Deploy Oracle SOA Suite on Oracle Kubernetes Engine

In this step, you will provision a Kubernetes cluster on Oracle Kubernetes Engine, with a database for the SOA Suite schemas and a file storage mountpath to store the SOA Suite domain files, and Oracle SOA Suite in Kubernetes.

The following procedures assume you've installed the following:

• Git
• OCI Command Line Interface (CLI)
• Terraform
• Helm 3.x

Accept Terms of Use for the Docker Images

The chart is required to use the Oracle SOA Suite Docker image from the Oracle Container Registry; therefore, you need to accept the Oracle SOA Suite Docker image terms and conditions or it will fail to pull the image from registry.

To accept the terms, do this following:

1. Go to the Oracle Container Registry and search for SOA.
2. Click soasuite.
3. Click to accept the License terms and condition on the right.
4. Fill in your information (if you haven't already).
5. Accept the License.
6. Optionally, if you intend on deploying the database as a container within the kubernetes cluster (optional; not for production), you need to accept the Oracle Database Docker image Terms and Conditions. The Terraform script deploys an Oracle database from the Oracle Cloud Database Cloud Service, so this step is only required if you wish to deploy the database as a container in the Kubernetes cluster.
   1. Search for Database.
   2. Click Enterprise.
   3. Click to accept the License terms and condition on the right.
   4. Fill in your information (if you haven't already).
   5. Accept the License.

Get the Terraform Code

The Terraform code allows you to deploy the necessary infrastructure (Kubernetes cluster, file storage) and deploy the SOA Helm chart and its prerequisites.

To get the Terraform code:

1. Click Github Repository on in the left nav bar of this playbook (https://github.com/oracle-quickstart/oke-soa).
   This will open the Oracle SOA Suite on Kubernetes Github repository.
2. Either click Code and download it as a zip file or use the git command line to, in a local folder of your choice, clone the repository by entering

   git clone https://github.com/oracle-quickstart/oke-soa

3. Get into the code folder by entering:

   cd oke-soa

Gather Required Information

Now, locate and copy the appropriate tenancy and compartment OCIDs.

1. Get the tenancy OCID from the Oracle Cloud Console by clicking your User icon (top right corner) and then Tenancy. Copy the OCID of the tenancy (Tenancy field) and paste it in your environment file.
2. Get your compartment OCID from the Oracle Cloud Console by clicking Identity then Compartments. Navigate to the compartment where you want to deploy the infrastructure and Copy the OCID of that compartment.

Create a terraform.tfvars Configuration File

To run the deployment, you need to create a file named terraform.tfvars and define a few settings in it.

1. Create a file called terraform.tfvars from the template by entering:

   cp terraform.tfvars.template terraform.tfvars

2. Edit the file with the editor of your choice and provide the following values:

   Note:

   Steps 3 through 9 describe the required information for this configuration file. Make sure you enter appropriate values for the credentials required.

   ## Copyright © 2021, Oracle and/or its affiliates. 
   ## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl
   
   tenancy_ocid     = "ocid1.tenancy.oc1..."
   compartment_ocid = "ocid1.compartment.oc1..."
   region           = "us-ashburn-1"
   
   deployment_name = "SOA-k8s"
   soa_domain_name = "mysoa"
   
   # Domain Type must be one of soa, soaess, soaosb, soaessosb
   soa_domain_type = "soaessosb"
   
   ## Things to provision
   
   # VCN, OKE cluster, node_pool(s)
   # if false, the template assumes the cluster is provisioned and that kubectl has access to the cluster.
   provision_cluster = true
   
   # File Storage and mount point export 
   provision_filesystem = true
   provision_export = true
   
   # Database (DBaaS on OCI)
   # If false, a database jdbc_connection URL needs to be provided, and the database needs to be reachable from this VCN
   provision_database = true
   # WebLogic Operator
   provision_weblogic_operator = true
   # Ingress controller
   provision_traefik = true
   provision_secrets = true
   provision_soa = true
   
   ## File storage details
   # If the VCN is not provided by this template, the following variables must be provided
   fss_subnet_id = null
   # If the cluster and VCN are not provided by this template,
   fss_source_cidr = "0.0.0.0/0"
   # File Storage mount target Availability Domain index
   ad_number = 2
   
   ## Credentials
   # Input your Container registry login credentials
   container_registry_email    = ""
   container_registry_password = ""
   
   # Create SOA Suite domain Admin Console credentials
   soa_domain_admin_username = ""
   # Password must contain 1 Upper, 1 number and be at least 8 characters long
   soa_domain_admin_password = ""
   
   # Create Database credentials
   # Password must be 9 to 30 characters and contain at least 2 uppercase, 2 lowercase, 2 special, and 2 numeric characters. 
   # The special characters must be _, #, or -.
   db_sys_password = ""
   
   # Create RCU Schema credentials
   rcu_prefix = "SOA"
   rcu_username = "rcu"
   # Password must be 9 to 30 characters and contain at least 2 uppercase, 2 lowercase, 2 special, and 2 numeric characters. 
   # The special characters must be _, #, or -.
   rcu_password = ""
   
   # If connecting to an external DB, specify the jdbc_connection_url
   # !!! You will need to adjust the security list on your database VCN/subnet to authorize access from the OKE cluster nodes,
   # which may require VCN peering (not provided here)
   jdbc_connection_url = null
   
