{"id":18802231,"url":"https://github.com/oracle-quickstart/oke-soa","last_synced_at":"2026-01-05T02:30:18.822Z","repository":{"id":38082994,"uuid":"368604882","full_name":"oracle-quickstart/oke-soa","owner":"oracle-quickstart","description":null,"archived":false,"fork":false,"pushed_at":"2023-03-20T20:06:16.000Z","size":86,"stargazers_count":4,"open_issues_count":1,"forks_count":6,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-12-29T20:15:58.101Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"upl-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oracle-quickstart.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-05-18T16:53:30.000Z","updated_at":"2024-01-21T13:30:41.000Z","dependencies_parsed_at":"2022-07-12T10:22:26.247Z","dependency_job_id":null,"html_url":"https://github.com/oracle-quickstart/oke-soa","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foke-soa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foke-soa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foke-soa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foke-soa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oracle-quickstart","download_url":"https://codeload.github.com/oracle-quickstart/oke-soa/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239735263,"owners_count":19688262,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T22:27:06.418Z","updated_at":"2026-01-05T02:30:18.738Z","avatar_url":"https://github.com/oracle-quickstart.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Oracle SOA Suite on Kubernetes\n\n## Disclaimer\n\nThis deployment of Oracle SOA Suite makes use of the Oracle SOA Suite Helm Chart based on the [fmw-kubernetes](https://github.com/oracle/fmw-kubernetes) release.\n\nThe Helm chart is provided as an example and is not currently officially supported by Oracle. Refer to the [fmw-kubernetes](https://github.com/oracle/fmw-kubernetes) release for the officially supported deployment.\n\n## Caveats\n\nAlthough this release follows the same flow as the [fmw-kubernetes](https://github.com/oracle/fmw-kubernetes) release, only the Traefik ingress controller is currently supported.\n\n## 1. Prerequisites\n\n### 1.1 Software Requirements\n\nThis terraform deployment requires the prior installation of the following:\n\n- **terraform \u003e= 0.14**\n\n    [tfswitch](https://tfswitch.warrensbox.com/Install/) can be used for flexibility of working with multiple versions of terraform, but it is only available on Linux and Mac OS X, for Windows or if you prefer to install the base software, see [https://learn.hashicorp.com/tutorials/terraform/install-cli](https://learn.hashicorp.com/tutorials/terraform/install-cli) for basic installation instructions.\n\n- **kubectl \u003e= 1.23 (the Kubernetes cli)**\n\n    See [https://kubernetes.io/docs/tasks/tools/install-kubectl/](https://kubernetes.io/docs/tasks/tools/install-kubectl/) for installation instructions, although kubectl is usually installed as part of Docker Desktop, so if you use Docker it is likely already installed.\n\n- **helm \u003e= 3.9.0**\n\n    Helm is a kubernetes deployment package manager. The OCI Service Broker is packaged in a Helm chart, and so is the etcd cluster deployment.\n    See [https://helm.sh/docs/intro/install/](https://helm.sh/docs/intro/install/) to install helm locally.\n\n- **OCI Command Line Interface (CLI)**\n\n    See [https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm](https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) for a quick starting guide. Make sure you upload your **public key** in your OCI account and note the fingerprint information.\n\n    The OCI CLI is used to configure the access to the OKE cluster locally only, so this deployment could be modified to only use `kubectl` if this is intended for a remote setup, but configuring the CLI helps in several tasks.\n\n### 1.2 Oracle SOA Suite Docker Image\n\nThe chart uses the Oracle SOA Suite Docker image from the Oracle Container Registry. This is a mandatory requirement.\n\nYou must accept the terms of use for this image before using the chart, or it will fail to pull the image from registry.\n\n- At [https://container-registry.oracle.com](https://container-registry.oracle.com), search for 'SOA'.\n- Click **soasuite**.\n- Click to accept the License terms and condition on the right.\n- Fill in your information (if you haven't already).\n- Accept the License.\n\n### 1.3 Oracle Database Docker Image\n\nYou may provision the database supporting the Oracle SOA suite domain schemas separately, and point the chart to it by providing the database url. The database must be accessible from the Kubernetes cluster. This is the recommended way to deploy this chart.\n\nIf you intend on deploying the database within the kubernetes cluster (optional; not for production), you must agree to the terms of the Oracle database Docker image:\n\n- Search for Database.\n- Click **Enterprise**.\n- Click to accept the License terms and condition on the right.\n- Fill in your information (if you haven't already).\n- Accept the License.