9 Configuring the BRM Client Services

Learn how to configure Billing Care, Billing Care REST API, Collections Configuration Center, and Business Operations Center to run in your Oracle Communications Billing and Revenue Management (BRM) cloud native environment.

Topics in this document:

About Configuring Your BRM Client Services

Business Operations Center, Billing Care, and Billing Care REST API share a similar image stack.

Figure 9-1 shows the process for deploying Billing Care using WebLogic Operator. The same process is used for the Billing Care REST API. The only difference is the name of the deployer: bcws-domain-deployer.

Figure 9-1 Billing Care Deployment Flow


Description of Figure 9-1 follows
Description of "Figure 9-1 Billing Care Deployment Flow"

Figure 9-2 shows the process for deploying Business Operations Center using WebLogic Operator. It is similar to the Billing Care process.

Figure 9-2 Business Operations Center Deployment Flow


Description of Figure 9-2 follows
Description of "Figure 9-2 Business Operations Center Deployment Flow"

Note:

It is important to wait until the component-domain-deployer process is in the 1/1 Running status before running oc-cn-helm-chart.

You deploy these services by using the following Helm charts:

  • oc-cn-op-job-helm-chart: This chart creates and configures the WebLogic domain, deploys the application, deploys and links the SDK (for Billing Care and Billing Care REST API), and loads the authorization policies.

  • oc-cn-helm-chart: This chart starts the rolling restart of the WebLogic servers and the application update.

  • WebLogic Operator chart: This chart manages the application domain, controlling the service availability when managed server pods are scaled up or down.

Configuring Business Operations Center

Business Operations Center is a web-based client application that you use to run business operations such as billing, invoicing, and payment collections. For more information, see "Using Business Operations Center" in BRM System Administrator's Guide.

To configure Business Operations Center to run in your BRM cloud native environment:

  1. Override the Business Operations Center-specific keys in the values.yaml file for oc-cn-op-job-helm-chart. See "Adding Business Operations Center Keys for oc-cn-op-job-helm-chart".

  2. Override the Business Operations Center-specific keys in the values.yaml file for oc-cn-helm-chart. See "Adding Business Operations Center Keys for oc-cn-helm-chart".

  3. Set up volume mounts. See "About Business Operations Center Volume Mounts".

  4. Create a WebLogic domain and install the Business Operations Center application. See "Creating a WebLogic Domain and Installing the Business Operations Center Application".

  5. Set up SAML for SSO in Business Operations Center. See "Setting Up SSO for Business Operations Center".

  6. Set up local users and groups for Business Operations Center. See "Setting Up Local Users and Groups for Business Operations Center".

  7. Start and stop your WebLogic servers. See "Starting and Stopping WebLogic Servers".

Note:

To set up Business Operations Center, ensure that you successfully complete the installation of oc-cn-op-job-helm-chart before you install or upgrade oc-cn-helm-chart.

Adding Business Operations Center Keys for oc-cn-op-job-helm-chart

Table 9-1 lists the keys that directly impact Business Operations Center. Add these keys to your override-values.yaml file for oc-cn-op-job-helm-chart with the same path hierarchy.

For a complete set of keys to personalize Business Operations Center deployment, see the keys with the path ocboc.boc in the oc-cn-op-job-helm-chart/values.yaml file.

Caution:

Keys with the path ocboc.boc.secretVal hold sensitive data. Handle them carefully with controlled access to the file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 9-1 Keys for oc-cn-op-job-helm-chart

Key Path in Values.yaml file Description

isEnabled

ocboc.boc

Whether to deploy, configure, and start Business Operation Center services.

  • false: Kubernetes resources meant for the Business Operation Center application will not be created.
  • true: Creates the necessary Kubernetes resources for using Business Operation Center. This is the default.

deployment.*

ocboc.boc

The details for deploying the Business Operations Center pod.

configEnv.*

ocboc.boc

  • managedHttpPort: The container port for access to the managed server. The default is 8001.

  • httpPort: The container port for access to the WebLogic domain over HTTP. The default is 7011.

  • serverStartMode: The mode in which to start the server: dev or prod. The default is prod.

  • adminUser: The name of the user who is granted administrator rights to the WebLogic domain. The default is weblogic.

  • dbhost: The host name or IP address for the database server.

  • dbPort: The port number for the database server.

  • dbServiceName: The service name for the database.

  • dbSSLMode: The SSL mode: NO, YES, or ONE_WAY.

  • dbWalletType: The database SSL wallet type, such as SSO.

  • extDBSSLWalletSecret: The name of the external Kubernetes Secret containing the SSL database wallet. See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator’s Guide.

  • rcuSysDBAUser: The database administrator user name.

  • rcuDBARole: The role of the database administrator user.

  • rcuPrefix: The prefix for the OPSS schema. The default is BOC11.

  • rcuCreate: Whether to drop the existing OPSS schema (true) or not (false). The default is true.

  • rcuArgs: The additional arguments for creating the RCU.

  • rcuTablespace: Whether to drop the existing OPSS schema (true) or not (false). The default is true.

  • rcuTempTablespace: The name of an existing temporary tablespace in your database. If left empty, new tablespaces are created with names starting with rcuPrefix.

  • isOPSS: Whether to create an OPSS domain (true) or a non-OPSS domain (false). The default is true.

  • extAccessPolicyCM: The name of the ConfigMap containing the policy file.

  • isLDAPEnabled: Whether to skip creation of the Oracle Unified Directory Authenticator (true) or not (false). The default is true.

  • ldapAdmin: The Distinguished Name to connect to the LDAP server. The default is cn=Directory Manager.

  • ldapHost: The host name or IP address of the LDAP Server (for example, OUD) where users and groups are configured for access to Business Operations Center.

  • ldapPort: The port number on which the LDAP server is listening. The default is 389.

  • ldapGroupBase: The LDAP base DN that contains groups.

  • ldapUserBase: The LDAP base DN that contains users.

  • ldapProviderName: The name of Authentication Provider. The default is OUDAuthenticator.

  • bocSchemaUserName: The Business Operations Center database schema user name. The default is bocdb.

  • bocSchemaBocTablespace: The default tablespace for the Business Operations Center database administrator. The default is boc_default_tbls.

  • bocSchemaTempTablespace: The temp tablespace for the Business Operations Center database administrator. The default is boc_temp_tbls.

  • billingCareUrl: The URL of the Billing Care instance that is used with your BRM Server. Leave this blank if Billing Care isn't installed in your environment.

  • logoutURL: The URL where the user is redirected after logging out from the application. The default is login.html.

  • timeoutWaringDuration: The default is 90.

  • pageSize: The default is 25.

  • refreshInterval: The default is 28800000.

  • connectionTimeout: The default is 16000.

  • dbURL: Used to create the WebLogic data source for connecting to the Business Operations Center schema. This is also the connection string for the database where schemas needed by Oracle Fusion Middleware products are created, especially OPSS. Use one of these formats:

    • DatabaseHost:DatabasePort/ServiceName
    • DatabaseHost:DatabasePort:ServiceID

  • enablePvt: Whether to consider pin_virtual_time when running business operations jobs. The default is true.

  • targetServer: The name of the cluster server. The default is cluster-1.

  • keystoreAlias: The private key alias of the KeyStore.

  • extKeystoreSecret: The names of the pre-created Kubernetes Secrets for the Business Operations Center KeyStore certificates and wallets. See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator’s Guide.

  • keystoreType: The file type of the SSL Identity and Trust store, which is either PKCS12 or JKS. The default is PKCS12.

  • keystoreIdentityFileName: The file name of the Identity KeyStore.

  • keystoreTrustFileName: The file name of the Trust KeyStore.

  • dbSSLMode: The type of connection required to connect to the database: Yes-Two Way, Yes-One Way, or No.

  • dbWalletType: The type of TrustStore and KeyStore file that is used for the SSL connection: SSO or PKCS12.

  • tlsVersions: The list of TLS versions to support for connection with the WebLogic domain. List the version numbers in order, from lowest to highest, separated by a comma. For example: TLSv1.2, TLSv1.3.

  • isSSOEnabled: Whether to enable single sign-on (SSO) for Business Operations Center cloud native services using SAML 2.0 (true) or not (false) The default is false.

  • extMetadataCM: The name of the external ConfigMap containing the IDP metadata file.

  • samlAsserterName: The name of the SAML Asserter. The default is samlBOCAsserter.

  • ssoPublishedSiteURL: The base URL that is used to construct endpoint URLs. This is typically the Load Balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.

  • ssoDefaultURL: The URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.

  • reloadVersion: Update this value with any value different from the current value to force a restart of the deployer. The default is 1.

  • reset: Whether to wipe all previous states and do a fresh setup of the domain. The default is false.

secretVal.*

ocboc.boc

  • adminPassword: The Base64-encoded password for the WebLogic domain's administrative user. This is used for accessing the WebLogic Remote Console for administrative operations.

  • ldapPassword: The Base64-encoded password of the LDAP Server admin user.

  • rcuSysDBAPassword: The Base64-encoded database administrator's password.

  • rcuSchemaPassword: The Base64-encoded password for schemas of Oracle Fusion Middleware products that will be created by RCU, which is used by OPSS.

  • bocSchemaPassword: The Base64-encoded Business Operations Center database schema password.

  • dbWalletPassword: The password for accessing the certificates from the TrustStore and KeyStore.

  • keystoreIdentityPassword: The StorePass for the Identity KeyStore.

  • keystoreKeyPassword: The KeyPass for the Identity KeyStore.

  • keystoreTrustPassword: The StorePass for the Trust KeyStore.

secret.*

ocboc.boc

The details about the Business Operations Center external Kubernetes Secrets.

  • extFMWUserSecret: The name of the external Kubernetes Secret containing the Fusion Middleware user passwords.

  • extSetupSecret: The name of the external Kubernetes Secret containing the set up passwords.

  • extWLSUsersSecret: The name of the external Kubernetes Secret containing the WebLogic Server user passwords.

See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator’s Guide.

wop.*

ocboc.boc

The details for configuration the WebLogic Server.

  • domainUID: The name of the domain. The default is boc-domain.

  • domainRootDir: The location within the container where the domain is created. The default is /shared.

