{"id":861,"date":"2026-04-16T11:14:32","date_gmt":"2026-04-16T11:14:32","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-weblogic-server-for-oke-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-application-development\/"},"modified":"2026-04-16T11:14:32","modified_gmt":"2026-04-16T11:14:32","slug":"oracle-cloud-weblogic-server-for-oke-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-application-development","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-weblogic-server-for-oke-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-application-development\/","title":{"rendered":"Oracle Cloud WebLogic Server for OKE Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Application Development"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Application Development<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p><strong>What this service is<\/strong><br\/>\nWebLogic Server for OKE is an Oracle Cloud approach for running <strong>Oracle WebLogic Server<\/strong> workloads on <strong>Oracle Container Engine for Kubernetes (OKE)<\/strong>. In practice, this typically means deploying WebLogic domains into Kubernetes using Oracle-provided tooling (most commonly the <strong>Oracle WebLogic Kubernetes Operator<\/strong>) and integrating with core Oracle Cloud infrastructure services (VCN networking, Load Balancer, OCI IAM, Logging, and Monitoring).<\/p>\n\n\n\n<p><strong>Simple explanation (one paragraph)<\/strong><br\/>\nIf you have Java EE\/Jakarta EE applications that already run on WebLogic Server, WebLogic Server for OKE helps you run them on Oracle Cloud in a Kubernetes-native way\u2014so you can scale, upgrade, and operate them using standard Kubernetes patterns instead of only VM-based administration.<\/p>\n\n\n\n<p><strong>Technical explanation (one paragraph)<\/strong><br\/>\nWebLogic Server for OKE combines Kubernetes primitives (namespaces, deployments\/statefulsets, services, ingress\/load balancers, secrets, config maps, persistent volumes) with WebLogic-specific operational automation (domain modeling, image creation, rolling restarts, cluster scaling, health checks, and lifecycle management) to run WebLogic domains reliably on OKE worker nodes. It commonly uses the <strong>Oracle WebLogic Kubernetes Operator<\/strong> and related tooling such as <strong>WebLogic Deploy Tooling (WDT)<\/strong> and the <strong>WebLogic Image Tool<\/strong>. The WebLogic runtime itself remains customer-managed inside containers; OKE provides the managed Kubernetes control plane.<\/p>\n\n\n\n<p><strong>What problem it solves<\/strong><br\/>\nIt solves the \u201chow do we modernize operations for existing WebLogic apps?\u201d problem\u2014enabling teams to move from VM-centric deployments to container\/Kubernetes operations while keeping WebLogic as the application runtime. You gain Kubernetes scheduling, self-healing, declarative configuration, and automation-friendly upgrades while continuing to use WebLogic features (clusters, JMS, JTA, security realms, and enterprise deployment models).<\/p>\n\n\n\n<blockquote>\n<p>Naming note (important): Oracle product names and packaged solutions can evolve (for example, a Marketplace listing, a solution blueprint, or a reference architecture might be updated). <strong>Verify the current scope and naming in Oracle\u2019s official documentation and Marketplace\/solution pages<\/strong> before standardizing internally.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is WebLogic Server for OKE?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Official purpose<\/h3>\n\n\n\n<p>WebLogic Server for OKE is intended to run <strong>Oracle WebLogic Server<\/strong> on <strong>Oracle Kubernetes Engine (OKE)<\/strong> with supported operational patterns and integrations for Oracle Cloud.<\/p>\n\n\n\n<p>Because Oracle can package this as a \u201csolution\u201d (often via Terraform\/Resource Manager stacks, reference architectures, or deployment guides), the \u201cservice\u201d is best understood as:\n&#8211; <strong>WebLogic Server<\/strong> (the application server runtime) running <strong>in containers<\/strong>\n&#8211; Managed by <strong>Kubernetes on OKE<\/strong>\n&#8211; Automated via <strong>operator-based lifecycle management<\/strong> and WebLogic tooling<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Deploy WebLogic domains onto Kubernetes\/OKE in a repeatable, declarative way<\/li>\n<li>Scale WebLogic managed servers using Kubernetes patterns<\/li>\n<li>Perform rolling updates and controlled restarts<\/li>\n<li>Expose apps through OCI Load Balancer using Kubernetes <code>Service<\/code> of type <code>LoadBalancer<\/code><\/li>\n<li>Integrate with OCI IAM, networking, logging, and monitoring<\/li>\n<li>Support dev\/test and production topologies using namespaces, node pools, and OCI networking controls<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Major components<\/h3>\n\n\n\n<p>Common building blocks you should expect in a WebLogic-on-OKE implementation:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OKE Cluster<\/strong><\/li>\n<li>Managed Kubernetes control plane<\/li>\n<li>\n<p>Worker nodes (node pools) on OCI Compute<\/p>\n<\/li>\n<li>\n<p><strong>WebLogic Server container images<\/strong><\/p>\n<\/li>\n<li>WebLogic runtime in a container image<\/li>\n<li>Application artifacts deployed either baked into the image or delivered via a model\/config approach  <\/li>\n<li>\n<p>Image source and licensing depends on your organization\u2019s WebLogic distribution and agreements (<strong>verify in official docs and your Oracle license terms<\/strong>)<\/p>\n<\/li>\n<li>\n<p><strong>Oracle WebLogic Kubernetes Operator<\/strong><\/p>\n<\/li>\n<li>Kubernetes operator that manages WebLogic domain resources and lifecycle operations  <\/li>\n<li>\n<p>Official Oracle project: https:\/\/github.com\/oracle\/weblogic-kubernetes-operator (verify current support statements in Oracle docs)<\/p>\n<\/li>\n<li>\n<p><strong>Persistent storage (as needed)<\/strong><\/p>\n<\/li>\n<li>\n<p>OCI Block Volume via Kubernetes persistent volumes (PV\/PVC) for logs, JMS\/JTA stores, or application data (architecture-dependent)<\/p>\n<\/li>\n<li>\n<p><strong>Networking and traffic management<\/strong><\/p>\n<\/li>\n<li>OCI VCN, subnets, route tables, NSGs\/security lists<\/li>\n<li>OCI Load Balancer created by Kubernetes Services (type <code>LoadBalancer<\/code>)<\/li>\n<li>\n<p>Optional Ingress Controller patterns (verify best option for your environment)<\/p>\n<\/li>\n<li>\n<p><strong>Observability<\/strong><\/p>\n<\/li>\n<li>Kubernetes metrics\/logs plus OCI Logging\/Monitoring<\/li>\n<li>Optional Prometheus\/Grafana stack (self-managed or managed options\u2014verify current Oracle offerings)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Service type<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Not a single \u201cfully managed WebLogic PaaS\u201d<\/strong> in the way some platforms abstract the runtime completely.