oracle
diff --git a/‎OracleSOASuite/helm-charts/README.md
Lines changed: 598 additions & 0 deletions b/‎OracleSOASuite/helm-charts/README.md
Lines changed: 598 additions & 0 deletions
diff --git a/‎OracleSOASuite/helm-charts/charts/ingress-per-domain/Chart.yaml
Lines changed: 8 additions & 0 deletions b/‎OracleSOASuite/helm-charts/charts/ingress-per-domain/Chart.yaml
Lines changed: 8 additions & 0 deletions
diff --git a/‎OracleSOASuite/helm-charts/charts/ingress-per-domain/README.md
Lines changed: 148 additions & 0 deletions b/‎OracleSOASuite/helm-charts/charts/ingress-per-domain/README.md
Lines changed: 148 additions & 0 deletions
diff --git a/‎OracleSOASuite/helm-charts/charts/ingress-per-domain/templates/_helpers.tpl
Lines changed: 48 additions & 0 deletions b/‎OracleSOASuite/helm-charts/charts/ingress-per-domain/templates/_helpers.tpl
Lines changed: 48 additions & 0 deletions
diff --git a/‎OracleSOASuite/helm-charts/charts/ingress-per-domain/templates/nginx-ingress-e2essl.yaml
Lines changed: 172 additions & 0 deletions b/‎OracleSOASuite/helm-charts/charts/ingress-per-domain/templates/nginx-ingress-e2essl.yaml
Lines changed: 172 additions & 0 deletions
@@ -0,0 +1,8 @@
+# Copyright (c) 2024, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to create an Ingress for a WLS domain. 
+name: ingress-per-domain
+version: 0.1.0
@@ -0,0 +1,148 @@
+# An Ingress per domain chart
+This chart is for deploying an Ingress resource in front of an Oracle SOA Suite domain cluster. We support two Ingress types: TRAEFIK and NGINX.
+
+## Prerequisites
+- Have Docker and a Kubernetes cluster running and have `kubectl` installed and configured.
+- Have Helm installed.
+- The corresponding Ingress controller, [Traefik](https://github.com/oracle/weblogic-kubernetes-operator/tree/main/kubernetes/samples/charts/traefik), is installed in the Kubernetes cluster.
+- An Oracle SOA Suite domain cluster deployed by `weblogic-operator` is running in the Kubernetes cluster.
+
+## Install ingress controller
+### NGINX (kubernetes/ingress-nginx) Ingress Controller.
+   
+   ```bash
+   $ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+   $ helm repo update
+   $ helm install nginx-ingress -n soans \
+        --set controller.service.type=NodePort \
+        --set controller.admissionWebhooks.enabled=false \
+        ingress-nginx/ingress-nginx
+   ```
+
+### TRAEFIK Ingress Controller
+   ```bash
+   $ helm repo add traefik https://helm.traefik.io/traefik --force-update
+   $ kubectl create namespace traefik
+   $ helm install traefik traefik/traefik \
+      --namespace traefik \
+      --values values.yaml \
+      --set  "kubernetes.namespaces={traefik}" \
+      --set "service.type=NodePort" --wait
+   ```
+
+## Installing the chart
+
+To install the chart with the release name, `soa-traefik-ingress` or `soa-nginx-ingress`, with the given `values.yaml`:
+```
+
+# Use helm to install the chart.  Use `--namespace` to specify the name of the Soa domain's namespace.
+
+# Using Helm 3.x:
+# Traefik:
+$ helm install soa-traefik-ingress  . --namespace soans --values values.yaml --set "traefik.hostname=$(hostname -f)"  
+
+#NGINX
+$ helm install soa-nginx-ingress .  --namespace soans --values values.yaml --set "nginx.hostname=$(hostname -f)"
+
+```
+NOTE: Ingress per domain installing using helm command uses the values from `values.yml` available at `ingress-per-domain/values.yaml`. This values.yaml contains the default values
+The inputs provided in the helm install command will overwrite these default values.
+> In the value.yaml the default values are: type: "TRAEFIK" , sslType: "NONSSL" and domainType: "soa".  
+> If you want to use other than these default values then,  
+>      1. Either modify the value.yaml file with the required values or  
+>      2. Pass the required values through the helm command line.  
+>
+> For Example : For installing Nginx ingress with SSL Configuration pass "type=NGINX" and "sslType=SSL" on command line.  
+> $ helm install soa-nginx-ingress .  --namespace soans --values values.yaml  --set "nginx.hostname=$(hostname -f)"  --set type=NGINX --set sslType=SSL  
+
+
+The Ingress resource will be created in the same namespace as the SOA domain cluster.