  • totalManagedServers: The number of managed servers in the cluster. The default is 5.

  • initialServerCount: The number of managed servers initially started for the domain. The default is 2.

  • adminChannelPort: The NodePort where the admin-server's HTTP service will be accessible. The default is 30811.

    Note: Set this key only if you want the boc-domain-admin-server-ext service to deploy as NodePort.

  • serverStartPolicy: The WebLogic servers that the Operator starts when it discovers the domain: NEVER, ADMIN_ONLY, or IF_NEEDED. The default is IF_NEEDED.

resources.*

ocboc.boc

The minimum and maximum CPU and memory resources for the cm pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

volume.domain.*

ocbc.boc

Details about the PVC for the domain file system:

  • storage: The storage size of the volume.

  • createOption: By default, the boc pod uses dynamic volume provisioning. To use a static volume instead, you must add the createOption key. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

wlsUserGroups.*

ocboc.boc

The details for setting up the users and groups to the domain's DefaultAuthenticator.

scriptsConfigName

ocboc.boc.extensions

The name of the ConfigMap containing the scripts for running additional steps to configure the domain or application.

nodeSelector

ocboc.boc

The rules for scheduling pods on particular nodes using simple selectors using Node Selector rules.

affinity

ocboc.boc

The rules for scheduling pods on particular nodes using more powerful selectors using affinity rules.

addOnPodSpec

ocboc.boc

The details for extending pod specifications or overriding features. By default, this key is empty. See "About Customizing and Extending Pods" in BRM Cloud Native System Administrator's Guide.

Adding Business Operations Center Keys for oc-cn-helm-chart

Table 9-2 lists the keys that directly impact Business Operations Center. Add these keys to your override-values.yaml file for oc-cn-helm-chart with the same path hierarchy.

For a complete set of keys to personalize Business Operations Center deployment, see the keys with the path ocboc.boc in the oc-cn-helm-chart/values.yaml file.

Caution:

Keys with the path ocboc.boc.secretVal hold sensitive data. Handle them carefully with controlled access to the file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 9-2 Keys for oc-cn-helm-chart

Key Path in Values.yaml file Description

isEnabled

ocboc.boc

Whether to deploy, configure, and start Business Operation Center services.

  • false: Kubernetes resources meant for the Business Operation Center application will not be created.
  • true: Creates the necessary Kubernetes resources for using Business Operation Center. This is the default.

deployment.*

ocboc.boc

The details for deploying the Business Operations Center pod.

configEnv.*

ocboc.boc

The details for configuring Business Operations Center.

  • dbhost: The host name or IP address for the database server.

  • dbPort: The port number for the database server.

  • dbServiceName: The service name for the database.

  • dbSSLMode: The SSL mode: NO, YES, or ONE_WAY.

  • dbWalletType: The database SSL wallet type, such as SSO.

  • extDBSSLWalletSecret: The name of the external Kubernetes Secret containing the SSL database wallet. See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator’s Guide.

  • httpPort: The container's port for accessing the WebLogic domain over HTTP. The default is 7011.

  • isOPSS: Whether to create an OPSS domain (true) or a non-OPSS domain (false). Set this to true for production systems. The default is true.

  • keystoreAlias: The private key alias for the KeyStore.

  • extKeystoreSecret: The name of the external Kubernetes Secret containing Identity and Trust KeyStore files. See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator’s Guide.

  • keystoreType: The file type of the SSL Identity and Trust KeyStore: PKCS12 or JKS. The default is PKCS12.

  • runUpgrade: Whether to run the database schema upgrade. The default is false.

infranet.*

ocboc.boc

The details for configuring Business Operations Center.

  • user.login: The user name of the service with permission to access BRM, such as boc_client.0.0.0.1.

  • user.serviceType: The POID type of the service that has permission to access BRM. The default is /service/admin_client.

  • user.serviceID: The POID ID of the service that has permission to access BRM. The default is 415.

  • connectionpool.minSize: The minimum number of connections allowed in the pool. The default is 25.

  • connectionpool.maxSize: The maximum number of connections allowed in the pool. The default is 50.

  • loglevel: The log level for the Infranet.properties file. The default is 3.

  • addOnProperties: This field is empty by default. You can use this key to specify custom Infranet.properties values.

secretVal.*

ocboc.boc

The password details.

  • walletPassword: The Business Operations Center wallet password. This value must be Base64-encoded.

  • keystoreTrustPassword: The StorePass of the Trust Keystore, which is used for setting up the SSL-enabled domain. This value must be Base64-encoded.

secret.*

ocboc.boc

The details about the Business Operations Center external Kubernetes Secrets.

  • extAppSecret: The name of the external Kubernetes Secret containing the application passwords.

  • extFMWUserSecret: The name of the external Kubernetes Secret containing the Fusion Middleware user passwords.

  • extSetupSecret: The name of the external Kubernetes Secret containing the set up passwords.

See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator’s Guide.

wop.*

ocboc.boc

The details for configuration the WebLogic Server.

  • domainUID: The name of the domain. The default is boc-domain.

  • domainRootDir: The location within the container where the domain is created. The default is /shared.

  • totalManagedServers: The number of managed servers in the cluster. The default is 5.

  • initialServerCount: The number of managed servers initially started for the domain. The default is 2.

  • adminChannelPort: The NodePort where the admin-server's http service will be accessible. The default is empty.

    Note: Set this key only if you want the boc-domain-admin-server-ext service to deploy as NodePort.

  • serverStartPolicy: The WebLogic servers that the Operator starts when it discovers the domain: NEVER, ADMIN_ONLY, or IF_NEEDED. The default is IF_NEEDED.

  • restartVersion: Whether to force a rolling restart of all server pods. To force the restart, set it to any value other than 1. The default is 1.

  • introspectVersion: Whether to force a domain introspection. To do so, set it to any value other than 1. The default is 1.

monitoring.*

ocboc.boc

The details for monitoring and autoscaling Business Operations Center. By default, monitoring is disabled.

See "Monitoring and Autoscaling Business Operations Center Cloud Native" in BRM Cloud Native System Administrator's Guide.

scriptsConfigName

ocboc.boc.extensions

The name of the ConfigMap containing the scripts for running additional steps to configure the domain or application.

resources.*

ocboc.boc

The minimum and maximum CPU and memory resources for the cm pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

nodeSelector

ocboc.boc

The rules for scheduling pods on particular nodes using simple selectors using Node Selector rules.

affinity

ocboc.boc

The rules for scheduling pods on particular nodes using more powerful selectors using affinity rules.

addOnPodSpec

ocboc.boc

The details for extending pod specifications or overriding features. By default, this key is empty. See "About Customizing and Extending Pods" in BRM Cloud Native System Administrator's Guide.

Updating Infranet.properties for Business Operations Center

The Infranet.properties file entries are located in the values.yaml file. This makes it easier to update them.

Following is a sample configuration block (located in the ocboc.boc path in oc-cn-helm-chart) for the Infranet.properties entries: 

infranet:
    user:
        login: 'boc_client.0.0.0.1'
        serviceType: '/service/admin_client'
        serviceId: 2
    connectionpool:
        minSize: 25
        maxSize: 50
    logLevel: 3
    addOnProperties: ""

If you have custom properties, they should be defined here using the addOnProperties key. For example: 

addOnProperties: |-
    infranet.connectionpool.timeout=90000
    infranet.pcp.debug.flags=0x3FFF
    infranet.pcp.debug.enabled=true

To update these properties, update the values in oc-cn-helm-chart and change the value of ocboc.boc.wop.restartVersion in oc-cn-helm-chart to any new value. This will force a pod restart and the new values will be used.

Adding Custom Configuration to Deployment Workflow for Business Operations Center

You can provide additional configuration to be applied at particular checkpoints in the Business Operations Center deployment workflow. These checkpoints are:

  • ext_deployer_pre_exit: Called after the standard configuration in deployer.sh in oc-cn-op-job-helm-chart
  • ext_init_app_pre_exit: Called after the standard configuration in the init-app initContainer container in both oc-cn-op-job-helm-chart and oc-cn-helm-chart
  • ext_init_config_pre_exit: Called after the standard configuration in the init-config initContainer container in both oc-cn-op-job-helm-chart and oc-cn-helm-chart
  • ext_init_upgrade_pre_exit: Called after the standard configuration in the upgrade container

Create a ConfigMap with your configuration scripts, including a shell script named run_hooks.sh that calls your other scripts. For example: 

apiVersion: v1
kind: ConfigMap
metadata:
  name: ext-scripts
data:
  run_hooks.sh: |+
    #!/bin/bash
    echo "executing extension for: $@"
    CURRENT_CHECKPOINT=$1
    if [ "$CURRENT_CHECKPOINT" == "ext_deployer_pre_exit" ] ; then
      sh my_deployer_extension.sh
    fi
  my_deployer_extension.sh: |+
    #!/bin/bash
    echo "executing my_deployer_extension"
...

Specify the name of your ConfigMap in the ocboc.boc.extensions.scriptsConfigName key in the override-values.yaml file for oc-cn-op-job-helm-chart.

About Business Operations Center Volume Mounts

The Business Operations Center container requires Kubernetes volume mounts for sharing the domain and application file system between the WebLogic Cluster servers. Business Operations Center requires a volume for the domain. By default, this is created dynamically, using the provisioner defined in BRM, in the storage-class key in oc-cn-op-job-helm-chart.

To change the volume type or provider, modify the ocboc.boc.volume.domain.createOption key in the override-values.yaml file for oc-cn-op-job-helm-chart.

Creating a WebLogic Domain and Installing the Business Operations Center Application

The WebLogic domain is created by a Kubernetes Deployment when oc-cn-op-job-helm-chart is installed. The same job also installs the Business Operations Center application and deploys the application WAR file onto the WebLogic Cluster.

The oc-cn-op-job-helm-chart chart also:

  • Creates a Kubernetes ConfigMap and Secrets, which are used throughout the life-cycle of the WebLogic domain.

  • Initializes the PersistentVolumeClaim for the domain and application file system as well as third-party libraries.

Note:

The override-values.yaml file that you use for this chart must include BRM override values.