<\/li>\n<li>This is best treated as <strong>customer-managed WebLogic runtime on a managed Kubernetes control plane<\/strong>.<\/li>\n<li>OKE manages the Kubernetes control plane; you manage:<\/li>\n<li>WebLogic versions and patching strategy<\/li>\n<li>Domain configuration and credentials<\/li>\n<li>Container images and registries<\/li>\n<li>Kubernetes objects and policies<\/li>\n<li>Application deployment lifecycle<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scope (regional\/global\/zonal)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OKE clusters are regional resources<\/strong> in Oracle Cloud, with worker nodes in availability domains\/fault domains depending on your region configuration (verify specifics for your tenancy\/region).<\/li>\n<li>Networking components (VCN, subnets, load balancers) are regional within the selected region.<\/li>\n<li>Your WebLogic workloads are scoped to:<\/li>\n<li>the Kubernetes cluster<\/li>\n<li>the namespaces you deploy into<\/li>\n<li>and the OCI region where the cluster resides<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How it fits into the Oracle Cloud ecosystem<\/h3>\n\n\n\n<p>WebLogic Server for OKE sits in <strong>Application Development<\/strong> and modern application operations:\n&#8211; <strong>Compute &amp; Containers<\/strong>: OKE + Compute node pools\n&#8211; <strong>Networking<\/strong>: VCN + OCI Load Balancer + DNS\n&#8211; <strong>Security<\/strong>: OCI IAM + Vault (secrets) + KMS encryption\n&#8211; <strong>DevOps<\/strong>: OCI DevOps (build\/deploy pipelines) or third-party CI\/CD\n&#8211; <strong>Observability<\/strong>: OCI Logging, Monitoring, and Audit<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use WebLogic Server for OKE?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Modernize operations without rewriting<\/strong>: keep WebLogic-based apps while adopting Kubernetes automation.<\/li>\n<li><strong>Standardize platform<\/strong>: run legacy and modern Java workloads on one Kubernetes platform.<\/li>\n<li><strong>Improve delivery velocity<\/strong>: consistent environments from dev to prod; fewer \u201csnowflake\u201d VMs.<\/li>\n<li><strong>Better capacity utilization<\/strong>: bin-pack workloads on node pools and scale horizontally.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Kubernetes-native deployment model<\/strong>: deployments are declarative and version-controlled.<\/li>\n<li><strong>Automated scaling and self-healing<\/strong>: restart crashed pods, reschedule on healthy nodes.<\/li>\n<li><strong>Rolling updates<\/strong>: safer patching of WebLogic nodes with controlled traffic cutover.<\/li>\n<li><strong>Infrastructure-as-Code<\/strong>: OKE, VCN, node pools, and add-ons via Terraform\/Resource Manager.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Day-2 operations<\/strong> become consistent: upgrades, certificate rotation, scaling, and maintenance via Kubernetes.<\/li>\n<li><strong>Separation of concerns<\/strong>: platform team manages OKE baseline; app team manages domain and app config.<\/li>\n<li><strong>Repeatable environments<\/strong>: namespaces and Helm\/Kustomize can standardize deployments.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Network segmentation<\/strong>: private subnets for nodes; controlled public exposure via load balancer.<\/li>\n<li><strong>IAM policy controls<\/strong>: scoped permissions for cluster admins vs deployers.<\/li>\n<li><strong>Auditing<\/strong>: OCI Audit + Kubernetes audit (if enabled) improves traceability.<\/li>\n<li><strong>Secrets management<\/strong>: use Kubernetes secrets and\/or OCI Vault integration patterns (verify preferred method).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Horizontal scaling<\/strong> of managed servers by increasing replicas.<\/li>\n<li><strong>Auto-scaling node pools<\/strong> (where configured) to match demand.<\/li>\n<li><strong>Flexible shapes<\/strong>: choose OCI Compute shapes aligned to Java workload patterns.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose it<\/h3>\n\n\n\n<p>Choose WebLogic Server for OKE if:\n&#8211; You already run WebLogic Server and want Kubernetes operational benefits.\n&#8211; You need multi-environment consistency and automation.\n&#8211; You want to use OCI-native networking and security controls with Kubernetes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose it<\/h3>\n\n\n\n<p>Avoid or delay if:\n&#8211; You need a <strong>fully managed<\/strong> app server where you don\u2019t manage images, patches, or domain configuration.\n&#8211; Your apps are better suited to lighter runtimes (Spring Boot on plain Kubernetes, Helidon, or serverless).\n&#8211; You cannot meet operational requirements: Kubernetes skills, container registry, CI\/CD, observability.\n&#8211; Licensing or support constraints require a different hosting model (<strong>verify with Oracle support and your license agreements<\/strong>).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is WebLogic Server for OKE used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Financial services (core enterprise apps, regulated workloads)<\/li>\n<li>Telecom (service orchestration portals, OSS\/BSS integrations)<\/li>\n<li>Retail (order management and integration services)<\/li>\n<li>Government and public sector (compliance-heavy Java EE apps)<\/li>\n<li>Healthcare (integration engines, patient portals\u2014where applicable)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Platform engineering teams building a Kubernetes-based internal platform<\/li>\n<li>DevOps\/SRE teams modernizing deployment and operations<\/li>\n<li>Enterprise middleware teams migrating from VM-based WebLogic estates<\/li>\n<li>Security teams enforcing network segmentation and audit controls<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>WebLogic-based Java EE\/Jakarta EE applications (WAR\/EAR)<\/li>\n<li>Apps using WebLogic clustering, JDBC data sources, JMS<\/li>\n<li>Integration-heavy enterprise workloads needing stable middleware runtime<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Classic 3-tier apps (web\/app\/db) modernized with Kubernetes<\/li>\n<li>API layer running on WebLogic with OCI API Gateway in front (optional)<\/li>\n<li>Hybrid connectivity to on-prem via VPN\/FastConnect<\/li>\n<li>Multi-environment (dev\/test\/prod) per namespace or per cluster<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Real-world deployment contexts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Migration from on-prem WebLogic clusters to OCI<\/li>\n<li>Running WebLogic alongside other Kubernetes workloads on OKE<\/li>\n<li>Blue\/green or canary release processes for WebLogic-based apps<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Production vs dev\/test usage<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Dev\/test<\/strong>: smaller node pools, simplified LB exposure, less stringent HA, more frequent rebuilds.