Abstract

This guide describes how to provision and manage Oracle WebCenter Portal instances on Kubernetes.

Preface

This guide outlines the process for provisioning and managing Oracle WebCenter Portal instances within a Kubernetes environment. It serves as a resource for users seeking to effectively create and manage these instances on Kubernetes.

Audience

This guide is intended for users who want to create and manage Oracle WebCenter Portal instances on Kubernetes.

Oracle WebCenter Portal on Kubernetes

The WebLogic Kubernetes Operator, which supports running WebLogic Server and Fusion Middleware Infrastructure domains on Kubernetes, facilitates the deployment of Oracle WebCenter Portal in a Kubernetes environment.

In this release, the Oracle WebCenter Portal domain is structured around the domain on a persistent volume model only, where the domain home is stored in a persistent volume.

This release includes support for the Portlet Managed Server, enabling the deployment and management of portlet applications within the Oracle WebCenter Portal environment.

The operator provides several key features to assist in deploying and managing the Oracle WebCenter Portal domain in Kubernetes. These features enable you to:

• Create Oracle WebCenter Portal instances in a Kubernetes persistent volume (PV), which can be hosted on a Network File System (NFS) or other types of Kubernetes volumes.
• Start servers based on declarative startup parameters and desired states.
• Expose Oracle WebCenter Portal services for external access.
• Scale the Oracle WebCenter Portal domain by starting and stopping Managed Servers on demand or through integration with a REST API.
• Publish logs from both the operator and WebLogic Server to Elasticsearch for interaction via Kibana.
• Monitor the Oracle WebCenter Portal instance using Prometheus and Grafana.

Current release

The current release for the Oracle WebCenter Portal domain deployment on Kubernetes is 24.4.3. This release uses the WebLogic Kubernetes Operator version 4.2.9.

Recent changes and known issues

See the Release Notes for recent changes and known issues with the Oracle WebCenter Portal domain deployment on Kubernetes.

About this documentation

This documentation includes sections targeted to different audiences. To help you find what you are looking for more easily, please use this table of contents:

• Quick Start explains how to quickly get an Oracle WebCenter Portal domain instance running, using the defaults, nothing special. Note that this is only for development and test purposes.

• Install Guide and Administration Guide provide detailed information about all aspects of using the Kubernetes operator including:

  • Installing and configuring the operator
  • Using the operator to create and manage Oracle WebCenter Portal domain
  • Configuring WebCenter Portal for search functionality
  • Setting up Kubernetes load balancers
  • Configuring Prometheus and Grafana for monitoring WebCenter Portal
  • Setting up logging with Elasticsearch

Release Notes

Recent changes

Review the release notes for Oracle WebCenter Portal on Kubernetes.

Install Guide

Install the WebLogic Kubernetes operator and prepare and deploy the Oracle WebCenter Portal domain.

Requirements and limitations

Understand the system requirements and limitations for deploying and running Oracle WebCenter Portal with the WebLogic Kubernetes operator.

• Introduction
• System Requirements
• Limitations

Introduction

This document outlines the specific considerations for deploying and running a WebCenter Portal domain using the WebLogic Kubernetes Operator. Apart from the considerations mentioned here, the WebCenter Portal domain operates similarly to Fusion Middleware Infrastructure and WebLogic Server domains.

In this release, WebCenter Portal domain is based on the domain on a persistent volume model where the domain resides in a persistent volume (PV).

System Requirements

Release 24.4.3 has the following system requirements:

• Kubernetes: Versions 1.24.0+, 1.25.0+, 1.26.2+, 1.27.2+, 1.28.2+ and 1.29.1+ (check with kubectl version).
• Networking: v0.13.0-amd64 or later (verify with docker images | grep flannel), or Calico v3.16.1+.
• Helm: Version 3.10.2+ (verify with helm version --client --short).
• Container Runtime: Docker 19.03.11+ (check with docker version) or CRI-O 1.20.2+ (check with crictl version | grep RuntimeVersion).
• WebLogic Kubernetes Operator: Version 4.2.9 (see the operator release notes).
• Oracle WebCenter Portal: Version 14.1.2.0 image.

Proxy Setup: The following proxy configurations are used to pull required binaries and source code from the respective repositories:

export NO_PROXY="localhost,127.0.0.0/8,$(hostname -i),.your-company.com,/var/run/docker.sock"
export no_proxy="localhost,127.0.0.0/8,$(hostname -i),.your-company.com,/var/run/docker.sock"
export http_proxy=http://www-proxy-your-company.com:80
export https_proxy=http://www-proxy-your-company.com:80
export HTTP_PROXY=http://www-proxy-your-company.com:80
export HTTPS_PROXY=http://www-proxy-your-company.com:80

Limitations

Compared to running a WebLogic Server domain in Kubernetes using the operator, the following limitations currently exist for a WebCenter Portal domain:

• The Domain in image model is not supported in this version of the operator. Additionally, WebLogic Deploy Tooling (WDT) based deployments are currently not supported.
• Only configured clusters are supported; dynamic clusters are not supported on WebCenter Portal domains. Note that you can still utilize all scaling features; you just need to define the maximum size of your cluster at the time of creating a domain.
• At present, WebCenter Portal does not run on non-Linux containers.
• Deploying and running a WebCenter Portal domain is supported only in operator versions 4.2.9.
• The WebLogic Logging Exporter project has been archived. Users are encouraged to use Fluentd or Logstash.
• The WebLogic Monitoring Exporter currently supports only the WebLogic MBean trees. Support for JRF MBeans has not yet been added.

Prepare Your Environment

Prepare for creating the Oracle WebCenter Portal domain. This preparation includes, but is not limited to, creating the required secrets, persistent volume, volume claim, and database schema.

Set up the environment, including establishing a Kubernetes cluster and the WebLogic Kubernetes Operator.

1. Set Up Your Kubernetes Cluster

2. Install Helm

3. Pull Other Dependent Images

4. Obtain the Oracle WebCenter Portal Docker Image

5. Set Up the Code Repository to Deploy Oracle WebCenter Portal Domain

6. Grant Roles and Clear Stale Resources

7. Install the WebLogic Kubernetes Operator

8. Prepare the Environment for the WebCenter Portal Domain

   1. Create a Namespace for an Oracle WebCenter Portal Domain

   2. Create a Kubernetes Secret with Domain Credentials

   3. Create a Kubernetes Secret with the RCU Credentials

   4. Create Persistent Storage for an Oracle WebCenter Portal Domain

   5. Configure Access to Your Database

   6. Run the Repository Creation Utility to Set Up Your Database Schemas

Set Up Your Kubernetes Cluster

Refer to the official Kubernetes setup documentation to establish a production-grade Kubernetes cluster.

After creating Kubernetes clusters, you can optionally:

• Create load balancers to direct traffic to the backend domain.
• Configure Kibana and Elasticsearch for your operator logs.

Install Helm

The operator uses Helm to create and deploy the necessary resources and then run the operator in a Kubernetes cluster. For Helm installation and usage information, see here.

Pull Other Dependent Images

Dependent images include WebLogic Kubernetes Operator, database, and Traefik. Pull these images and add them to your local registry:

1. Pull these docker images and re-tag them as shown:

   To pull an image from the Oracle Container Registry, in a web browser, navigate to https://container-registry.oracle.com and log in using the Oracle Single Sign-On authentication service. If you do not already have SSO credentials, at the top of the page, click the Sign In link to create them.

   Use the web interface to accept the Oracle Standard Terms and Restrictions for the Oracle software images that you intend to deploy. Your acceptance of these terms are stored in a database that links the software images to your Oracle Single Sign-On login credentials.

   Then, pull these docker images:

   #This step is required once at every node to get access to the Oracle Container Registry.
   
   docker login https://container-registry.oracle.com (enter your Oracle email Id and password)

   WebLogic Kubernetes Operator image:

   docker pull ghcr.io/oracle/weblogic-kubernetes-operator:4.2.9

2. Copy all the built and pulled images to all the nodes in your cluster or add to a Docker registry that your cluster can access.

   Note: If you’re not running Kubernetes on your development machine, you’ll need to make the Docker image available to a registry visible to your Kubernetes cluster.

   Upload your image to a machine running Docker and Kubernetes as follows:

   # on your build machine
   docker save Image_Name:Tag > Image_Name-Tag.tar
   scp Image_Name-Tag.tar YOUR_USER@YOUR_SERVER:/some/path/Image_Name-Tag.tar
   
   # on the Kubernetes server
   docker load < /some/path/Image_Name-Tag.tar

Obtain the Oracle WebCenter Portal Docker Image

Get the Oracle WebCenter Portal Image from the Oracle Container Registry (OCR)

For first-time users, follow these steps to pull the image from the Oracle Container Registry:

1. Navigate to Oracle Container Registry and log in using the Oracle Single Sign-On (SSO) authentication service.

   Note: If you do not already have SSO credentials, you can create an Oracle Account here.

2. Use the web interface to accept the Oracle Standard Terms and Restrictions for the Oracle software images you intend to deploy.

   Note: Your acceptance of these terms is stored in a database linked to your Oracle Single Sign-On credentials.

3. Log in to the Oracle Container Registry using the following command:

   docker login container-registry.oracle.com

4. Find and pull the prebuilt Oracle WebCenter Portal image by running the following command:

docker pull container-registry.oracle.com/middleware/webcenter-portal_cpu:14.1.2.0-<TAG>

Build Oracle WebCenter Portal Container Image

Alternatively, if you prefer to build and use the Oracle WebCenter Portal container image with the WebLogic Image Tool, including any additional bundle or interim patches, follow these steps to create the image.

Note:

• The default Oracle WebCenter Portal image name used for Oracle WebCenter Portal domain deployment is oracle/wcportal:14.1.2.0.
• The image created must be tagged as oracle/wcportal:14.1.2.0 using the docker tag command.
• If a different name is chosen for the image, the new tag name must be updated in the create-domain-inputs.yaml file and in all other instances where the oracle/wcportal:14.1.2.0 image name is referenced.

Set Up the Code Repository to Deploy Oracle WebCenter Portal Domain

Oracle WebCenter Portal domain deployment on Kubernetes leverages the WebLogic Kubernetes Operator infrastructure. For deploying the Oracle WebCenter Portal domain, you need to set up the deployment scripts as below:

1. Create a working directory to set up the source code.

   mkdir $HOME/wcp_14.1.2.0
   cd $HOME/wcp_14.1.2.0   

2. Download the Oracle WebCenter Portal Kubernetes deployment scripts from the Github repository. Required artifacts are available at FMW-DockerImages/OracleWeCenterPortal/kubernetes.

   git clone https://github.com/oracle/fmw-kubernetes.git
   export WORKDIR=$HOME/wcp_14.1.2.0/fmw-kubernetes/OracleWebCenterPortal/kubernetes/

You can now use the deployment scripts from <$WORKDIR> to set up the WebCenter Portal domain as described later in this document.

Grant Roles and Clear Stale Resources

1. To confirm if there is already a WebLogic custom resource definition, execute the following command:

   kubectl get crd    

   Sample Output:

   NAME                      CREATED AT
   domains.weblogic.oracle   2020-03-14T12:10:21Z

2. Delete the WebLogic custom resource definition, if you find any, by executing the following command:

   kubectl delete crd domains.weblogic.oracle

   Sample Output:

   customresourcedefinition.apiextensions.k8s.io "domains.weblogic.oracle" deleted    

Install the WebLogic Kubernetes Operator

The WebLogic Kubernetes Operator supports the deployment of Oracle WebCenter Portal domains in the Kubernetes environment.

Follow the steps in this document to install the operator.

Optionally, you can follow these steps to send the contents of the operator’s logs to Elasticsearch.

In the following example commands to install the WebLogic Kubernetes Operator, opns is the namespace and op-sa is the service account created for the operator:

kubectl create namespace operator-ns
kubectl create serviceaccount -n operator-ns operator-sa
helm repo add weblogic-operator https://oracle.github.io/weblogic-kubernetes-operator/charts --force-update 
helm install weblogic-kubernetes-operator weblogic-operator/weblogic-operator  --version 4.2.9 --namespace operator-ns --set serviceAccount=operator-sa --set "javaLoggingLevel=FINE" --wait

Note: In this procedure, the namespace is referred to as operator-ns, but any name can be used.

The following values can be used:
- Domain UID/Domain name: wcp-domain
- Domain namespace: wcpns
- Operator namespace: operator-ns
- Traefik namespace: traefik

Prepare the Environment for the WebCenter Portal Domain

Create a namespace for an Oracle WebCenter Portal domain

Create a Kubernetes namespace (for example, wcpns) for the domain unless you intend to use the default namespace. For details, see Prepare to run a domain.

kubectl create namespace wcpns

Sample Output:

namespace/wcpns created

To manage domain in this namespace, configure the operator using helm:

Helm upgrade weblogic-operator

 helm upgrade --reuse-values --set "domainNamespaces={wcpns}" \
 --wait weblogic-kubernetes-operator charts/weblogic-operator --namespace operator-ns

Sample Output:

 NAME: weblogic-kubernetes-operator
 LAST DEPLOYED: Wed Jan  6 01:52:58 2021
 NAMESPACE: operator-ns
 STATUS: deployed
 REVISION: 2

Create a Kubernetes secret with domain credentials

Create the Kubernetes secrets username and password of the administrative account in the same Kubernetes namespace as the domain:

 cd ${WORKDIR}/create-weblogic-domain-credentials
 ./create-weblogic-credentials.sh -u weblogic -p welcome1 -n wcpns -d wcp-domain -s wcp-domain-domain-credentials

Sample Output:

secret/wcp-domain-domain-credentials created
secret/wcp-domain-domain-credentials labeled
The secret wcp-domain-domain-credentials has been successfully created in the wcpns namespace.

