Voyager

Voyager/HAProxy is a popular ingress-based load balancer for production environments. This section provides information about how to install and configure Voyager/HAProxy to load balance Oracle SOA Suite domain clusters. You can configure Voyager for non-SSL, SSL termination, and end-to-end SSL access of the application URL.

Follow these steps to set up Voyager as a load balancer for an Oracle SOA Suite domain in a Kubernetes cluster:

  1. Install the Voyager load balancer
  2. Configure Voyager to manage ingresses
  3. Verify domain application URL access
  4. Uninstalling Voyager Ingress
  5. Uninstall Voyager
Install the Voyager load balancer

  1. Add the AppsCode chart repository:

    $ helm repo add appscode https://charts.appscode.com/stable/
$ helm repo update

  2. Verify that the chart repository has been added:

    $ helm search repo appscode/voyager

    NOTE: After updating the Helm repository, the Voyager version listed may be newer that the one appearing here. Check with the Voyager site for the latest supported versions.

  3. Install the Voyager operator:

    NOTE: The Voyager version used for the install should match the version found with helm search.

    $ kubectl create ns voyager
$ helm install voyager-operator appscode/voyager --version 12.0.0 \
  --namespace voyager \
  --set cloudProvider=baremetal \
  --set apiserver.enableValidatingWebhook=false

    Wait until the Voyager operator is running.

  4. Check the status of the Voyager operator:

    $ kubectl get all -n voyager
    Click here to see the sample output.

    See the official installation document for more details.

  5. Update the Voyager operator

    After the Voyager operator is installed and running, upgrade the Voyager operator using the helm upgrade command, where voyager is the Voyager namespace and soans is the namespace of the domain.

      $ helm upgrade voyager-operator appscode/voyager --namespace voyager
    Click here to see the sample output.
Configure Voyager to manage ingresses

  1. Create an ingress for the domain in the domain namespace by using the sample Helm chart. Here path-based routing is used for ingress. Sample values for default configuration are shown in the file ${WORKDIR}/charts/ingress-per-domain/values.yaml. By default, type is TRAEFIK , sslType is NONSSL, and domainType is soa. These values can be overridden by passing values through the command line or can be edited on the sample file values.yaml.

    Note: See here for all the configuration parameters.

    If needed, you can update the ingress yaml file to define more path rules (in the spec.rules.host.http.paths section) based on the domain application URLs that need to be accessed. You need to update the template yaml file for the Voyager (ingress-based) load balancer located at ${WORKDIR}/charts/ingress-per-domain/templates/voyager-ingress.yaml

     $ cd ${WORKDIR}
 $ helm install soa-voyager-ingress charts/ingress-per-domain \
     --namespace soans \
     --values charts/ingress-per-domain/values.yaml \
     --set type=VOYAGER
    Click here to check the output of the ingress per domain

  2. To secure access (SSL and E2ESSL) to the Oracle SOA Suite application, create a certificate and generate secrets:

     $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls1.key -out /tmp/tls1.crt -subj "/CN=*"
 $ kubectl -n soans create secret tls domain1-tls-cert --key /tmp/tls1.key --cert /tmp/tls1.crt

  3. Deploy ingress-per-domain using Helm for SSL termination configuration.

     $ cd ${WORKDIR}
 $ helm install soa-voyager-ingress charts/ingress-per-domain \
     --namespace soans  \
     --values charts/ingress-per-domain/values.yaml \
     --set type=VOYAGER \
     --set sslType=SSL
    Click here to see the sample output of the above Commnad.

  4. Deploy ingress-per-domain using Helm for E2ESSL configuration.

     $ cd ${WORKDIR}
 $ helm install soa-voyager-ingress charts/ingress-per-domain \
     --namespace soans  \
     --values charts/ingress-per-domain/values.yaml \
     --set type=VOYAGER \
     --set sslType=E2ESSL
    Click here to see the sample output of the above Commnad.

  5. For NONSSL access to the Oracle SOA Suite application, get the details of the services deployed by the above ingress:

    $ kubectl describe ingress.voyager.appscode.com/soainfra-voyager -n soans
    Click here to see the sample output of the services supported by the above deployed ingress.

  6. For SSL access to the Oracle SOA Suite application, get the details of the services by the above deployed ingress:

     $ kubectl describe ingress.voyager.appscode.com/soainfra-voyager -n soans
    Click here to see all the services configured by the above deployed ingress.

  7. For E2ESSL access to the Oracle SOA Suite application, get the details of the services by the above deployed ingress:

     $ kubectl describe ingress.voyager.appscode.com/soainfra-voyager-e2essl-admin -n soans
    Click here to see all the services configured by the above deployed ingress.

  8. To confirm that the load balancer noticed the new ingress and is successfully routing to the domain’s server pods, you can send a request to the URL for the “WebLogic ReadyApp framework” which should return a HTTP 200 status code, as follows:

    $ curl -v http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-PORT}/weblogic/ready
* About to connect() to localhost port 30305 (#0)
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 30305 (#0)
> GET /weblogic/ready HTTP/1.1
> User-Agent: curl/7.29.0
> Accept: */*
> host: *****.com
>
< HTTP/1.1 200 OK
< Content-Length: 0
< Date: Thu, 12 Mar 2020 10:16:43 GMT
< Vary: Accept-Encoding
<
* Connection #0 to host localhost left intact
Verify domain application URL access

After setting up the Voyager (ingress-based) load balancer, verify that the Oracle SOA Suite domain applications are accessible through the load balancer port 30305 for NONSSL, 30443 for SSL and on ports 30445(admin), 30447(soa) and 30449(osb) for E2ESSL. The application URLs for Oracle SOA Suite domain of type soa are:

Note: Port 30305 is the LOADBALANCER-Non-SSLPORT and 30443 is LOADBALANCER-SSLPORT.

NONSSL configuration
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/weblogic/ready
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/console
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/em
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/soa-infra
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/soa/composer
 http://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-Non-SSLPORT}/integration/worklistapp
SSL configuration
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/weblogic/ready
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/console
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/em
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/soa-infra
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/soa/composer
https://${LOADBALANCER-HOSTNAME}:${LOADBALANCER-SSLPORT}/integration/worklistapp
E2ESSL configuration
https://${LOADBALANCER-HOSTNAME}:30445/weblogic/ready
https://${LOADBALANCER-HOSTNAME}:30445/console
https://${LOADBALANCER-HOSTNAME}:30445/em
https://${LOADBALANCER-HOSTNAME}:30447/soa-infra
https://${LOADBALANCER-HOSTNAME}:30447/soa/composer
https://${LOADBALANCER-HOSTNAME}:30447/integration/worklistapp

Uninstalling Voyager ingress

To uninstall and delete the ingress deployment, enter the following command:

 $ helm delete soa-voyager-ingress -n soans

Uninstall Voyager

$ helm delete voyager-operator  -n voyager