After you install oc-cn-op-job-helm-chart, wait until the Kubernetes deployment has reached the 1/1 Running status. Then, you can install or upgrade oc-cn-helm-chart for Business Operations Center services.

After the deployment is running, don't delete the chart. Its resources will be used for starting and stopping the servers through oc-cn-helm-chart.

Setting Up SSO for Business Operations Center

SSO allows users to log in to applications using a single user name and password combination. You set up SSO for Business Operations Center cloud native services by using SAML 2.0.

To set up SSO for Business Operations Center:

  1. Export the SAML 2.0 metadata XML file from your identity and access management (IAM) system.

    For example, if you are using Oracle Access Management, you can export the file by following the instructions in "Exporting Metadata" in Oracle Fusion Middleware Administering Oracle Access Management.

  2. Add the metadata XML file to your BRM cloud native deployment by doing one of the following:

    • Rename the metadata XML file to metadata.xml, and then move metadata.xml to the oc-cn-op-job-helm-chart/boc/idp directory. In this case, you must leave the ocboc.boc.configEnv.extMetadataCM key for oc-cn-op-job-helm-chart empty.

    • Pre-create the IDP metadata ConfigMap for Business Operations Center and set the ocboc.boc.configEnv.extMetadataCM key in your override-values.yaml file for oc-cn-op-job-helm-chart.

      For more information, see "Managing Wallet and KeyStore Certificates" in BRM Cloud Native System Administrator's Guide.

  3. Configure the KeyStores needed by SAML by doing one of the following:

    • Generate the Identity and Trust KeyStores and then move your files, such as identity.p12 and trust.p12, under the oc-cn-op-job-helm-chart/boc/keystore directory. In this case, you must leave the ocboc.boc.configEnv.extKeystoreSecret key for oc-cn-op-job-helm-chart empty.

    • Pre-create the Kubernetes Secret for the Identity and Trust KeyStore files and set the ocboc.boc.configEnv.extKeystoreSecret key in your override-values.yaml file for both oc-cn-op-job-helm-chart and oc-cn-helm-chart.

      For more information, see "Managing Wallet and KeyStore Certificates" in BRM Cloud Native System Administrator's Guide.

  4. In your override-values.yaml file for oc-cn-op-job-helm-chart, set the following keys:

    • ocboc.boc.configEnv.isSSOEnabled: Set this to true.

    • ocboc.boc.configEnv.keystoreAlias: Set this to the private key alias of the KeyStore.

    • ocboc.boc.configEnv.keystoreType: Set this to the file type of the SSL Identity and Trust store, which is either PKCS12 or JKS. The default is PKCS12.

    • ocboc.boc.configEnv.keystoreIdentityFileName: Set this to the name of the Identity KeyStore file.

    • ocboc.boc.configEnv.keystoreTrustFileName: Set this to the name of the Trust KeyStore file.

    • ocboc.boc.configEnv.samlAsserterName: Set this to the name of the SAML Asserter. The default is samlBOCAsserter.

    • ocboc.boc.configEnv.ssoPublishedSiteURL: Set this to the base URL that is used to construct endpoint URLs. This is typically the load balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.

    • ocboc.boc.configEnv.ssoDefaultURL: Set this to the URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.

    • ocboc.boc.secretVal.keystoreIdentityPassword: Set this to the StorePass for the Identity KeyStore.

    • ocboc.boc.secretVal.keystoreKeyPassword: Set this to the KeyPass for the Identity KeyStore.

    • ocboc.boc.secretVal.keystoreTrustPassword: Set this to the StorePass for the Trust KeyStore.

  5. Configure your load balancer's rules to send responses to the Business Operations Center WebLogic domain with /saml2 appended to the URL path.

    Note:

    Add this rule to your existing load balancer rules for routing responses to Business Operations Center (/opsdashboard), the host name, and so on.

    See "Installing an Ingress Controller".

  6. Deploy your Business Operations Center cloud native services by following the instructions in "Deploying BRM Cloud Native Services".

  7. After Business Operations Center is deployed, retrieve the sp-metadata-admin-server.xml file from the /shared/domains/domainUID directory in your container, where domainUID is the name of your Business Operations Center domain specified in the ocboc.boc.wop.domainUID key.

    The XML file configures the Web SSO Provider Partner. It contains the partner's KeyStore certificates, SAML assertion details, and the URLs where the SAML Identity Provider redirects to provide access to Business Operations Center.

  8. Create a profile for your identity provider partner by loading the sp-metadata-admin-server.xml file into your IAM system.

    For example, if you are using Oracle Access Management, you can load the file by following the instructions in "Creating Remote Identity Provider Partners" in Oracle Fusion Middleware Administering Oracle Access Management.

Setting Up Local Users and Groups for Business Operations Center

You have the option to customize the values for oc-cn-op-job-helm-chart to create users and groups locally in Oracle WebLogic Server. This would be especially useful for test environments where you might not have Identity Providers or LDAPs available. The groups for the admin user for WebLogic Server cannot be modified using this procedure.

Any passwords must be encoded using Base64. You can leave the password blank, but then the user will not be able to log in to the application directly.

To set up local users and groups for Billing Care, define the keys under ocboc.boc.wlsUserGroups in the override-values.yaml file for oc-cn-op-job-helm-chart. For example: 

ocboc:
    boc:
        wlsUserGroups:
            groups:
            -   name: "GroupA"
                description: "GroupA Description"
            -   name: "GroupB"
                description: "GroupB Description"
            users:
            -   name: csr1
                description: "csr1 description"
                password: "Base64_password"
                groups:
                -   "GroupA"
                -   "GroupB"
            -   name: csr2
                description: "csr2 description"
                password: "Base64_password"
                groups:
                -   "GroupB"

Starting and Stopping WebLogic Servers

When you install oc-cn-op-job-helm-chart, the default configuration sets up a WebLogic Cluster with five Managed Servers. When you install or upgrade oc-cn-helm-chart for the Business Operations Center service, two of the managed servers and one Admin Server are started.

By modifying the override-values.yaml file for oc-cn-helm-chart, you can control:

  • The total number of Managed Servers and the initial server start up by using the totalManagedServers and initialServerCount keys.

  • Whether the servers are started or stopped by using the serverStartPolicy key. To start the Admin Servers and the Managed Servers in a Cluster, set the key to IF_NEEDED. To stop all servers, set the key to NEVER.

Note:

The keys in the override-values.yaml file should be the same as the ones used in oc-cn-op-job-helm-chart for keys that are common in both charts.

Before installing or upgrading oc-cn-helm-chart for Business Operations Center, ensure that the brm_apps values are configured correctly. If there is a change in any brm_apps values, use serverStartPolicy to restart and have the changes take effect.

After you modify the override-values.yaml file, update the Helm release for the changes to take effect: 

helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile --namespace BrmNameSpace

where:

  • BrmReleaseName is the release name for oc-cn-helm-chart and is used to track this installation instance.

  • BrmNameSpace is the namespace in which to create BRM Kubernetes objects for the BRM Helm chart.

  • OverrideValuesFile is the path to a YAML file that overrides the default configurations in the values.yaml file for oc-cn-helm-chart.

Adding Authorization for a Custom Job Resource

To grant user access to a custom job resource in Business Operations Center:

  1. Add the following entry in oc-cn-op-job-helm-chart/templates/configmap_boc_domain_properties.yaml: 

    bocauth-config.properties: | 
                            JOB_BOC_ADMIN_HAS_ACCESS_TO_RESOURCE = category_customName_resource 
                            ACTIONS_GRANTED_FOR_category_customName_resource = View,Create,Modify,Delete,Timeline,History

    where customName is the name of the custom category that has been created or is yet to be created, displayed in Business Operations Center.

Configuring Collections Configuration Center

Collections Configuration Center is a web-based client application that collections agents use to manage overdue balances from your customers. For more information about using Collections Configuration Center, see Collections Configuration Center Online Help.

To configure Collections Configuration Center to run in your BRM cloud native environment, override the Collections Configuration Center-specific keys from the values.yaml file for oc-cn-helm-chart. See "Adding Billing Care Keys for oc-cn-helm-chart".

Adding Collections Configuration Center Keys for oc-cn-helm-chart

Table 9-3 lists a few important keys that directly impact Collections Configuration Center. Add these keys to your override-values.yaml file for oc-cn-helm-chart with the same path hierarchy.

For the complete set of keys to personalize your Collections Configuration Center deployment, see the keys with the path occcc.ccc in the oc-cn-helm-chart/values.yaml file.

Caution:

Keys with the path occcc.ccc.secretVal hold sensitive data. Handle them carefully with controlled access to the override file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 9-3 Keys for oc-cn-helm-chart

Key Path in values.yaml File Description

isEnabled

occcc.ccc

Whether to deploy, configure, and start Collections Configuration Center services (true) or not (false). The default is true.

deployment.*

occcc.ccc

The details about the Collections Configuration Center application image.

  • deadlineSeconds: The maximum time, in seconds, for a deployment to make progress before it is considered failed. The default is 1200.

  • revisionHistLimit: The maximum number of old ReplicaSets for this deployment to retain. The remaining is garbage-collected in the background. The default is 10.

  • imageName: The name of the Collections Configuration Center image, such as oracle/brm-collections-configuration-center.

  • imageTag: The tag associated with the image. This is generally the release number prefixed with a colon (:). For example, :15.2.0.0.0.

  • imagePullPolicy: When to pull images: only when one is not present locally (IfNotPresent) or always (Always). The default is IfNotPresent.

  • volMntKeyStore.*: The name and path of the volume mount containing the Collections Configuration Center KeyStore certificate.

  • volMntAppExternalProperties.*: The name and path of the volume mount containing the application's external properties.

  • volMntSecretEnv.*: The name and path of the volume mount that holds all passwords as a Secret.

  • volMntLogs.*: The name and path of the volume mount where the log files are mounted.

probe.ready.*

occcc.ccc.deployment

The configuration for the readiness probe.

  • delayInSec: The duration, in seconds, to wait before performing the first readiness probe. The default is 200.

  • intervalInSec: How often, in seconds, to perform the readiness probe. The default is 10.