Where:

• -u user name, must be specified.
• -p password, must be provided using the -p argument or user will be prompted to enter a value.
• -n namespace. Example: wcpns
• -d domainUID. Example: wcp-domain
  
• -s secretName. Example: wcp-domain-domain-credentials

Note: You can inspect the credentials as follows:

 kubectl get secret wcp-domain-domain-credentials -o yaml -n wcpns

For more details, see this document.

Create a Kubernetes secret with the RCU credentials

Create a Kubernetes secret for the Repository Configuration Utility (user name and password) using the create-rcu-credentials.sh script in the same Kubernetes namespace as the domain:

 cd ${WORKDIR}/create-rcu-credentials
 sh create-rcu-credentials.sh \
    -u username \
    -p password \
    -a sys_username \
    -q sys_password \
    -d domainUID \
    -n namespace \
    -s secretName

Sample Output:

 secret/wcp-domain-rcu-credentials created
 secret/wcp-domain-rcu-credentials labeled
 The secret wcp-domain-rcu-credentials has been successfully created in the wcpns namespace.

The parameters are as follows:

  -u username for schema owner (regular user), must be specified.
  -p password for schema owner (regular user), must be provided using the -p argument or user will be prompted to enter a value.
  -a username for SYSDBA user, must be specified.
  -q password for SYSDBA user, must be provided using the -q argument or user will be prompted to enter a value.
  -d domainUID, optional. The default value is wcp-domain. If specified, the secret will be labeled with the domainUID unless the given value is an empty string.
  -n namespace, optional. Use the wcpns namespace if not specified.
  -s secretName, optional. If not specified, the secret name will be determined based on the domainUID value.

Note: You can inspect the credentials as follows:

 kubectl get secret wcp-domain-rcu-credentials -o yaml -n wcpns

Create a persistent storage for an Oracle WebCenter Portal domain

Create a Kubernetes PV and PVC (Persistent Volume and Persistent Volume Claim):

In the Kubernetes namespace you created, create the PV and PVC for the domain by running the create-pv-pvc.sh script. Follow the instructions for using the script to create a dedicated PV and PVC for the Oracle WebCenter Portal domain.

• Review the configuration parameters for PV creation. Based on your requirements, update the values in the create-pv-pvc-inputs.yaml file located at ${WORKDIR}/create-weblogic-domain-pv-pvc/. Sample configuration parameter values for an Oracle WebCenter Portal domain are:

  • baseName: domain
  • domainUID: wcp-domain
  • namespace: wcpns
  • weblogicDomainStorageType: HOST_PATH
  • weblogicDomainStoragePath: /scratch/kubevolume

• Ensure that the path for the weblogicDomainStoragePath property exists (create one if it doesn’t exist), that it has full access permissions, and that the folder is empty.

• Run the create-pv-pvc.sh script:

  cd ${WORKDIR}/create-weblogic-domain-pv-pvc
  ./create-pv-pvc.sh -i create-pv-pvc-inputs.yaml -o output

  Sample Output:

  Input parameters being used
  export version="create-weblogic-sample-domain-pv-pvc-inputs-v1"
  export baseName="domain"
  export domainUID="wcp-domain"
  export namespace="wcpns"
  export weblogicDomainStorageType="HOST_PATH"
  export weblogicDomainStoragePath="/scratch/kubevolume"
  export weblogicDomainStorageReclaimPolicy="Retain"
  export weblogicDomainStorageSize="10Gi"
  
  Generating output/pv-pvcs/wcp-domain-domain-pv.yaml
  Generating output/pv-pvcs/wcp-domain-domain-pvc.yaml
  The following files were generated:
    output/pv-pvcs/wcp-domain-domain-pv.yaml
    output/pv-pvcs/wcp-domain-domain-pvc.yaml

• The create-pv-pvc.sh script creates a subdirectory pv-pvcs under the given /path/to/output-directory directory and creates two YAML configuration files for PV and PVC. Apply these two YAML files to create the PV and PVC Kubernetes resources using the kubectl create -f command:

  kubectl create -f output/pv-pvcs/wcp-domain-domain-pv.yaml
  kubectl create -f output/pv-pvcs/wcp-domain-domain-pvc.yaml

Configure Database Access

The Oracle WebCenter Portal domain requires a database configured with specific schemas, which can be created using the Repository Creation Utility (RCU). It is essential to set up the database before creating the domain.

For production environments, it is recommended to use a standalone (non-containerized) database running outside of Kubernetes.

Ensure the required schemas are set up in your database before proceeding with domain creation.

Run the Repository Creation Utility to set up your database schemas

To create the database schemas for Oracle WebCenter Portal domain, run the create-rcu-schema.sh script.

cd ${WORKDIR}/create-rcu-schema

./create-rcu-schema.sh \
    -s WCP1 \
    -t wcp \
    -d xxx.oraclevcn.com:1521/DB1129_pdb1.xxx.wcpcluster.oraclevcn.com \
    -i iad.ocir.io/xxxxxxxx/oracle/wcportal:14.1.2.0 \
    -n wcpns \
    -c wcp-domain-rcu-credentials \
    -r ANALYTICS_WITH_PARTITIONING=N

Usage:

 ./create-rcu-schema.sh -s <schemaPrefix> [-t <schemaType>] [-d <dburl>] [-n <namespace>] [-c <credentialsSecretName>] [-p <docker-store>] [-i <image>] [-u <imagePullPolicy>] [-o <rcuOutputDir>] [-r <customVariables>] [-l <timeoutLimit>] [-e <edition>] [-h]
  -s RCU Schema Prefix (required)
  -t RCU Schema Type (optional)
      (supported values: wcp,wcpp) 
  -d RCU Oracle Database URL (optional) 
      (default: oracle-db.default.svc.cluster.local:1521/devpdb.k8s) 
  -n Namespace for RCU pod (optional)
      (default: default)
  -c Name of credentials secret (optional).
       (default: oracle-rcu-secret)
       Must contain SYSDBA username at key 'sys_username',
       SYSDBA password at key 'sys_password',
       and RCU schema owner password at key 'password'.
  -p OracleWebCenterPortal ImagePullSecret (optional) 
      (default: none) 
  -i OracleWebCenterPortal Image (optional) 
      (default: oracle/wcportal:release-version) 
  -u OracleWebCenterPortal ImagePullPolicy (optional) 
      (default: IfNotPresent) 
  -o Output directory for the generated YAML file. (optional)
      (default: rcuoutput)
  -r Comma-separated custom variables in the format variablename=value. (optional).
      (default: none)
  -l Timeout limit in seconds. (optional).
      (default: 300)
  -e The edition name. This parameter is only valid if you specify databaseType=EBR. (optional).
      (default: 'ORA$BASE')
  -h Help

Note: The c, p, i, u, and o arguments are ignored if an rcu pod is already running in the namespace.

Notes:

• Where RCU Schema type wcp generates webcenter portal related schema and wcpp generates webcenter portal plus portlet schemas.
• To enable or disable database partitioning for Analytics installation in Oracle WebCenter Portal, use the -r flag. Enter Y to enable database partitioning or N to disable it. For example: -r ANALYTICS_WITH_PARTITIONING=N. Supported values for ANALYTICS_WITH_PARTITIONING are Y and N.

Create WebCenter Portal domain

Create an Oracle WebCenter Portal domain home on an existing PV or PVC, and create the domain resource YAML file for deploying the generated Oracle WebCenter Portal domain.

• Introduction
• Prerequisites
• Prepare the WebCenter Portal Domain Creation Input File
• Create the WebCenter Portal Domain
• Initialize the WebCenter Portal Domain
• Verify the WebCenter Portal Domain
• Managing WebCenter Portal

Introduction

You can use the sample scripts to create a WebCenter Portal domain home on an existing Kubernetes persistent volume (PV) and persistent volume claim (PVC).The scripts also generate the domain YAML file, which helps you start the Kubernetes artifacts of the corresponding domain.

Prerequisites

• Ensure that you have completed all of the steps under prepare-your-environment.
• Ensure that the database and the WebLogic Kubernetes operator is up.

Prepare the WebCenter Portal Domain Creation Input File

If required, you can customize the parameters used for creating a domain in the create-domain-inputs.yaml file.

Please note that the sample scripts for the WebCenter Portal domain deployment are available from the previously downloaded repository at ${WORKDIR}/create-wcp-domain/domain-home-on-pv/.

Make a copy of the create-domain-inputs.yaml file before updating the default values.

The default domain created by the script has the following characteristics:

• An Administration Server named AdminServer listening on port 7001.
• A configured cluster named wcp-cluster of size 5.
• Managed Server, named wcpserver, listening on port 8888.
• If configurePortletServer is set to true . It configures a cluster named wcportlet-cluster of size 5 and Managed Server, named wcportletserver, listening on port 8889.
• Log files that are located in /shared/logs/<domainUID>.

Configuration parameters

The following parameters can be provided in the inputs file:

You can form the names of the Kubernetes resources in the generated YAML files with the value of these properties specified in the create-domain-inputs.yaml file: adminServerName, clusterName, and managedServerNameBase. Characters that are invalid in a Kubernetes service name are converted to valid values in the generated YAML files. For example, an uppercase letter is converted to a lowercase letter, and an underscore (“_“) is converted to a hyphen (”-“).

The sample demonstrates how to create a WebCenter Portal domain home and associated Kubernetes resources for a domain that has one cluster only. In addition, the sample provides users with the capability to supply their own scripts to create the domain home for other use cases. You can modify the generated domain YAML file to include more use cases.

Create the WebCenter Portal Domain

Run the create domain script, specifying your inputs file and an output directory to store the generated artifacts:

 ./create-domain.sh \
    -i create-domain-inputs.yaml \
    -o /<path to output-directory>

The script will perform the following steps:

• Create a directory for the generated Kubernetes YAML files for this domain if it does not already exist. The path name is <path to output-directory>/weblogic-domains/<domainUID>. If the directory already exists, its contents must be removed before using this script.

• Create a Kubernetes job that will start up a utility Oracle WebCenter Portal container and run offline WLST scripts to create the domain on the shared storage.

• Run and wait for the job to finish.

• Create a Kubernetes domain YAML file, domain.yaml, in the “output” directory that was created above.

  This YAML file can be used to create the Kubernetes resource using the kubectl create -f or kubectl apply -f command:

    kubectl apply -f ../<path to output-directory>/weblogic-domains/<domainUID>/domain.yaml

• Create a convenient utility script, delete-domain-job.yaml, to clean up the domain home created by the create script.