+
+## Generate Secret to access  SSL services
+
+Command to Generate Secret: 
+```
+$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls1.key -out /tmp/tls1.crt -subj "/CN=*"
+$ kubectl -n soans create secret tls soainfra-tls-cert --key /tmp/tls1.key --cert /tmp/tls1.crt
+
+```
+
+Sample `values.yaml` for the Traefik and Nginx Ingress:
+```
+# Load balancer type. Supported values are: TRAEFIK,NGINX
+type: TRAEFIK
+
+# SSL configuration Type. Supported Values are : NONSSL,SSL,E2ESSL
+sslType: NONSSL
+
+# domainType. Supported values are: osb,soa,soaosb
+domainType: soa
+
+#WLS domain as backend to the load balancer
+wlsDomain:
+  domainUID: soainfra
+  adminServerName: AdminServer
+  adminServerPort: 7001
+  adminServerSSLPort: 7002
+  soaClusterName: soa_cluster
+  soaManagedServerPort: 8001
+  soaManagedServerSSLPort: 8002
+  osbClusterName: osb_cluster
+  osbManagedServerPort: 9001
+  osbManagedServerSSLPort: 9002
+
+# Host  specific values
+hostName:
+  admin: admin.example.org
+  soa: soa.example.org
+  osb: osb.example.org
+
+
+# Ngnix specific values
+nginx:
+  hostname:
+  connectTimeout: 1800
+  readTimeout: 1800
+  sendTimeout: 1800
+  cookieExpires: 172800
+  cookieMaxAge: 172800
+
+traefik:
+  hostname:
+
+
+tls:
+  secretName:
+  certCommonName: "*.example.org"
+  validityDays: 365
+```
+## Uninstalling the chart
+To uninstall and delete the `my-ingress` deployment:
+```
+$ helm delete --purge <soa-traefik-ingress or soa-nginx-ingress >
+```
+## Configuration
+The following table lists the configurable parameters of this chart and their default values.
+
+| Parameter | Description | Default |
+| --- | --- | --- |
+| `type` | Type of Ingress controller. Legal values are `TRAEFIK` or `NGINX`. | `TRAEFIK` |
+| `sslType` | Type of Configuration. values are `NONSSL` , `SSL` and `E2ESSL`. | `NONSSL` |
+| `domainType` | Type of SOA Domain. values are `soa` or `osb` or`soaosb`. | `soa` |
+| `hostName.admin` | Admin host name. | `admin.org` |
+| `hostName.soa` | Soa host name. | `soa.org` |
+| `hostName.osb` | Osb host name. | `osb.org` |
+| `wlsDomain.domainUID` | DomainUID of the Soa domain. | `soainfra` |
+| `wlsDomain.soaClusterName` | Cluster name in the SOA domain. | `soa_cluster` |
+| `wlsDomain.osbClusterName` | Cluster name in the OSB domain. | `osb_cluster` |
+| `wlsDomain.adminServerPort` | Port number of the Admin servers in the Soa domain cluster . | `7001` |
+| `wlsDomain.adminServerSSLPort` | Port number of the Admin servers in the Soa domain cluster . | `7002` |
+| `wlsDomain.soaManagedServerPort` | Port number of the managed servers in the Soa domain cluster. | `8001` |
+| `wlsDomain.soaManagedServerSSLPort` | SSL Port number of the managed servers in the Soa domain cluster. | `8002` |
+| `wlsDomain.osbManagedServerPort` | Port number of the managed servers in the Soa domain cluster. | `9001` |
+| `wlsDomain.osbManagedServerSSLPort` | Port number of the managed servers in the Soa domain cluster. | `9002` |
+| `tls.secretName` | TLS secretName. | `null` |
+| `tls.certCommonName` | Common Name for TLS secret | `*.example.org` |
+| `tls.validityDays` | Certificate validity dats | `365` | 
+
+>**NOTE:** The input values `domainUID` and `clusterName` will be used to generate the Kubernetes `serviceName` of the WLS cluster with the format `domainUID-cluster-clusterName`.
@@ -0,0 +1,48 @@
+# Copyright (c) 2024, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ingress-per-domain.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ingress-per-domain.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ingress-per-domain.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels that should be added on each resource
+*/}}
+{{- define "common.labels" -}}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- if eq (default "helm" .Values.creator) "helm" }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+helm.sh/chart: {{ .Chart.Name }}
+{{- end -}}
+{{- if ((.Values.global).commonLabels) }}
+{{ toYaml ((.Values.global).commonLabels) }}
+{{- end }}
+{{- end -}}
@@ -0,0 +1,172 @@
+# Copyright (c) 2024, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+{{- if eq .Values.type "NGINX" }}
+{{- if (eq .Values.sslType "E2ESSL")}}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower }}-nginx-e2essl
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "common.labels" . | indent 4 }}
+    serviceType: SERVER
+    weblogic.domainName: {{ .Values.wlsDomain.domainUID }}
+    weblogic.domainUID: {{ .Values.wlsDomain.domainUID }}
+    weblogic.serverName: {{ .Values.wlsDomain.adminServerName }}
+spec:
+  ports:
+  {{- if eq .Values.wlsDomain.secureEnabled true }}
+  - port: {{ .Values.wlsDomain.adminSecurePort }}