  • maxAttempts: The maximum number of consecutive failures before the probe is considered failed. The default is 100.

configEnv.*

occcc.ccc

The configuration details for the Collections Configuration Center.

  • name: The name of this ConfigMap. The default is brm-collections-configuration-center-env-configmap.

  • httpPort: The container's port for accessing the application over HTTP. The default is 32000.

  • httpsPort: The container's port for accessing the application over HTTPS. The default is 32001.

  • adminPort: The administration port for health, metrics, and other administration-related activities. The default is 32080.

  • tlsVersions: The list of TLS versions to support for connection with the WebLogic domain. List the version numbers in order, from lowest to highest, separated by a comma. For example: TLSv1.2, TLSv1.3.

  • cccCertificateFileName: The SSL certificate file name for Collections Configuration Center.

  • trustStoreFileName: This is the optional file name for the TrustStore. Set this key if the default Java TrustStore needs to be overridden.

  • baseURL: The base URL with resource details to return in the response of Collections Configuration Center requests.

  • rsmURL: The REST Service Manager connection properties where all Collections Configuration Center APIs are running.

  • restartVersion: The type of TrustStore and KeyStore file that is used for the SSL connection: SSO or PKCS12.

  • securityEnabled: The flag to indicate if token-based authentication is enabled for Collections Configuration Center (true) or not (false). The default is true.

  • logLevel: The logging level. The default is INFO.

  • helidonSecurityLogLevel: The Helidon security log level. The default is INFO.

  • helidonWebServerLogLevel: The Helidon Web Server log level. The default is INFO.

  • helidonConfigLogLevel: The Helidon configuration log level. The default is INFO.

  • helidonCommonLogLevel: The Helidon common log level. The default is INFO.

  • auditLogLevel: The audit log level. The default is INFO.

configEnv.oidc

occcc.ccc

The Identity Provider (IdP) authentication details.

  • identity-uri: The URI of the Identity Server, used as the base URL to retrieve metadata from the Identity Server.

  • client-id: The client ID generated by the Identity Server, used to validate the token.

  • scope-audience: The audience for the scope required by this application. This is prefixed to the scope name when requesting scopes from the Identity Server.

  • audience: The secondary audience configured in the IdP. If no secondary audience is configured, use the primary audience, which is the same as the scope-audience.

  • header-use: Whether the application extracts user identity information (such as user ID, email, or roles) from HTTP headers passed by IDCS. The default is true.

  • frontend-uri: The URI that is used to access the user-facing part of an application or website.

  • server-type: The IDCS integration mode or deployment environment used to validate and authenticate IDCS tokens. The default is idcs.

  • logout-enabled: Whether logging out of the application also logs the user out of IDCS. When set to true, the application redirects users to the IDCS logout endpoint, terminating their IDCS session. The default is true.

  • post-logout-uri: The URI that the client is redirected to post log out. If you define just a path, the host is taken from the header. The default is /web/index.html.

  • logout-uri: The URI that the client is redirected to at log out. If you define just a path, the host is taken from the header. The default is /oauth2/v1/userlogout.

  • redirect: Whether to redirect to the login page (and the token can be received either through a cookie or a header). The default is true.

  • redirect-uri: The endpoint URI where to redirect logins. The default is /oidc/redirect.

  • cookie-http-only: Whether the server reveals cookie information. The default is true.

  • cookie-same-site: The level of control when a browser sends cookies with cross-site requests to help prevent Cross-Site Request Forgery (CSRF) attacks: STRICT, LAX, or NONE. The default is LAX.

  • access-token-ip-check: Whether to verify an access token against an IP address for security purposes. The default is false.

  • cookie-encryption-enabled: Whether to encrypt cookies to protect them from being read or changed by third parties. The default is false.

secretKeyStore.extKeystoreSecret

occcc.ccc

The names of the pre-created Kubernetes Secrets for the Collections Configuration Center KeyStore certificates and wallets.

See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator’s Guide.

secretVal.*

occcc.ccc

The credentials for accessing the system.

  • name: The name of the Kubernetes Secret that copies certificates to the container. The default is brm-collections-configuration-center-env-secret.

  • cccCertificatePassword: The Base64-encoded certificate password for Collections Configuration Center.

  • trustStorePassword: This is the optional file name for the TrustStore. Set this key if the default Java TrustStore needs to be overridden.

  • clientSecret: The Base64-encoded IDCS client secret.

hpa.*

occcc.ccc

The details for scaling up or down the number of pod replicas in your deployment based on a pod's CPU or memory utilization. By default, the Horizontal Pod Autoscaler is disabled.

See "Setting Up Autoscaling of BRM Pods" in BRM Cloud Native System Administrator's Guide.

service.*

occcc.ccc

The brm-collections-configuration-center-service service's details.

  • name: The name of the service: brm-collections-configuration-center-service.

  • type: The service type. The default is ClusterIP.

Configuring Billing Care

Billing Care is a web-based client application that CSRs use to manage billing, payments, and accounts receivable for your customers. For more information about using Billing Care, see Billing Care Online Help.

To configure Billing Care to run in your BRM cloud native environment:

  1. Override the Billing Care-specific keys from the values.yaml file for oc-cn-op-job-helm-chart. See "Adding Billing Care Keys for oc-cn-op-job-helm-chart".

  2. Override the Billing Care-specific keys from the values.yaml file for oc-cn-helm-chart. See "Adding Billing Care Keys for oc-cn-helm-chart".

  3. Set up volume mounts for Billing Care. See "About Billing Care Volume Mounts".

  4. Create a WebLogic domain and install Billing Care. See "Creating a WebLogic Domain and Installing the Billing Care Application".

  5. Set up SAML for SSO in Billing Care. See "Setting Up SSO for Billing Care".

  6. Set up local users and groups for Billing Care. See "Setting Up Local Users and Groups for Billing Care".

  7. Start and stop your WebLogic servers. See "Starting and Stopping WebLogic Servers".

Note:

To set up Billing Care, ensure that you successfully complete the installation of oc-cn-op-job-helm-chart before you install or upgrade oc-cn-helm-chart.

Adding Billing Care Keys for oc-cn-op-job-helm-chart

Table 9-4 lists a few important keys that directly impact Billing Care. Add these keys to your override-values.yaml file for oc-cn-op-job-helm-chart with the same path hierarchy.

For the complete set of keys to personalize your Billing Care deployment, see the keys with the path ocbc.bc in the oc-cn-op-job-helm-chart/values.yaml file.

Caution:

Keys with the path ocbc.bc.secretVal hold sensitive data. Handle them carefully with controlled access to the override file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 9-4 Keys for oc-cn-op-job-helm-chart

Key Path in values.yaml File Description

isEnabled

ocbc.bc

Whether to deploy, configure, and start Billing Care services (true) or not (false). The default is true.

deployment.app.*

ocbc.bc

The details about the Billing Care application image.

  • imageName: The name of the Billing Care image, such as oracle/billingcare.

  • imageTag: The tag associated with the image. This is generally the release number prefixed with a colon (:). For example, :15.2.0.0.0.

  • imagePullPolicy: When to pull images: only when one is not present locally (IfNotPresent) or always (Always). The default is IfNotPresent.

deployment.fmw.*

ocbc.bc

The details about the Fusion Middleware Infrastructure image.

  • imageRepository: The name of the repository from where the Fusion Middleware Infrastructure image is pulled. The default is container-registry.oracle.com/.

  • imageName: The name of the Fusion Middleware Infrastructure image, such as middleware/fmw-infrastructure.

  • imageTag: The tag associated with the image. For example: :14.1.2.0-jdk21-ol9.

  • imagePullPolicy: When to pull images: only when one is not present locally (IfNotPresent) or always (Always). The default is IfNotPresent.

deployment.sdk.*

ocbc.bc

The details about the Billing Care SDK image.

  • imageName: The name of the Billing Care SDK image.

  • imageTag: The tag associated with the image.

  • imagePullPolicy: When to pull images: only when one is not present locally (IfNotPresent) or always (Always). The default is IfNotPresent.

sdk.*

ocbc.bc

The details for deploying the Billing Care SDK.

  • isEnabled: Whether to deploy your SDK customizations for overriding application behavior (true) or not (false). The default is false.

  • deployName: The name of the Billing Care SDK to appear in the deployment list.

configEnv.*

odbc.bc

The details about the Managed Server.

  • managedHttpPort: The container's port for access to the Managed Server. The default is 8001.

  • httpPort: The container's port for access to the WebLogic Domain over HTTP. The default is 7011.

  • serverStartMode: The mode to use when starting the server: development mode (dev) or production mode (prod). The default is prod.

  • adminUser: The user who will be granted administrator rights to the WebLogic Domain.

  • dbSSLMode: The type of connection required to connect to the database: one-way SSL authentication (ONE_WAY) or SSL authentication is not required (no).

  • dbWalletType: The type of TrustStore and KeyStore file that is used for the SSL connection: SSO or PKCS12.

  • extDBSSLWalletSecret: The names of the pre-created Kubernetes Secrets for the Billing Care KeyStore certificate file. See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator's Guide.

RCU Schema

ocbc.bc.configEnv

The details about the RCU schema.

  • rcuJdbcURL: The connection string for the database where schemas needed by Oracle Fusion Middleware products will be created, especially OPSS.

  • rcuSysDBAUser: The database administrator user name.

  • rcuDBARole: The role of the database administrator user.

  • rcuPrefix: The prefix for the OPSS schema. The default is BC01.

  • rcuRecreate: Whether to drop the existing OPSS schema (true) or not (false). The default is true.

  • rcuTablespace: The name of an existing tablespace in your database. If left empty, new tablespaces are created with names starting with rcuPrefix.

  • rcuTempTablespace: The name of an existing temporary tablespace in your database. If left empty, new tablespaces are created with names starting with rcuPrefix.

  • isOPSS: Whether to create an OPSS domain (true) or a non-OPSS domain (false). The default is true.

  • extAccessPolicyCM: The name of the ConfigMap containing the policy file.

LDAP Server

ocbc.bc.configEnv

The details about the LDAP Server.

  • isLDAPEnabled: Whether to skip creation of the Oracle Unified Directory Authenticator (true) or not (false). The default is true.