1. Run the create-domain.sh sample script, pointing it at the create-domain-inputs.yaml inputs file and an output directory like below:

   cd ${WORKDIR}/create-wcp-domain/
   sh create-domain.sh  -i create-domain-inputs.yaml  -o output

   Sample Output:

     Input parameters being used
     export version="create-weblogic-sample-domain-inputs-v1"
     export sslEnabled="false"
     export adminPort="7001"
     export adminServerSSLPort="7002"
     export adminServerName="AdminServer"
     export domainUID="wcp-domain"
     export domainHome="/u01/oracle/user_projects/domains/$domainUID"
     export serverStartPolicy="IF_NEEDED"
     export clusterName="wcp-cluster"
     export configuredManagedServerCount="5"
     export initialManagedServerReplicas="2"
     export managedServerNameBase="wcpserver"
     export managedServerPort="8888"
     export managedServerSSLPort="8788"
     export portletServerPort="8889"
     export portletServerSSLPort="8789"
     export image="oracle/wcportal:14.1.2.0"
     export imagePullPolicy="IfNotPresent"
     export productionModeEnabled="true"
     export weblogicCredentialsSecretName="wcp-domain-domain-credentials"
     export includeServerOutInPodLog="true"
     export logHome="/u01/oracle/user_projects/domains/logs/$domainUID"
     export httpAccessLogInLogHome="true"
     export t3ChannelPort="30012"
     export exposeAdminT3Channel="false"
     export adminNodePort="30701"
     export exposeAdminNodePort="false"
     export namespace="wcpns"
     javaOptions=-Dweblogic.StdoutDebugEnabled=false
     export persistentVolumeClaimName="wcp-domain-domain-pvc"
     export domainPVMountPath="/u01/oracle/user_projects/domains"
     export createDomainScriptsMountPath="/u01/weblogic"
     export createDomainScriptName="create-domain-job.sh"
     export createDomainFilesDir="wlst"
     export rcuSchemaPrefix="WCP1"
     export rcuDatabaseURL="oracle-db.wcpns.svc.cluster.local:1521/devpdb.k8s"
     export rcuCredentialsSecret="wcp-domain-rcu-credentials"
     export loadBalancerHostName="abc.def.com"
     export loadBalancerPortNumber="30305"
     export loadBalancerProtocol="http"
     export loadBalancerType="traefik"
     export unicastPort="50000"
   
     Generating output/weblogic-domains/wcp-domain/create-domain-job.yaml
     Generating output/weblogic-domains/wcp-domain/delete-domain-job.yaml
     Generating output/weblogic-domains/wcp-domain/domain.yaml
     Checking to see if the secret wcp-domain-domain-credentials exists in namespace wcpns
     configmap/wcp-domain-create-wcp-infra-sample-domain-job-cm created
     Checking the configmap wcp-domain-create-wcp-infra-sample-domain-job-cm was created
     configmap/wcp-domain-create-wcp-infra-sample-domain-job-cm labeled
     Checking if object type job with name wcp-domain-create-wcp-infra-sample-domain-job exists
     Deleting wcp-domain-create-wcp-infra-sample-domain-job using output/weblogic-domains/wcp-domain/create-domain-job.yaml
     job.batch "wcp-domain-create-wcp-infra-sample-domain-job" deleted
     $loadBalancerType is NOT empty
     Creating the domain by creating the job output/weblogic-domains/wcp-domain/create-domain-job.yaml
     job.batch/wcp-domain-create-wcp-infra-sample-domain-job created
     Waiting for the job to complete...
     status on iteration 1 of 20
     pod wcp-domain-create-wcp-infra-sample-domain-job-b5l6c status is Running
     status on iteration 2 of 20
     pod wcp-domain-create-wcp-infra-sample-domain-job-b5l6c status is Running
     status on iteration 3 of 20
     pod wcp-domain-create-wcp-infra-sample-domain-job-b5l6c status is Running
     status on iteration 4 of 20
     pod wcp-domain-create-wcp-infra-sample-domain-job-b5l6c status is Running
     status on iteration 5 of 20
     pod wcp-domain-create-wcp-infra-sample-domain-job-b5l6c status is Running
     status on iteration 6 of 20
     pod wcp-domain-create-wcp-infra-sample-domain-job-b5l6c status is Running
     status on iteration 7 of 20
     pod wcp-domain-create-wcp-infra-sample-domain-job-b5l6c status is Completed
   
     Domain wcp-domain was created and will be started by the WebLogic Kubernetes Operator
   
     The following files were generated:
       output/weblogic-domains/wcp-domain/create-domain-inputs.yaml
       output/weblogic-domains/wcp-domain/create-domain-job.yaml
       output/weblogic-domains/wcp-domain/domain.yaml
   
     Completed

2. To monitor the above domain creation logs:

   $ kubectl get pods -n wcpns |grep wcp-domain-create

   Sample Output:

   wcp-domain-create-fmw-infra-sample-domain-job-8jr6k   1/1     Running   0          6s

   $ kubectl get pods -n wcpns | grep wcp-domain-create | awk '{print $1}' | xargs kubectl -n wcpns logs -f 

   Sample Output:

   The domain will be created using the script /u01/weblogic/create-domain-script.sh
   
   Initializing WebLogic Scripting Tool (WLST) ...
   
   
   Welcome to WebLogic Server Administration Scripting Shell
   
   Type help() for help on available commands
   
   =================================================================
       WebCenter Portal Weblogic Operator Domain Creation Script
                           14.1.2.0
   =================================================================
   Creating Base Domain...
   Creating Admin Server...
   Creating cluster...
   managed server name is wcpserver1
   managed server name is wcpserver2
   managed server name is wcpserver3
   managed server name is wcpserver4
   managed server name is wcpserver5
   ['wcpserver1', 'wcpserver2', 'wcpserver3', 'wcpserver4', 'wcpserver5']
   Creating porlet cluster...
   managed server name is wcportletserver1
   managed server name is wcportletserver2
   managed server name is wcportletserver3
   ['wcportletserver1', 'wcportletserver2', 'wcportletserver3', 'wcportletserver4', 'wcportletserver5']
   Managed servers created...
   Creating Node Manager...
   Will create Base domain at /u01/oracle/user_projects/domains/wcp-domain
   Writing base domain...
   Base domain created at /u01/oracle/user_projects/domains/wcp-domain
   Extending Domain...
   Extending domain at /u01/oracle/user_projects/domains/wcp-domain
   Database  oracle-db.wcpns.svc.cluster.local:1521/devpdb.k8s
   ExposeAdminT3Channel false with 100.111.157.155:30012
   Applying JRF templates...
   Applying WCPortal templates...
   Extension Templates added...
   WC_Portal Managed server deleted...
   Configuring the Service Table DataSource...
   fmwDatabase  jdbc:oracle:thin:@oracle-db.wcpns.svc.cluster.local:1521/devpdb.k8s
   Getting Database Defaults...
   Targeting Server Groups...
   Set CoherenceClusterSystemResource to defaultCoherenceCluster for server:wcpserver1
   Set CoherenceClusterSystemResource to defaultCoherenceCluster for server:wcpserver2
   Set CoherenceClusterSystemResource to defaultCoherenceCluster for server:wcpserver3
   Set CoherenceClusterSystemResource to defaultCoherenceCluster for server:wcpserver4
   Set CoherenceClusterSystemResource to defaultCoherenceCluster for server:wcpserver5
   Set CoherenceClusterSystemResource to defaultCoherenceCluster for server:wcportletserver1
   Set CoherenceClusterSystemResource to defaultCoherenceCluster for server:wcportletserver2
   Set CoherenceClusterSystemResource to defaultCoherenceCluster for server:wcportletserver3
   Targeting Cluster ...
   Set CoherenceClusterSystemResource to defaultCoherenceCluster for cluster:wcp-cluster
   Set WLS clusters as target of defaultCoherenceCluster:wcp-cluster
   Set CoherenceClusterSystemResource to defaultCoherenceCluster for cluster:wcportlet-cluster
   Set WLS clusters as target of defaultCoherenceCluster:wcportlet-cluster
   Preparing to update domain...
   Jan 12, 2021 10:30:09 AM oracle.security.jps.az.internal.runtime.policy.AbstractPolicyImpl initializeReadStore
   INFO: Property for read store in parallel: oracle.security.jps.az.runtime.readstore.threads = null
   Domain updated successfully
   Domain Creation is done...
   Successfully Completed

Initialize the WebCenter Portal Domain

To start the domain, apply the above domain.yaml:

kubectl apply -f output/weblogic-domains/wcp-domain/domain.yaml

Sample Output:

domain.weblogic.oracle/wcp-domain created

Verify the WebCenter Portal Domain

Verify that the domain and servers pods and services are created and in the READY state:

Sample run below:

kubectl get pods -n wcpns -w

Sample Output:

NAME                                                    READY   STATUS          RESTARTS    AGE
wcp-domain-create-fmw-infra-sample-domain-job-8jr6k     0/1     Completed         0             15m
wcp-domain-adminserver                                  1/1     Running         0          8m9s
wcp-domain-create-fmw-infra-sample-domain-job-8jr6k     0/1     Completed       0          3h6m
wcp-domain-wcp-server1                                  0/1     Running         0          6m5s
wcp-domain-wcp-server2                                  0/1     Running         0          6m4s
wcp-domain-wcp-server2                                  1/1     Running         0          6m18s
wcp-domain-wcp-server1                                  1/1     Running         0          6m54s

kubectl get all -n wcpns

Sample Output:

NAME                                                      READY   STATUS      RESTARTS   AGE
pod/wcp-domain-adminserver                                1/1     Running     0          13m
pod/wcp-domain-create-fmw-infra-sample-domain-job-8jr6k   0/1     Completed   0          3h12m
pod/wcp-domain-wcp-server1                                1/1     Running     0          11m
pod/wcp-domain-wcp-server2                                1/1     Running     0          11m
pod/wcp-domain-wcportletserver1                           1/1     Running     1          21h


NAME                                             TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
service/wcp-domain-adminserver                   ClusterIP   None            <none>        7001/TCP   13m
service/wcp-domain-cluster-wcp-cluster           ClusterIP   10.98.145.173   <none>        8888/TCP   11m
service/wcp-domain-wcp-server1                   ClusterIP   None            <none>        8888/TCP   11m
service/wcp-domain-wcp-server2                   ClusterIP   None            <none>        8888/TCP   11m
service/wcp-domain-cluster-wcportlet-cluster     ClusterIP   10.98.145.173   <none>        8889/TCP   11m
service/wcp-domain-wcportletserver1              ClusterIP   None            <none>        8889/TCP   11m


NAME                                                      COMPLETIONS   DURATION   AGE
job.batch/wcp-domain-create-fmw-infra-sample-domain-job   1/1           16m        3h12m

To see the Admin and Managed Servers logs, you can check the pod logs:

$ kubectl logs -f wcp-domain-adminserver -n wcpns

$ kubectl logs -f wcp-domain-wcp-server1  -n wcpns

Verify the Pods

Use the following command to see the pods running the servers:

$ kubectl get pods -n NAMESPACE

Here is an example of the output of this command:

kubectl get pods -n wcpns

Sample Output:

NAME                                                  READY   STATUS      RESTARTS   AGE
rcu                                                   1/1     Running     1          14d
wcp-domain-adminserver                                1/1     Running     0          16m
wcp-domain-create-fmw-infra-sample-domain-job-8jr6k   0/1     Completed   0          3h14m
wcp-domain-wcp-server1                                1/1     Running     0          14m
wcp-domain-wcp-server2                                1/1     Running     0          14m
wcp-domain-wcportletserver1                           1/1     Running     1          14m

Verify the Services

Use the following command to see the services for the domain:

$ kubectl get services -n NAMESPACE

Here is an example of the output of this command:

kubectl get services -n wcpns

Sample Output:

NAME                                    TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
wcp-domain-adminserver                  ClusterIP   None            <none>        7001/TCP   17m
wcp-domain-cluster-wcp-cluster          ClusterIP   10.98.145.173   <none>        8888/TCP   14m
wcp-domain-wcp-server1                  ClusterIP   None            <none>        8888/TCP   14m
wcp-domain-wcp-server2                  ClusterIP   None            <none>        8888/TCP   14m
wcp-domain-cluster-wcportlet-cluster    ClusterIP   10.98.145.173   <none>        8889/TCP   14m
wcp-domain-wcportletserver1             ClusterIP   None            <none>        8889/TCP   14m

Managing WebCenter Portal

To stop Managed Servers:

kubectl patch domain wcp-domain -n wcpns --type='json' -p='[{"op": "replace", "path": "/spec/clusters/0/replicas", "value": 0 }]'

To start all configured Managed Servers:

kubectl patch domain wcp-domain -n wcpns --type='json' -p='[{"op": "replace", "path": "/spec/clusters/0/replicas", "value": 3 }]' 

kubectl get pods -n wcpns -w

Sample Output:

NAME                                                    READY   STATUS          RESTARTS    AGE
wcp-domain-create-fmw-infra-sample-domain-job-8jr6k     0/1     Completed       0           15m
wcp-domain-adminserver                                  1/1     Running         0          8m9s
wcp-domain-create-fmw-infra-sample-domain-job-8jr6k     0/1     Completed       0          3h6m
wcp-domain-wcp-server1                                  0/1     Running         0          6m5s
wcp-domain-wcp-server2                                  0/1     Running         0          6m4s
wcp-domain-wcp-server2                                  1/1     Running         0          6m18s
wcp-domain-wcp-server1                                  1/1     Running         0          6m54s

Administration Guide

Explains how to utilize various utility tools and configurations to manage the WebCenter Portal domain.

Administer the Oracle WebCenter Portal domain in a Kubernetes environment.

Setting Up a Load Balancer

Set up various load balancers for the Oracle WebCenter Portal domain.

The WebLogic Kubernetes Operator supports ingress-based load balancers like Traefik and NGINX (kubernetes/ingress-nginx). It also works with the Apache web tier load balancer.

Traefik

Set up the Traefik ingress-based load balancer for the Oracle WebCenter Portal domain.

