1. Deploy Oracle WebLogic Server for OKE  using a marketplace stack
  2. Deploy Oracle WebLogic Server for OKE Using a Marketplace Stack

Deploy Oracle WebLogic Server for OKE Using a Marketplace Stack

Quickly deploy an Oracle WebLogic Server domain in a Kubernetes cluster provisioned in Oracle Cloud Infrastructure, with a Jenkins controller configured for CI/CD pipeline jobs to support WebLogic Server life cycle management operations.

Providing Oracle WebLogic Server as a set of applications for Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) through the Oracle Cloud Marketplace makes configuring Oracle WebLogic Server on OKE easy and fast. It generates an Oracle WebLogic Server configuration on OKE in minutes, with a Jenkins controller configured for OKE and continuous integration and continuous delivery (CI/CD) pipeline jobs to support Oracle WebLogic Server life-cycle management operations.

Using Oracle Cloud Marketplace to provision Oracle WebLogic Server for OKE provides the following:

  • A balance between automation, portability, and the ability to customize multiple domains
  • Life-cycle management operations with a CI/CD pipeline using Jenkins
  • Flexible licensing with Universal Credits Model (UCM) or Bring Your Own License (BYOL)

Architecture

Oracle WebLogic Server for Oracle Cloud Infrastructure is fully integrated with the underlying infrastructure. This integration makes it easy to provision a WebLogic cluster, create and configure the required infrastructure, and provide the required services, such as load balancers and file storage.

The architecture uses a region with one availability domain and regional subnets. The same reference architecture can be used in a region with multiple availability domains. We recommend using a regional subnet for your deployment, regardless of the number of availability domains.

When provisioned, this reference architecture includes the following:

  • An Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) cluster deployed in a private subnet with two node pools
  • A file storage service that's shared across pods
  • An administrative host deployed in a private subnet to easily access the following areas:
    • The Oracle Cloud Infrastructure Container Engine for Kubernetes cluster
    • Logs for the Oracle WebLogic Server domain
    • Jenkins home configuration
    • Helper scripts to manage your domain
    • The file storage service
  • A bastion host deployed in a public subnet to access the resources deployed in the private subnet
  • An private load balancer to access the Jenkins console and Oracle WebLogic Server administrative console
  • An public load balancer to access the Oracle WebLogic Server cluster

The following diagram illustrates this reference architecture:


Description of wls-oke-marketplace.png follows
Description of the illustration wls-oke-marketplace.png

This architecture has the following components:

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Availability domain

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Virtual cloud network (VCN) and subnet

    A VCN is a customizable, private network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. You can segment VCNs into subnets, which can be scoped to a region or to an availability domain. Both regional subnets and availability domain-specific subnets can coexist in the same VCN. A subnet can be public or private.

  • Service gateway

    The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.

  • Load balancer

    The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.

  • File storage

    The Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade network file system. You can connect to a File Storage service file system from any bare metal, virtual machine, or container instance in a VCN. You can also access a file system from outside the VCN by using Oracle Cloud Infrastructure FastConnect and IPSec VPN.

  • Container Engine for Kubernetes

    Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. You specify the compute resources that your applications require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing tenancy. Container Engine for Kubernetes uses Kubernetes to automate the deployment, scaling, and management of containerized applications across clusters of hosts.

  • Registry

    Oracle Cloud Infrastructure Registry is an Oracle-managed registry that enables you to simplify your development-to-production workflow. Registry makes it easy for you to store, share, and manage development artifacts, like Docker images. The highly available and scalable architecture of Oracle Cloud Infrastructure ensures that you can deploy and manage your applications reliably.

  • WebLogic domain

    A WebLogic domain is a group of related applications and resources and the configuration information necessary to run them. The domain consists of one administration server and one or more managed servers to host your Java application deployments. Managed server instances can be clustered, non-clustered, or a combination of clustered and non-clustered instances. All clusters in the domain use the same administration server.