\n\nNote that the deployment in cluster is for testing purpose only and not for production.\n\n## 2. Installation\n\n### 2.1 Fork or clone the repository\n\nCreate a local copy of this repository. You can make that with the commands:\n\n```bash\ngit clone https://github.com/oracle-quickstart/oke-soa\ncd oke-soa\n```\n\n### 2.2 Create a `terraform.tfvars` file\n\nCreate a `terraform.tfvars` file from the `terraform.tfvars.template` file and populate the following mandatory information:\n\n```bash\n## Copyright © 2021, Oracle and/or its affiliates. \n## All rights reserved. The Universal Permissive License (UPL), Version 1.0 as shown at http://oss.oracle.com/licenses/upl\n\ntenancy_ocid     = \"ocid1.tenancy.oc1...\"\ncompartment_ocid = \"ocid1.compartment.oc1...\"\nregion           = \"us-ashburn-1\"\n\ndeployment_name = \"SOA-k8s\"\nsoa_domain_name = \"mysoa\"\n\n# Domain Type must be one of soa, osb, soaosb\nsoa_domain_type = \"soaosb\"\n\n## Things to provision\n\n# VCN, OKE cluster, node_pool(s)\n# if false, the template assumes the cluster is provisioned and that kubectl has access to the cluster.\nprovision_cluster = true\n\n# File Storage and mount point export \nprovision_filesystem = true\nprovision_export = true\n\n# Database (DBaaS on OCI)\n# If false, a database jdbc_connection URL needs to be provided, and the database needs to be reachable from this VCN\nprovision_database = true\n# WebLogic Operator\nprovision_weblogic_operator = true\n# Ingress controller\nprovision_traefik = true\nprovision_secrets = true\nprovision_soa = true\n\n## File storage details\n# If the VCN is not provided by this template, the following variables must be provided\nfss_subnet_id = null\n# If the cluster and VCN are not provided by this template,\nfss_source_cidr = \"0.0.0.0/0\"\n# File Storage mount target Availability Domain index\nad_number = 2\n\n## Credentials\n# Input your Container registry login credentials\ncontainer_registry_email    = \"\"\ncontainer_registry_password = \"\"\n\n# Create SOA Suite domain Admin Console credentials\nsoa_domain_admin_username = \"\"\n# Password must contain 1 Upper, 1 number and be at least 8 characters long\nsoa_domain_admin_password = \"\"\n\n# Create Database credentials\n# Password must be 9 to 30 characters and contain at least 2 uppercase, 2 lowercase, 2 special, and 2 numeric characters. \n# The special characters must be _, #, or -.\ndb_sys_password = \"\"\n\n# Create RCU Schema credentials\nrcu_prefix = \"SOA\"\nrcu_username = \"rcu\"\n# Password must be 9 to 30 characters and contain at least 2 uppercase, 2 lowercase, 2 special, and 2 numeric characters. \n# The special characters must be _, #, or -.\nrcu_password = \"\"\n\n# If connecting to an external DB, specify the jdbc_connection_url\n# !!! You will need to adjust the security list on your database VCN/subnet to authorize access from the OKE cluster nodes,\n# which may require VCN peering (not provided here)\njdbc_connection_url = null\n\n# Database information\ndatabase_name        = \"SOA\"\ndatabase_unique_name = \"SOA\"\n\n# Kubernetes namespaces\nsoa_kubernetes_namespace     = \"soans\"\nweblogic_operator_namespace  = \"opns\"\ningress_controller_namespace = \"traefik\"\n\n# VCN config\nvcn_cidr = \"10.0.0.0/16\"\n\n# SSH key to access database and Kubernetes nodes\nssh_authorized_key = \"\"\n\n# Optional parameter, requires a vault and key to be created in the account.\nsecrets_encryption_key_ocid = null\n```\n\nIf you wish to encrypt Kubernetes secrets at rest, you can provision a vault and key and reference this key OCID as `secrets_encryption_key_ocid` to use in the kubernetes cluster.\n\nEdit the Kubernetes version as needed.\n\n### 2.3 Deployment Options\n\nBy default, the template will deploy the following infrastrucutre resources:\n\n- A Virtual Cloud Network (VCN).\n- Subnets for the Kubernetes Load Balancers (public subnet) and nodes (private subnet).\n- A Kubernetes cluster on the Oracle Kubernetes Engine service.\n- A database on the Oracle Database Service.\n- A file storage Network File Server (NFS) and mount point export path.\n- Security lists to allow proper communication.\n\nOn the Kubernetes cluster provisioned, the template also create or deploy:\n\n- Namespaces for the different components.\n- The secrets containing the credentials required.\n- The required WebLogic Operator Helm chart the SOA Suite chart requires.\n- The required ingress controller (using Traefik).\n\nBy default the template will deploy the Oracle SOA Suite Helm chart, but it may not be what you need:\n\n- If you are testing this chart and you plan on deploying only one cluster and one SOA Suite installation, the variable `provision_soa` can be kept `true` in the `terraform.tfvars` config file.