+    protocol: TCP
+    targetPort: {{ .Values.wlsDomain.adminSecurePort }}
+  {{- else }}
+  - port: {{ .Values.wlsDomain.adminServerSSLPort }}
+    protocol: TCP
+    targetPort: {{ .Values.wlsDomain.adminServerSSLPort }}
+  {{- end }}
+  selector:
+    weblogic.domainUID: {{ .Values.wlsDomain.domainUID }}
+    weblogic.serverName: {{ .Values.wlsDomain.adminServerName }}
+  type: ClusterIP
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Values.wlsDomain.domainUID }}-nginx-e2essl-admin
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    kubernetes.io/ingress.class: 'nginx'
+    nginx.ingress.kubernetes.io/affinity: 'cookie'
+    nginx.ingress.kubernetes.io/session-cookie-name: 'sticky'
+    nginx.ingress.kubernetes.io/ssl-passthrough: 'true'
+spec:
+  tls:
+  - hosts:
+    - '{{ .Values.hostName.admin }}'
+    secretName: {{ .Values.wlsDomain.domainUID }}-tls-cert
+  rules:
+  - host: '{{ .Values.hostName.admin }}'
+    http:
+      paths:
+      - path: 
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: '{{ .Values.wlsDomain.domainUID }}-{{ .Values.wlsDomain.adminServerName | lower | replace "_" "-" }}-nginx-e2essl'
+            port:
+              {{- if eq .Values.wlsDomain.secureEnabled true }}
+              number: {{ .Values.wlsDomain.adminSecurePort }}
+              {{- else }}
+              number: {{ .Values.wlsDomain.adminServerSSLPort }}
+              {{- end }}
+{{- if or (eq .Values.domainType "soa") (eq .Values.domainType "soaosb") }}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.soaClusterName | lower | replace "_" "-" }}-nginx-e2essl'
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "common.labels" . | indent 4 }}
+    serviceType: CLUSTER
+    weblogic.clusterName: {{ .Values.wlsDomain.soaClusterName }}
+    weblogic.domainName: {{ .Values.wlsDomain.domainUID }}
+    weblogic.domainUID: {{ .Values.wlsDomain.domainUID }}
+spec:
+  ports:
+  - port: {{ .Values.wlsDomain.soaManagedServerSSLPort }}
+    protocol: TCP
+    targetPort: {{ .Values.wlsDomain.soaManagedServerSSLPort }}
+  selector:
+    weblogic.domainUID: {{ .Values.wlsDomain.domainUID }}
+    weblogic.clusterName: {{ .Values.wlsDomain.soaClusterName }}
+  type: ClusterIP
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Values.wlsDomain.domainUID }}-nginx-e2essl-soa
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    kubernetes.io/ingress.class: 'nginx'
+    nginx.ingress.kubernetes.io/affinity: 'cookie'
+    nginx.ingress.kubernetes.io/session-cookie-name: 'sticky'
+    nginx.ingress.kubernetes.io/ssl-passthrough: 'true'
+spec:
+  tls:
+  - hosts:
+    - '{{ .Values.hostName.soa }}'
+    secretName: {{ .Values.wlsDomain.domainUID }}-tls-cert
+  rules:
+  - host: '{{ .Values.hostName.soa }}'
+    http:
+      paths:
+      - path: /
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.soaClusterName | lower | replace "_" "-" }}-nginx-e2essl'
+            port:
+              number: {{ .Values.wlsDomain.soaManagedServerSSLPort  }}
+{{- end }}
+{{- if or (eq .Values.domainType "osb") (eq .Values.domainType "soaosb") }}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.osbClusterName | lower | replace "_" "-" }}-nginx-e2essl'
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "common.labels" . | indent 4 }}
+    serviceType: CLUSTER
+    weblogic.clusterName: {{ .Values.wlsDomain.osbClusterName }}
+    weblogic.domainName: {{ .Values.wlsDomain.domainUID }}
+    weblogic.domainUID: {{ .Values.wlsDomain.domainUID }}
+spec:
+  ports:
+  - port: {{ .Values.wlsDomain.osbManagedServerSSLPort }}
+    protocol: TCP
+    targetPort: {{ .Values.wlsDomain.osbManagedServerSSLPort }}
+  selector:
+    weblogic.domainUID: {{ .Values.wlsDomain.domainUID }}
+    weblogic.clusterName: {{ .Values.wlsDomain.osbClusterName }}
+  type: ClusterIP
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Values.wlsDomain.domainUID }}-nginx-e2essl-osb
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    kubernetes.io/ingress.class: 'nginx'
+    nginx.ingress.kubernetes.io/affinity: 'cookie'
+    nginx.ingress.kubernetes.io/session-cookie-name: 'sticky'
+    nginx.ingress.kubernetes.io/ssl-passthrough: 'true'
+spec:
+  tls:
+  - hosts:
+    - '{{ .Values.hostName.osb }}'
+    secretName: {{ .Values.wlsDomain.domainUID }}-tls-cert
+  rules:
+  - host: '{{ .Values.hostName.osb }}'
+    http:
+      paths:
+      - path: /
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: '{{ .Values.wlsDomain.domainUID }}-cluster-{{ .Values.wlsDomain.osbClusterName | lower | replace "_" "-" }}-nginx-e2essl'
+            port:
+              number: {{ .Values.wlsDomain.osbManagedServerSSLPort  }}
+{{- end }}
+
+{{- end }}
+{{- end }}
+