Voyager

Voyager/HAProxy is a popular ingress-based load balancer for production environments. This section provides information about how to install and configure Voyager/HAProxy to load balance Oracle WebCenter Content domain clusters. You can configure Voyager for non-SSL, SSL termination, and end-to-end SSL access of the application URL.

Follow these steps to set up Voyager as a load balancer for an Oracle WebCenter Content domain in a Kubernetes cluster:

Non-SSL and SSL termination

Install the Voyager load balancer
  1. Add the AppsCode chart repository:

    $ helm repo add appscode https://charts.appscode.com/stable/
    $ helm repo update
    
  2. Verify that the chart repository has been added:

    $ helm search repo appscode/voyager
    

    NOTE: After updating the Helm repository, the Voyager version listed may be newer that the one appearing here. Check with the Voyager site for the latest supported versions.

  3. Install the Voyager operator:

    NOTE: The Voyager version used for the install should match the version found with helm search.

    $ kubectl create ns voyager
    $ helm install voyager-operator appscode/voyager --version v12.0.0 \
      --namespace voyager \
      --set cloudProvider=baremetal \
      --set apiserver.enableValidatingWebhook=false
    

    Wait until the Voyager operator is running.

  4. Check the status of the Voyager operator:

    $ kubectl get all -n voyager
    
Click here to see the sample output.

See the official installation document for more details.

  1. Update the Voyager operator

    After the Voyager operator is installed and running, upgrade the Voyager operator using the helm upgrade command, where voyager is the Voyager namespace and wccns is the namespace of the domain.

$ helm upgrade voyager-operator appscode/voyager --namespace voyager
Click here to see the sample output.
Configure Voyager to manage ingresses
  1. Create an ingress for the domain in the domain namespace by using the sample Helm chart. Here path-based routing is used for ingress. Sample values for default configuration are shown in the file ${WORKDIR}/weblogic-kubernetes-operator/kubernetes/samples/charts/ingress-per-domain/values.yaml. By default, type is TRAEFIK , tls is Non-SSL, and domainType is wcc. These values can be overridden by passing values through the command line or can be edited on the sample file values.yaml.

    If needed, you can update the ingress yaml file to define more path rules (in the spec.rules.host.http.paths section) based on the domain application URLs that need to be accessed. You need to update the template yaml file for the Voyager (ingress-based) load balancer located at ${WORKDIR}/weblogic-kubernetes-operator/kubernetes/samples/charts/ingress-per-domain/templates/voyager-ingress.yaml

     $ cd ${WORKDIR}/weblogic-kubernetes-operator
     $ helm install wccinfra-voyager-ingress kubernetes/samples/charts/ingress-per-domain \
         --set type=VOYAGER \
         --namespace wccns \
         --values kubernetes/samples/charts/ingress-per-domain/values.yaml \
         --set tls=NONSSL
    
    Click here to check the output of the ingress per domain
  2. To secure access (SSL) to the Oracle WebCenter Content application, create a certificate and generate secrets:

     $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls1.key -out /tmp/tls1.crt -subj "/CN=*"
     $ kubectl -n wccns create secret tls domain1-tls-cert --key /tmp/tls1.key --cert /tmp/tls1.crt
    
  3. Deploy ingress-per-domain using Helm for SSL configuration.

    If needed, you can update the ingress yaml file to define more path rules (in the spec.rules.host.http.paths section) based on the domain application URLs that need to be accessed. You need to update the template yaml file for the Voyager (ingress-based) load balancer located at ${WORKDIR}/weblogic-kubernetes-operator/kubernetes/samples/charts/ingress-per-domain/templates/voyager-ingress.yaml

     $ cd ${WORKDIR}/weblogic-kubernetes-operator
     $ helm install wccinfra-voyager-ingress kubernetes/samples/charts/ingress-per-domain \
         --set type=VOYAGER \
         --namespace wccns \
         --values kubernetes/samples/charts/ingress-per-domain/values.yaml \
         --set tls=SSL
    
    Click here to see the sample output of the above Commnad.
  4. For non-SSL/SSL access to the Oracle WebCenter Content application, get the details of the services deployed by the above ingress:

    $ kubectl describe ingress.voyager.appscode.com/wccinfra-voyager -n wccns
    
Click here to see the sample output of the services supported by the above deployed ingress.
  1. To confirm that the load balancer noticed the new ingress and is successfully routing to the domain’s server pods, you can send a request to the URL for the “WebLogic ReadyApp framework” which should return a HTTP 200 status code, as follows:
$ curl -v http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-PORT}/weblogic/ready
* About to connect() to ****.com port 31316 (#0)
*   Trying 100.111.156.246...
* Connected to ****.com (100.111.156.246) port 31316 (#0)
> GET /weblogic/ready HTTP/1.1
> User-Agent: curl/7.29.0
> Host: *****.com:31316
> Accept: */*
>

Verify Non-SSL and SSL access

After setting up the Voyager (ingress-based) load balancer, verify that the Oracle WebCenter Content domain applications are accessible through the load balancer port 31316 (both SSL and non-SSL). The application URLs for Oracle WebCenter Content domain of type wcc are:

Note: Port 31316 is the LOADBALANCER-Non-SSLPORT and LOADBALANCER-SSLPORT.

Non-SSL configuration
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/weblogic/ready
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/console
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/em
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/cs
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/ibr
 
SSL configuration
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/weblogic/ready
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/console
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/em
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/cs
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/ibr

Uninstalling the chart

To uninstall and delete the my-ingress deployment, enter the following command:

 $ helm delete wccinfra-voyager -n wccns

End-to-end SSL configuration

Install Voyager load balancer for end-to-end SSL

Install the Voyager load balancer as described here.

  1. Check the status of the Voyager operator.

     $ kubectl get all -n voyager
    

    Sample output:

NAME                                    READY   STATUS    RESTARTS   AGE
pod/voyager-operator-788f4cdc65-bzvvs   1/1     Running   0          10d

NAME                       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGE
service/voyager-operator   ClusterIP   10.110.165.167   <none>        443/TCP,56791/TCP   10d

NAME                               READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/voyager-operator   1/1     1            1           10d

NAME                                          DESIRED   CURRENT   READY   AGE
replicaset.apps/voyager-operator-788f4cdc65   1         1         1       10d
replicaset.apps/voyager-operator-dcb77b9b9    0         0         0       10d

  1. For secured access (SSL) to the Oracle WebCenter Content application, create a certificate and generate Kuberentes secrets:
     $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls1.key -out /tmp/tls1.crt -subj "/CN=*"
     $ kubectl -n wccns create secret tls domain1-tls-cert --key /tmp/tls1.key --cert /tmp/tls1.crt
    
Deploy tls to access services
  1. Deploy tls to securely access the services. Only one application can be configured with ssl-passthrough. A sample tls file for Voyager is shown below for the service wccinfra-adminserver and port 7001. All the applications running on port 7001 can be securely accessed through this ingress. For each backend service, create different ingresses as Voyager does not support multiple path/rules with annotation ssl-passthrough.

     $ cd ${WORKDIR}/weblogic-kubernetes-operator/kubernetes/samples/charts/ingress-per-domain/tls
    
Click here to see the content of the file voyager-ucm-tls.yaml
 $ kubectl create -f voyager-adminserver-tls.yaml
 
 $ kubectl create -f voyager-ucm-tls.yaml
 
 $ kubectl create -f voyager-ibr-tls.yaml
 
Click here to see the services supported by the ingress
Verify end-to-end SSL access

Verify that the Oracle WebCenter Content domain application URLs are accessible through the SSLPORT 31443:

https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/console/
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/cs/
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/ibr
Uninstall the Voyager tls
 $ cd ${WORKDIR}/weblogic-kubernetes-operator/kubernetes/samples/charts/ingress-per-domain/tls
 
 $ kubectl  delete -f voyager-adminserver-tls.yaml
 
 $ kubectl  delete -f voyager-adminserver-tls.yaml
 
 $ kubectl  delete -f voyager-adminserver-tls.yaml