\n\n- If you plan on deploying multiple SOA Suite domains in the cluster, set it to `false` and follow the Helm chart deployment instructions below. While it is convenient to deploy the whole installation in one command, because Terraform keeps track of the state of the deployment, it is not possible to create an additional SOA domain by simply changing the variable inputs without destroying the original domain. Doing so would require cloning the whole repo again and starting over. Therefore if you plan on deploying multiple SOA domains on the cluster, use the Helm commands directly to deploy your domains.\n\n### 2.4 Deploy the Infrastructure\n\nUse the following commands:\n\n```bash\n    terraform init\n    terraform plan\n    terraform apply\n```\n\nand answer **Yes** at the prompt to deploy the stack.\n\n### 2.5 Deploy the Oracle SOA Helm chart\n\nIf you have opted for the default deployment, which deploys the SOA Suite chart by default, you are done. Wait for the pods to be in the READY state.\n\nOtherwise to deploy a SOA domain (or an additional SOA domain), use the following command:\n\n```bash\nhelm repo add oracle https://oracle.github.io/helm-charts --force-update\n\nhelm install ${soa_domain_name} oracle/soa-suite \\\n    -f fromtf.auto.yaml \\\n    --namespace ${soa_namespace} \\\n    --version 0.3.0 \\\n    --wait  \\\n    --timeout 600s\n```\n\nThis makes use of the `fromtf.auto.yaml` values generated by the terraform template.\n\n## Access the Deployment\n\n1. Get the public IP of the load balancer created by the ingress controller\n\n    ```bash\n    kubectl get services -n traefik\n    ```\n\n    This should output something like:\n\n    ```bash\n    NAME      TYPE           CLUSTER-IP     EXTERNAL-IP      PORT(S)                                          AGE\n    traefik   LoadBalancer   10.2.170.178   123.456.789.123  9000:31242/TCP,30305:30305/TCP,30443:30443/TCP   3m\n    ```\n\n    If it is still pending, wait a few more minutes before checking again.\n\n    Get the EXTERNAL-IP value for the load balancer\n\n2. Make sure the SOA domain servers are running:\n\n    If you have not changed the name of the soa namespace, you can check running pods with:\n\n    ```bash\n    kubectl get pods -n soans\n    ```\n\n    You should see:\n\n    ```bash\n    NAME                READY   STATUS    RESTARTS   AGE    IP          NODE          NOMINATED NODE   READINESS GATES\n    mysoa-adminserver   1/1     Running   0          179m   10.1.1.9    10.0.10.211   \u003cnone\u003e           \u003cnone\u003e\n    mysoa-osb-server1   1/1     Running   0          172m   10.1.1.10   10.0.10.211   \u003cnone\u003e           \u003cnone\u003e\n    mysoa-osb-server2   1/1     Running   0          172m   10.1.1.12   10.0.10.211   \u003cnone\u003e           \u003cnone\u003e\n    mysoa-soa-server1   1/1     Running   0          172m   10.1.1.11   10.0.10.211   \u003cnone\u003e           \u003cnone\u003e\n    mysoa-soa-server2   1/1     Running   0          172m   10.1.0.6    10.0.10.16    \u003cnone\u003e           \u003cnone\u003e\n    ```\n\n    Make sure the STATUS is `RUNNING` and that READY is `1/1` for pods above before checking the URL\n\n3. With the public IP gathered earlier, browse to http://*PUBLIC_IP*:30305/console to get to the WebLogic console.\n\n4. You can log into the console with the `soa_domain_username` and `soa_domain_password` you specified in the `terraform,.tfvars` file.\n\n5. Check the `ess` endpoint by browsing to http://*PUBLIC_IP*:30305/ess .\n\n## Scaling a Domain\n\nRather than updating the Domain resource directly, adjust the Helm Chart parameters, so Helm keeps track of the changes with:\n\n```bash\nhelm upgrade ${soa_domain_name} oracle/soa-suite \\\n    -n ${soa_namespace} \\\n    --reuse-values \\\n    --set domain.soaCluster.managedServers.count=3\n```\n\n## Accessing the Kubernetes UI\n\nTo access the Kubernetes Cluster UI, you can use the following snipet:\n\n```bash\n# Get an access token\nkubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep oke-admin | awk '{print $1}')\n\n# run a kube proxy\nkubectl proxy \u0026\n\n# open your browser to\nopen 'http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login'\n```\n\nor use the provided helper script `access_k8s_dashboard.sh`\n\n## Undeploying a SOA Suite domain\n\nTo undeploy a SOA domain created with the Terraform template (`provision_soa=true`), use the following command:\n\n```bash\nterraform destroy --target=null_resource.deploy_soa\n```\n\nTo undeploy a SOA domain created manually with Helm, you first need to shut down the domain by updating the helm chart with\n\n```bash\nhelm upgrade ${soa_domain_name} oracle/soa-suite \\\n  -n ${soa_namespace} \\\n  --reuse-values \\\n  --set domain.enabled=false \\\n  --wait\n```\n\nOnce the domain is terminated, use:\n\n```bash\nhelm delete ${soa_domain_name} -n ${soa_namespace}\n```\n\n## Destroy the Deployment\n\nWhen you no longer need the deployment, you can run this command to destroy everything (VCN, cluster, database, file storage and all the kubernetes objects):\n\n```bash\nterraform destroy\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foracle-quickstart%2Foke-soa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foracle-quickstart%2Foke-soa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foracle-quickstart%2Foke-soa/lists"}