  • ldapAdmin: The Distinguished Name to connect to the LDAP server.

  • ldapHost: The host name or IP address of the LDAP Server (for example, OUD) where users and groups will be configured for access to Billing Care.

  • ldapPort: The port number on which the LDAP server is listening.

  • ldapGroupBase: The LDAP base DN that contains groups.

  • ldapUserBase: The LDAP base DN that contains users.

  • ldapProviderName: The name of Authentication Provider.

  • targetServer: The server in the WebLogic domain where the application must be deployed.

KeyStore Certificates

ocbc.bc.configEnv

The details about the KeyStore certificates for Billing Care.

  • keystoreAlias: The private key alias of the KeyStore.

  • extKeystoreSecret: The name of the pre-created external Secret containing the Identity and Trust KeyStore certificate file. See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator's Guide.

  • keystoreType: The file type of the SSL Identity and TrustStore certificate, which is either PKCS12 or JKS. The default is PKCS12.

  • keystoreIdentityFileName: The file name of the Identity KeyStore certificate file.

  • keystoreTrustFileName: The file name of the TrustStore certificate file.

Secure Connections

ocbc.bc.configEnv

The details for secure connections.

  • tlsVersions: The list of TLS versions to support for connection with the WebLogic domain. List the version numbers in order, from lowest to highest, separated by a comma. For example: TLSv1.2, TLSv1.3.

  • isSSOEnabled: Whether to enable single sign-on (SSO) for Billing Care cloud native services through SAML 2.0 (true) or SSO is disabled (false). The default is false.

  • extMetadataCM: The name of the ConfigMap containing the IDP metadata file.

  • samlAsserterName: The name of the SAML Asserter. The default is samlBCAsserter.

  • ssoPublishedSiteURL: The base URL that is used to construct endpoint URLs. This is typically the Load Balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.

  • ssoDefaultURL: The URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.

  • reloadVersion: Set this to any value different from the current value to force a restart of the deployer. The default is 1.

  • reset: Whether to wipe all previous states and do a fresh setup of the domain (true) or not (false). The default is false.

    When set to true, you must change the introspectVersion key in the oc-cn-helm-chart must after upgrading oc-cn-op-job-helm-chart.

secretValue.*

ocbc.bc

The credentials for accessing the system.

  • adminPassword: The password of the WebLogic domain's administrative user, which is used for accessing the WebLogic Console for administrative operations.

  • ldapPassword: The password of the LDAP Server admin user.

  • rcuSysDBAPassword: The password for the rcuJdbcURL database administrator.

  • rcuSchemaPassword: The passwords for the schemas of Oracle Fusion Middleware products that will be created by RCU, which is used by OPSS.

  • dbWalletPassword: The password for accessing the certificates from the TrustStore and KeyStore.

  • keystoreIdentityPassword: The StorePass for the Identity KeyStore.

  • keystoreKeyPassword: The KeyPass for the Identity KeyStore.

  • keystoreTrustPassword: The StorePass for the Trust KeyStore.

wop.*

ocbc.bc

The details about the WebLogic Domain.

  • domainUID: The name of the domain, which is used as a prefix to tag related objects. The default is billingcare-domain.

  • domainRootDir: The location within the container where the domain is created. The default is /shared.

  • totalManagedServers: The total number of managed servers forming the cluster. The default is 5.

  • initialServerCount: The number of managed servers to initially start for the domain. The default is 2.

  • adminChannelPort: The NodePort where the admin-server's HTTP service is accessible. The default is 30721.

  • serverStartPolicy: The WebLogic servers that the Operator starts when it discovers the domain:

    • NEVER: Does not start any server in the domain.
    • ADMIN_ONLY: Starts only the administration server (no managed servers will be started).
    • IF_NEEDED: Starts the administration server and clustered servers up to the replica count. This is the default.

domain.*

ocbc.bc.volume

Details about the PVC for the domain file system.

  • storage: The storage size of the volume.

  • createOption: By default, the billingcare pod uses dynamic volume provisioning. To use a static volume instead, you must add the createOption key. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

batchPayment.*

ocbc.bc.volume

Details about the PVC for the batch payment files.

  • storage: The storage size of the volume.

  • createOption: By default, the billingcare pod uses dynamic volume provisioning. To use a static volume instead, you must add the createOption key. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

wlsUserGroups.*

ocbc.bc

The details for adding users and groups to the domain's default authenticator.

extensions.*

ocbc.bc

The name of the ConfigMap containing scripts to execute additional steps to configure the domain and application.

resources.*

ocbc.bc

The minimum and maximum CPU and memory resources that containers can use.

See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

nodeSelector

ocbc.bc

The node selector rules for scheduling WebLogic Server pods on particular nodes using simple selectors.

affinity

ocbc.bc

The affinity rules for scheduling WebLogic Server pods on particular nodes using more powerful selectors.

addOnPodSpec

ocbc.bc.pod

The details for extending pod specifications or overriding features. By default, this key is empty. See "About Customizing and Extending Pods" in BRM Cloud Native System Administrator's Guide.

Adding Billing Care Keys for oc-cn-helm-chart

Table 9-5 lists a few important keys that directly impact Billing Care. Add these keys to your override-values.yaml file for oc-cn-helm-chart with the same path hierarchy.

For the complete set of keys to personalize your Billing Care deployment, see the keys with the path ocbc.bc in the oc-cn-helm-chart/values.yaml file.

Caution:

Keys with the path ocbc.bc.secretVal hold sensitive data. Handle them carefully with controlled access to the override file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 9-5 Keys for oc-cn-helm-chart

Key Path in values.yaml File Description

appLogLevel

ocbc

The logging level at which application logs must be captured in log files: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, and ALL.

isEnabled

ocbc.bc

Whether to deploy, configure, and start Billing Care services (true) or not (false). The default is true.

deployment.app.*

ocbc.bc

The details about the Billing Care application image.

  • imageName: The name of the Billing Care image, such as oracle/billingcare.

  • imageTag: The tag associated with the image. This is generally the release number prefixed with a colon (:). For example, :15.2.0.0.0.

  • imagePullPolicy: When to pull images: only when one is not present locally (IfNotPresent) or always (Always). The default is IfNotPresent.

deployment.fmw.*

ocbc.bc

The details about the Fusion Middleware Infrastructure image.

  • imageRepository: The name of the repository from where the Fusion Middleware Infrastructure image is pulled. The default is container-registry.oracle.com/.

  • imageName: The name of the Fusion Middleware Infrastructure image, such as middleware/fmw-infrastructure.

  • imageTag: The tag associated with the image. For example: :14.1.2.0-jdk21-ol9.

  • imagePullPolicy: When to pull images: only when one is not present locally (IfNotPresent) or always (Always). The default is IfNotPresent.

deployment.sdk.*

ocbc.bc

The details about the Billing Care SDK image.

  • imageName: The name of the Billing Care SDK image.

  • imageTag: The tag associated with the image.

  • imagePullPolicy: When to pull images: only when one is not present locally (IfNotPresent) or always (Always). The default is IfNotPresent.

sdk.*

ocbc.bc

The details for deploying the Billing Care SDK.

  • isEnabled: Whether to deploy your SDK customizations for overriding application behavior (true) or not (false). The default is false.

  • deployName: The name of the Billing Care SDK to appear in the deployment list.

configEnv.*

odbc.bc

The details about the Managed Server.

  • httpPort: The container's port for access to the WebLogic Domain over HTTP. The default is 7011.

  • isOPSS: Whether to create an OPSS domain (true) or a non-OPSS domain (false). The default is true.

  • keystoreAlias: The private key alias of the KeyStore.

  • extKeystoreSecret: The name of the pre-created external Secret containing the Identity and Trust KeyStore certificate file. See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator's Guide.

  • keystoreType: The file type of the SSL Identity and TrustStore certificate, which is either PKCS12 or JKS. The default is PKCS12.

  • dbSSLMode: The type of connection required to connect to the database: one-way SSL authentication (ONE_WAY) or SSL authentication is not required (no).

  • dbWalletType: The type of TrustStore and KeyStore file that is used for the SSL connection: SSO or PKCS12.

  • extDBSSLWalletSecret: The names of the pre-created Kubernetes Secrets for the Billing Care KeyStore certificate file. See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator's Guide.

  • bipUrl: The URL to the BI Publisher server.

  • bipUserId: The name of the user with access to the BI Publisher instance.

infranet.*

ocbc.bc

The details for connecting to BRM.

  • user.*: Information about the user having permissions to access BRM.

  • connectionpool.*: The details about the connection pool. The default minimum is 25 and the default maximum is 50.

  • loglevel: The log level for the infranet.properties file.

  • ssoLogoutURL: The URL where the user is redirected after logging out from the application.

  • addOnProperties: This key is empty by default. You can use this key to specify custom Infranet.properties values.

secretVal.*

ocbc.bc

The credentials for accessing the system.

  • walletPassword: The password of the wallet storing sensitive data for the BRM connection.

  • bipPassword: The password of the BI Publisher instance.

  • keystoreTrustPassword: The StorePass for the Trust KeyStore.

wop.*

ocbc.bc

The details about the WebLogic Domain.

  • domainUID: The name of the domain, which is used as a prefix to tag related objects. The default is billingcare-domain.

  • domainRootDir: The location within the container where the domain is created. The default is /shared.

  • totalManagedServers: The total number of managed servers forming the cluster. The default is 5.

  • initialServerCount: The number of managed servers to initially start for the domain. The default is 2.

  • adminChannelPort: The NodePort where the admin-server's HTTP service is accessible.

    Note: Set this key only if you want the billingcare-domain-admin-server-ext service to deploy as NodePort.

  • serverStartPolicy: The WebLogic servers that the Operator starts when it discovers the domain:

    • NEVER: Does not start any server in the domain.
    • ADMIN_ONLY: Starts only the administration server (no managed servers will be started).
    • IF_NEEDED: Starts the administration server and clustered servers up to the replica count. This is the default.

  • restartVersion: Whether to force a rolling restart of all server pods. Change to any value other than current to trigger the action.