To load balance Oracle WebCenter Portal domain clusters, install the ingress-based Traefik load balancer (version 2.6.0 or later for production environments) and configure it for non-SSL, SSL termination, and end-to-end SSL access for the application URL. Follow these steps to configure Traefik as a load balancer for an Oracle WebCenter Portal domain in a Kubernetes cluster:

• Non-SSL and SSL termination
  1. Install the Traefik (ingress-based) load balancer
  2. Configure Traefik to manage ingresses
  3. Create an Ingress for the domain
  4. Verify domain application URL access
  5. Uninstall the Traefik ingress
• End-to-end SSL configuration
  1. Install the Traefik load balancer for End-to-end SSL
  2. Configure Traefik to manage domain
  3. Create IngressRouteTCP
  4. Verify end-to-end SSL access
  5. Uninstall Traefik

Non-SSL and SSL termination

Install the Traefik (ingress-based) load balancer

1. Use Helm to install the Traefik (ingress-based) load balancer. You can use the following values.yaml sample file and set kubernetes.namespaces as required.

    cd ${WORKDIR}
    kubectl create namespace traefik
    helm repo add traefik https://helm.traefik.io/traefik --force-update

   Sample output:

    "traefik" has been added to your repositories

2. Install Traefik:

    helm install traefik  traefik/traefik \
      --namespace traefik \
      --values charts/traefik/values.yaml \
      --set  "kubernetes.namespaces={traefik}" \
      --set "service.type=NodePort" --wait

   Sample output:

    LAST DEPLOYED: Sun Sep 13 21:32:00 2020
    NAMESPACE: traefik
    STATUS: deployed
    REVISION: 1
    TEST SUITE: None

   Here is a sample values.yaml for deploying Traefik:

   image:
     name: traefik
     pullPolicy: IfNotPresent
   
   ingressRoute:
     dashboard:
       enabled: true
       # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
       annotations: {}
       # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
       labels: {}
   
   providers:
     kubernetesCRD:
       enabled: true
     kubernetesIngress:
       enabled: true
       # IP used for Kubernetes Ingress endpoints
   
   ports:
     traefik:
       port: 9000
       # The exposed port for this service
       exposedPort: 9000
       # The port protocol (TCP/UDP)
       protocol: TCP
     web:
       port: 8000
       exposedPort: 30305
       nodePort: 30305
       # The port protocol (TCP/UDP)
       protocol: TCP
       # Use nodeport if set. This is useful if you have configured Traefik in a
       # LoadBalancer
       # nodePort: 32080
       # Port Redirections
       # Added in 2.2, you can make permanent redirects via entrypoints.
       # https://docs.traefik.io/routing/entrypoints/#redirection
       # redirectTo: websecure
     websecure:
       port: 8443
       exposedPort: 30443
       # The port protocol (TCP/UDP)
       protocol: TCP
       nodePort: 30443

3. Verify the Traefik status and find the port number of the SSL and non-SSL services:

    kubectl get all -n traefik

   Sample output:

    NAME                          READY   STATUS    RESTARTS   AGE
    pod/traefik-f9cf58697-29dlx   1/1     Running   0          35s
   
    NAME              TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)                                          AGE
    service/traefik   NodePort   10.100.113.37   <none>        9000:30070/TCP,30305:30305/TCP,30443:30443/TCP   35s
   
    NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
    deployment.apps/traefik   1/1     1            1           36s
   
    NAME                                DESIRED   CURRENT   READY   AGE
    replicaset.apps/traefik-f9cf58697   1         1         1       36s

4. Access the Traefik dashboard through the URL http://$(hostname -f):30070, with the HTTP host traefik.example.com:

    curl -H "host: $(hostname -f)" http://$(hostname -f):30070/dashboard/

   Note: Make sure that you specify a fully qualified node name for $(hostname -f)

Configure Traefik to manage ingresses

Configure Traefik to manage ingresses created in this namespace. In the following sample, traefik is the Traefik namespace and wcpns is the namespace of the domain:

helm upgrade traefik traefik/traefik \
--reuse-values \
--namespace traefik \
--set "kubernetes.namespaces={traefik,wcpns}" \
--wait

Sample output:

Release "traefik" has been upgraded. Happy Helming!
NAME: traefik
LAST DEPLOYED: Tue Jan 12 04:33:15 2021
NAMESPACE: traefik
STATUS: deployed
REVISION: 2
TEST SUITE: None

Creating an Ingress for the Domain

To create an ingress for the domain within the domain namespace, use the sample Helm chart, which implements path-based routing for ingress. Sample values for the default configuration can be found in the file ${WORKDIR}/charts/ingress-per-domain/values.yaml.

By default, the type is set to TRAEFIK, and tls is configured as Non-SSL. You can override these values either by passing them through the command line or by editing the sample values.yaml file according to your configuration type (non-SSL or SSL).

NOTE: This is not an exhaustive list of rules. You can modify it to include any application URLs that need external access.

If necessary, you can update the ingress YAML file to define additional path rules in the spec.rules.host.http.paths section based on the domain application URLs that require external access. The template YAML file for the Traefik (ingress-based) load balancer is located at ${WORKDIR}/charts/ingress-per-domain/templates/traefik-ingress.yaml. You can add new path rules as demonstrated below.

 - path: /NewPathRule
   backend:
     serviceName: 'Backend Service Name'
     servicePort: 'Backend Service Port'

1. Install ingress-per-domain using Helm for non-SSL configuration:

     cd ${WORKDIR}
     helm install wcp-traefik-ingress  \
        charts/ingress-per-domain \
        --namespace wcpns \
        --values charts/ingress-per-domain/values.yaml \
        --set "traefik.hostname=$(hostname -f)"

   Sample output:

     NAME: wcp-traefik-ingress
     LAST DEPLOYED: Mon Jul 20 11:44:13 2020
     NAMESPACE: wcpns
     STATUS: deployed
     REVISION: 1
     TEST SUITE: None

2. For secured access (SSL) to the Oracle WebCenter Portal application, create a certificate and generate a Kubernetes secret:

     openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls1.key -out /tmp/tls1.crt -subj "/CN=*"
     kubectl -n wcpns create secret tls wcp-domain-tls-cert --key /tmp/tls1.key --cert /tmp/tls1.crt

   Note:: The value of CN is the host on which this ingress is to be deployed.

3. Create the Traefik TLSStore custom resource.

   In case of SSL termination, Traefik should be configured to use the user-defined SSL certificate. If the user-defined SSL certificate is not configured, Traefik creates a default SSL certificate. To configure a user-defined SSL certificate for Traefik, use the TLSStore custom resource. The Kubernetes secret created with the SSL certificate should be referenced in the TLSStore object. Run the following command to create the TLSStore:

   cat <<EOF | kubectl apply -f -
   apiVersion: traefik.containo.us/v1alpha1
   kind: TLSStore
   metadata:
     name: default
     namespace: wcpns
   spec:
     defaultCertificate:
       secretName:  wcp-domain-tls-cert   
   EOF

4. Install ingress-per-domain using Helm for SSL configuration.

   The Kubernetes secret name should be updated in the template file.

   The template file also contains the following annotations:

    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/router.middlewares: wcpns-wls-proxy-ssl@kubernetescrd

   The entry point for SSL access and the Middleware name should be updated in the annotation. The Middleware name should be in the form <namespace>-<middleware name>@kubernetescrd.

    cd ${WORKDIR}
    helm install wcp-traefik-ingress  \
        charts/ingress-per-domain \
        --namespace wcpns \
        --values charts/ingress-per-domain/values.yaml \
        --set "traefik.hostname=$(hostname -f)" \
        --set sslType=SSL

   Sample output:

    NAME: wcp-traefik-ingress
    LAST DEPLOYED: Mon Jul 20 11:44:13 2020
    NAMESPACE: wcpns
    STATUS: deployed
    REVISION: 1
    TEST SUITE: None

5. For non-SSL access to the Oracle WebCenter Portal application, get the details of the services by the ingress:

    kubectl describe ingress wcp-domain-traefik -n wcpns

   Sample services supported by the above deployed ingress:

   Name:             wcp-domain-traefik
   Namespace:        wcpns
   Address:
   Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
   Rules:
     Host                                          Path  Backends
     ----                                          ----  --------
     www.example.com
                                                   /webcenter   wcp-domain-cluster-wcp-cluster:8888 (10.244.0.52:8888,10.244.0.53:8888)
                                                   /console     wcp-domain-adminserver:7001 (10.244.0.51:7001)
                                                   /rsscrawl    wcp-domain-cluster-wcp-cluster:8888 (10.244.0.52:8888,10.244.0.53:8888)
                                                   /rest        wcp-domain-cluster-wcp-cluster:8888 (10.244.0.52:8888,10.244.0.53:8888)
                                                   /webcenterhelp    wcp-domain-cluster-wcp-cluster:8888 (10.244.0.52:8888,10.244.0.53:8888)        
                                                   /em          wcp-domain-adminserver:7001 (10.244.0.51:7001)
                                                   /wsrp-tools     wcp-domain-cluster-wcportlet-cluster:8889 (10.244.0.52:8889,10.244.0.53:8889)
   Annotations:                                    kubernetes.io/ingress.class: traefik
                                                   meta.helm.sh/release-name: wcp-traefik-ingress
                                                   meta.helm.sh/release-namespace: wcpns
   Events:                                         <none>

6. For SSL access to the Oracle WebCenter Portal application, get the details of the services by the above deployed ingress:

   kubectl describe ingress wcp-domain-traefik -n wcpns

   Sample services supported by the above deployed ingress:

   Name:             wcp-domain-traefik
   Namespace:        wcpns
   Address:
   Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
   TLS:
     wcp-domain-tls-cert terminates www.example.com
   Rules:
     Host                                          Path  Backends
     ----                                          ----  --------
     www.example.com
                                                   /webcenter   wcp-domain-cluster-wcp-cluster:8888 (10.244.0.52:8888,10.244.0.53:8888)
                                                   /console     wcp-domain-adminserver:7001 (10.244.0.51:7001)
                                                   /rsscrawl    wcp-domain-cluster-wcp-cluster:8888 (10.244.0.52:8888,10.244.0.53:8888)
                                                   /rest        wcp-domain-cluster-wcp-cluster:8888 (10.244.0.52:8888,10.244.0.53:8888)
                                                   /webcenterhelp    wcp-domain-cluster-wcp-cluster:8888 (10.244.0.52:8888,10.244.0.53:8888)
                                                   /em          wcp-domain-adminserver:7001 (10.244.0.51:7001)
                                                   /wsrp-tools     wcp-domain-cluster-wcportlet-cluster:8889 (10.244.0.52:8889,10.244.0.53:8889)
   Annotations:                                    kubernetes.io/ingress.class: traefik
                                                   meta.helm.sh/release-name: wcp-traefik-ingress
                                                   meta.helm.sh/release-namespace: wcpns
                                                   traefik.ingress.kubernetes.io/router.entrypoints: websecure
                                                   traefik.ingress.kubernetes.io/router.middlewares: wcpns-wls-proxy-ssl@kubernetescrd
                                                   traefik.ingress.kubernetes.io/router.tls: true
   Events:                                         <none>

7. To confirm that the load balancer noticed the new ingress and is successfully routing to the domain server pods, you can send a request to the URL for the WebLogic ReadyApp framework, which should return an HTTP 200 status code, as follows:

    curl -v http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER_PORT}/weblogic/ready

   Sample output:

    *   Trying 149.87.129.203...
    > GET http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER_PORT}/weblogic/ready HTTP/1.1
    > User-Agent: curl/7.29.0
    > Accept: */*
    > Proxy-Connection: Keep-Alive
    > host: $(hostname -f)
    >
    < HTTP/1.1 200 OK
    < Date: Sat, 14 Mar 2020 08:35:03 GMT
    < Vary: Accept-Encoding
    < Content-Length: 0
    < Proxy-Connection: Keep-Alive
    <
    * Connection #0 to host localhost left intact

Verify domain application URL access

For non-SSL configuration

After setting up the Traefik (ingress-based) load balancer, verify that the domain application URLs are accessible through the non-SSL load balancer port 30305 for HTTP access. The sample URLs for Oracle WebCenter Portal domain are:

  http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/webcenter
  http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/console
  http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/em
  http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/rsscrawl
  http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/rest
  http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/webcenterhelp
  http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/wsrp-tools

For SSL configuration

After setting up the Traefik (ingress-based) load balancer, verify that the domain applications are accessible through the SSL load balancer port 30443 for HTTPS access. The sample URLs for Oracle WebCenter Portal domain are:

  https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-SSLPORT}/webcenter
  https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-SSLPORT}/console
  https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-SSLPORT}/em
  https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-SSLPORT}/rsscrawl
  https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-SSLPORT}/rest
  https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-SSLPORT}/webcenterhelp
  https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-SSLPORT}/wsrp-tools

Uninstall the Traefik ingress

Uninstall and delete the ingress deployment:

 helm delete wcp-traefik-ingress  -n wcpns

End-to-end SSL configuration

Install the Traefik load balancer for end-to-end SSL

1. Use Helm to install the Traefik (ingress-based) load balancer. You can use the values.yaml sample file and set kubernetes.namespaces as required.

    cd ${WORKDIR}
    kubectl create namespace traefik
    helm repo add traefik https://containous.github.io/traefik-helm-chart

   Sample output:

    "traefik" has been added to your repositories

2. Install Traefik:

    helm install traefik  traefik/traefik \
    --namespace traefik \
    --values charts/traefik/values.yaml \
    --set  "kubernetes.namespaces={traefik}" \
    --set "service.type=NodePort" --wait

   Sample output:

    LAST DEPLOYED: Sun Sep 13 21:32:00 2020
    NAMESPACE: traefik
    STATUS: deployed
    REVISION: 1
    TEST SUITE: None

3. Verify the Traefik operator status and find the port number of the SSL and non-SSL services:

    kubectl get all -n traefik

   Sample output:

   
      NAME                           READY   STATUS    RESTARTS   AGE
      pod/traefik-845f5d6dbb-swb96   1/1     Running   0          32s
   
      NAME              TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)                                          AGE
      service/traefik   NodePort       10.99.52.249   <none>        9000:31288/TCP,30305:30305/TCP,30443:30443/TCP   32s
   
      NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
      deployment.apps/traefik   1/1     1            1           33s
   
      NAME                                 DESIRED   CURRENT   READY   AGE
      replicaset.apps/traefik-845f5d6dbb   1         1         1       33s

4. Access the Traefik dashboard through the URL http://$(hostname -f):31288, with the HTTP host traefik.example.com:

    curl -H "host: $(hostname -f)" http://$(hostname -f):31288/dashboard/

   Note: Make sure that you specify a fully qualified node name for $(hostname -f).