<\/li>\n<li><strong>Production<\/strong>: multi-node pools, strict IAM, private networking, controlled ingress, observability, backup\/restore, and defined patching windows.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic scenarios where WebLogic Server for OKE is commonly adopted.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Lift-and-modernize WebLogic cluster from VMs to Kubernetes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: VM-based WebLogic clusters are hard to scale and patch consistently.<\/li>\n<li><strong>Why it fits<\/strong>: Kubernetes + operator lifecycle management enables repeatable deployments and rolling updates.<\/li>\n<li><strong>Example<\/strong>: Move a 6-node WebLogic cluster from on-prem VMs to OKE with identical domain topology but containerized managed servers.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Standardize deployments across dev\/test\/prod<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Environments drift; \u201cworks in test, fails in prod.\u201d<\/li>\n<li><strong>Why it fits<\/strong>: Declarative manifests, GitOps, and image versioning reduce drift.<\/li>\n<li><strong>Example<\/strong>: One Helm chart deploys the same WebLogic domain with environment-specific values.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Autoscale managed servers for seasonal traffic<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Peak traffic requires extra capacity for short periods.<\/li>\n<li><strong>Why it fits<\/strong>: Scale replicas for managed servers; optionally scale node pools.<\/li>\n<li><strong>Example<\/strong>: E-commerce order APIs scale from 2 to 10 managed servers during promotions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Safer patching and upgrades with rolling deployments<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Patch windows cause outages or risky big-bang upgrades.<\/li>\n<li><strong>Why it fits<\/strong>: Roll node updates gradually; keep service available.<\/li>\n<li><strong>Example<\/strong>: Roll a CPU patch to WebLogic images and restart pods in a controlled sequence.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Build an internal middleware platform on OKE<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Each app team runs its own WebLogic servers and tooling.<\/li>\n<li><strong>Why it fits<\/strong>: Platform team provides standardized cluster, namespaces, policies, logging.<\/li>\n<li><strong>Example<\/strong>: Shared OKE cluster with separate namespaces per business unit; consistent guardrails.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Hybrid connectivity to on-prem databases and identity systems<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Apps must access on-prem DBs and corporate IdP.<\/li>\n<li><strong>Why it fits<\/strong>: OCI networking + VPN\/FastConnect + Kubernetes networking controls.<\/li>\n<li><strong>Example<\/strong>: WebLogic on OKE connects to on-prem Oracle Database over FastConnect.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Multi-AZ\/AD resilience for app tier<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Need to survive infrastructure failures.<\/li>\n<li><strong>Why it fits<\/strong>: Spread nodes across failure domains\/ADs (region-dependent); multiple replicas.<\/li>\n<li><strong>Example<\/strong>: Node pools across availability domains; LB routes to healthy pods.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Reduce cost with consolidated compute and right-sizing<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Underutilized VM clusters waste money.<\/li>\n<li><strong>Why it fits<\/strong>: Shared node pools and Kubernetes scheduling improve utilization.<\/li>\n<li><strong>Example<\/strong>: Consolidate three low-utilization WebLogic clusters onto one OKE cluster with quotas per namespace.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) CI\/CD-driven application releases<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Manual deployments are slow and error-prone.<\/li>\n<li><strong>Why it fits<\/strong>: Build images and deploy via pipelines; promote immutably.<\/li>\n<li><strong>Example<\/strong>: OCI DevOps pipeline builds WebLogic app image, pushes to OCIR, updates Kubernetes deployment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Controlled exposure of legacy apps to the internet<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Legacy apps require external access but must be protected.<\/li>\n<li><strong>Why it fits<\/strong>: Public LB only; nodes remain private; WAF in front (optional).<\/li>\n<li><strong>Example<\/strong>: OCI WAF \u2192 OCI Load Balancer \u2192 WebLogic on private OKE nodes.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">11) Sidecar-based observability for legacy apps<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: WebLogic logs\/metrics are hard to centralize.<\/li>\n<li><strong>Why it fits<\/strong>: Fluent Bit\/OTel collectors and Prometheus exporters in Kubernetes patterns.<\/li>\n<li><strong>Example<\/strong>: Collect WebLogic access logs and JVM metrics into OCI Logging\/Monitoring.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">12) Separate regulated and non-regulated workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Compliance requires strong tenant separation.<\/li>\n<li><strong>Why it fits<\/strong>: Separate clusters\/compartments, network segmentation, IAM controls.<\/li>\n<li><strong>Example<\/strong>: PHI-related workloads run in dedicated compartment, VCN, and cluster with strict policies.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<blockquote>\n<p>Scope note: Features depend on the exact Oracle-supported deployment approach you use (operator versions, supported WebLogic versions, OCI region capabilities). <strong>Verify in official docs<\/strong> for your target versions.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">1) Kubernetes-native WebLogic domain management (operator pattern)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Uses a Kubernetes operator to manage WebLogic domains and lifecycle events.<\/li>\n<li><strong>Why it matters<\/strong>: Encodes best practices and automates repetitive operations.<\/li>\n<li><strong>Practical benefit<\/strong>: Faster, safer operations: scaling, restarts, and rollouts.<\/li>\n<li><strong>Caveats<\/strong>: Operator version compatibility with Kubernetes\/WebLogic versions must be managed carefully.