  • WebLogic cluster components

    Components in a cluster can take advantage of failover and load balancing options. The following types of objects can be clustered in a Oracle WebLogic Server deployment:

    • Servlets
    • JavaServer Pages (JSPs)
    • Enterprise Java Beans (EJBs)
    • Remote Method Invocation (RMI) objects
    • Java Messaging Service (JMS) destinations
    • Java Database Connectivity (JDBC) connections
  • Oracle WebLogic Server Kubernetes Operator

    The Oracle WebLogic Server for OKE domain includes the open source Oracle WebLogic Server Kubernetes Operator, which has several key features to assist with managing domains in a Kubernetes environment. A WebLogic Server domain is modeled as a custom resource in the Kubernetes configuration file. The operator uses this configuration and the Kubernetes API to automate WebLogic Server operations, such as provisioning, starting or stopping servers, patching, scaling, and security.

  • Jenkins

    Oracle WebLogic Server for OKE uses Jenkins to automate the creation of custom images for your Oracle WebLogic Server domain and to deploy these images to the Kubernetes cluster. Jenkins is an open source automation engine that facilitates a development workflow based on continuous integration and continuous delivery (CI/CD). You create projects that perform a series of steps such as checking out files from a source control system, compiling code, or running a script. Pipelines are a type of project that organizes complex activities into stages, such as building, testing, and deploying applications.

Recommendations

Use the following recommendations as a starting point. Your requirements might differ.

  • VCN

    When you create the VCN, determine how many IP addresses your cloud resources in each subnet require. Using the Classless Inter-Domain Routing (CIDR) notation, specify a subnet mask and a network address range that's large enough for the required IP addresses. Use an address range that's within the standard private IP address space.

    Select an address range that doesn’t overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or in another cloud provider) that you intend to set up private connections to.

    After you create a VCN, you can't change its address range.

    In this architecture, Oracle WebLogic Server for OKE creates a virtual cloud network (VCN) and subnets in Oracle Cloud Infrastructure to support Oracle WebLogic Server, Kubernetes, and the load balancers. But if you want, you can also use an existing VCN and existing subnets. Oracle WebLogic Server for OKE creates private subnets for the administration host compute instance, for the Kubernetes components, and for file storage. It creates public subnets for the public load balancer and the bastion compute instances. We recommend that you follow the same architecture when using existing subnets.

  • Load balancer

    When you create a domain, Oracle WebLogic Server for OKE creates and configures the following load balancers in Oracle Cloud Infrastructure:

    • A public load balancer distributes traffic across the managed servers in your domain
    • A private load balancer provides access to the Oracle WebLogic Server administration console and the Jenkins console

    A load balancer consists of primary and standby instances, but it's accessible from a single IP address. If the primary instance fails, traffic is automatically routed to the standby instance.

    A private load balancer is not assigned a public IP address and can't be accessed from outside Oracle Cloud Infrastructure. You can use the bastion compute instance to get access to the private load balancer for your domain.

    Oracle WebLogic Server for OKE also creates an Nginx ingress controller in the Kubernetes cluster. Nginx is an open source reverse proxy service that controls the flow of traffic to pods within the Kubernetes cluster.

  • WebLogic domain

    During domain creation, the administration compute instance is also used to configure the new Kubernetes cluster and to deploy the pods for the domain. By default, this architecture provisions a clustered domain. You can customize the domain to be non-clustered after provisioning.

    Domains created with Oracle WebLogic Server for OKE don't use the Node Manager. The Oracle WebLogic Server Kubernetes Operator performs server health monitoring and lifecycle operations.

    Oracle WebLogic Server for OKE installs the Helm client on the administration compute instance and uses Helm to install the chart for the Oracle WebLogic Server Kubernetes Operator. Helm is a package manager for Kubernetes that you can use to quickly install and manage Kubernetes applications, tools, and services for a Kubernetes cluster. The applications installed in the Kubernetes cluster using Helm include Jenkins CI, Nginx, and WebLogic Kubernetes Operator.

    Oracle WebLogic Server for OKE installs and configures the operator in the Kubernetes cluster. You can use the operator with kubectl on the administration compute instance.

    Oracle WebLogic Server for OKE uses Jenkins to automate the creation of custom images for your WebLogic Server domain and the deployment of these images to the Kubernetes cluster.

