Create a Stack

Use Oracle WebLogic Server for OKE to create a stack that includes a basic Oracle WebLogic Server instance with network resources, Kubernetes cluster, compute instances, and private load balancers.

Launch a new stack from Marketplace.

Before you create a stack, ensure that all the prerequisites are completed. See Prerequisites to Create a Stack.

Tutorial

Topics:

• Launch a Stack
• Configure Stack Information
• Configure WebLogic Server on Container Cluster
• Configure Verrazzano
• Configure the Network
• Configure the Container Cluster
• Configure the Administration Instances
• Configure the File System
• Configure the Registry
• Create OCI Policies
• Create the Stack

Launch a Stack

Sign in to Marketplace and specify initial stack information.

1. Sign in to the Oracle Cloud Infrastructure Console.
2. Click the navigation menu and select Marketplace.
3. Select an application that matches the edition of Oracle WebLogic Server that you want to provision.
   • Oracle WebLogic Server Enterprise Edition for OKE BYOL
   • Oracle WebLogic Server Enterprise Edition for OKE UCM
   • Oracle WebLogic Suite for OKE BYOL
   • Oracle WebLogic Suite for OKE UCM
4. Select a required Oracle WebLogic Server for OKE release version to use from the list.
5. Select the compartment in which to create the stack.

   By default the stack compartment is used to contain the compute instances and network resources. If later on you specify a network compartment on the Configure Variables page of the Create Stack wizard, then the compute instances and load balancers are created in the stack compartment that you select here.

6. Select the Oracle Standard Terms and Restrictions check box, and then click Launch Stack.

   The Create Stack wizard is displayed.

Configure Stack Information

Specify the name, description, and tags for the stack.

1. On the Stack Information page of the Create Stack wizard, enter a name for your stack.
2. Enter a description for the stack (optional).
3. Specify one or more tags for your stack (optional).
4. Click Next.

   The Configure Variables page opens.

Configure WebLogic Server on Container Cluster

Specify the parameters needed to configure the WebLogic Server in a Kubernetes cluster.

1. In the WebLogic Server on Container Cluster section of the Configure Variables page, enter the resource name prefix.

   The maximum character length is 16.

   This prefix is used by all the created resources, except load balancers.
2. Enter the SSH public key, by either uploading the SSH key file or copy-pasting the SSH key information.

Configure Verrazzano

Specify the parameters to configure Verrazzano installation based on the Verrazzano profile.

For Verrazzano, when you configure the Container Cluster, Oracle recommends you select VM.Standard.E4.Flex shape with four OCPU count and three nodes for the WebLogic Server node pool. See Configure the Container Cluster for Verrazzano Integration.

Note:

You can configure Verrazzano installation for WebLogic Suite Edition only.

When you enable Verrazzano, the default settings are:

• Free wildcard DNS service nip.io
• Self-signed CA certificate
• Flexible shape with minimum bandwidth size of 10 Mbps and maximum bandwidth of 100 Mbps for Administrative load balancer and Application Load Balancer
• Three master replicas (with 50Gi storage) and two data replicas (with 50Gi storage) for OpenSearch for prod profile, and one master replica (with 50Gi storage) and one data replica (with 50Gi storage) for OpenSearch for dev profile
• 50 Gi persistent volume storage for the components, OpenSearch, Prometheus, Grafana, and Keycloak

To configure Verrazzano:

1. Click Enable Verrazzano.
2. Optional: Enter the Environment Name for the Verrazzano installation.
   If specified, the environment name is displayed in the endpoint access URLs of the installation.

   Examples of endpoint access URL formats:

   http://jenkins.<environment_name>.<internal_lb_ip>.<dns_wildcard_service>/jenkins

   http://verrazzano.<environment_name>.<internal_lb_ip>.<dns_wildcard_service>

   See Access the Jenkins Console and Access the Verrazzano Consoles.
3. Select a profile for the Verrazzano installation. The default value is prod.
   For Verrazzano profiles, see Installation Profiles.
4. To customize the Verrazzano installation, select one or multiple options as required:
   • Click Customize DNS, and under DNS (Domain Name System) Configuration, select one of the DNS type:
     • Select Wildcard, and then select the wildcard DNS service in the Wildcard DNS Type field.
     • Select OCI, and then select the compartment in which you have defined the OCI DNS Service Zone and specify the OCID of the OCI DNS Service Zone.