Configure Traefik to manage the domain

Configure Traefik to manage the domain application service created in this namespace. In the following sample, traefik is the Traefik namespace and wcpns is the namespace of the domain:

 helm upgrade traefik traefik/traefik --namespace traefik --reuse-values \
  --set "kubernetes.namespaces={traefik,wcpns}"

Sample output:

  Release "traefik" has been upgraded. Happy Helming!
  NAME: traefik
  LAST DEPLOYED: Sun Sep 13 21:32:12 2020
  NAMESPACE: traefik
  STATUS: deployed
  REVISION: 2
  TEST SUITE: None

Create IngressRouteTCP

1. For each backend service, create different ingresses, as Traefik does not support multiple paths or rules with annotation ssl-passthrough. For example, for wcp-domain-adminserver and wcp-domain-cluster-wcp-cluster, different ingresses must be created.

2. To enable SSL passthrough in Traefik, you can configure a TCP router. A sample YAML for IngressRouteTCP is available at ${WORKDIR}/charts/ingress-per-domain/tls/traefik-tls.yaml. The following should be updated in traefik-tls.yaml:

   • The service name and the SSL port should be updated in the services.
   • The load balancer host name should be updated in the HostSNI rule.

   Sample traefik-tls.yaml :

   apiVersion: traefik.containo.us/v1alpha1
   kind: IngressRouteTCP
   metadata:
     name: wcp-domain-cluster-routetcp
     namespace: wcpns
   spec:
     entryPoints:
       - websecure
     routes:
     - match: HostSNI(`${LOADBALANCER_HOSTNAME}`)
       services:
       - name: wcp-domain-cluster-wcp-cluster
         port: 8888
         weight: 3
         TerminationDelay: 400
     tls:
       passthrough: true

3. Create the IngressRouteTCP:

   kubectl apply -f traefik-tls.yaml

Verify end-to-end SSL access

Verify the access to application URLs exposed through the configured service. The configured WCP cluster service enables you to access the following WCP domain URLs:

https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-SSLPORT}/webcenter
https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-SSLPORT}/rsscrawl
https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-SSLPORT}/rest
https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER-SSLPORT}/webcenterhelp

Uninstall Traefik

helm delete traefik -n traefik
cd ${WORKDIR}/charts/ingress-per-domain/tls
kubectl delete -f traefik-tls.yaml

NGINX

Configure the ingress-based NGINX load balancer for an Oracle WebCenter Portal domain.

To load balance Oracle WebCenter Portal domain clusters, you can install the ingress-based NGINX load balancer and configure NGINX for non-SSL, SSL termination, and end-to-end SSL access of the application URL. Follow these steps to set up NGINX as a load balancer for an Oracle WebCenter Portal domain in a Kubernetes cluster:

See the official installation document for prerequisites.

• Non-SSL and SSL termination
  1. Install the NGINX load balancer
  2. Configure NGINX to manage ingresses
  3. Verify non-SSL and SSL termination access
• End-to-end SSL configuration
  1. Install the NGINX load balancer for End-to-end SSL
  2. Deploy tls to access the services
  3. Verify end-to-end SSL access

Non-SSL and SSL termination

To get repository information, enter the following Helm commands:

  helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
  helm repo update

Install the NGINX load balancer

1. Deploy the ingress-nginx controller by using Helm on the domain namespace:

    helm install nginx-ingress ingress-nginx/ingress-nginx -n wcpns \
      --set controller.service.type=NodePort \
      --set controller.admissionWebhooks.enabled=false 

   Sample Output

    NAME: nginx-ingress
    LAST DEPLOYED: Tue Jan 12 21:13:54 2021
    NAMESPACE: wcpns
    STATUS: deployed
    REVISION: 1
    TEST SUITE: None
    NOTES:
    The ingress-nginx controller has been installed.
    Get the application URL by running these commands:
      export HTTP_NODE_PORT=30305
      export HTTPS_NODE_PORT=$(kubectl --namespace wcpns get services -o jsonpath="{.spec.ports[1].nodePort}" nginx-ingress-ingress-nginx-controller)
      export NODE_IP=$(kubectl --namespace wcpns get nodes -o jsonpath="{.items[0].status.addresses[1].address}")
    
      echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
      echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
    
    An example Ingress that makes use of the controller:
    
      apiVersion: networking.k8s.io/v1beta1
      kind: Ingress
      metadata:
        annotations:
          kubernetes.io/ingress.class: nginx
        name: example
        namespace: foo
      spec:
        rules:
          - host: www.example.com
            http:
              paths:
                - backend:
                    serviceName: exampleService
                    servicePort: 80
                  path: /
        # This section is only required if TLS is to be enabled for the Ingress
        tls:
            - hosts:
                - www.example.com
              secretName: example-tls
    
    If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
    
      apiVersion: v1
      kind: Secret
      metadata:
        name: example-tls
        namespace: foo
      data:
        tls.crt: <base64 encoded cert>
        tls.key: <base64 encoded key>
      type: kubernetes.io/tls

1. Check the status of the deployed ingress controller:

    kubectl --namespace wcpns get services | grep ingress-nginx-controller

   Sample output:

   nginx-ingress-ingress-nginx-controller   NodePort       10.101.123.106   <none>        80:30305/TCP,443:31856/TCP   2m12s

Configure NGINX to manage ingresses

1. Create an ingress for the domain in the domain namespace by using the sample Helm chart. Here path-based routing is used for ingress. Sample values for default configuration are shown in the file ${WORKDIR}/charts/ingress-per-domain/values.yaml. By default, type is TRAEFIK, tls is Non-SSL. You can override these values by passing values through the command line or edit them in the sample values.yaml file.

Note: This is not an exhaustive list of rules. You can enhance it based on the application URLs that need to be accessed externally.

If needed, you can update the ingress YAML file to define more path rules (in section spec.rules.host.http.paths) based on the domain application URLs that need to be accessed. Update the template YAML file for the NGINX load balancer located at ${WORKDIR}/charts/ingress-per-domain/templates/nginx-ingress.yaml

You can add new path rules like shown below .

- path: /NewPathRule
  backend:
    serviceName: 'Backend Service Name'
    servicePort: 'Backend Service Port'

  cd ${WORKDIR}
  helm install wcp-domain-nginx charts/ingress-per-domain \
    --namespace wcpns \
    --values charts/ingress-per-domain/values.yaml \
    --set "nginx.hostname=$(hostname -f)" \
    --set type=NGINX

Sample output:

  NAME: wcp-domain-nginx
  LAST DEPLOYED: Fri Jul 24 09:34:03 2020
  NAMESPACE: wcpns
  STATUS: deployed
  REVISION: 1
  TEST SUITE: None

1. For secured access (SSL) to the Oracle WebCenter Portal application, create a certificate and generate a Kubernetes secret:

     openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls1.key -out /tmp/tls1.crt -subj "/CN=*"
     kubectl -n wcpns create secret tls wcp-domain-tls-cert --key /tmp/tls1.key --cert /tmp/tls1.crt

2. Install ingress-per-domain using Helm for SSL configuration:

     cd ${WORKDIR}
     helm install wcp-domain-nginx  charts/ingress-per-domain \
      --namespace wcpns \
      --values charts/ingress-per-domain/values.yaml \
      --set "nginx.hostname=$(hostname -f)" \
      --set type=NGINX --set sslType=SSL

3. For non-SSL access to the Oracle WebCenter Portal application, get the details of the services by the ingress:

   kubectl describe ingress wcp-domain-nginx -n wcpns

   Sample Output:

    Name:             wcp-domain-nginx
    Namespace:        wcpns
    Address:          10.101.123.106
    Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
    Rules:
      Host        Path  Backends
      ----        ----  --------
      *
                  /webcenter   wcp-domain-cluster-wcp-cluster:8888 (10.244.0.52:8888,10.244.0.53:8888)
                  /console     wcp-domain-adminserver:7001 (10.244.0.51:7001)
                  /rsscrawl    wcp-domain-cluster-wcp-cluster:8888 (10.244.0.53:8888)
                  /rest    wcp-domain-cluster-wcp-cluster:8888 (10.244.0.53:8888)
                  /webcenterhelp    wcp-domain-cluster-wcp-cluster:8888 (10.244.0.53:8888)
                  /wsrp-tools     wcp-domain-cluster-wcportlet-cluster:8889 (10.244.0.53:8889)
                  /em          wcp-domain-adminserver:7001 (10.244.0.51:7001)
    Annotations:  meta.helm.sh/release-name: wcp-domain-nginx
                  meta.helm.sh/release-namespace: wcpns
                  nginx.com/sticky-cookie-services: serviceName=wcp-domain-cluster-wcp-cluster srv_id expires=1h path=/;
                  nginx.ingress.kubernetes.io/proxy-connect-timeout: 1800
                  nginx.ingress.kubernetes.io/proxy-read-timeout: 1800
                  nginx.ingress.kubernetes.io/proxy-send-timeout: 1800
    Events:
      Type    Reason  Age                From                      Message
      ----    ------  ----               ----                      -------
      Normal  Sync    48m (x2 over 48m)  nginx-ingress-controller  Scheduled for sync

4. For SSL access to the Oracle WebCenter Portal application, get the details of the services by the above deployed ingress:

   kubectl describe ingress wcp-domain-nginx -n wcpns

   Sample Output:

   Name:             wcp-domain-nginx
   Namespace:        wcpns
   Address:          10.106.220.140
   Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
   TLS:
     wcp-domain-tls-cert terminates mydomain.com
   Rules:
     Host        Path  Backends
     ----        ----  --------
     *
                 /webcenter   wcp-domain-cluster-wcp-cluster:8888 (10.244.0.43:8888,10.244.0.44:8888)
                 /console     wcp-domain-adminserver:7001 (10.244.0.42:7001)
                 /rsscrawl    wcp-domain-cluster-wcp-cluster:8888 (10.244.0.43:8888,10.244.0.44:8888)
                 /webcenterhelp   wcp-domain-cluster-wcp-cluster:8888 (10.244.0.43:8888,10.244.0.44:8888)
                 /rest     wcp-domain-cluster-wcp-cluster:8888 (10.244.0.43:8888,10.244.0.44:8888)
                 /em          wcp-domain-adminserver:7001 (10.244.0.42:7001)
                 /wsrp-tools     wcp-domain-cluster-wcportlet-cluster:8889 (10.244.0.43:8889,10.244.0.44:8889)
   Annotations:  kubernetes.io/ingress.class: nginx
                 meta.helm.sh/release-name: wcp-domain-nginx
                 meta.helm.sh/release-namespace: wcpns
                 nginx.ingress.kubernetes.io/affinity: cookie
                 nginx.ingress.kubernetes.io/affinity-mode: persistent
                 nginx.ingress.kubernetes.io/configuration-snippet:
                   more_set_input_headers "X-Forwarded-Proto: https";
                   more_set_input_headers "WL-Proxy-SSL: true";
                 nginx.ingress.kubernetes.io/ingress.allow-http: false
                 nginx.ingress.kubernetes.io/proxy-connect-timeout: 1800
                 nginx.ingress.kubernetes.io/proxy-read-timeout: 1800
                 nginx.ingress.kubernetes.io/proxy-send-timeout: 1800
                 nginx.ingress.kubernetes.io/session-cookie-expires: 172800
                 nginx.ingress.kubernetes.io/session-cookie-max-age: 172800
                 nginx.ingress.kubernetes.io/session-cookie-name: stickyid
                 nginx.ingress.kubernetes.io/ssl-redirect: false
   Events:       <none>

Verify non-SSL and SSL termination access

Verify that the Oracle WebCenter Portal domain application URLs are accessible through the nginx NodePort LOADBALANCER-NODEPORT 30305:

  http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-NODEPORT}/console
  http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-NODEPORT}/em
  http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-NODEPORT}/webcenter
  http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-NODEPORT}/rsscrawl
  http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-NODEPORT}/rest
  http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-NODEPORT}/webcenterhelp
  http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-NODEPORT}/wsrp-tools

Uninstall the ingress

Uninstall and delete the ingress-nginx deployment:

 helm delete   wcp-domain-nginx -n wcpns
 helm delete nginx-ingress -n wcpns

End-to-end SSL configuration

Install the NGINX load balancer for End-to-end SSL

1. For secured access (SSL) to the Oracle WebCenter Portal application, create a certificate and generate secrets:

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls1.key -out /tmp/tls1.crt -subj "/CN=domain1.org"
    kubectl -n wcpns create secret tls wcp-domain-tls-cert --key /tmp/tls1.key --cert /tmp/tls1.crt

   Note: The value of CN is the host on which this ingress is to be deployed.