  • introspectVersion: Whether to force a domain introspection on change in domain configuration. Change to any value other than current to trigger the action.

monitoring.*

ocbc.bc.volume

Details about monitoring Billing Care.

  • isEnabled: Whether to enable monitoring of Billing Care (true) or not (false). See "Monitoring and Autoscaling Billing Care Cloud Native" in BRM Cloud Native System Administrator's Guide.

  • imageRepository: By default, the billingcare pod uses dynamic volume provisioning. To use a static volume instead, you must add the createOption key. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

  • imageName: The name of the WebLogic Monitoring Exporter image. The default is oracle/weblogic-monitoring-exporter.

  • imageTag: The tag associated with the image. The default is :2.2.2.

  • imagePullPolicy: When to pull images: only when one is not present locally (IfNotPresent) or always (Always). The default is IfNotPresent.

  • scrapeInterval: The duration at which Prometheus scrapes the target. The default is 2s.

  • operator.isEnabled: Whether the system is using Prometheus Operator and ServiceMonitor to scrape metrics (true) or not (false). The default is false.

  • resources.*: The minimum and maximum CPU and memory resources that containers can use. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

extensions.*

ocbc.bc

The name of the ConfigMap containing scripts to execute additional steps to configure the domain and application.

resources.*

ocbc.bc

The minimum and maximum CPU and memory resources that containers can use.

See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

nodeSelector

ocbc.bc

The node selector rules for scheduling WebLogic Server pods on particular nodes using simple selectors.

affinity

ocbc.bc

The affinity rules for scheduling WebLogic Server pods on particular nodes using more powerful selectors.

addOnPodSpec

ocbc.bc

The details for extending pod specifications or overriding features. By default, this key is empty. See "About Customizing and Extending Pods" in BRM Cloud Native System Administrator's Guide.

Updating Infranet.properties for Billing Care

The Infranet.properties file entries are located in the values.yaml file. This makes it easier to update them.

Following is a sample configuration block (located in the ocbc.bc path in oc-cn-helm-chart) for the Infranet.properties entries: 

infranet:
    user:
        login: 'boc_client.0.0.0.1'
        serviceType: '/service/admin_client'
        serviceId: 2
    connectionpool:
        minSize: 25
        maxSize: 50
    logLevel: 3
    ssoLogoutURL:
    addOnProperties: ""

If you have custom field classes, they should be provided through the SDK .war file and defined here using the addOnProperties key. For example: 

addOnProperties:|-
    infranet.custom.field.package=com.portal.custom
    infranet.custom.field.100011=PIN_FLD_ABC

To update these properties, update the values in override-values.yaml file for oc-cn-helm-chart. If this is an upgrade, also update the ocbc.bc.wop.restartVersion key in the same file. This will force a pod restart and the new values will be used.

Adding Custom Configuration to Deployment Workflow for Billing Care

You can provide additional configuration to be applied at particular checkpoints in the Billing Care deployment workflow. These checkpoints are:

  • ext_deployer_pre_exit: Called after the standard configuration in deployer.sh in oc-cn-op-job-helm-chart
  • ext_init_app_pre_exit: Called after the standard configuration in the init-app initContainer container in both oc-cn-op-job-helm-chart and oc-cn-helm-chart
  • ext_init_config_pre_exit: Called after the standard configuration in the init-config initContainer container in both oc-cn-op-job-helm-chart and oc-cn-helm-chart

Create a ConfigMap with your configuration scripts, including a shell script named run_hooks.sh that calls your other scripts. For example: 

apiVersion: v1
kind: ConfigMap
metadata:
  name: ext-scripts
data:
  run_hooks.sh: |+
    #!/bin/bash
    echo "executing extension for: $@"
    CURRENT_CHECKPOINT=$1
    if [ "$CURRENT_CHECKPOINT" == "ext_deployer_pre_exit" ] ; then
      sh my_deployer_extension.sh
    fi
  my_deployer_extension.sh: |+
    #!/bin/bash
    echo "executing my_deployer_extension"
...

Specify the name of your ConfigMap in the ocbc.bc.extensions.scriptsConfigName key in the override-values.yaml file for oc-cn-op-job-helm-chart.

Since Billing Care is a web application that is deployed on WebLogic Server, refer to the WebLogic Server documentation for information about overriding timeouts, cookie attributes, and so on. See "web.xml Deployment Descriptor Elements" and "weblogic.xml Deployment Descriptor Elements" in Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server for more information about these configurations. You can find files to help you with this configuration in the oc-cn-op-job-helm-chart/templates directory.

About Billing Care Volume Mounts

The Billing Care container requires Kubernetes volume mounts for sharing the domain and application file system between the WebLogic Cluster servers. There is one volume for the domain and one for batch payments. By default, these are created dynamically, using the provisioner defined in BRM, in the storage-class key in oc-cn-op-job-helm-chart.

To change the volume type or provider, modify the following keys in the override-values.yaml file for oc-cn-op-job-helm-chart.

  • ocbc.bc.volume.domain.createOption for the domain file system for Billing Care.

  • ocbc.bc.volume.batchPayment.createOption for the batch payments file system.

Creating a WebLogic Domain and Installing the Billing Care Application

The WebLogic domain is created by a Kubernetes Deployment when oc-cn-op-job-helm-chart is installed. The same job also installs the Billing Care application and deploys the application WAR file onto the WebLogic Cluster.

The oc-cn-op-job-helm-chart chart also:

  • Creates a Kubernetes ConfigMap and Secrets, which are used throughout the life-cycle of the WebLogic domain.

  • Initializes the PersistentVolumeClaim for the domain and application file system as well as third-party libraries.

Note:

The override-values.yaml file that you use for this chart must include BRM override values.

After you install oc-cn-op-job-helm-chart, wait until the Kubernetes deployment has reached the 1/1 Running status. Then, you can install or upgrade oc-cn-helm-chart for Billing Care services.

After the deployment is running, don't delete the chart. Its resources will be used for starting and stopping the servers through oc-cn-helm-chart.

Setting Up SSO for Billing Care

SSO allows users to log in to applications using a single user name and password combination. You set up SSO for Billing Care cloud native services by using SAML 2.0.

To set up SSO for Billing Care:

  1. Export the SAML 2.0 metadata XML file from your identity and access management (IAM) system.

    For example, if you are using Oracle Access Management, you can export the file by following the instructions in "Exporting Metadata" in Oracle Fusion Middleware Administering Oracle Access Management.

  2. Add the metadata XML file to your BRM cloud native deployment by doing one of the following:

    • Rename the metadata XML file to metadata.xml, and then move metadata.xml to the oc-cn-op-job-helm-chart/billingcare/idp directory.

    • Pre-create the IDP metadata ConfigMap for Billing Care and set the ocbc.bc.configEnv.extMetadataCM key in your override-values.yaml file for oc-cn-op-job-helm-chart.

      For more information, see "Managing Wallet and KeyStore Certificates" in BRM Cloud Native System Administrator's Guide.

  3. Configure the KeyStores needed by SAML by doing one of the following:

    • Generate the Identity and Trust KeyStores and then move your files, such as identity.p12 and trust.p12, under the oc-cn-op-job-helm-chart/billingcare/keystore directory.

    • Pre-create the Kubernetes Secret for the Identity and Trust KeyStore files and set the ocbc.bc.configEnv.extKeystoreSecret key in your override-values.yaml file for both oc-cn-op-job-helm-chart and oc-cn-helm-chart.

      For more information, see "Managing Wallet and KeyStore Certificates" in BRM Cloud Native System Administrator's Guide.

  4. In your override-values.yaml file for oc-cn-op-job-helm-chart, set the following keys:

    • ocbc.bc.configEnv.isSSOEnabled: Set this to true.

    • ocbc.bc.configEnv.keystoreAlias: Set this to the private key alias of the KeyStore.

    • ocbc.bc.configEnv.keystoreType: Set this to the file type of the SSL Identity and Trust store, which is either PKCS12 or JKS. The default is PKCS12.

    • ocbc.bc.configEnv.keystoreIdentityFileName: Set this to the name of the Identity KeyStore file.

    • ocbc.bc.configEnv.keystoreTrustFileName: Set this to the name of the Trust KeyStore file.

    • ocbc.bc.configEnv.samlAsserterName: Set this to the name of the SAML Asserter. The default is samlBCAsserter.

    • ocbc.bc.configEnv.ssoPublishedSiteURL: Set this to the base URL that is used to construct endpoint URLs. This is typically the load balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.

    • ocbc.bc.configEnv.ssoDefaultURL: Set this to the URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.

    • ocbc.bc.secretVal.keystoreIdentityPassword: Set this to the StorePass for the Identity KeyStore.

    • ocbc.bc.secretVal.keystoreKeyPassword: Set this to the KeyPass for the Identity KeyStore.

    • ocbc.bc.secretVal.keystoreTrustPassword: Set this to the StorePass for the Trust KeyStore.

  5. Configure your load balancer's rules to send responses to the Billing Care WebLogic domain with /saml2 appended to the URL path.

    Note:

    Add this rule to your existing load balancer rules for routing responses to Billing Care (/bc), the load balancer host name, and so on.

    See "Installing an Ingress Controller".

  6. Deploy your Billing Care cloud native services by following the instructions in "Deploying BRM Cloud Native Services".

  7. After Billing Care is deployed, retrieve the sp-metadata-admin-server.xml file from the /shared/domains/domainUID directory in your container, where domainUID is the name of your Billing Care domain specified in the ocbc.bc.wop.domainUID key.

    The XML file configures the Web SSO Provider Partner. It contains the partner's KeyStore certificates, SAML assertion details, and the URLs where the SAML Identity Provider redirects to provide access to Billing Care.

  8. Create a profile for your identity provider partner by loading the sp-metadata-admin-server.xml file into your IAM system.

    For example, if you are using Oracle Access Management, you can load the file by following the instructions in "Creating Remote Identity Provider Partners" in Oracle Fusion Middleware Administering Oracle Access Management.

Setting Up Local Users and Groups for Billing Care

You have the option to customize the values for oc-cn-op-job-helm-chart to create users and groups locally in Oracle WebLogic Server. This would be especially useful for test environments where you might not have Identity Providers or LDAPs available. The groups for the admin user for WebLogic Server cannot be modified using this procedure.