     If you already provisioned an Oracle WebLogic Server for OKE stack with Verrazzano using the OCI DNS type, and if you create a new Oracle WebLogic Server for OKE stack with Verrazzano using the same environment name as the already provisioned stack, to avoid conflicts with the new records that are added for the OCI DNS instance during provisioning of the new stack, you must either remove the DNS instance records from the DNS zone of the already provisioned stack or use a different environment name in the new stack.

     If you use a private DNS zone, see Add a DNS view to the DNS Resolver.

   • Click Customize Certificates, and under Certificates Configuration, select one of the Certificate Type:
     • Select Verrazzano self-signed CA.
     • Select Custom CA (Certificate Authority) and then specify the OCID of the secret that contains the signing key and OCID of the secret that contains the custom CA certificate.
     • Select LetsEncrypt and specify a valid email address for the LetsEncrypt account and select the LetsEncrypt environment type.

       Note:

       To use LetsEncrypt, you must configure OCI DNS type.
   • Click Customize Administrative Load Balancer, and under Administrative Load Balancer Configuration, do one of the following:
     • Select flexible load balancer shape, and then select a minimum and maximum flexible shape for the private load balancer.

       By default, the minimum bandwidth size is set to 10 Mbps and maximum to 100 Mbps.

     • Select the bandwidth size for the private load balancer shape.
   • Click Customize Application Load Balancer, and under Application Load Balancer Configuration, do one of the following:
     • Select flexible load balancer shape, and then select a minimum and maximum flexible shape for the load balancer.

       By default, the minimum bandwidth size is set to 10 Mbps and maximum to 100 Mbps.

     • Select the bandwidth size for the load balancer shape.

       By default, the Application Load balancer is public. If you want to use a private load balancer to access applications, select Private Application Load Balancer.

   • Click Customize OpenSearch, and under OpenSearch Configuration, select the following based on your configuration:
     • Select the number of master node replicas, ingest node replicas, and data replicas.
     • Select Advanced OpenSearch Configuration and specify the values for the following as a Quantity:
       • Select the memory request amount for master node, ingest node, and data replica.
       • Select the storage request amount.
   • Click Customize Persistent Storage, and under Persistent Volume Configuration, specify the values for the following as a Quantity:
     • Specify the global persistent volume storage.
     • Specify the persistent volume storage for Keycloak.

Add a DNS view to the DNS Resolver

When you configure Verrazzano installation for your Oracle WebLogic Server for OKE stack using a private DNS zone and an existing VCN, you need to configure the DNS resolver of the VCN to use the DNS view of the DNS zone.

1. Sign in to the Oracle Cloud Infrastructure Console.
2. From the navigation menu, click Networking, and then select Virtual Cloud Networks.
3. From the list of Virtual Cloud Networks, click the name of the VCN.
4. On the VCN Information tab, click the name of the DNS Resolver for the VCN.
5. From the Associated Private Views section, click Manage Private Views.
6. In the Private Manage Views window, select the Private View from the compartment where the private view of the private DNS zone is located.

   If a Private View is already associated with the resolver, click Additional Private View to select the private view of the private DNS zone.

7. Click Save Changes.

Configure the Network

Define the Virtual Cloud Network (VCN) and the subnets configuration for the stack.

1. In the Network section of the Configure Variables page, select the Network Compartment in which to create the network resources for this stack.

   If you don't specify a network compartment, then all the network resources and compute instances are created in the stack compartment that you selected earlier upon launching the stack. Select a network compartment if you want the network resources to be in a different compartment than the compute instances.

2. You can either create a new VCN, use an existing VCN but create new subnet resources, or an existing VCN and existing subnets.

   For an existing VCN and existing subnet, you can configure a bastion compute instance to provide access to the WebLogic Server compute instances on a private subnet. However, creating the bastion node on public subnet is optional.

   • To create resources in a new VCN, select Create New VCN from the Virtual Cloud Network Strategy dropdown, and then specify the following:
     • A CIDR for the new VCN
     • A shape for the private load balancer
   • To use an existing VCN but create new subnet resources, select Use Existing VCN from the Virtual Cloud Network Strategy dropdown, then do the following:
     1. From the Existing Network dropdown, select the name of an existing VCN.
     2. Do not select the Use Existing Subnet check box.
     3. Specify public subnet CIDRs for the bastion host and load balancers.
     4. Specify private subnet CIDRs for administration host, file system and mount target (storage) host, Kubernetes cluster and node pool, and Kubernetes cluster and API endpoint.
     5. Enter the Oracle Cloud Identifier (OCID) for an existing NAT gateway or service gateway.
     6. Select a minimum and maximum flexible shape for a private load balancer.