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Declarative configuration and environment consistency<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Domain definitions, services, and policies are declared as Kubernetes resources.<\/li>\n<li><strong>Why it matters<\/strong>: Enables GitOps and reproducible environments.<\/li>\n<li><strong>Practical benefit<\/strong>: Reviewable changes and easier rollbacks.<\/li>\n<li><strong>Caveats<\/strong>: Some WebLogic configuration may still require careful modeling; avoid \u201cclickops\u201d drift.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Horizontal scaling of managed servers<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Increases\/decreases replicas for managed servers in a cluster.<\/li>\n<li><strong>Why it matters<\/strong>: Handles varying load without re-provisioning VMs.<\/li>\n<li><strong>Practical benefit<\/strong>: Match capacity to traffic; reduce cost off-peak.<\/li>\n<li><strong>Caveats<\/strong>: Stateful components (JMS stores, sessions) may require additional design (session replication, persistent stores).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Rolling updates and controlled restarts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Updates images\/config and restarts pods gradually.<\/li>\n<li><strong>Why it matters<\/strong>: Reduces downtime and operational risk.<\/li>\n<li><strong>Practical benefit<\/strong>: Safer patching strategy.<\/li>\n<li><strong>Caveats<\/strong>: Requires readiness\/liveness probes and correct traffic draining behavior.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Integration with OCI Load Balancer via Kubernetes Services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: <code>Service type: LoadBalancer<\/code> can provision an OCI Load Balancer to front the workload.<\/li>\n<li><strong>Why it matters<\/strong>: Simple, standard Kubernetes exposure model on OCI.<\/li>\n<li><strong>Practical benefit<\/strong>: Quickly publish apps internally or externally with OCI-managed LB.<\/li>\n<li><strong>Caveats<\/strong>: LB cost can be significant; design internal vs public exposure intentionally.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Private networking patterns<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Runs worker nodes in private subnets; exposes only via LB or ingress in controlled subnets.<\/li>\n<li><strong>Why it matters<\/strong>: Reduces attack surface.<\/li>\n<li><strong>Practical benefit<\/strong>: Stronger security posture.<\/li>\n<li><strong>Caveats<\/strong>: Requires NAT\/Service Gateway strategies for outbound access (patches, registries).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Persistent storage support (PV\/PVC)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Uses Kubernetes volumes backed by OCI Block Volume (commonly) for persistence.<\/li>\n<li><strong>Why it matters<\/strong>: Supports durable logs, JMS\/JTA stores, or app state where required.<\/li>\n<li><strong>Practical benefit<\/strong>: Resilience across pod restarts and node replacement.<\/li>\n<li><strong>Caveats<\/strong>: Performance and topology constraints apply; choose appropriate volume type and attachment mode.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Observability integration (logs, metrics, tracing patterns)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Exposes JVM\/app metrics and logs through Kubernetes toolchains, and optionally routes to OCI services.<\/li>\n<li><strong>Why it matters<\/strong>: Production operations require visibility.<\/li>\n<li><strong>Practical benefit<\/strong>: Faster troubleshooting and SLO monitoring.<\/li>\n<li><strong>Caveats<\/strong>: Decide early on log\/metric destinations and retention; costs can scale with ingestion volume.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) IAM and compartment-based governance (OCI)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Controls who can create clusters, node pools, LBs, and read logs.<\/li>\n<li><strong>Why it matters<\/strong>: Separation of duties and least privilege.<\/li>\n<li><strong>Practical benefit<\/strong>: Reduced blast radius and auditability.<\/li>\n<li><strong>Caveats<\/strong>: Kubernetes RBAC and OCI IAM must be aligned; misalignment causes operational friction.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) CI\/CD readiness<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Supports image-based release workflows and manifest-driven deployments.<\/li>\n<li><strong>Why it matters<\/strong>: Enables repeatable application delivery.<\/li>\n<li><strong>Practical benefit<\/strong>: Faster releases with fewer manual steps.<\/li>\n<li><strong>Caveats<\/strong>: Build pipeline must handle WebLogic image creation and licensing constraints.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level service architecture<\/h3>\n\n\n\n<p>At a high level:\n1. Developers build and package applications (WAR\/EAR).\n2. A CI pipeline produces a WebLogic container image (or references a base image + model).\n3. Kubernetes manifests (and operator CRDs\/resources) deploy a WebLogic domain to OKE.\n4. A Kubernetes <code>Service<\/code> exposes the app; type <code>LoadBalancer<\/code> provisions an OCI Load Balancer.\n5. Traffic flows from clients \u2192 OCI LB \u2192 WebLogic pods.\n6. Logs\/metrics flow to your chosen observability stack (OCI Logging\/Monitoring and\/or Prometheus).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Request \/ data \/ control flow<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Request flow<\/strong>:<\/li>\n<li>Client \u2192 OCI Load Balancer \u2192 Kubernetes Service \u2192 WebLogic managed server pod(s)<\/li>\n<li><strong>Control flow<\/strong>:<\/li>\n<li>Operator watches domain resources and reconciles desired state<\/li>\n<li>Kubernetes schedules pods onto nodes and enforces health checks<\/li>\n<li><strong>Data flow<\/strong>:<\/li>\n<li>App \u2192 database\/services (OCI DB, on-prem DB over VPN\/FastConnect)<\/li>\n<li>Optional persistent volumes for stores\/logs<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related services (common)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OKE<\/strong>: Kubernetes cluster and node pools<\/li>\n<li><strong>OCI Load Balancer<\/strong>: External\/Internal load balancing for services<\/li>\n<li><strong>VCN<\/strong>: Subnets, NSGs, routing, security boundaries<\/li>\n<li><strong>OCI Container Registry (OCIR)<\/strong>: Private registry for your built images<\/li>\n<li><strong>OCI Vault<\/strong>: KMS keys and secret storage (patterns vary; verify recommended integration)<\/li>\n<li><strong>OCI Logging \/ Monitoring \/ Audit<\/strong>: Cloud-native