2. Deploy the ingress-nginx controller by using Helm on the domain namespace:

    helm install nginx-ingress -n wcpns \
       --set controller.extraArgs.default-ssl-certificate=wcpns/wcp-domain-tls-cert \
       --set controller.service.type=NodePort \
       --set controller.admissionWebhooks.enabled=false \
       --set controller.extraArgs.enable-ssl-passthrough=true  \
       ingress-nginx/ingress-nginx

   Sample Output:

     NAME: nginx-ingress
     LAST DEPLOYED: Tue Sep 15 08:40:47 2020
     NAMESPACE: wcpns
     STATUS: deployed
     REVISION: 1
     TEST SUITE: None
     NOTES:
     The ingress-nginx controller has been installed.
     Get the application URL by running these commands:
     export HTTP_NODE_PORT=$(kubectl --namespace wcpns get services -o jsonpath="{.spec.ports[0].nodePort}" nginx-ingress-ingress-nginx-controller)
     export HTTPS_NODE_PORT=$(kubectl --namespace wcpns get services -o jsonpath="{.spec.ports[1].nodePort}" nginx-ingress-ingress-nginx-controller)
     export NODE_IP=$(kubectl --namespace wcpns get nodes -o jsonpath="{.items[0].status.addresses[1].address}")
   
     echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
     echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
   
     An example Ingress that makes use of the controller:
   
       apiVersion: networking.k8s.io/v1beta1
       kind: Ingress
       metadata:
         annotations:
           kubernetes.io/ingress.class: nginx
         name: example
         namespace: foo
       spec:
         rules:
         - host: www.example.com
           http:
           paths:
             - backend:
               serviceName: exampleService
               servicePort: 80
             path: /
      # This section is only required if TLS is to be enabled for the Ingress
      tls:
       - hosts:
           - www.example.com
         secretName: example-tls
   
      If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
     apiVersion: v1
     kind: Secret
     metadata:
       name: example-tls
       namespace: foo
     data:
      tls.crt: <base64 encoded cert>
      tls.key: <base64 encoded key>
     type: kubernetes.io/tls

3. Check the status of the deployed ingress controller:

    kubectl --namespace wcpns get services | grep ingress-nginx-controller

   Sample output:

     nginx-ingress-ingress-nginx-controller   NodePort    10.96.177.215    <none>        80:32748/TCP,443:31940/TCP   23s

Deploy tls to access services

1. Deploy tls to securely access the services. Only one application can be configured with ssl-passthrough. A sample tls file for NGINX is shown below for the service wcp-domain-cluster-wcp-cluster and port 8889. All the applications running on port 8889 can be securely accessed through this ingress.

2. For each backend service, create different ingresses, as NGINX does not support multiple paths or rules with annotation ssl-passthrough. For example, for wcp-domain-adminserver and wcp-domain-cluster-wcp-cluster, different ingresses must be created.

3. As ssl-passthrough in NGINX works on the clusterIP of the backing service instead of individual endpoints, you must expose wcp-domain-cluster-wcp-cluster created by the operator with clusterIP.

   For example:

   1. Get the name of wcp-domain cluster service:

       kubectl get svc  -n wcpns | grep  wcp-domain-cluster-wcp-cluster 

      Sample output:

       wcp-domain-cluster-wcp-cluster           ClusterIP   10.102.128.124   <none>        8888/TCP,8889/TCP            62m

4. Deploy the secured ingress:

    cd ${WORKDIR}/charts/ingress-per-domain/tls
    kubectl create -f nginx-tls.yaml

   Note: The default nginx-tls.yaml contains the backend for WebCenter Portal service with domainUID wcp-domain. You need to create similar tls configuration YAML files separately for each backend service.

   Content of the file nginx-tls.yaml :

   
        apiVersion: extensions/v1beta1
        kind: Ingress
        metadata:
          name: wcpns-ingress
          namespace: wcpns
          annotations:
            kubernetes.io/ingress.class: nginx
            nginx.ingress.kubernetes.io/ssl-passthrough: "true"
        spec:
          tls:
            - hosts:
                - domain1.org
              secretName: wcp-domain-tls-cert
          rules:
            - host: domain1.org
              http:
                paths:
                  - path:
                    backend:
                      serviceName: wcp-domain-cluster-wcp-cluster
                      servicePort: 8889    

   Note: Host is the server on which this ingress is deployed.

5. Check the services supported by the ingress:

    kubectl describe ingress  wcpns-ingress -n wcpns

Verify end-to-end SSL access

Verify that the Oracle WebCenter Portal domain application URLs are accessible through the LOADBALANCER-SSLPORT 30233:

 https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/webcenter
 https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/rsscrawl
 https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/webcenterhelp
 https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/rest
 https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/wsrp-tools     

Uninstall ingress-nginx tls

cd ${WORKDIR}/charts/ingress-per-domain/tls
kubectl  delete -f nginx-tls.yaml
helm delete nginx-ingress -n wcpns

Apache Webtier

Configure the Apache webtier load balancer for an Oracle WebCenter Portal domain.

To load balance Oracle WebCenter Portal domain clusters, you can install Apache webtier and configure it for both non-SSL and SSL termination access for the application URLs. Follow these steps to set up Apache webtier as a load balancer for an Oracle WebCenter Portal domain in a Kubernetes cluster:

1. Build the Apache webtier image
2. Create the Apache plugin configuration file
3. Prepare the certificate and private key
4. Install the Apache webtier Helm chart
5. Verify domain application URL access
6. Uninstall Apache webtier

Build the Apache webtier image

To build the Apache webtier Docker image, refer to the sample.

Create the Apache plugin configuration file

1. The configuration file named custom_mod_wl_apache.conf should have all the URL routing rules for the Oracle WebCenter Portal applications deployed in the domain that needs to be accessible externally. Update this file with values based on your environment. The file content is similar to below.

   Sample content of the configuration file custom_mod_wl_apache.conf for wcp-domain domain:

   cat ${WORKDIR}/charts/apache-samples/custom-sample/custom_mod_wl_apache.conf

   Sample output:

   #Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
   #
   # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
   #
   
   <IfModule mod_weblogic.c>
   WebLogicHost <WEBLOGIC_HOST>
   WebLogicPort 7001
   </IfModule>
   
   # Directive for weblogic admin Console deployed on Weblogic Admin Server
   <Location /console>
   SetHandler weblogic-handler
   WebLogicHost wcp-domain-adminserver
   WebLogicPort 7001
   </Location>
   
   <Location /em>
   SetHandler weblogic-handler
   WebLogicHost wcp-domain-adminserver
   WebLogicPort 7001
   </Location>
   
   <Location /webcenter>
   WLSRequest On
   WebLogicCluster wcp-domain-cluster-wcp-cluster:8888
   PathTrim /weblogic1
   </Location>
   
   <Location /rsscrawl>
   WLSRequest On
   WebLogicCluster wcp-domain-cluster-wcp-cluster:8888
   PathTrim /weblogic1
   </Location>  
   
   <Location /rest>
   WLSRequest On
   WebLogicCluster wcp-domain-cluster-wcp-cluster:8888
   PathTrim /weblogic1
   </Location>
   
   <Location /webcenterhelp>
   WLSRequest On
   WebLogicCluster wcp-domain-cluster-wcp-cluster:8888
   PathTrim /weblogic1
   </Location> 
   
   <Location /wsrp-tools>
   WLSRequest On
   WebLogicCluster wcp-domain-cluster-wcportlet-cluster:8889
   PathTrim /weblogic1
   </Location> 

2. Update persistentVolumeClaimName in ${WORKDIR}/charts/apache-samples/custom-sample/input.yamlwith Persistence Volume which contains your own custom_mod_wl_apache.conf file. Use the PV/PVC created at the time of preparing environment, Copy the custom_mod_wl_apache.conf file to existing PersistantVolume.

Prepare the certificate and private key

1. (For the SSL termination configuration only) Run the following commands to generate your own certificate and private key using openssl.

    cd ${WORKDIR}/charts/apache-samples/custom-sample
    export VIRTUAL_HOST_NAME=WEBLOGIC_HOST
    export SSL_CERT_FILE=WEBLOGIC_HOST.crt
    export SSL_CERT_KEY_FILE=WEBLOGIC_HOST.key
    sh certgen.sh

   Note: Replace WEBLOGIC_HOST with the name of the host on which Apache webtier is to be installed.

   Sample output of the certifcate generation :

    ls
    certgen.sh  custom_mod_wl_apache.conf  custom_mod_wl_apache.conf_orig  input.yaml  README.md
   
    sh certgen.sh
   
    Generating certs for WEBLOGIC_HOST
    Generating a 2048 bit RSA private key
    ........................+++
    .......................................................................+++
    unable to write 'random state'
    writing new private key to 'apache-sample.key'
    -----
   
    ls
    certgen.sh                 custom_mod_wl_apache.conf_orig                             WEBLOGIC_HOST.info
    config.txt                 input.yaml                                                 WEBLOGIC_HOST.key
    custom_mod_wl_apache.conf  WEBLOGIC_HOST.crt  README.md

2. Prepare input values for the Apache webtier Helm chart.

   Run the following commands to prepare the input value file for the Apache webtier Helm chart.

    base64 -i ${SSL_CERT_FILE} | tr -d '\n'
    base64 -i ${SSL_CERT_KEY_FILE} | tr -d '\n'
    touch input.yaml

   Update virtualHostName with the value of the WEBLOGIC_HOST in file ${WORKDIR}/charts/apache-samples/custom-sample/input.yaml

   Snapshot of the sample input.yaml file :

     cat apache-samples/custom-sample/input.yaml
   
     # Use this to provide your own Apache webtier configuration as needed; simply define this
     # path and put your own custom_mod_wl_apache.conf file under this path.
     persistentVolumeClaimName: wcp-domain-domain-pvc
   
     # The VirtualHostName of the Apache HTTP server. It is used to enable custom SSL configuration.
     virtualHostName: <WEBLOGIC_HOST>

Install the Apache webtier Helm chart

1. Install the Apache webtier Helm chart to the domain wcpns namespace with the specified input parameters:

   cd ${WORKDIR}/charts
   kubectl create namespace apache-webtier
   helm install  apache-webtier --values apache-samples/custom-sample/input.yaml --namespace wcpns apache-webtier --set image=oracle/apache:12.2.1.3

2. Check the status of the Apache webtier:

    kubectl get all -n wcpns | grep apache

   Sample output of the status of the apache webtier:

    pod/apache-webtier-apache-webtier-65f69dc6bc-zg5pj   1/1     Running     0          22h
    service/apache-webtier-apache-webtier   NodePort       10.108.29.98     <none>        80:30305/TCP,4433:30443/TCP   22h
    deployment.apps/apache-webtier-apache-webtier   1/1     1            1           22h
    replicaset.apps/apache-webtier-apache-webtier-65f69dc6bc   1         1         1       22h

Verify domain application URL access

Once the Apache webtier load balancer is up, verify that the domain applications are accessible through the load balancer port 30305/30443. The application URLs for domain of type wcp are:

Note: Port 30305 is the LOADBALANCER-Non-SSLPORT and Port 30443 is LOADBALANCER-SSLPORT.

Non-SSL configuration

 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/console
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/em
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/webcenter
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/webcenterhelp
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/rest
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/rsscrawl

SSL configuration

https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/webcenter
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/console
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/em
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/rsscrawl
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/webcenterhelp
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/rest

Uninstall Apache webtier

 helm delete apache-webtier -n wcpns

Monitor a Domain and Publish Logs

Monitor Oracle WebCenter Portal and publish logs to Elasticsearch.

