This section provides information about how to install and configure the ingress-based NGINX load balancer to load balance Oracle SOA Suite domain clusters. You can configure NGINX for non-SSL, SSL termination, and end-to-end SSL access of the application URL.
Follow these steps to set up NGINX as a load balancer for an Oracle SOA Suite domain in a Kubernetes cluster:
See the official installation document for prerequisites.
To get repository information, enter the following Helm commands:
$ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
$ helm repo update
Deploy the ingress-nginx
controller by using Helm on the domain namespace:
$ helm install nginx-ingress -n soans \
--set controller.service.type=NodePort \
--set controller.admissionWebhooks.enabled=false \
ingress-nginx/ingress-nginx
For secured access (SSL and E2ESSL) to the Oracle SOA Suite application, create a certificate and generate secrets:
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls1.key -out /tmp/tls1.crt -subj "/CN=domain1.org"
$ kubectl -n soans create secret tls soainfra-tls-cert --key /tmp/tls1.key --cert /tmp/tls1.crt
Note: The value of
CN
is the host on which this ingress is to be deployed and secret name should be <domainUID>-tls-cert.
Deploy the ingress-nginx controller by using Helm on the domain namespace:
$ helm install nginx-ingress -n soans \
--set controller.extraArgs.default-ssl-certificate=soans/soainfra-tls-cert \
--set controller.service.type=NodePort \
--set controller.admissionWebhooks.enabled=false \
--set controller.extraArgs.enable-ssl-passthrough=true \
ingress-nginx/ingress-nginx
Check the status of the deployed ingress controller:
$ kubectl --namespace soans get services | grep ingress-nginx-controller
Sample output:
nginx-ingress-ingress-nginx-controller NodePort 10.106.186.235 <none> 80:32125/TCP,443:31376/TCP 19m
Choose an appropriate LOADBALANCER_HOSTNAME
for accessing the Oracle SOA Suite domain application URLs.
$ export LOADBALANCER_HOSTNAME=<LOADBALANCER_HOSTNAME>
For example, if you are executing the commands from a master node terminal, where the master hostname is LOADBALANCER_HOSTNAME
:
$ export LOADBALANCER_HOSTNAME=$(hostname -f)
Create an ingress for the domain in the domain namespace by using the sample Helm chart. Here path-based routing is used for ingress. Sample values for default configuration are shown in the file ${WORKDIR}/charts/ingress-per-domain/values.yaml
. By default, type
is TRAEFIK
, sslType
is NONSSL
, and domainType
is soa
. These values can be overridden by passing values through the command line or can be edited in the sample file values.yaml
.
If needed, you can update the ingress YAML file to define more path rules (in section spec.rules.host.http.paths
) based on the domain application URLs that need to be accessed. Update the template YAML file for the NGINX load balancer located at ${WORKDIR}/charts/ingress-per-domain/templates/nginx-ingress.yaml
.
Note: See here for all the configuration parameters.
$ cd ${WORKDIR}
$ helm install soa-nginx-ingress charts/ingress-per-domain \
--namespace soans \
--values charts/ingress-per-domain/values.yaml \
--set "nginx.hostname=${LOADBALANCER_HOSTNAME}" \
--set type=NGINX
Sample output:
NAME: soa-nginx-ingress
LAST DEPLOYED: Fri Jul 24 09:34:03 2020
NAMESPACE: soans
STATUS: deployed
REVISION: 1
TEST SUITE: None
Install ingress-per-domain
using Helm for SSL termination configuration:
$ cd ${WORKDIR}
$ helm install soa-nginx-ingress charts/ingress-per-domain \
--namespace soans \
--values charts/ingress-per-domain/values.yaml \
--set "nginx.hostname=${LOADBALANCER_HOSTNAME}" \
--set type=NGINX --set sslType=SSL
Sample output:
NAME: soa-nginx-ingress
LAST DEPLOYED: Fri Jul 24 09:34:03 2020
NAMESPACE: soans
STATUS: deployed
REVISION: 1
TEST SUITE: None
Install ingress-per-domain
using Helm for E2ESSL
configuration.
Note: To use the
E2ESSL
configuration, you must have created the Oracle SOA Suite domain withsslEnabled
set totrue
. See Create Oracle SOA Suite domains.
