1. Oracle SOA Suite on Kubernetes
  2. Administration Guide
  3. Expose the T3/T3S Protocol
  4. Expose a T3/T3S Channel for the Administration Server

Expose a T3/T3S Channel for the Administration Server

To create a custom T3/T3S channel for the Administration Server that has a listen port listen_port and a paired public port public_port:

  1. Create t3_admin_config.py with the following content:
    admin_pod_name = sys.argv[1]
admin_port = sys.argv[2]
user_name = sys.argv[3]
password = sys.argv[4]
listen_port = sys.argv[5]
public_port = sys.argv[6]
public_address = sys.argv[7]
AdminServerName = sys.argv[8]
channelType = sys.argv[9]
print('custom admin_pod_name : [%s]' % admin_pod_name);
print('custom admin_port : [%s]' % admin_port);
print('custom user_name : [%s]' % user_name);
print('custom password : ********');
print('public address : [%s]' % public_address);
print('channel listen port : [%s]' % listen_port);
print('channel public listen port : [%s]' % public_port);
connect(user_name, password, 't3://' + admin_pod_name + ':' + admin_port)
edit()
startEdit()
cd('/')
cd('Servers/%s/' % AdminServerName )
if channelType == 't3':
   create('T3Channel_AS','NetworkAccessPoint')
   cd('NetworkAccessPoints/T3Channel_AS')
   set('Protocol','t3')
   set('ListenPort',int(listen_port))
   set('PublicPort',int(public_port))
   set('PublicAddress', public_address)
   print('Channel T3Channel_AS added')
elif channelType == 't3s':	  
   create('T3SChannel_AS','NetworkAccessPoint')
   cd('NetworkAccessPoints/T3SChannel_AS')
   set('Protocol','t3s')
   set('ListenPort',int(listen_port))
   set('PublicPort',int(public_port))
   set('PublicAddress', public_address)
   set('HttpEnabledForThisProtocol', true)
   set('OutboundEnabled', false)
   set('Enabled', true)
   set('TwoWaySSLEnabled', true)
   set('ClientCertificateEnforced', false)
else:
   print('channelType [%s] not supported',channelType)  
activate()
disconnect()
  2. Copy t3_admin_config.py into the domain home (for example, /u01/oracle/user_projects/domains/soainfra) of the Administration Server pod (for example, soainfra-adminserver in soans namespace).
     $ kubectl cp t3_admin_config.py soans/soainfra-adminserver:/u01/oracle/user_projects/domains/soainfra
  3. Run wlst.sh t3_admin_config.py by using exec into the Administration Server pod with the following parameters:
    • admin_pod_name: soainfra-adminserver # Administration Server pod
    • admin_port: 7001
    • user_name: weblogic
    • password: Welcome1 # weblogic password
    • listen_port: 30014 # New port for T3 Administration Server
    • public_port: 30014 # Kubernetes NodePort which will be used to expose T3 port externally
    • public_address:
    • AdminServerName: AdminServer # Give administration Server name
    • channelType: t3 # t3 or t3s protocol channel
    kubectl exec -it <Administration Server pod> -n <namespace> -- /u01/oracle/oracle_common/common/bin/wlst.sh  <domain_home>/t3_admin_config.py <Administration Server pod>  <Administration Server port>  weblogic <password for weblogic> <t3 port on Administration Server> <t3 nodeport> <master_ip> <AdminServerName> <channelType t3 or t3s>

    For example:

    kubectl exec -it soainfra-adminserver -n soans -- /u01/oracle/oracle_common/common/bin/wlst.sh /u01/oracle/user_projects/domains/soainfra/t3_admin_config.py soainfra-adminserver  7001 weblogic Welcome1 30014 30014 xxx.xxx.xxx.xxx AdminServer t3
  4. Create t3_admin_svc.yaml with the following contents to expose T3 at NodePort 30014 for domainName and domainUID as soainfra and domain deployed in soans namespace:

    Note:

    For T3S, replace NodePort 30014 with the appropriate value used with public_port while creating the T3S channel using wlst.sh in the previous step. 
    apiVersion: v1
kind: Service
metadata:
   name: soainfra-adminserver-t3-external
   namespace: soans
   labels:
     weblogic.serverName: AdminServer
     weblogic.domainName: soainfra
     weblogic.domainUID: soainfra
spec:
  type: NodePort
  selector:
    weblogic.domainName: soainfra
    weblogic.domainUID: soainfra
    weblogic.serverName: AdminServer
  ports:
  - name: t3adminport
    protocol: TCP
    port: 30014
    targetPort: 30014
    nodePort: 30014
  5. Create the NodePort service for port 30014:
    kubectl create -f t3_admin_svc.yaml
  6. Verify that you can access T3 for the Administration Server with the following URL:
    t3://<master_ip>:30014
  7. Similarly, you can access T3S as follows:
    1. First get the certificates from the Administration Server to be used for secured (T3S) connection from the client. You can export the certificate from the Administration Server with WLST commands. For example, to export the default demoidentity:

      Note:

      If you are using the custom SSL certificate, replace the steps accordingly. 
      kubectl exec -it soainfra-adminserver -n soans -- bash
/u01/oracle/oracle_common/common/bin/wlst.sh
connect('weblogic','Welcome1','t3://soainfra-adminserver:7001')
svc = getOpssService(name='KeyStoreService')
svc.exportKeyStoreCertificate(appStripe='system', name='demoidentity', password='DemoIdentityKeyStorePassPhrase', alias='DemoIdentity', type='Certificate', filepath='/tmp/cert.txt/')

      These steps download the certificate at /tmp/cert.txt.

    2. Use the same certificates from the client side and connect using t3s. For example:
      export JAVA_HOME=/u01/jdk
keytool -import -v -trustcacerts -alias soadomain -file cert.txt -keystore $JAVA_HOME/lib/security/cacerts -keypass changeit -storepass changeit
export WLST_PROPERTIES="-Dweblogic.security.SSL.ignoreHostnameVerification=true"
cd $ORACLE_HOME/oracle_common/common/bin
./wlst.sh
  Initializing WebLogic Scripting Tool (WLST) ...
  Welcome to WebLogic Server Administration Scripting Shell
  Type help() for help on available commands
wls:/offline> connect('weblogic','Welcome1','t3s://<Master IP address>:30014')