        By default, the minimum bandwidth size is set to 10 Mbps and maximum to 100 Mbps.

        Note:

        You can update the shape to a maximum of 8000 Mbps. Before you select the maximum bandwidth, ensure to check the available service limit for the flexible private load balancer bandwidth.
   • To use an existing VCN and existing subnets with bastion configuration, select Use Existing VCN from the Virtual Cloud Network Strategy dropdown, then do the following:
     1. From the Existing Network dropdown, select the name of an existing VCN.
     2. Select the Use Existing Subnet check box.
     3. Select the Subnet Compartment to use for the existing subnet.

        The subnet compartment is different than the VCN compartment. The subnets for the bastion host, load balancers, Kubernetes cluster and node pool, Kubernetes cluster and API endpoint, administration host, and the file system and mount target host, use this same subnet compartment.

        Note:

        You can specify the subnet compartment only if you're using an existing subnet.
     4. Keep the default selection for Provision Bastion node on Public Subnet check box.
     5. Select the name of an existing public subnet for the bastion host.
     6. Select the names of existing private subnets for the Kubernetes cluster and node pool, Kubernetes cluster and API endpoint, administration host, and the file system and mount target (storage) host.
     7. Select the name of an existing subnet for the load balancer.
     8. Enter the Oracle Cloud Identifier (OCID) for an existing NAT gateway or service gateway.
     9. Select a minimum and maximum flexible shape for a private load balancer.

        By default, the minimum bandwidth size is set to 10 Mbps and maximum to 100 Mbps.

        Note:

        You can update the shape to a maximum of 8000 Mbps. Before you select the maximum bandwidth, ensure to check the available service limit for the flexible private load balancer bandwidth.
   • To use an existing VCN and existing subnets without bastion configuration, select Use Existing VCN from the Virtual Cloud Network Strategy dropdown, then do the following:
     1. From the Existing Network dropdown, select the name of an existing VCN.
     2. Select the Use Existing Subnet check box.
     3. Select the Subnet Compartment to use for the existing subnet.

        The subnet compartment is different than the VCN compartment. The subnets for the bastion host, load balancers, Kubernetes cluster and node pool, Kubernetes cluster and API endpoint, administration host, and the file system and mount target host, use this same subnet compartment.

        Note:

        You can specify the subnet compartment only if you're using an existing subnet.
     4. Deselect the Provision Bastion node on Public Subnet check box.

        Note:

        • It is recommended to deselect the Provision Bastion Node on Public Subnet check box only in network with fast connect setup.
        • In this case, no status is returned for provisioning, then you must check the status of provisioning in the Logs under Application Information of the stack, and view the error or success messages in the /u01/logs/provisioning.log file on the administration instance.
        • To get the internal and external load balancer IP addressesfor accessing the Jenkins Console, WebLogic Console, and the WebLogic Cluster Load Balancer, run the following command:

          kubectl get svc -A

          The private load balancer is listed with the namespace wlsoke-ingress-nginx and name okename-internal.

          The public load balancers are listed with the namespace wlsoke-ingress-nginx and name <domain-name>-lb-external.

     5. Select the names of existing private subnets for the Kubernetes cluster and node pool, Kubernetes cluster and API endpoint, administration host, and the file system and mount target (storage) host.
     6. Select the name of an existing subnet for the load balancer.
     7. Enter the Oracle Cloud Identifier (OCID) for an existing NAT gateway or service gateway.
     8. Select a minimum and maximum flexible shape for a private load balancer.

        By default, the minimum bandwidth size is set to 10 Mbps and maximum to 100 Mbps.

        Note:

        You can update the shape to a maximum of 8000 Mbps. Before you select the maximum bandwidth, ensure to check the available service limit for the flexible private load balancer bandwidth.

Configure the Container Cluster

You can specify the parameters needed to create a container cluster or configure the WebLogic Server domain to use an existing container cluster for an existing VCN and an existing subnet only.

Note:

If you configure Verrazzano installation, then to configure the container cluster, see Configure the Container Cluster with Verrazzano.

• Create a Container Cluster
• Use an Existing Cluster

Create a Container Cluster

1. In the Container Cluster Configuration section of the Configure Variables page, enter a Kubernetes Version to run on the cluster nodes.