Any passwords must be encoded using Base64. You can leave the password blank, but then the user will not be able to log in to the application directly.

To set up local users and groups for Billing Care, define the keys under ocbc.bc.wlsUserGroups in the override-values.yaml file for oc-cn-op-job-helm-chart. For example: 

ocbc:
    bc:
        wlsUserGroups:
            groups:
            -   name: "GroupA"
                description: "GroupA Description"
            -   name: "GroupB"
                description: "GroupB Description"
            users:
            -   name: csr1
                description: "csr1 description"
                password: "Base64_password"
                groups:
                -   "GroupA"
                -   "GroupB"
            -   name: csr2
                description: "csr2 description"
                password: "Base64_password"
                groups:
                -   "GroupB"

Starting and Stopping WebLogic Servers

When you install oc-cn-op-job-helm-chart, the default configuration sets up a WebLogic Cluster with five Managed Servers. When you install or upgrade oc-cn-helm-chart for the Billing Care service, two of the Managed Servers and one Admin Server are started.

By modifying the override-values.yaml file for oc-cn-helm-chart, you can control:

  • The total number of Managed Servers and the initial server start up by using the totalManagedServers and initialServerCount keys.

  • Whether the servers are started or stopped by using the serverStartPolicy key. To start the Admin Servers and the Managed Servers in a Cluster, set the key to IF_NEEDED. To stop all servers, set the key to NEVER.

Note:

The keys in the override-values.yaml file should be the same as the ones used in oc-cn-op-job-helm-chart for keys that are common in both charts.

After you modify the override-values.yaml file, update the Helm release for the changes to take effect: 

helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile --namespace BrmNameSpace

where:

  • BrmReleaseName is the release name for oc-cn-helm-chart and is used to track this installation instance.

  • BrmNameSpace is the namespace in which to create BRM Kubernetes objects for the BRM Helm chart.

  • OverrideValuesFile is the path to a YAML file that overrides the default configurations in the values.yaml file for oc-cn-helm-chart.

Configuring the Billing Care REST API

You use the Billing Care REST API to integrate an external customer management application with BRM. This allows you to manage billing and rating in BRM and then manage your customers' accounts and bills in your external application. For more information, see REST API Reference for Billing Care.

To configure the Billing Care REST API to work with BRM cloud native:

  1. Override the Billing Care REST API-specific keys from the values.yaml file for oc-cn-op-job-helm-chart. See "Adding Billing Care REST API Keys for oc-cn-op-job-helm-chart".

  2. Override the Billing Care REST API-specific keys from the values.yaml file for oc-cn-helm-chart. See "Adding Billing Care REST API Keys for oc-cn-helm-chart".

  3. Set up volume mounts for the Billing Care REST API. See "About Billing Care REST API Volume Mounts".

  4. Create a WebLogic domain and install the Billing Care REST API. See "Creating a WebLogic Domain and Installing the Billing Care REST API".

  5. Set up local users and groups for Billing Care REST API. See "Setting Up Local Users and Groups for Billing Care REST API".

  6. Start and stop your WebLogic servers. See "Starting and Stopping WebLogic Servers".

Note:

To set up the Billing Care REST API, ensure that you successfully complete the installation of oc-cn-op-job-helm-chart before you install or upgrade oc-cn-helm-chart.

Adding Billing Care REST API Keys for oc-cn-op-job-helm-chart

Table 9-6 lists a few important keys that directly impact the Billing Care REST API. Add these keys to your override-values.yaml file for oc-cn-op-job-helm-chart.

For the complete set of keys to personalize your Billing Care REST API deployment, see the keys with the path ocbc.bcws in the oc-cn-op-job-helm-chart/values.yaml file.

Caution:

Keys with the path ocbc.bcws.secretVal hold sensitive data. Handle them carefully with controlled access to the override file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 9-6 Billing Care REST API Keys for oc-cn-op-job-helm-chart

Key Path in values.yaml File Description

isEnabled

ocbc.bcws

Whether to deploy, configure, and start Billing Care REST API services:

  • false: Does not create the Kubernetes resources for using the Billing Care REST API.
  • true: Creates the Kubernetes resources for using the Billing Care REST API. This is the default.

imageName

ocbc.bcws.deployment.app

The name of the Billing Care REST API image, such as oracle/bcws.

imageTag

ocbc.bcws.deployment.app

The tag associated with the image. This is generally the release number. Prefix the value with a colon (:). For example, :15.2.0.0.0.

dbSSLMode

ocbc.bcws.configEnv

The type of connection required to connect to the database:

  • TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each others identity.
  • ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity. This is the default.
  • NO: SSL authentication is not required.

dbWalletType

ocbc.bcws.configEnv

The type of TrustStore and KeyStore file that is used for the SSL connection: SSO or PKCS12.

extDBSSLWalletSecret

extKeystoreSecret

ocbc.bcws.configEnv

The names of the pre-created Kubernetes Secrets for the Billing Care REST API KeyStore certificates and wallets.

See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator's Guide.

dbWalletPassword

ocbc.bcws.configEnv

The password for accessing the certificates from the TrustStore and KeyStore.

rcuJdbcURL

ocbc.bcws.configEnv

The connection string for connecting to the database where schemas needed by Oracle Fusion Middleware products will be created, especially OPSS.

rcuDBARole

ocbc.bcws.configEnv

The role of the database administrator user.

rcuArgs

ocbc.bcws.configEnv

The additional arguments for creating the RCU.

ldapHost

ocbc.bcws.configEnv

The host name or IP address of the LDAP Server (for example, OUD) where users and groups will be configured for access to the Billing Care REST API.

ldapPort

ocbc.bcws.configEnv

The port number on which the LDAP server is listening.

ldapGroupBase

ocbc.bcws.configEnv

The LDAP base DN that contains groups.

ldapUserBase

ocbc.bcws.configEnv

The LDAP base DN that contains users.

keystoreAlias

ocbc.bcws.configEnv

The private key alias of the KeyStore.

keystoreType

ocbc.bcws.configEnv

The file type of SSL Identity and Trust store, either PKCS12 or JKS.

keystoreIdentityFileName

ocbc.bcws.configEnv

The file name of the Identity KeyStore.

keystoreTrustFileName

ocbc.bcws.configEnv

The file name of the Trust KeyStore.

tlsVersions

ocbc.bcws.configEnv

The list of TLS versions to support for connection with the WebLogic domain. List the version numbers in order, from lowest to highest, separated by a comma. For example: TLSv1.2, TLSv1.3.

reloadVersion

ocbc.bcws.configEnv

Update this value with any value different from the current value to force a restart of the deployer.

adminPassword

ocbc.bcws.secretVal

The password of the WebLogic domain's administrative user, which is used for accessing the WebLogic Console for administrative operations.

ldapPassword

ocbc.bcws.secretVal

The password of the LDAP Server admin user.

rcuSysDBAPassword

ocbc.bcws.secretVal

The password for the rcuJdbcURL database administrator.

rcuSchemaPassword

ocbc.bcws.secretVal

The passwords for the schemas of Oracle Fusion Middleware products that will be created by RCU, which is used by OPSS.

dbWalletPassword

ocbc.bcws.secretVal

The password for accessing the certificates from the TrustStore and KeyStore.

keystoreIdentityPassword

ocbc.bcws.secretVal

The storepass of the Identity KeyStore.

keystoreKeyPassword

ocbc.bcws.secretVal

The KeyPass of the Identity KeyStore.

keystoreTrustPassword

ocbc.bcws.secretVal

The storepass of Trust KeyStore.

domainUID

ocbc.bcws.wop

The name of the domain. The default is bcws-domain.

adminChannelPort

ocbc.bcws.wop

The NodePort where the admin-server's HTTP service is accessible. The default is 30711.

serverStartPolicy

ocbc.bcws.wop

The WebLogic servers that the Operator starts when it discovers the domain:

  • NEVER: Does not start any server in the domain.
  • ADMIN_ONLY: Starts only the administration server (no managed servers will be started).
  • IF_NEEDED: Starts the administration server and clustered servers up to the replica count.

domain.*

ocbc.bcws.volume

Details about the PVC for the domain file system:

  • storage: The storage size of the volume.

  • createOption: By default, the bcws pod uses dynamic volume provisioning. To use a static volume instead, you must add the createOption key. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

batchPayment.*

ocbc.bcws.volume

Details about the PVC for the batch payment files:

  • storage: The storage size of the volume.

  • createOption: By default, the bcws pod uses dynamic volume provisioning. To use a static volume instead, you must add the createOption key. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

resources.*

ocbc.bcws

The minimum and maximum CPU and memory resources for the cm pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

nodeSelector

ocbc.bcws

The node selector rules for scheduling WebLogic Server pods on particular nodes using simple selectors.

affinity

ocbc.bcws

The affinity rules for scheduling WebLogic Server pods on particular nodes using more powerful selectors.

addOnPodSpec

ocbc.bcws

The details for extending pod specifications or overriding features. By default, this key is empty. See "About Customizing and Extending Pods" in BRM Cloud Native System Administrator's Guide.

Adding Billing Care REST API Keys for oc-cn-helm-chart

Table 9-7 lists a few important keys that directly impact the Billing Care REST API. Add these keys to your override-values.yaml file for oc-cn-helm-chart.

For the complete set of keys to personalize your Billing Care REST API deployment, see the keys with the path ocbc.bcws in the oc-cn-helm-chart/values.yaml file.

Caution:

Keys with the path ocbc.bcws.secretVal hold sensitive data. Handle them carefully with controlled access to the override file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 9-7 Billing Care REST API Keys for oc-cn-helm-chart

Key Path in values.yaml File Description

appLogLevel

ocbc

The logging level at which application logs must be captured in log files: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, and ALL.

isEnabled

ocbc.bcws

Whether to deploy, configure, and start Billing Care REST API services:

  • false: Does not create the Kubernetes resources for using the Billing Care REST API.
  • true: Creates the Kubernetes resources for using the Billing Care REST API. This is the default.

imageName

ocbc.bcws.deployment.app

The name of the Billing Care REST API image, such as oracle/bcws.

imageTag

ocbc.bcws.deployment.app

The tag associated with the image. This is generally the release number. Prefix the value with a colon (:). For example, :15.2.0.0.0.

keystoreAlias

ocbc.bcws.configEnv

The private key alias of the KeyStore.

extDBSSLWalletSecret

extKeystoreSecret

ocbc.bcws.configEnv

The names of the pre-created Kubernetes Secrets for the Billing Care REST API KeyStore certificates and wallets.