observability and governance<\/li>\n<li><strong>OCI DevOps<\/strong> (optional): Build and deploy pipelines<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services<\/h3>\n\n\n\n<p>A typical minimal production dependency set:\n&#8211; VCN with private subnets for nodes\n&#8211; NAT Gateway (if nodes must pull images from the internet) or private registry access\n&#8211; OCIR (or another registry accessible privately)\n&#8211; Load Balancer subnet (public or private)\n&#8211; DNS (OCI DNS or existing)\n&#8211; Logging\/Monitoring targets<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI IAM<\/strong> governs:<\/li>\n<li>who can create\/modify OKE clusters and node pools<\/li>\n<li>who can create LBs and networking objects<\/li>\n<li>who can push\/pull from OCIR<\/li>\n<li><strong>Kubernetes RBAC<\/strong> governs:<\/li>\n<li>who can deploy namespaces, operator, domains, services<\/li>\n<li><strong>Workload identities<\/strong>:<\/li>\n<li>Many OCI-Kubernetes integrations use OCI IAM constructs (for example, instance principals or workload identity patterns). <strong>Verify current recommended approach for OKE in official docs<\/strong>, as this area evolves.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Worker nodes are attached to VCN subnets.<\/li>\n<li>Pods use the cluster\u2019s CNI model (OCI VCN-native CNI capabilities exist for OKE; details vary\u2014<strong>verify in official OKE networking docs<\/strong>).<\/li>\n<li>Kubernetes <code>Service type LoadBalancer<\/code> provisions OCI Load Balancer with listeners and backends that target worker nodes\/pods depending on implementation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Decide:<\/li>\n<li>log collection method (node-level agent vs sidecar)<\/li>\n<li>metrics source (Prometheus\/JMX exporter vs OCI integrations)<\/li>\n<li>alerting (OCI Alarms and Notifications)<\/li>\n<li>Tagging and compartments:<\/li>\n<li>put clusters and LBs in appropriate compartments<\/li>\n<li>use tags for cost allocation<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  U[Users] --&gt; LB[OCI Load Balancer]\n  LB --&gt; SVC[Kubernetes Service]\n  SVC --&gt; POD1[WebLogic Managed Server Pod]\n  SVC --&gt; POD2[WebLogic Managed Server Pod]\n  POD1 --&gt; DB[(Database)]\n  POD2 --&gt; DB\n  OP[WebLogic Kubernetes Operator] --&gt; POD1\n  OP --&gt; POD2\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph Internet\n    Users[End Users \/ Clients]\n  end\n\n  subgraph OCI_Region[Oracle Cloud Region]\n    subgraph VCN[VCN]\n      subgraph PublicSubnet[Public Subnet (Optional)]\n        WAF[OCI WAF (Optional)]\n        PubLB[Public OCI Load Balancer]\n      end\n\n      subgraph PrivateSubnetLB[Private LB Subnet (Common)]\n        IntLB[Internal OCI Load Balancer]\n      end\n\n      subgraph PrivateSubnetsNodes[Private Subnets (OKE Worker Nodes)]\n        OKE[OKE Cluster]\n        subgraph NodePoolA[Node Pool A]\n          MS1[WebLogic MS Pod(s)]\n          MS2[WebLogic MS Pod(s)]\n        end\n        subgraph NodePoolB[Node Pool B]\n          MS3[WebLogic MS Pod(s)]\n        end\n        OP[WebLogic Kubernetes Operator]\n      end\n\n      subgraph DataSubnet[Data \/ Service Subnet]\n        DB[(OCI Database or External DB)]\n        Vault[OCI Vault (Keys\/Secrets)]\n        OCIR[OCIR \/ Registry]\n      end\n    end\n\n    Obs[OCI Logging &amp; Monitoring]\n    Audit[OCI Audit]\n  end\n\n  Users --&gt; WAF --&gt; PubLB --&gt; IntLB\n  IntLB --&gt; OKE\n  OP --&gt; MS1\n  OP --&gt; MS2\n  OP --&gt; MS3\n  MS1 --&gt; DB\n  MS2 --&gt; DB\n  MS3 --&gt; DB\n  OKE --&gt; Obs\n  OKE --&gt; Audit\n  OKE --&gt; OCIR\n  OKE --&gt; Vault\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Oracle Cloud tenancy and billing<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An <strong>Oracle Cloud<\/strong> tenancy with permission to create:<\/li>\n<li>VCN, subnets, gateways, route tables, NSGs\/security lists<\/li>\n<li>OKE clusters and node pools<\/li>\n<li>OCI Load Balancers<\/li>\n<li>OCIR repositories (if used)<\/li>\n<li>A billing-enabled account (some resources are not free).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM roles (typical)<\/h3>\n\n\n\n<p>Exact IAM policies vary by organization. At minimum, you generally need permissions to manage:\n&#8211; OKE (clusters, node pools)\n&#8211; Networking (VCN, subnets, NSGs, route tables, gateways)\n&#8211; Load balancers\n&#8211; Container registry (OCIR repos, auth tokens)\n&#8211; Logging\/Monitoring (optional but recommended)<\/p>\n\n\n\n<p>If you don\u2019t have admin access, request a least-privilege policy set from your OCI administrators. <strong>Verify the required policies in official OKE and OCIR documentation<\/strong>, because policy verbs and resource types are precise.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Tools needed (local workstation or bastion)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>kubectl<\/code> compatible with your Kubernetes version<\/li>\n<li>OCI CLI (<code>oci<\/code>)<\/li>\n<li><code>helm<\/code> (commonly used for operator installation; verify operator\u2019s current install method)<\/li>\n<li>Docker or Podman (if you will build images)<\/li>\n<li>Git (to pull operator samples\/manifests)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OKE availability varies by region.<\/li>\n<li>WebLogic images\/registries and Marketplace solutions can also vary by region.<br\/>\n<strong>Verify<\/strong>:<\/li>\n<li>OKE is available in your target region<\/li>\n<li>the WebLogic Server for OKE solution (if via Marketplace\/Resource Manager) is supported in that region<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas and limits to check upfront<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OKE node count and cluster limits (tenancy quota)<\/li>\n<li>Load balancer count and bandwidth shape limits<\/li>\n<li>Block volume limits (if persistent storage required)<\/li>\n<li>OCIR storage and pull\/push limits (if applicable)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services you will likely use<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>VCN<\/strong> with at least:<\/li>\n<li>one subnet for worker nodes (private recommended)<\/li>\n<li>one subnet for load balancer (public or private based on exposure)<\/li>\n<li><strong>OCI Load Balancer<\/strong> created via Kubernetes service<\/li>\n<li><strong>OCIR<\/strong> (or other accessible registry)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<p>WebLogic Server for OKE cost is the sum of multiple components. There usually isn\u2019t a single \u201cWebLogic Server for OKE\u201d meter. You pay for the OCI infrastructure you consume, plus any WebLogic licensing\/subscription you require.