   # Database information
   database_name        = "SOA"
   database_unique_name = "SOA"
   
   # Kubernetes namespaces
   soa_kubernetes_namespace     = "soans"
   weblogic_operator_namespace  = "opns"
   ingress_controller_namespace = "traefik"
   
   # VCN config
   vcn_cidr = "10.0.0.0/16"
   
   # SSH key to access database and Kubernetes nodes
   ssh_authorized_key = ""
   
   # Cluster config
   oke_cluster = {
   name                                                    = "OKE_Cluster"
   k8s_version                                             = "v1.18.10"
   pods_cidr                                               = "10.1.0.0/16"
   services_cidr                                           = "10.2.0.0/16"
   cluster_options_add_ons_is_kubernetes_dashboard_enabled = true
   cluster_options_add_ons_is_tiller_enabled               = true
   }
   
   # defaults to 1 pool, feel free to add more if needed.
   node_pools = [
   {
       pool_name  = "pool1"
       node_shape = "VM.Standard2.4"
       node_count = 3
       node_labels = {
       "pool_name" = "pool1"
       }
   }
   ]
   
   # Optional parameter,
           requires a vault and key to be created in the account.secrets_encryption_key_ocid = null

3. The default Availability Domain for the File System is set to AD-2 because it is often less used than AD-1. If you are in a single AD region, this might fail, so you need to change the availability domain index by changing the default variable

   ad_number = 2

   to:

   ad_number = 1 

4. Provide valid credentials so you can access the Oracle Container Registry (your account email and password) to pull the images.
5. Provide a username and password compliant with the password requirements for the WebLogic domain; that is, it must include one uppercase letter, one number and be at least eight characters long:

   soa_domain_admin_username = "" 
   soa_domain_admin_password = ""

6. Provide credentials for the SYS user of the database, and the RCU Schema password. Both must container 16 to 30 characters including one uppercase, one number and two special character (for example, #!%).

   db_sys_password = "" 
   rcu_password = ""

7. Add an rcu_prefix. This value must be unique per domain (when deploying multiple domains).
8. Add a domain name. This name must be unique (when deploying multiple domains).
9. Set the ssh_authorized_key with your ssh public key. You can get the output of a previously created public key by entering:

   cat ~/.ssh/id_rsa.pub

10. Save the terraform.tfvars file.

Run the Deployment

With all preliminary work complete, you now run the deployment.

1. Initialize the project:

   terraform init 

2. 2. Optionally, check the plan.To determine what will happen, you can run the plan operation:

   terraform plan 

3. Apply the plan:

   terraform apply

   You will be prompted to enter yes to apply the plan:

    Do you want to perform these actions? 
   Terraform will perform the actions described above. 
   Only 'yes' will be accepted to approve. 
   Enter a value: yes 

   It will take several minutes to provision the resources.

This provisions the Oracle Kubernetes Engine cluster, with:

• A node pool of 3 nodes.
• A database to store Oracle SOA Suite schemas.
• A file storage file system and mount target to store the Oracle SOA Suite domain files.

It also installs the Kubernetes prerequisites for installing Oracle SOA Suite:

• The Oracle WebLogic Kubernetes Operator.
• The Traefik ingress controller.

It creates secrets for the various components of the SOA domain It deploys Oracle SOA on Kubernetes.

Access the Deployment

If Oracle SOA Suite on was successfully deployed on Oracle Kubernetes, you can now access it.

1. Get the public IP of the load balancer created by the ingress controller

   kubectl get services -n traefik

   This should output something like:

   NAME      TYPE           CLUSTER-IP     EXTERNAL-IP      PORT(S)                                          AGE
   traefik   LoadBalancer   10.2.170.178   123.456.789.123  9000:31242/TCP,30305:30305/TCP,30443:30443/TCP   3m

   If it is still pending, wait a few more minutes before checking again.

   Get the EXTERNAL-IP value for the load balancer.

2. Make sure the SOA domain servers are running: If you have not changed the name of the SOA namespace, you can check running pods by entering:

   kubectl get pods -n soans

   You should see:

   NAME                READY   STATUS    RESTARTS   AGE    IP          NODE          NOMINATED NODE   READINESS GATES
   mysoa-adminserver   1/1     Running   0          179m   10.1.1.9    10.0.10.211   <none>           <none>
   mysoa-osb-server1   1/1     Running   0          172m   10.1.1.10   10.0.10.211   <none>           <none>
   mysoa-osb-server2   1/1     Running   0          172m   10.1.1.12   10.0.10.211   <none>           <none>
   mysoa-soa-server1   1/1     Running   0          172m   10.1.1.11   10.0.10.211   <none>           <none>
   mysoa-soa-server2   1/1     Running   0          172m   10.1.0.6    10.0.10.16    <none>           <none>

   Ensure the STATUS is RUNNING and that READY is 1/1 for pods above before checking the URL.
3. With the public IP gathered earlier, browse to http://PUBLIC_IP:30305/console to get to the WebLogic console. If you see the Bad Gateway message, the admin server is not running yet.
4. Log into the console with the soa_domain_username and soa_domain_password you specified in the terraform.tfvars file.
5. Check the /ess endpoint by browsing to http://PUBLIC_IP:30305/ess. The username and password is the same you use for the console.
6. Check the /em endpoint by browsing to http://PUBLIC_IP:30305/em.
7. Check the /soa/composer endpoint by browsing to http://PUBLIC_IP:30305/soa/composer.