See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator's Guide.

dbSSLMode

ocbc.bcws.configEnv

The type of connection required to connect to the database:

  • TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each others identity.
  • ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity. This is the default.
  • NO: SSL authentication is not required.

dbWalletType

ocbc.bcws.configEnv

The type of TrustStore and KeyStore file that is used for the SSL connection: SSO or PKCS12.

user.*

ocbc.bcws.infranet

The permissions for accessing BRM:

  • login: The user name of the service that has permission to access BRM. The default is bc_client.0.0.0.1.

  • serviceType: The POID type of the service that has permission to access BRM. The default is /service/admin_client.

  • serviceID: The POID ID of the service that has permission to access BRM. The default is 416.

connectionpool.*

ocbc.bcws.infranet

The size of the connection pool

  • minSize: The minimum number of connections in the pool. The default is 25.

  • maxSize: The maximum number of connections in the pool. The default is 50.

loglevel

ocbc.bcws.infranet

The log level for the Infranet.properties file.

idp.*

ocbc.bcws.infranet

The details for the Identity Provider (IdP) for authenticating clients to access Billing Care REST API:

  • vendor: The IdP application: OAM or IDCS.

  • url: The base URL of the IdP server, such as https://host:port.

  • resourceServerAndScope: The resource server and scope created in your IDP for Billing Care REST API.

  • identityDomain: The name of the Identity Provider. This is mandatory if the vendor is OAM.

  • clientId: The client ID for accessing the IdP when validating the access token. This is mandatory if the vendor is IDCS.

addOnProperties

ocbc.bcws.infranet

This key is empty by default. You can use this key to specify custom Infranet.properties values.

secretVal.*

ocbc.bcws

The passwords:

  • walletPassword: The password for the wallet storing sensitive data for connecting to BRM.

  • bipPassword: The password for your BI Publisher instance.

  • keystoreTrustPassword: The StorePass for the Trust KeyStore.

  • infranet.idp.clientSecret: The client secret for communicating with the authorization server.

domainUID

ocbc.bcws.wop

The name of the domain. The default is bcws-domain.

adminChannelPort

ocbc.bcws.wop

The NodePort where the admin-server's HTTP service is accessible. By default, this key is blank.

Note: Set this key only if you want the bcws-domain-admin-server-ext service to deploy as NodePort.

serverStartPolicy

ocbc.bcws.wop

The WebLogic servers that the Operator starts when it discovers the domain:

  • NEVER: Does not start any server in the domain.
  • ADMIN_ONLY: Starts only the administration server (no managed servers will be started).
  • IF_NEEDED: Starts the administration server and clustered servers up to the replica count. This is the default.

isEnabled

ocbc.bcws.monitoring

Whether to enable monitoring of Billing Care REST API.

See "Monitoring and Autoscaling Billing Care Cloud Native" in BRM Cloud Native System Administrator's Guide.

resources.*

ocbc.bcws

The minimum and maximum CPU and memory resources for the cm pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

nodeSelector

ocbc.bcws

The node selector rules for scheduling WebLogic Server pods on particular nodes using simple selectors.

affinity

ocbc.bcws

The affinity rules for scheduling WebLogic Server pods on particular nodes using more powerful selectors.

addOnPodSpec

ocbc.bcws

The details for extending pod specifications or overriding features. By default, this key is empty. See "About Customizing and Extending Pods" in BRM Cloud Native System Administrator's Guide.

Updating Infranet Properties for the Billing Care REST API

The Infranet.properties file entries are located in the values.yaml file. This makes it easier to update them.

Following is a sample configuration block (located in the ocbc.bcws path in oc-cn-helm-chart) for the Infranet.properties entries: 

infranet:
    user:
        login: 'bc_client.0.0.0.1'
        serviceType: '/service/admin_client'
        serviceId: 416
    connectionpool:
        minSize: 25
        maxSize: 50
    logLevel: 3
    idp:
        vendor: IDCS
        url: https://host:port
        resourceServerAndScope:
        identityDomain:
        clientId:
    addOnProperties: ""

If you have custom field classes, they should be provided through the SDK .war file and defined here using the addOnProperties key. For example: 

addOnProperties:|-
    infranet.custom.field.package=com.portal.custom
    infranet.custom.field.100011=PIN_FLD_ABC

To update any of these properties after an install or upgrade, update the values in override-values.yaml file for oc-cn-helm-chart. If this is an upgrade, also update the ocbc.bcws.wop.restartVersion key in the same file. This will force a pod restart and the new values will be used.

Adding Custom Configuration to Deployment Workflow for Billing Care REST API

You can provide additional configuration to be applied at particular checkpoints in the Billing Care REST API deployment workflow. These checkpoints are:

  • ext_deployer_pre_exit: Called after the standard configuration in deployer.sh in oc-cn-op-job-helm-chart
  • ext_init_app_pre_exit: Called after the standard configuration in the init-app initContainer container in both oc-cn-op-job-helm-chart and oc-cn-helm-chart
  • ext_init_config_pre_exit: Called after the standard configuration in the init-config initContainer container in both oc-cn-op-job-helm-chart and oc-cn-helm-chart

Create a ConfigMap with your configuration scripts, including a shell script named run_hooks.sh that calls your other scripts. For example: 

apiVersion: v1
kind: ConfigMap
metadata:
  name: ext-scripts
data:
  run_hooks.sh: |+
    #!/bin/bash
    echo "executing extension for: $@"
    CURRENT_CHECKPOINT=$1
    if [ "$CURRENT_CHECKPOINT" == "ext_deployer_pre_exit" ] ; then
      sh my_deployer_extension.sh
    fi
  my_deployer_extension.sh: |+
    #!/bin/bash
    echo "executing my_deployer_extension"
...

Specify the name of your ConfigMap in the ocbc.bcws.extensions.scriptsConfigName key in the override-values.yaml file for oc-cn-op-job-helm-chart.

About Billing Care REST API Volume Mounts

The Billing Care REST API container requires Kubernetes volume mounts for sharing the domain and application file system between the WebLogic Cluster servers. There is one volume for the domain and one for batch payments. By default, these are created dynamically, using the provisioner defined in BRM, in the storage-class key in oc-cn-op-job-helm-chart.

Note:

The selected location must be accessible on all worker nodes across which WebLogic Servers will be distributed based on defined nodeSelector or affinity rules.

To change the volume type or provider, modify the following keys in the override-values.yaml file for oc-cn-op-job-helm-chart.

  • ocbc.bcws.volume.domain.createOption for the domain file system for Billing Care.

  • ocbc.bcws.volume.batchPayment.createOption for the batch payments file system.

Creating a WebLogic Domain and Installing the Billing Care REST API

The WebLogic domain is created by a Kubernetes Deployment when oc-cn-op-job-helm-chart is installed. The same job also installs the Billing Care REST API and deploys the application WAR file onto the WebLogic Cluster.

The oc-cn-op-job-helm-chart chart also:

  • Creates a Kubernetes ConfigMap and Secrets, which are used throughout the life-cycle of the WebLogic domain.

  • Initializes the PersistentVolumeClaim for the domain and application file system as well as third-party libraries.

Note:

The override-values.yaml file that you use for this chart must include BRM override values.

After you install oc-cn-op-job-helm-chart, wait until the Kubernetes deployment has reached the 1/1 Running status. Then, you can install or upgrade oc-cn-helm-chart for Billing Care REST API services.

After the deployment is running, don't delete the chart. Its resources will be used for starting and stopping the servers through oc-cn-helm-chart.

Setting Up Local Users and Groups for Billing Care REST API

You have the option to customize the values for oc-cn-op-job-helm-chart to create users and groups locally in Oracle WebLogic Server. This would be especially useful for test environments where you might not have Identity Providers or LDAPs available. The groups for the admin user for WebLogic Server cannot be modified using this procedure.

Any passwords must be encoded using Base64. You can leave the password blank, but then the user will not be able to log in to the application directly.

To set up local users and groups for Billing Care, define the keys under ocbc.bcws.wlsUserGroups in the override-values.yaml file for oc-cn-op-job-helm-chart. For example: 

ocbc:
    bcws:
        wlsUserGroups:
            groups:
            -   name: "GroupA"
                description: "GroupA Description"
            -   name: "GroupB"
                description: "GroupB Description"
            users:
            -   name: csr1
                description: "csr1 description"
                password: "Base64_password"
                groups:
                -   "GroupA"
                -   "GroupB"
            -   name: csr2
                description: "csr2 description"
                password: "Base64_password"
                groups:
                -   "GroupB"

Starting and Stopping WebLogic Servers

When you install oc-cn-op-job-helm-chart, the default configuration sets up a WebLogic Cluster with five Managed Servers. When you install or upgrade oc-cn-helm-chart for the Billing Care REST API service, two of the Managed Servers and one Admin Server are started.

By modifying the override-values.yaml file for oc-cn-helm-chart, you can control:

  • The total number of Managed Servers and the initial server start up by using the totalManagedServers and initialServerCount keys.

  • Whether the servers are started or stopped by using the serverStartPolicy key. To start the Admin Servers and the Managed Servers in a Cluster, set the key to IF_NEEDED. To stop all servers, set the key to NEVER.

Note:

The keys in the override-values.yaml file should be the same as the ones used in oc-cn-op-job-helm-chart for keys that are common in both charts.

After you modify the override-values.yaml file, update the Helm release for the changes to take effect: 

helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile --namespace BrmNameSpace

where:

  • BrmReleaseName is the release name for oc-cn-helm-chart and is used to track this installation instance.

  • BrmNameSpace is the namespace in which to create BRM Kubernetes objects for the BRM Helm chart.

  • OverrideValuesFile is the path to a YAML file that overrides the default configurations in the values.yaml file for oc-cn-helm-chart.