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions (what you pay for)<\/h3>\n\n\n\n<p>Common cost components include:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>OKE<\/strong>\n   &#8211; Managed Kubernetes control plane pricing model can change over time.\n   &#8211; Historically, many managed Kubernetes offerings charge primarily for worker nodes; some charge for control plane.<br\/>\n<strong>Verify current OKE pricing<\/strong> on Oracle\u2019s official pricing pages.<\/p>\n<\/li>\n<li>\n<p><strong>Worker nodes (Compute)<\/strong>\n   &#8211; Node pool shape (OCPU, memory), number of nodes, and uptime (hours)\n   &#8211; Possibly separate costs for GPUs (if used, uncommon for WebLogic)<\/p>\n<\/li>\n<li>\n<p><strong>OCI Load Balancer<\/strong>\n   &#8211; Load balancer instances and bandwidth\/shape\n   &#8211; Public vs internal patterns affect data transfer and architecture, not necessarily LB line items<\/p>\n<\/li>\n<li>\n<p><strong>Storage<\/strong>\n   &#8211; OCI Block Volume for persistent volumes (GB\/month, performance tiers)\n   &#8211; Object Storage for artifacts\/backups\/log archives (GB\/month and requests)<\/p>\n<\/li>\n<li>\n<p><strong>Networking \/ data transfer<\/strong>\n   &#8211; Egress to internet (data transfer out)\n   &#8211; Cross-region replication traffic (if any)\n   &#8211; NAT Gateway data processing (if used; verify pricing)\n   &#8211; Load balancer data processing may apply depending on SKU<\/p>\n<\/li>\n<li>\n<p><strong>Observability<\/strong>\n   &#8211; Log ingestion and retention in OCI Logging\n   &#8211; Monitoring metrics, alarms, and notifications (verify what is included vs billable)\n   &#8211; Third-party observability tooling infrastructure if self-hosted<\/p>\n<\/li>\n<li>\n<p><strong>WebLogic licensing<\/strong>\n   &#8211; WebLogic Server licensing can be:<\/p>\n<ul>\n<li>BYOL (Bring Your Own License)<\/li>\n<li>included in a Marketplace image\/offer<\/li>\n<li>subscription-based, or part of a broader enterprise agreement<br\/>\n<strong>Do not assume<\/strong> license inclusion. <strong>Verify in official Oracle WebLogic licensing docs and your contract.<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier (if applicable)<\/h3>\n\n\n\n<p>Oracle Cloud offers a Free Tier for some services, but eligibility and included resources vary. For OKE and load balancing, free tier coverage may be limited. <strong>Verify on Oracle Free Tier pages<\/strong> and service-specific pricing pages:\n&#8211; Oracle Cloud Pricing overview: https:\/\/www.oracle.com\/cloud\/pricing\/\n&#8211; Oracle Cloud Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html (or the current calculator page)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Key cost drivers (what typically moves the bill)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Number and size of OKE worker nodes (largest driver for steady-state)<\/li>\n<li>Load balancer count and bandwidth<\/li>\n<li>Logging volume (high-traffic apps can generate very large logs)<\/li>\n<li>Block volume size\/performance tier for persistent stores<\/li>\n<li>Internet egress (especially if clients are internet-based)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden or indirect costs to plan for<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Multiple environments<\/strong>: dev\/test\/prod multiplies node pools and LBs.<\/li>\n<li><strong>High availability<\/strong>: multi-node, multi-AD design increases baseline capacity.<\/li>\n<li><strong>CI\/CD and image storage<\/strong>: build runners, artifact storage, and image registry storage.<\/li>\n<li><strong>Patching and rebuild frequency<\/strong>: more rebuilds can increase build infrastructure and storage churn.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network\/data transfer implications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keeping traffic inside the region (private connectivity, internal LBs) often reduces egress exposure.<\/li>\n<li>Serving internet clients will typically incur some internet egress and WAF\/LB costs (if used).<\/li>\n<li>Pulling images from public registries can increase egress and create availability risk; prefer private registry access when possible.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost (practical levers)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Right-size node pools:<\/li>\n<li>Choose shapes that match JVM memory needs.<\/li>\n<li>Use fewer, larger nodes or more, smaller nodes based on bin-packing and failure domain strategy.<\/li>\n<li>Use <strong>internal<\/strong> load balancers for east-west traffic; only expose what must be public.<\/li>\n<li>Reduce log volume:<\/li>\n<li>Tune access logs and application logging levels.<\/li>\n<li>Use sampling for verbose logs.<\/li>\n<li>Scale down dev\/test outside business hours (automation).<\/li>\n<li>Consolidate multiple WebLogic domains intelligently (but don\u2019t overload one cluster without quotas).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (no fabricated prices)<\/h3>\n\n\n\n<p>A minimal lab setup typically includes:\n&#8211; 1 OKE cluster\n&#8211; 2 small worker nodes (for basic HA testing)\n&#8211; 1 OCI Load Balancer (created by a Kubernetes <code>Service type: LoadBalancer<\/code>)\n&#8211; Small block volumes only if required\n&#8211; Minimal logging retention<\/p>\n\n\n\n<p>Because exact prices depend on region, shape, and current Oracle pricing, use:\n&#8211; Oracle pricing pages: https:\/\/www.oracle.com\/cloud\/pricing\/\n&#8211; Oracle cost estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html<br\/>\nEnter your intended:\n&#8211; node shape + count\n&#8211; LB type and bandwidth\n&#8211; storage GB\n&#8211; expected egress<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations (what to model)<\/h3>\n\n\n\n<p>For production, model:\n&#8211; Node pools across multiple fault domains\/ADs (if supported)\n&#8211; Separate node pools for operator\/system workloads vs application workloads\n&#8211; Multiple load balancers (public + internal, or per app\/domain)\n&#8211; Higher log ingestion and longer retention\n&#8211; Backup and DR: cross-region object storage replication, standby environments\n&#8211; Support and licensing: WebLogic support subscription or enterprise agreement impacts total cost<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<p>This lab focuses on a <strong>realistic, beginner-friendly<\/strong> path: create an OKE cluster, connect with <code>kubectl<\/code>, install the WebLogic Kubernetes Operator (commonly used), deploy a small sample WebLogic domain\/app, expose it through an OCI Load Balancer, and then clean up.