$ cd ${WORKDIR}
$ helm install soa-nginx-ingress charts/ingress-per-domain \
--namespace soans \
--values charts/ingress-per-domain/values.yaml \
--set type=NGINX --set sslType=E2ESSL
Sample output:
NAME: soa-nginx-ingress
LAST DEPLOYED: Fri Jul 24 09:34:03 2020
NAMESPACE: soans
STATUS: deployed
REVISION: 1
TEST SUITE: None
For NONSSL access to the Oracle SOA Suite application, get the details of the services by the ingress:
$ kubectl describe ingress soainfra-nginx -n soans
For SSL access to the Oracle SOA Suite application, get the details of the services by the above deployed ingress:
$ kubectl describe ingress soainfra-nginx -n soans
For E2ESSL access to the Oracle SOA Suite application, get the details of the services by the above deployed ingress:
$ kubectl describe ingress soainfra-nginx-e2essl -n soans
Get the LOADBALANCER_NON_SSLPORT
NodePort of NGINX using the command:
$ LOADBALANCER_NON_SSLPORT=$(kubectl --namespace soans get services -o jsonpath="{.spec.ports[0].nodePort}" nginx-ingress-ingress-nginx-controller)
$ echo ${LOADBALANCER_NON_SSLPORT}
Verify that the Oracle SOA Suite domain application URLs are accessible through the LOADBALANCER_NON_SSLPORT
:
http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER_NON_SSLPORT}/weblogic/ready
http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER_NON_SSLPORT}/console
http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER_NON_SSLPORT}/em
http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER_NON_SSLPORT}/soa-infra
http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER_NON_SSLPORT}/soa/composer
http://${LOADBALANCER_HOSTNAME}:${LOADBALANCER_NON_SSLPORT}/integration/worklistapp
Get the LOADBALANCER_SSLPORT
NodePort of NGINX using the command:
$ LOADBALANCER_SSLPORT=$(kubectl --namespace soans get services -o jsonpath="{.spec.ports[1].nodePort}" nginx-ingress-ingress-nginx-controller)
$ echo ${LOADBALANCER_SSLPORT}
Verify that the Oracle SOA Suite domain application URLs are accessible through the LOADBALANCER_SSLPORT
:
https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER_SSLPORT}/weblogic/ready
https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER_SSLPORT}/console
https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER_SSLPORT}/em
https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER_SSLPORT}/soa-infra
https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER_SSLPORT}/soa/composer
https://${LOADBALANCER_HOSTNAME}:${LOADBALANCER_SSLPORT}/integration/worklistapp
To access the SOA Suite domain application URLs from a remote browser, update the browser host config file /etc/hosts
(In Windows, C:\Windows\System32\Drivers\etc\hosts
) with the IP address of the host on which the ingress is deployed with below entries:
X.X.X.X admin.domain.org
X.X.X.X soa.domain.org
X.X.X.X osb.domain.org
Note:
- The value of X.X.X.X is the host IP address on which this ingress is deployed.
- If you are behind any corporate proxy, make sure to update the browser proxy settings appropriately to access the host names updated
/etc/hosts
file.
Get the LOADBALANCER_SSLPORT
NodePort of NGINX using the command:
$ LOADBALANCER_SSLPORT=$(kubectl --namespace soans get services -o jsonpath="{.spec.ports[1].nodePort}" nginx-ingress-ingress-nginx-controller)
$ echo ${LOADBALANCER_SSLPORT}
Verify that the Oracle SOA Suite domain application URLs are accessible through LOADBALANCER_SSLPORT
:
https://admin.org:${LOADBALANCER_SSLPORT}/weblogic/ready
https://admin.org:${LOADBALANCER_SSLPORT}/console
https://admin.org:${LOADBALANCER_SSLPORT}/em
https://soa.org:${LOADBALANCER_SSLPORT}/soa-infra
https://soa.org:${LOADBALANCER_SSLPORT}/soa/composer
https://soa.org:${LOADBALANCER_SSLPORT}/integration/worklistapp
Note: This is the default host name. If you have updated the host name in
values.yaml
, then use the updated values.
Uninstall and delete the ingress-nginx
deployment:
$ helm delete soa-nginx-ingress -n soans
$ helm delete nginx-ingress -n soans