   Note:

   The latest Kubernetes version is displayed by default. Check the Kubernetes version that is certified and compatible with WebLogic Server Kubernetes Operator. See Oracle WebLogic Server Kubernetes Operator.

   If you enter a Kubernetes version that is not available, the stack provisioning fails.

2. Select a shape for each node in the Kubernetes cluster node pool, for non-WebLogic node pools.
   If you select a flexible shape, move the slider to specify the OCPU count and amount of memory for the non-WebLogic node pool shape.

   Note:

   By default, for the flexible shape, the OCPU count is 1 and the amount of memory is 1 GB.

   WARNING:

   If you do not select a shape, the stack creation is stuck on the Review page of the Create Stack wizard, or the stack creation fails.
3. Select the number of nodes in the node pool, for non-WebLogic node pools.
4. Specify a CIDR for the pods in the Kubernetes cluster.
5. Select the preferred WebLogic Server node pool shape.
   If you select a flexible shape, move the slider to specify the OCPU count and amount of memory for the WebLogic node pool shape.

   Note:

   By default, for the flexible shape, the OCPU count is 1 and the amount of memory is 1 GB.

   WARNING:

   If you do not select a shape, the stack creation is stuck on the Review page of the Create Stack wizard, or the stack creation fails.
6. Specify the number of nodes required in the WebLogic Server node pool.
7. Specify a CIDR for the Kubernetes services that are exposed.
8. Optional: To encrypt the Kubernetes secrets at rest in etcd by using the master encryption key in the OCI vault service, select Kubernetes Secret Encryption. Then, select the compartment where you have the vault, the vault where you have the key, and the key.
   If you do not select this option, then the standard block storage encryption is used for etcd.

   Caution:

   • If you use Kubernetes Secret Encryption, then ensure that you do not disable or delete the vault key, which you used to encrypt the Kubernetes secrets.
   • If you disable or delete the vault key, you cannot perform any administrative commands on the administration server. like, kubectl get pods -A. The only option is to destroy and recreate the domain.
   • If you disable the vault key, the changes are immediate and you would not be able to access the stack.
   • If you have scheduled the key for deletion, it is in the Pending Deletion state until it is deleted permanently on the scheduled deletion date. You can cancel the key deletion schedule to restore access to the Kubernetes secrets. See Managing Secrets.

Use an Existing Cluster

1. In the Container Cluster Configuration section of the Configure Variables page, select the Use existing cluster check box.
2. Enter the OCID of the existing Kubernetes cluster.

   Ensure that this Kubernetes cluster exists in the compartment that you selected upon launching the stack, and in the specified existing VCN.

   You must not use the same Kubernetes cluster to create multiple Oracle WebLogic Server for OKE instances. If you want to use the cluster for multiple instances, you must delete the resources and the stack. See Delete a Stack.

Configure the Container Cluster with Verrazzano

Specify the parameters needed to create a container cluster if you configured Verrazzano installation.

1. In the Container Cluster Configuration section of the Configure Variables page, enter a Kubernetes Version to run on the cluster nodes.

   Note:

   The latest Kubernetes version is displayed by default. Check the Kubernetes version that is certified and compatible with WebLogic Server Kubernetes Operator. See Oracle WebLogic Server Kubernetes Operator.

   If you enter a Kubernetes version that is not available, the stack provisioning fails.

2. Select the WebLogic Server node pool shape.
   If you select a flexible shape, move the slider to specify the OCPU count and amount of memory for the WebLogic node pool shape.

   Note:

   By default, for the flexible shape, the OCPU count is 1 and the amount of memory is 1 GB.

   Oracle recommends you select VM.Standard.E4.Flex shape with four OCPU counts.

   WARNING:

   If you do not select a shape, the stack creation is stuck on the Review page of the Create Stack wizard, or the stack creation fails.
3. Specify the number of nodes required in the WebLogic Server node pool.

   Note:

   You must select a minimum of three nodes for the selected shape.
4. Specify a CIDR for the pods in the Kubernetes cluster.
5. Specify a CIDR for the Kubernetes services that are exposed.
6. Optional: To encrypt the Kubernetes secrets at rest in etcd by using the master encryption key in the OCI vault service, select Kubernetes Secret Encryption. Then, select the compartment where you have the vault, the vault where you have the key, and the key.
   If you do not select this option, then the standard block storage encryption is used for etcd.