<\/p>\n\n\n\n<blockquote>\n<p>Important verification note: The exact operator version, Helm chart repository, and sample domain steps can change. <strong>Always follow the operator\u2019s official documentation<\/strong> (Oracle project) and Oracle Cloud OKE docs:\n&#8211; WebLogic Kubernetes Operator (Oracle): https:\/\/github.com\/oracle\/weblogic-kubernetes-operator<br\/>\n&#8211; OKE documentation (Oracle Cloud): https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/ContEng\/home.htm (verify current URL path if it changes)<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<p>Deploy a basic WebLogic domain on Oracle Kubernetes Engine (OKE), expose it via an OCI Load Balancer, verify access, and then remove all resources to avoid ongoing costs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:\n1. Create or reuse an OKE cluster and node pool.\n2. Configure local access to the cluster (<code>kubectl<\/code>).\n3. Install the WebLogic Kubernetes Operator into a dedicated namespace.\n4. Deploy a small WebLogic domain (sample or minimal domain).\n5. Expose the application using a Kubernetes service that provisions an OCI Load Balancer.\n6. Validate the deployment and review common troubleshooting steps.\n7. Clean up.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Create prerequisites in Oracle Cloud (VCN + OKE)<\/h3>\n\n\n\n<p><strong>Goal<\/strong>: Have a running OKE cluster with worker nodes.<\/p>\n\n\n\n<p><strong>Option A (recommended for beginners): Use the OKE \u201cQuick Create\u201d path in Console<\/strong><br\/>\n1. In Oracle Cloud Console, navigate to <strong>Developer Services \u2192 Kubernetes Clusters (OKE)<\/strong>.\n2. Click <strong>Create Cluster<\/strong>.\n3. Choose <strong>Quick Create<\/strong> (or the simplest guided workflow available).\n4. Select:\n   &#8211; Compartment\n   &#8211; Kubernetes version (use a currently supported version)\n   &#8211; VCN: create a new one unless your org requires existing network\n   &#8211; Node pool shape and size (choose small sizes for lab)\n   &#8211; Public endpoint\/private endpoint based on your environment (private is more secure; public is simpler for labs)<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong><br\/>\n&#8211; OKE cluster status becomes <strong>Active<\/strong>\n&#8211; Node pool nodes become <strong>Ready<\/strong> in the console<\/p>\n\n\n\n<p><strong>Option B: Use Terraform\/Resource Manager (if your org requires IaC)<\/strong><br\/>\nUse Oracle Resource Manager with an official OKE stack or your internal Terraform. Because stacks vary, <strong>verify<\/strong> the current official OKE Terraform examples in Oracle docs.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Configure kubectl access to the OKE cluster<\/h3>\n\n\n\n<p><strong>Goal<\/strong>: Run <code>kubectl get nodes<\/code> from your workstation.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p>Install OCI CLI (if not installed):<br\/>\n   Official docs (verify): https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/p>\n<\/li>\n<li>\n<p>In the Oracle Cloud Console for your cluster, find <strong>Access Cluster<\/strong> (or similar).<\/p>\n<\/li>\n<li>Follow the provided steps to generate a kubeconfig. The console typically provides exact commands.<\/li>\n<\/ol>\n\n\n\n<p>Common pattern (example \u2014 <strong>verify with your console instructions<\/strong>):<\/p>\n\n\n\n<pre><code class=\"language-bash\">oci ce cluster create-kubeconfig \\\n  --cluster-id &lt;oke_cluster_ocid&gt; \\\n  --file $HOME\/.kube\/config \\\n  --region &lt;region&gt; \\\n  --token-version 2.0.0\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li>Verify access:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">kubectl get nodes\nkubectl get ns\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; You see worker nodes listed with <code>STATUS<\/code> = <code>Ready<\/code>.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Create namespaces for operator and domain<\/h3>\n\n\n\n<p><strong>Goal<\/strong>: Separate operator resources from application resources.<\/p>\n\n\n\n<pre><code class=\"language-bash\">kubectl create namespace weblogic-operator\nkubectl create namespace weblogic-domain\n<\/code><\/pre>\n\n\n\n<p>Verify:<\/p>\n\n\n\n<pre><code class=\"language-bash\">kubectl get ns | grep weblogic\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; <code>weblogic-operator<\/code> and <code>weblogic-domain<\/code> exist.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Install the WebLogic Kubernetes Operator<\/h3>\n\n\n\n<p><strong>Goal<\/strong>: Install the operator into <code>weblogic-operator<\/code> namespace.<\/p>\n\n\n\n<p>The operator installation method can vary (Helm is common, but verify current guidance):\n&#8211; Operator docs (verify): https:\/\/github.com\/oracle\/weblogic-kubernetes-operator<\/p>\n\n\n\n<p><strong>Typical Helm-based flow (example \u2014 verify chart repo\/name and version):<\/strong>\n1. Install Helm (if needed):<\/p>\n\n\n\n<pre><code class=\"language-bash\">helm version\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li>Add the operator Helm repository (example placeholder \u2014 <strong>verify in operator docs<\/strong>):<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">helm repo add weblogic-operator &lt;operator_helm_repo_url&gt;\nhelm repo update\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li>Install operator (example placeholders \u2014 verify values):<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">helm install weblogic-operator weblogic-operator\/weblogic-operator \\\n  --namespace weblogic-operator \\\n  --set \"domainNamespaceSelectionStrategy=LabelSelector\" \\\n  --set \"domainNamespaceLabelSelector=weblogic.domain=true\"\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li>Label the domain namespace so the operator watches it:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">kubectl label namespace weblogic-domain weblogic.domain=true\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"5\">\n<li>Verify operator pod:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">kubectl -n weblogic-operator get pods\nkubectl -n weblogic-operator logs deployment\/weblogic-operator --tail=200\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; Operator pod is running.\n&#8211; Logs show it is watching namespaces (including <code>weblogic-domain<\/code>).<\/p>\n\n\n\n<blockquote>\n<p>If your organization uses a different operator installation (manifest apply, OLM, or a Marketplace stack), follow the official method for that approach and keep this separation of namespaces.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Deploy a sample WebLogic domain and application<\/h3>\n\n\n\n<p><strong>Goal<\/strong>: Create a small domain in Kubernetes so you can validate end-to-end traffic.