluster load balancer with the specified minimum and maximum bandwidth.

  25. For Availability Domain for File System, select the availability domain in which to create the file system and mount target.
  26. For Registry User Name, enter your user name, which is used to access repositories in the Oracle Cloud Infrastructure Registry.
  27. For Secrets OCID for Registry Authentication Token, enter the OCID of the secret you created to contain the authentication token for your user name in Oracle Cloud Infrastructure.
  28. Click Next.
  29. Click Create.

    The Job Details page in Oracle Resource Manager is displayed.

    An Apply job is started to provision your stack. To return to this page at a later time, click the navigation menu Menu icon, select Resource Manager, and then click Jobs.

  30. Periodically monitor the progress of the Apply job until it is finished.

    If an email address is associated with your user profile, you will receive an email notification.

  31. If the job fails, click the job name to view the logs.

section 4Access the WebLogic Server Console

  1. From the stack's Job Details page of the successful apply job, click Application Information.
  2. Copy the IP value of Bastion Instance Public IP. For example:

    Bastion Instance Public IP: 198.51.100.1

  3. Click Logs, then find and copy the URL value of weblogic_console_url. For example:

    "weblogic_console_url": "http://192.0.2.254/console"

  4. From your computer, open an SSH tunnel to use dynamic port forwarding to an unused port on the bastion compute instance. Connect as the opc user and provide the path to the private key that corresponds to the public key that you specified when you created the stack.

    The SSH command format is:

    ssh -C -D port_for_socks_proxy -i path_to_private_key opc@bastion_public_ip

    The following example uses port 1088 for SOCKS proxy:

    ssh -C -D 1088 -i ~/.ssh/mykey.openssh opc@198.51.100.1

    On a Windows platform, you can use Windows PowerShell to run the SSH command.
  5. If prompted, enter the passphrase for the private key.
  6. When connected, you'll see the following:

    [opc@mywlsoke-bastion-admin ~]$

  7. In your browser settings, set up the SOCKS (version 5) proxy configuration. Specify your local computer and the same SOCKS port that you used in your SSH command.
  8. Browse to the WebLogic Console URL, which uses a private IP. For example:

    http://10.0.2.3/console

    The WebLogic Server Administration Console log in page is displayed.

  9. Enter the administrator credentials for the domain.
  10. From the Domain Structure panel on the left, expand Environment, then click Servers.
  11. Identify the WebLogic administration server and the running managed servers that are created for your stack. For example:

    mywlsoke-adminserver
    mywlsoke-managed-server1
    mywlsoke-managed-server2

  12. Log out from the WebLogic Server Administration Console.
  13. Close your browser.
  14. Close the SSH connection.

section 5Access the Administration Compute Instance

  1. Return to the top of your stack's apply Job Details page in the Oracle Cloud Infrastructure console.
  2. Under Resources, click Outputs.

    This is another quick way to find the public and private IP addresses created for your domain.

  3. Copy the values of admin_instance_private_ip and bastion_instance_public_ip.
  4. From your computer, open an SSH connection to the administration instance's private IP address by specifying the bastion instance's public IP address as a proxy. Connect as the opc user and provide the path to the private key that corresponds to the public key that you specified when you created the stack.

    The SSH command format is:

    ssh -i path_to_private_key -o ProxyCommand="ssh -W %h:%p –i path_to_private_key opc@bastion_public_ip" opc@admin_private_ip

    For example:

    ssh -i ~/.ssh/mykey.openssh -o ProxyCommand="ssh -W %h:%p -i ~/.ssh/mykey.openssh opc@198.51.100.1" opc@10.0.2.3

    On a Windows platform, you can use Windows PowerShell to run the SSH command.
  5. If prompted, enter the passphrase for the private key.
  6. When connected, you'll see the following:

    [opc@mywlsoke-admin ~]$

  7. Use kubectl to list the pods for your domain.

    Example:

    kubectl get pods -n <domain-namespace>

  8. Disconnect from the administration instance when you no longer need access to it.

section 6Delete the Resources and the Stack (Optional)

  1. Access the administration compute instance.
  2. When connected, you'll see the following:

    [opc@mywlsoke-admin ~]$

  3.  Use the following command to delete the resources:

    /u01/shared/scripts/lcm/delete_resources.sh -p <OCIR Auth Token> -l

    The OCIR repositories created during provisioning and the OCI Load Balancer associated with the internal and external ingress services are deleted.
  4. Click the navigation menu Menu icon, select Resource Manager, and then click Stacks.
  5. Click MyWLStack.
  6. Click Terraform Actions, and then select Destroy.
  7. When prompted for confirmation, click Destroy.
  8. Periodically monitor the progress of the Destroy job until it is finished. Ensure that all resources of the stack are deleted successfully.

    If an email address is associated with your user profile, you will receive an email notification.

  9. Click Delete Stack.

more informationWant to Learn More?