  • Container Engine for Kubernetes

    When you create a domain with Oracle WebLogic Server for OKE, it automatically provisions two node pools: WebLogic node pool and non-WebLogic node pool. By default, each node pool is created with one worker node. However, during provisioning, you can specify the number of worker nodes you want in each node pool.

    The following pods are deployed to the Kubernetes cluster as part of the architecture:

    • WebLogic node pool:
      • A pod running the domain's administration server
      • A pod running each managed server in the domain
      • A pod running the Jenkins agent
    • Non-WebLogic node pool:
      • A pod running the Jenkins controller
      • A pod running an Nginx ingress controller

    When you create a domain, Oracle WebLogic Server for OKE pushes a default image to the registry which is used to provision the pods for your domain. From the administration compute instance, you can update this default image and then apply those changes using Kubernetes.

    Oracle WebLogic Server for OKE provisions the Jenkins primary server on a pod in the Kubernetes cluster. Jenkins is also configured to use the Kubernetes plugin. When you launch or schedule a job, the Jenkins server creates another pod in the Kubernetes cluster, and this agent pod runs the job.

Considerations

Consider the following points when deploying this reference architecture.

  • Storage

    Your domain's files are stored locally within each pod in the Kubernetes cluster, but Oracle WebLogic Server for OKE also uses Oracle Cloud Infrastructure File Storage to support certain administration use cases. Oracle WebLogic Server for OKE exports the file system to a mount target in a specified availability domain, which can be a different availability domain than the one used for the domain's compute instances.

    This architecture creates a basic Oracle WebLogic Server domain configuration, which does not require a database. If you want to build applications with Oracle Application Development Framework (ADF), Oracle WebLogic Server for Oracle Cloud Infrastructure can also be used to create a Java require files (JRF) enabled domain. Consider using an existing Oracle Autonomous Transaction Processing database or Oracle Cloud Infrastructure Database system, which is required to provision a JRF-enabled domain.

  • Security

    Provisioning a domain in Oracle WebLogic Server for OKE requires one or more secrets in Oracle Cloud Infrastructure Vault. Each secret stores only one password. The password is required when you create an Oracle WebLogic Server cluster. This architecture uses a standard vault, which is hosted on a hardware security module (HSM) partition with multiple tenants, and uses a more cost-efficient, key-based metric for billing purposes. A virtual private vault provides greater isolation and performance by allocating a dedicated partition on an HSM. Each type of vault has a separate service limit in your Oracle Cloud Infrastructure tenancy.

  • Manageability

    Oracle WebLogic Server for OKE is accessed as a collection of applications in the Oracle Cloud Marketplace.

    Oracle Cloud Marketplace is an online store that's available in the Oracle Cloud Infrastructure console. When you launch an Oracle WebLogic Server for OKE application from Oracle Cloud Marketplace, it prompts you for basic information and then directs you to Resource Manager to complete the configuration of your Oracle WebLogic Server domain and supporting cloud resources. Resource Manager is an Oracle Cloud Infrastructure service that uses Terraform to provision, update, and destroy a collection of related cloud resources as a single unit called a stack.

    Choose an Oracle WebLogic Server for OKE application that meets your functional and licensing requirements.

  • Cost

    The following is the list of Bring Your Own License (BYOL) and Universal Credits (UCM) editions available for Oracle WebLogic Server for Oracle Cloud Infrastructure Container Engine for Kubernetes with full compatibility with Oracle WebLogic Server on-premises software:

    • Oracle WebLogic Server Enterprise Edition for OKE (UCM)
    • Oracle WebLogic Suite for OKE (UCM)
    • Oracle WebLogic Server Enterprise Edition for OKE (BYOL)
    • Oracle WebLogic Suite for OKE (BYOL)

Deploy

Terraform stacks with different licensing options to deploy this reference architecture are available from Oracle Cloud Marketplace.

To deploy the appropriate stack, see Get Started with Oracle WebLogic Server for Oracle Cloud Infrastructure Container Engine for Kubernetes.

More Information