Install Elasticsearch and Kibana

To install Elasticsearch and Kibana, execute the following command:

cd ${WORKDIR}/elasticsearch-and-kibana
kubectl create -f elasticsearch_and_kibana.yaml

Publish to Elasticsearch

Diagnostics and other logs can be pushed to the Elasticsearch server using the Logstash pod. The Logstash pod must have access to the shared domain home or the log location. For the Oracle WebCenter Portal domain, the persistent volume of the domain home can be utilized in the Logstash pod. Follow these steps to create the Logstash pod:

1. Get domain home persistence volume claim details of the Oracle WebCenter Portal domain. The following command will list the persistent volume claim details in the namespace - wcpns. In the example below the persistent volume claim is wcp-domain-domain-pvc.

    kubectl get pv -n wcpns

   Sample output:

     NAME                   CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                         STORAGECLASS                      REASON   AGE
     wcp-domain-domain-pv   10Gi       RWX            Retain           Bound    wcpns/wcp-domain-domain-pvc   wcp-domain-domain-storage-class            175d

2. Create the Logstash configuration file named logstash.conf. A sample Logstash configuration file can be found at ${WORKDIR}/logging-services/logstash. The following configuration pushes diagnostic and all domain logs.

   input {                                                                                                                
     file {
       path => "/u01/oracle/user_projects/domains/wcp-domain/servers/**/logs/*-diagnostic.log"
       start_position => beginning
     }
     file {
       path => "/u01/oracle/user_projects/domains/logs/wcp-domain/*.log"
       start_position => beginning
     }
   }
   
   filter {                                                                                                               
     grok {                                                                                                               
       match => [ "message", "<%{DATA:log_timestamp}> <%{WORD:log_level}> <%{WORD:thread}> <%{HOSTNAME:hostname}> <%{HOSTNAME:servername}> <%{DATA:timer}> <<%{DATA:kernel}>> <> <%{DATA:uuid}> <%{NUMBER:timestamp}> <%{DATA:misc}> <%{DATA:log_number}> <%{DATA:log_message}>" ]                                                                                        
     }                                                                                                                    
   }                                                                                                                         
   output {                                                                                                               
     elasticsearch {                                                                                                      
       hosts => ["elasticsearch.default.svc.cluster.local:9200"]
     }                                                                                                                    
   }

3. Copy the logstash.conf file to /u01/oracle/user_projects/domains so that it can be utilized for the Logstash deployment. You can do this using the Administration Server pod (for example, the wcp-domain-adminserver pod in the wcpns namespace):

   kubectl cp ${WORKDIR}/logging-services/logstash/logstash.conf wcpns/wcp-domain-adminserver:/u01/oracle/user_projects/domains -n wcpns 

4. Create a deployment YAML file named logstash.yaml for the Logstash pod, using the domain home persistent volume claim. Ensure that the Logstash configuration file is pointed to the correct location (for example, copy logstash.conf to /u01/oracle/user_projects/domains/logstash.conf) and specify the appropriate domain home persistent volume claim. Below is a sample Logstash deployment YAML:

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: logstash
     namespace: wcpns
   spec:
     selector:
       matchLabels:
         app: logstash
     template: 
       metadata:
         labels:
           app: logstash
       spec:
         volumes:
         - name: domain-storage-volume
           persistentVolumeClaim:
             claimName: wcp-domain-domain-pvc
         - name: shared-logs
           emptyDir: {}
         containers:
         - name: logstash
           image: logstash:6.6.0
           command: ["/bin/sh"]
           args: ["/usr/share/logstash/bin/logstash", "-f", "/u01/oracle/user_projects/domains/logstash.conf"]
           imagePullPolicy: IfNotPresent
           volumeMounts:
           - mountPath: /u01/oracle/user_projects/domains
             name: domain-storage-volume
           - name: shared-logs
             mountPath: /shared-logs
           ports:
           - containerPort: 5044
             name: logstash

5. Deploy Logstash to start publishing logs to Elasticsearch:

    kubectl create -f ${WORKDIR}/logging-services/logstash/logstash.yaml

Create an Index Pattern in Kibana

To create an index pattern logstash* in Kibana > Management, follow these steps. Once the servers are started, you should see the log data reflected in the Kibana dashboard:

The WebLogic Logging Exporter adds a log event handler to WebLogic Server, enabling it to push logs to Elasticsearch in Kubernetes using the Elasticsearch REST API. For more details, refer to the WebLogic Logging Exporter project.

This sample demonstrates how to publish WebLogic Server logs to Elasticsearch and view them in Kibana. For publishing operator logs, see this sample.

Prerequisites

This document assumes you have already set up Elasticsearch and Kibana for log collection. If you have not done so, please refer to this document.

Download the WebLogic Logging Exporter binaries

The pre-built binaries are available on the WebLogic Logging Exporter Releases page.

Download:

• weblogic-logging-exporter-1.0.0.jar from the release page
• snakeyaml-1.25.jar from Maven Central

These identifiers are used in the sample commands:

* `wcpns`: WebCenter Portal domain namespace
* `wcp-domain`: `domainUID`
* `wcp-domain-adminserver`: Administration Server pod name

Copy the JAR Files to the WebLogic Domain Home

Copy the weblogic-logging-exporter-1.0.0.jar and snakeyaml-1.25.jar files to the domain home directory in the Administration Server pod.

 kubectl cp <file-to-copy> <namespace>/<Administration-Server-pod>:<domainhome>

 kubectl cp snakeyaml-1.25.jar wcpns/wcp-domain-adminserver:/u01/oracle/user_projects/domains/wcp-domain/

 kubectl cp weblogic-logging-exporter-1.0.0.jar wcpns/wcp-domain-adminserver:/u01/oracle/user_projects/domains/wcp-domain/

Add a Startup Class to the Domain Configuration

1. In the WebLogic Server Administration Console, in the left navigation pane, expand Environment, and then select Startup and Shutdown Classes.

2. Add a new startup class. You may choose any descriptive name, however, the class name must be weblogic.logging.exporter.Startup.

   

3. Target the startup class to each server from which you want to export logs.

   

4. In your config.xml file located at, /u01/oracle/user_projects/domains/wcp-domain/config/config.xml the newly added startup-class must exist as shown below:

    kubectl exec -it wcp-domain-adminserver -n wcpns cat /u01/oracle/user_projects/domains/wcp-domain/config/config.xml

   <startup-class>
     <name>weblogic-logging-exporter</name>
     <target>AdminServer,wcp_cluster</target>
     <class-name>weblogic.logging.exporter.Startup</class-name>
   </startup-class>

Update the WebLogic Server CLASSPATH

1. Copy the setDomainEnv.sh file from the pod to a local folder:

 kubectl cp wcpns/wcp-domain-adminserver:/u01/oracle/user_projects/domains/wcp-domain/bin/setDomainEnv.sh $PWD/setDomainEnv.sh

 tar: Removing leading `/' from member names

Ignore exception: tar: Removing leading '/' from member names

1. Update the server class path in setDomainEnv.sh:

     CLASSPATH=/u01/oracle/user_projects/domains/wcp-domain/weblogic-logging-exporter-1.0.0.jar:/u01/oracle/user_projects/domains/wcp-domain/snakeyaml-1.25.jar:${CLASSPATH}
     export CLASSPATH

2. Copy back the modified setDomainEnv.sh file to the pod:

    kubectl cp setDomainEnv.sh wcpns/wcp-domain-adminserver:/u01/oracle/user_projects/domains/wcp-domain/bin/setDomainEnv.sh

Create a Configuration File for the WebLogic Logging Exporter

1. Specify the Elasticsearch server host and port number in the file: <$WORKDIR>/logging-services/weblogic-logging-exporter/WebLogicLoggingExporter.yaml

   Example:

   weblogicLoggingIndexName: wls
   publishHost: elasticsearch.default.svc.cluster.local
   publishPort: 9300
   domainUID: wcp-domain
   weblogicLoggingExporterEnabled: true
   weblogicLoggingExporterSeverity: TRACE
   weblogicLoggingExporterBulkSize: 1

2. Copy the WebLogicLoggingExporter.yaml file to the domain home directory in the WebLogic Administration Server pod:

    kubectl cp <$WORKDIR>/logging-services/weblogic-logging-exporter/WebLogicLoggingExporter.yaml wcpns/wcp-domain-adminserver:/u01/oracle/user_projects/domains/wcp-domain/config/

Restart the Servers in the Domain

To restart the servers, stop and then start them using the following commands:

To stop the servers:

 kubectl patch domain wcp-domain -n wcpns --type='json' -p='[{"op": "replace", "path": "/spec/serverStartPolicy", "value": "NEVER" }]'

To start the servers:

 kubectl patch domain wcp-domain -n wcpns --type='json' -p='[{"op": "replace", "path": "/spec/serverStartPolicy", "value": "IF_NEEDED" }]'

After all the servers are restarted, see their server logs to check that the weblogic-logging-exporter class is called, as shown below:

======================= WebLogic Logging Exporter Startup class called                                                 
Reading configuration from file name: /u01/oracle/user_projects/domains/wcp-domain/config/WebLogicLoggingExporter.yaml   
Config{weblogicLoggingIndexName='wls', publishHost='domain.host.com', publishPort=9200, weblogicLoggingExporterSeverity='Notice', weblogicLoggingExporterBulkSize='2', enabled=true, weblogicLoggingExporterFilters=FilterConfig{expression='NOT(MSGID = 'BEA-000449')', servers=[]}], domainUID='wcp-domain'}

Create an Index Pattern in Kibana

Create an index pattern wls* in Kibana by navigating to the dashboard through the Management option. After the servers are started, the log data is displayed on the Kibana dashboard:

Overview

You can configure your WebLogic domain to use Fluentd so it can send the log information to Elasticsearch.

Here’s how this works:

• fluentd runs as a separate container in the Administration Server and Managed Server pods.
• The log files reside on a volume that is shared between the weblogic-server and fluentd containers.
• fluentd tails the domain logs files and exports them to Elasticsearch.
• A ConfigMap contains the filter and format rules for exporting log records.

Prerequisites

It is assumed that you are editing an existing WebCenter Portal domain. However, you can make all the changes to the domain YAML before creating the domain. A complete example of a domain definition with fluentd configuration is at the end of this document.

These identifiers are used in the sample commands:

• wcpns: WebCenter Portal domain namespace
• wcp-domain: domainUID
• wcp-domain-domain-credentials: Kubernetes secret

The sample Elasticsearch configuration is:

    elasticsearchhost: elasticsearch.default.svc.cluster.local
    elasticsearchport: 9200
    elasticsearchuser: username
    elasticsearchpassword: password

Elasticsearch host and port can be referred from file ${WORKDIR}/charts/weblogic-operator/values.yaml

Install Elasticsearch and Kibana

To install Elasticsearch and Kibana, run the following command:

 cd ${WORKDIR}
 kubectl apply -f elasticsearch-and-kibana/elasticsearch_and_kibana.yaml

Configure log files to use a volume

The domain log files must be written to a volume that can be shared between the weblogic-server and fluentd containers. The following elements are required to accomplish this:

• logHome must be a path that can be shared between containers.
• logHomeEnabled must be set to true so that the logs are written outside the pod and persist across pod restarts.
• A volume must be defined on which the log files will reside. In the example, emptyDir is a volume that gets created when a Pod is created. It will persist across pod restarts but deleting the pod would delete the emptyDir content.
• The volumeMounts mounts the named volume created with emptyDir and establishes the base path for accessing the volume.

Note:: For brevity, only the paths to the relevant configuration are here.

For Example, run : kubectl edit domain wcp-domain -n wcpns and make the following edits:

spec:
  logHome: /u01/oracle/user_projects/domains/logs/wcp-domain
  logHomeEnabled: true
  serverPod:
    volumes:
    - emptyDir: {}
      name: weblogic-domain-storage-volume
    volumeMounts:
    - mountPath: /scratch
      name: weblogic-domain-storage-volume

Add Elasticsearch secrets to WebLogic domain credentials

Configure the fluentd container to look for Elasticsearch parameters in the domain credentials. Edit the domain credentials and add the parameters shown in the example below.

For example, run: kubectl edit secret wcp-domain-domain-credentials -n wcpns and add the base64 encoded values of each Elasticsearch parameter:

elasticsearchhost: ZWxhc3RpY3NlYXJjaC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2Fs
elasticsearchport: OTIwMA==
elasticsearchuser: d2NjcmF3bGFkbWlu
elasticsearchpassword: d2VsY29tZTE=

Create Fluentd configuration

Create a ConfigMap named fluentd-config in the namespace of the domain. The ConfigMap contains the parsing rules and Elasticsearch configuration.

Here’s an explanation of some elements defined in the ConfigMap:

• The @type tail indicates that tail is used to obtain updates to the log file.
• The path of the log file obtained from the LOG_PATH environment variable that is defined in the fluentd container.
• The tag value of log records obtained from the DOMAIN_UID environment variable that is defined in the fluentd container.
• The <parse> section defines how to interpret and tag each element of a log record.
• The <match **> section contains the configuration information for connecting to Elasticsearch and defines the index name of each record to be the domainUID.
• The scheme indicates type of connection between fluentd and Elasticsearch.

The following is an example of how to create the ConfigMap:

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    weblogic.domainUID: wcp-domain
    weblogic.resourceVersion: domain-v2
  name: fluentd-config
  namespace: wcpns
data:
  fluentd.conf: |
    <match fluent.**>
      @type null
    </match>
    <source>
      @type tail
      path "#{ENV['LOG_PATH']}"
      pos_file /tmp/server.log.pos
      read_from_head true
      tag "#{ENV['DOMAIN_UID']}"
      # multiline_flush_interval 20s
      <parse>
        @type multiline
        format_firstline /^####/
        format1 /^####<(?<timestamp>(.*?))>/
        format2 / <(?<level>(.*?))>/
        format3 / <(?<subSystem>(.*?))>/
        format4 / <(?<serverName>(.*?))>/
        format5 / <(?<serverName2>(.*?))>/
        format6 / <(?<threadName>(.*?))>/
        format7 / <(?<info1>(.*?))>/
        format8 / <(?<info2>(.*?))>/
        format9 / <(?<info3>(.*?))>/
        format10 / <(?<sequenceNumber>(.*?))>/
        format11 / <(?<severity>(.*?))>/
        format12 / <(?<messageID>(.*?))>/
        format13 / <(?<message>(.*?))>/
      </parse>
    </source>
    <match **>
      @type elasticsearch
      host "#{ENV['ELASTICSEARCH_HOST']}"
      port "#{ENV['ELASTICSEARCH_PORT']}"
      user "#{ENV['ELASTICSEARCH_USER']}"
      password "#{ENV['ELASTICSEARCH_PASSWORD']}"
      index_name "#{ENV['DOMAIN_UID']}"
      scheme http
    </match>
EOF

Mount the ConfigMap as a volume in the weblogic-server container

Edit the domain definition and configure a volume for the ConfigMap containing the fluentd configuration.

