Expose T3/T3S for Managed Servers

Create t3_ms_config.py with the following content:

admin_pod_name = sys.argv[1]
admin_port = sys.argv[2]
user_name = sys.argv[3]
password = sys.argv[4]
listen_port = sys.argv[5]
public_port = sys.argv[6]
public_address = sys.argv[7]
managedNameBase = sys.argv[8]
ms_count = sys.argv[9]
channelType = sys.argv[10]
print('custom host : [%s]' % admin_pod_name);
print('custom port : [%s]' % admin_port);
print('custom user_name : [%s]' % user_name);
print('custom password : ********');
print('public address : [%s]' % public_address);
print('channel listen port : [%s]' % listen_port);
print('channel public listen port : [%s]' % public_port);

connect(user_name, password, 't3://' + admin_pod_name + ':' + admin_port)

edit()
startEdit()
for index in range(0, int(ms_count)):
  cd('/')
  msIndex = index+1
  cd('/')
  name = '%s%s' % (managedNameBase, msIndex)
  cd('Servers/%s/' % name )
  if channelType == 't3':
    create('T3Channel_MS','NetworkAccessPoint')
    cd('NetworkAccessPoints/T3Channel_MS')
    set('Protocol','t3')
    set('ListenPort',int(listen_port))
    set('PublicPort',int(public_port))
    set('PublicAddress', public_address)
    print('Channel T3Channel_MS added ...for ' + name)
  elif channelType == 't3s':	  
    create('T3SChannel_MS','NetworkAccessPoint')
    cd('NetworkAccessPoints/T3SChannel_MS')
    set('Protocol','t3s')
    set('ListenPort',int(listen_port))
    set('PublicPort',int(public_port))
    set('PublicAddress', public_address)
    set('HttpEnabledForThisProtocol', true)
    set('OutboundEnabled', false)
    set('Enabled', true)
    set('TwoWaySSLEnabled', true)
    set('ClientCertificateEnforced', false)
    print('Channel T3SChannel_MS added ...for ' + name)
  else:
    print('Protocol [%s] not supported' % channelType)  	
activate()
disconnect()

Copy t3_ms_config.py into the domain home (for example, /u01/oracle/user_projects/domains/soainfra) of the Administration Server pod (for example, soainfra-adminserver in soans namespace).

kubectl cp t3_ms_config.py soans/soainfra-adminserver:/u01/oracle/user_projects/domains/soainfra

Run wlst.sh t3_ms_config.py by exec into the Administration Server pod with the following parameters:

admin_pod_name: soainfra-adminserver # Administration Server pod
admin_port: 7001
user_name: weblogic
password: Welcome1 # weblogic password
listen_port: 30016 # New port for T3 Managed Servers
public_port: 30016 # Kubernetes NodePort which will be used to expose T3 port externally
public_address:
managedNameBase: soa_server # Give Managed Server base name. For osb_cluster this will be osb_server
ms_count: 5 # Number of configured Managed Servers
channelType: t3 # channelType is t3 or t3s

admin_pod_name: soainfra-adminserver # Administration Server pod admin_port:  7001 user_name: weblogic password: Welcome1 # weblogic password listen_port: 30016 # New port for T3 Managed Serverspublic_port: 30016 # Kubernetes NodePort which will be used to expose T3 port
          externallypublic_address: managedNameBase: soa_server # Give Managed Server base name. For osb_cluster this will
          be osb_serverms_count: 5 # Number of configured Managed ServerschannelType: t3 # channelType is t3 or t3s

For example:

kubectl exec -it soainfra-adminserver -n soans -- /u01/oracle/oracle_common/common/bin/wlst.sh /u01/oracle/user_projects/domains/soainfra/t3_ms_config.py soainfra-adminserver  7001 weblogic Welcome1 30016 30016 xxx.xxx.xxx.xxx soa_server 5 t3

Create t3_ms_svc.yaml with the following contents to expose T3 at Managed Server port 30016 for domainName, domainUID as soainfra, and clusterName as soa_cluster for the SOA cluster. Similarly, you can create the Kubernetes service with clusterName as osb_cluster for an Oracle Service Bus cluster:

Note:

For T3S, replace NodePort 30016 with the appropriate value used with public_port while creating the T3S channel using wlst.sh in the previous step.

apiVersion: v1
kind: Service
metadata:
   name: soainfra-soa-cluster-t3-external
   namespace: soans
   labels:
     weblogic.clusterName: soa_cluster
     weblogic.domainName: soainfra
     weblogic.domainUID: soainfra
spec:
  type: NodePort
  selector:
    weblogic.domainName: soainfra
    weblogic.domainUID: soainfra
    weblogic.clusterName: soa_cluster
  ports:
  - name: t3soaport
    protocol: TCP
    port: 30016
    targetPort: 30016
    nodePort: 30016

Create the NodePort service for port 30016:

kubectl create -f t3_ms_svc.yaml

Verify that you can access T3 for the Managed Server with the following URL:

t3://<master_ip>:30016

Similarly, you can access T3S as follows:

First get the certificates from the Administration Server to be used for secured (t3s) connection from client. You can export the certificate from the Administration Server with wlst commands. Sample commands to export the default demoidentity:
Note:
In case you are using the custom SSL certificate, replaces the steps accordingly
```
kubectl exec -it soainfra-adminserver -n soans -- bash
/u01/oracle/oracle_common/common/bin/wlst.sh
connect('weblogic','Welcome1','t3://soainfra-adminserver:7001')
svc = getOpssService(name='KeyStoreService')
svc.exportKeyStoreCertificate(appStripe='system', name='demoidentity', password='DemoIdentityKeyStorePassPhrase', alias='DemoIdentity', type='Certificate', filepath='/tmp/cert.txt/')
```
The above steps download the certificate at /tmp/cert.txt.

Use the same certificates from the client side and connect using t3s. For example:

export JAVA_HOME=/u01/jdk
keytool -import -v -trustcacerts -alias soadomain -file cert.txt -keystore $JAVA_HOME/lib/security/cacerts -keypass changeit -storepass changeit
export WLST_PROPERTIES="-Dweblogic.security.SSL.ignoreHostnameVerification=true"
cd $ORACLE_HOME/oracle_common/common/bin
./wlst.sh
  Initializing WebLogic Scripting Tool (WLST) ...
  Welcome to WebLogic Server Administration Scripting Shell
  Type help() for help on available commands
wls:/offline> connect('weblogic','Welcome1','t3s://<Master IP address>:30016')