   Caution:

   • If you use Kubernetes Secret Encryption, then ensure that you do not disable or delete the vault key, which you used to encrypt the Kubernetes secrets.
   • If you disable or delete the vault key, you cannot perform any administrative commands on the administration server. like, kubectl get pods -A. The only option is to destroy and recreate the domain.
   • If you disable the vault key, the changes are immediate and you would not be able to access the stack.
   • If you have scheduled the key for deletion, it is in the Pending Deletion state until it is deleted permanently on the scheduled deletion date. You can cancel the key deletion schedule to restore access to the Kubernetes secrets. See Managing Secrets.

Configure the Administration Instances

Specify where you want to create the administration instances and select the shapes to use.

1. In the Administration Instances section of the Configure Variables page, select the availability domain in which to create the bastion and Kubernetes administration compute instances.
2. Select a shape for the Kubernetes administration compute instance.
   If you select a flexible shape, move the slider to specify the OCPU count and amount of memory for the administration compute instance.

   Note:

   By default, for the flexible shape, the OCPU count is 1 and the amount of memory is 1 GB.

   WARNING:

   If you do not select a shape, the stack creation is stuck on the Review page of the Create Stack wizard, or the stack creation fails.
3. Select a shape for the bastion compute instance.
   If you select a flexible shape, move the slider to specify the OCPU count and amount of memory for the bastion compute instance.

   Note:

   By default, for the flexible shape, the OCPU count is 1 and the amount of memory is 1 GB.

   You cannot select a shape for the bastion compute instance if you deselect the Provision Bastion Node check box.

   WARNING:

   If you do not select a shape, the stack creation is stuck on the Review page of the Create Stack wizard, or the stack creation fails.

Configure the File System

Specify where you want to create the shared file system.

1. Select the availability domain where you want to create the shared file system and the mount target.

   Note:

   Shared file system and mount target can be in a different availability domain than the WebLogic instances.
2. Select the compartment for the mount target.

   If you want to use an existing subnet to set up an Oracle WebLogic Server for OKE cluster, you have the option to create the mount target in a compartment different from that of the stack compartment. Similarly, you can also use an existing mount target from a different compartment than that of the stack compartment. If you are provisioning a new subnet, the mount target is created in the stack compartment by default.

3. Optional: If you want to use an existing subnet to provision an Oracle WebLogic Server for OKE cluster, you have the option to select Add Existing Mount Target, and then select an existing mount target from the list of mount targets available for the selected availability domain and compartment. This mount target should be in the same subnet where the new file system is created.

   If you do not select an existing mount target, a new mount target is automatically created for the file system in the chosen compartment for the mount target.

Configure the Registry

Specify the credentials that Oracle WebLogic Server for OKE uses to access container images in the Oracle Cloud Infrastructure Registry (OCIR).

1. In the Registry_Username field, enter a user name that Kubernetes uses to access the image in the registry.

   The registry user name format is tenancy_namespace/<username>. If your tenancy is federated with Oracle Identity Cloud Service, then the registry user name format is tenancy_namespace/oracleidentitycloudservice/<username>.

   You can choose either to include the tenancy_namespace or remove the tenancy_namespace in the user name format. For example, you can either use tenancy_namespace/<username> or <username>.

   Note:

   If you choose to include tenancy_namespace in the user format, ensure that you use the correct namespace for your tenancy.
2. In the Registry_Authentication_Token field, select the compartment where you have the OCI Secret that contains the auth token.
3. In the Validated Secret for OCIR Auth Token field, select the secret that contains the OCIR auth token. To generate an auth token, see Getting an Auth Token in the Oracle Cloud Infrastructure documentation.

For information about how to create a container registry, see Overview of Registry in the Oracle Cloud Infrastructure documentation.

Create OCI Policies

When you create stack, by default the OCI Policies check box is selected and Oracle WebLogic Server for OKE creates a dynamic group and relevant root-level (tenancy) policies for you.

If you are not an administrator, the necessary groups and policies must be in place before you can create a stack.

Before you deselect the check box, ask your administrator to create the required dynamic group and relevant policies, as described in Create a Dynamic Group and Create Policies for the Dynamic Group.

Create the Stack

After you have specified the parameters for your stack, finish creating the stack.

On the Review page of the Create Stack wizard, review the information you have provided, and then click Create. This runs the stack creation job.

The Job Details page of the stack in Resource Manager is displayed. A stack creation job name has the format ormjobyyyymmddnnnnnn. For example, ormjob20200922125850. Periodically monitor the progress of the job until it is finished. If an email address is associated with your user profile, you will receive an email notification.