Note:: For brevity, only the paths to the relevant configuration are shown.

For example, run: kubectl edit domain wcp-domain -n wcpns and add the following portions to the domain definition.

spec:
  serverPod:
    volumes:
    - configMap:
        defaultMode: 420
        name: fluentd-config
      name: fluentd-config-volume

Add fluentd container

Add a container to the domain to run fluentd in the Administration Server and Managed Server pods.

The container definition:

• Defines a LOG_PATH environment variable that points to the log location of bobbys-front-end.
• Defines ELASTICSEARCH_HOST, ELASTICSEARCH_PORT, ELASTICSEARCH_USER, and ELASTICSEARCH_PASSWORD environment variables that are all retrieving their values from the secret wcp-domain-domain-credentials.
• Includes volume mounts for the fluentd-config ConfigMap and the volume containing the domain logs.

Note:: For brevity, only the paths to the relevant configuration are shown.

For example, run: kubectl edit domain wcp-domain -n wcpcns and add the following container definition.

spec:
  serverPod:
    containers:
    - args:
      - -c
      - /etc/fluent.conf
      env:
      - name: DOMAIN_UID
        valueFrom:
          fieldRef:
            fieldPath: metadata.labels['weblogic.domainUID']
      - name: SERVER_NAME
        valueFrom:
          fieldRef:
            fieldPath: metadata.labels['weblogic.serverName']
      - name: LOG_PATH
        value: /u01/oracle/user_projects/domains/logs/wcp-domain/$(SERVER_NAME).log
      - name: FLUENTD_CONF
        value: fluentd.conf
      - name: FLUENT_ELASTICSEARCH_SED_DISABLE
        value: "true"
      - name: ELASTICSEARCH_HOST
        valueFrom:
          secretKeyRef:
            key: elasticsearchhost
            name: wcp-domain-domain-credentials
      - name: ELASTICSEARCH_PORT
        valueFrom:
          secretKeyRef:
            key: elasticsearchport
            name: wcp-domain-domain-credentials
      - name: ELASTICSEARCH_USER
        valueFrom:
          secretKeyRef:
            key: elasticsearchuser
            name: wcp-domain-domain-credentials
            optional: true
      - name: ELASTICSEARCH_PASSWORD
        valueFrom:
          secretKeyRef:
            key: elasticsearchpassword
            name: wcp-domain-domain-credentials
            optional: true
      image: fluent/fluentd-kubernetes-daemonset:v1.3.3-debian-elasticsearch-1.3
      imagePullPolicy: IfNotPresent
      name: fluentd
      resources: {}
      volumeMounts:
      - mountPath: /fluentd/etc/fluentd.conf
        name: fluentd-config-volume
        subPath: fluentd.conf
      - mountPath: /scratch
        name: weblogic-domain-storage-volume

Verify logs exported to Elasticsearch

The logs are sent to Elasticsearch after you start the Administration Server and Managed Server pods after making the changes described previously.

You can check if the fluentd container is successfully tailing the log by executing a command like kubectl logs -f wcp-domain-adminserver -n wcpns fluentd. The log output should look similar to this:

2019-10-01 16:23:44 +0000 [info]: #0 starting fluentd worker pid=13 ppid=9 worker=0
2019-10-01 16:23:44 +0000 [warn]: #0 /scratch/logs/bobs-bookstore/managed-server1.log not found. Continuing without tailing it.
2019-10-01 16:23:44 +0000 [info]: #0 fluentd worker is now running worker=0
2019-10-01 16:24:01 +0000 [info]: #0 following tail of /scratch/logs/bobs-bookstore/managed-server1.log

When you connect to Kibana, you will see an index created for the domainUID.

Domain example

The following is a complete example of a domain custom resource with a fluentd container configured.

apiVersion: weblogic.oracle/v8
kind: Domain
metadata:
  labels:
    weblogic.domainUID: wcp-domain
  name: wcp-domain
  namespace: wcpns
spec:
  domainHome: /u01/oracle/user_projects/domains/wcp-domain
  domainHomeSourceType: PersistentVolume
  image: "oracle/wcportal:14.1.2.0"
  imagePullPolicy: "IfNotPresent"
  webLogicCredentialsSecret:
    name: wcp-domain-domain-credentials
  includeServerOutInPodLog: true
  logHomeEnabled: true 
  httpAccessLogInLogHome: true
  logHome: /u01/oracle/user_projects/domains/logs/wcp-domain
  dataHome: ""
  serverStartPolicy: "IF_NEEDED"
  adminServer:
    serverStartState: "RUNNING"
  clusters:
  - clusterName: wcp_cluster
    serverStartState: "RUNNING"
    serverPod:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: "weblogic.clusterName"
                      operator: In
                      values:
                        - $(CLUSTER_NAME)
                topologyKey: "kubernetes.io/hostname"     
  replicas: 2
  serverPod:
    containers:
    - args:
      - -c
      - /etc/fluent.conf
      env:
      - name: DOMAIN_UID
        valueFrom:
          fieldRef:
            fieldPath: metadata.labels['weblogic.domainUID']
      - name: SERVER_NAME
        valueFrom:
          fieldRef:
            fieldPath: metadata.labels['weblogic.serverName']
      - name: LOG_PATH
        value: /u01/oracle/user_projects/domains/logs/wcp-domain/$(SERVER_NAME).log
      - name: FLUENTD_CONF
        value: fluentd.conf
      - name: FLUENT_ELASTICSEARCH_SED_DISABLE
        value: "true"
      - name: ELASTICSEARCH_HOST
        valueFrom:
          secretKeyRef:
            key: elasticsearchport
            name: wcp-domain-domain-credentials
      - name: ELASTICSEARCH_PORT
        valueFrom:
          secretKeyRef:
            key: elasticsearchhost
            name: wcp-domain-domain-credentials
      - name: ELASTICSEARCH_USER
        valueFrom:
          secretKeyRef:
            key: elasticsearchuser
            name: wcp-domain-domain-credentials
      - name: ELASTICSEARCH_PASSWORD
        valueFrom:
          secretKeyRef:
            key: elasticsearchpassword
            name: wcp-domain-domain-credentials
      image: fluent/fluentd-kubernetes-daemonset:v1.11.5-debian-elasticsearch6-1.0
      imagePullPolicy: IfNotPresent
      name: fluentd
      resources: {}
      volumeMounts:
      - mountPath: /fluentd/etc/fluentd.conf
        name: fluentd-config-volume
        subPath: fluentd.conf
      - mountPath: /u01/oracle/user_projects/domains
        name: weblogic-domain-storage-volume
    env:
    - name: JAVA_OPTIONS
      value: -Dweblogic.StdoutDebugEnabled=false
    - name: USER_MEM_ARGS
      value: '-Djava.security.egd=file:/dev/./urandom -Xms1g -Xmx2g'
    volumeMounts:
    - mountPath: /u01/oracle/user_projects/domains
      name: weblogic-domain-storage-volume
    volumes:
    - name: weblogic-domain-storage-volume
      persistentVolumeClaim:
        claimName: wcp-domain-domain-pvc 
    - emptyDir: {}
      name: weblogic-domain-storage-volume
    - configMap:
        defaultMode: 420
        name: fluentd-config
      name: fluentd-config-volume
  serverStartPolicy: IF_NEEDED
  webLogicCredentialsSecret:
    name: wcp-domain-domain-credentials

Get the Kibana dashboard port information as shown below:

kubectl get pods -w

Sample output:

NAME                            READY   STATUS    RESTARTS   AGE
elasticsearch-8bdb7cf54-mjs6s   1/1     Running   0          4m3s
kibana-dbf8964b6-n8rcj          1/1     Running   0          4m3s

 kubectl get svc

Sample output:

NAME            TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)             AGE
elasticsearch   ClusterIP   10.100.11.154   <none>        9200/TCP,9300/TCP   4m32s
kibana          NodePort    10.97.205.0     <none>        5601:31884/TCP      4m32s
kubernetes      ClusterIP   10.96.0.1       <none>        443/TCP             71d

You can access the Kibana dashboard at http://mycompany.com:kibana-nodeport/. In our example, the node port is 31884.

Create an Index Pattern in Kibana

Create an index pattern wcp-domain* in Kibana by navigating to the dashboard through the Management option. When the servers are started, the log data is shown on the Kibana dashboard.

Create or Update an Image

You can build an Oracle WebCenter Portal image for production deployments with patches (bundle or interim) using the WebLogic Image Tool, you must have access to the My Oracle Support (MOS) to download (bundle or interim) patches.

• Create or update an Oracle WebCenter Portal Docker image using the WebLogic Image Tool
  • Set up the WebLogic Image Tool
  • Create an image
  • Update an image
• Create an Oracle WebCenter Portal Docker image using Dockerfile

Create or update an Oracle WebCenter Portal Docker image using the WebLogic Image Tool

Using the WebLogic Image Tool, you can create a new Oracle WebCenter Portal Docker image (can include patches as well) or update an existing image with one or more patches (bundle patch and interim patches).

Recommendations:

• Use create for creating a new Oracle WebCenter Portal Docker image:
  • without any patches
  • or, containing the Oracle WebCenter Portal binaries, bundle , and interim patches. This is the recommended approach if you have access to the Oracle WebCenter Portal patches because it optimizes the size of the image.
• Use update for patching an existing Oracle WebCenter Portal Docker image with a single interim patch. Note that the patched image size may increase considerably due to additional image layers introduced by the patch application tool.

• Prerequisites
• Set up the WebLogic Image Tool
• Validate the setup
• WebLogic Image Tool build directory
• WebLogic Image Tool cache
• Set up additional build scripts

Prerequisites

Verify that your environment meets the following prerequisites:

• Docker client and daemon on the build machine, with minimum Docker version 18.03.1.ce.
• Bash version 4.0 or later, to enable the command complete feature.
• JAVA_HOME environment variable set to the appropriate JDK location.

Set up the WebLogic Image Tool

To set up the WebLogic Image Tool:

1. Create a working directory and change to it. In these steps, this directory is imagetool-setup.

   mkdir imagetool-setup
   cd imagetool-setup

2. Download the latest version of the WebLogic Image Tool from the releases page.

3. Unzip the release ZIP file to the imagetool-setup directory.

4. Execute the following commands to set up the WebLogic Image Tool on a Linux environment:

   cd imagetool-setup/imagetool/bin
   source setup.sh

Validate the setup

To validate the setup of the WebLogic Image Tool:

1. Enter the following command to retrieve the version of the WebLogic Image Tool:

   imagetool --version

2. Enter imagetool then press the Tab key to display the available imagetool commands:

   imagetool <TAB>

   Sample output:

   cache   create  help    rebase  update

WebLogic Image Tool build directory

The WebLogic Image Tool creates a temporary Docker context directory, prefixed by wlsimgbuilder_temp, every time the tool runs. Under normal circumstances, this context directory is deleted. However, if the process is aborted or the tool is unable to remove the directory, it is safe for you to delete it manually. By default, the WebLogic Image Tool creates the Docker context directory under the user’s home directory. If you prefer to use a different directory for the temporary context, set the environment variable WLSIMG_BLDDIR:

 export WLSIMG_BLDDIR="/path/to/buid/dir"

WebLogic Image Tool cache

The WebLogic Image Tool maintains a local file cache store. This store is used to look up where the Java, WebLogic Server installers, and WebLogic Server patches reside in the local file system. By default, the cache store is located in the user’s $HOME/cache directory. Under this directory, the lookup information is stored in the .metadata file. All automatically downloaded patches also reside in this directory. You can change the default cache store location by setting the environment variable WLSIMG_CACHEDIR:

 export WLSIMG_CACHEDIR="/path/to/cachedir"

Set up additional build scripts

To create an Oracle WebCenter Portal Docker image using the WebLogic Image Tool, additional container scripts for Oracle WebCenter Portal domains are required.

1. Clone the docker-images repository to set up those scripts. In these steps, this directory is DOCKER_REPO:

    cd imagetool-setup
    git clone https://github.com/oracle/docker-images.git

2. Copy the additional WebLogic Image Tool build files from the operator source repository to the imagetool-setup location:

    mkdir -p imagetool-setup/docker-images/OracleWebCenterPortal/imagetool/14.1.2.0.0
    cd imagetool-setup/docker-images/OracleWebCenterPortal/imagetool/14.1.2.0.0
    cp -rf ${WORKDIR}/imagetool-scripts/* .

Note: To create the image, continue with the following steps. To update the image, see update an image.