<\/p>\n\n\n\n<p>There are multiple valid ways to create a domain:\n&#8211; Using the operator\u2019s <strong>sample scripts<\/strong>\n&#8211; Using a <strong>domain resource<\/strong> plus a prebuilt image\n&#8211; Using <strong>WebLogic Deploy Tooling<\/strong> and model-in-image patterns<\/p>\n\n\n\n<p>Because exact versions and sample paths change, the most reliable approach is:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Clone the operator repository (or the official samples repo if separated):<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">git clone https:\/\/github.com\/oracle\/weblogic-kubernetes-operator.git\ncd weblogic-kubernetes-operator\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li>Locate the documentation for <strong>\u201csamples\u201d<\/strong> and choose a sample domain creation method that matches your constraints:\n&#8211; You may need access to a WebLogic base image.\n&#8211; You may need an image pull secret for Oracle Container Registry or your own OCIR repo.<\/li>\n<\/ol>\n\n\n\n<p><strong>Common requirement: image registry credentials<\/strong><br\/>\n&#8211; If you use <strong>OCIR<\/strong>, create an auth token and a Kubernetes image pull secret.\n&#8211; If you use Oracle\u2019s registry for WebLogic images, follow the registry login instructions and licensing acceptance steps (<strong>verify in official docs<\/strong>).<\/p>\n\n\n\n<p>Example (generic Kubernetes secret pattern):<\/p>\n\n\n\n<pre><code class=\"language-bash\">kubectl -n weblogic-domain create secret docker-registry regcred \\\n  --docker-server=&lt;registry_server&gt; \\\n  --docker-username='&lt;username&gt;' \\\n  --docker-password='&lt;password_or_token&gt;' \\\n  --docker-email='&lt;email&gt;'\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li>Apply the sample that creates:\n&#8211; Domain resource\n&#8211; Admin server pod (optional in production; sometimes admin server is not continuously running)\n&#8211; Managed server pods\n&#8211; Cluster service(s)<\/li>\n<\/ol>\n\n\n\n<p>Because the exact YAML is version-dependent, treat the following as a <em>workflow outline<\/em> rather than a single universal manifest:<\/p>\n\n\n\n<pre><code class=\"language-bash\"># Example only: replace with the exact sample commands from the operator repo\nkubectl -n weblogic-domain apply -f &lt;sample-domain-yaml&gt;.yaml\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li>Watch pods come up:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">kubectl -n weblogic-domain get pods -w\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; Admin server and one or more managed server pods reach <code>Running<\/code>.\n&#8211; If image pulls fail, you\u2019ll see <code>ImagePullBackOff<\/code> (see Troubleshooting).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Expose the application through an OCI Load Balancer<\/h3>\n\n\n\n<p><strong>Goal<\/strong>: Create a Kubernetes Service of type <code>LoadBalancer<\/code> so OCI provisions an LB.<\/p>\n\n\n\n<p>If your domain sample already creates a service, confirm its type:<\/p>\n\n\n\n<pre><code class=\"language-bash\">kubectl -n weblogic-domain get svc\n<\/code><\/pre>\n\n\n\n<p>If you need to create one, here is a simple pattern (example; adapt selectors\/ports to your deployed pods):<\/p>\n\n\n\n<pre><code class=\"language-bash\">cat &lt;&lt;'EOF' &gt; weblogic-lb-service.yaml\napiVersion: v1\nkind: Service\nmetadata:\n  name: weblogic-app-lb\n  namespace: weblogic-domain\nspec:\n  type: LoadBalancer\n  selector:\n    weblogic.domainUID: sample-domain1\n  ports:\n  - name: http\n    port: 80\n    targetPort: 7001\nEOF\n\nkubectl apply -f weblogic-lb-service.yaml\n<\/code><\/pre>\n\n\n\n<p>Get the external IP or hostname:<\/p>\n\n\n\n<pre><code class=\"language-bash\">kubectl -n weblogic-domain get svc weblogic-app-lb\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; <code>EXTERNAL-IP<\/code> or hostname becomes available after a few minutes.\n&#8211; Oracle Cloud Console shows a new Load Balancer resource in your compartment.<\/p>\n\n\n\n<blockquote>\n<p>Note: Port mapping depends on your WebLogic configuration (AdminServer often uses 7001, managed servers can use different ports). Use the ports exposed by your sample.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7: Validate access<\/h3>\n\n\n\n<p><strong>Goal<\/strong>: Confirm you can reach the app endpoint.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>If a sample app is deployed, it often includes a test URL. Use <code>curl<\/code>:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">curl -i http:\/\/&lt;EXTERNAL_IP_OR_LB_DNS_NAME&gt;\/\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li>If you have a known application context path:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">curl -i http:\/\/&lt;EXTERNAL_IP_OR_LB_DNS_NAME&gt;\/&lt;context-root&gt;\/\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li>Validate Kubernetes health:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">kubectl -n weblogic-domain get pods\nkubectl -n weblogic-domain get events --sort-by=.lastTimestamp | tail -n 30\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; HTTP response returns from WebLogic (200\/302\/401 depending on app\/security).\n&#8211; No crash loops in pods.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>Use this checklist to confirm success:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cluster connectivity:<\/li>\n<li><code>kubectl get nodes<\/code> returns Ready nodes<\/li>\n<li>Operator is running:<\/li>\n<li><code>kubectl -n weblogic-operator get pods<\/code> shows operator pod Running<\/li>\n<li>Domain is running:<\/li>\n<li><code>kubectl -n weblogic-domain get pods<\/code> shows WebLogic pods Running\/Ready<\/li>\n<li>Load balancer is provisioned:<\/li>\n<li><code>kubectl -n weblogic-domain get svc<\/code> shows an external IP\/hostname<\/li>\n<li>OCI Console shows LB created<\/li>\n<li>Request path works:<\/li>\n<li><code>curl<\/code> returns an HTTP response from the service<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<p>Common errors and realistic fixes:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong><code>ImagePullBackOff<\/code> \/ <code>ErrImagePull<\/code><\/strong>\n&#8211; <strong>Cause<\/strong>: Missing registry credentials; incorrect image name; no access to WebLogic image.\n&#8211; <strong>Fix<\/strong>:\n  &#8211; Create\/attach imagePullSecret to the service account or pod spec.\n  &#8211; Verify the registry URL and image tag.\n  &#8211; Ensure your tenancy\/network allows outbound access (NAT Gateway if in private subnets).\n  &#8211; Verify licensing acceptance steps if using Oracle\u2019s registry (<strong>verify official docs<\/strong>).<\/li>\n<\/ol>\n\n\n\n<p>Useful commands:<\/p>\n\n\n\n<pre><code class=\"language-bash\">kubectl -n weblogic-domain describe pod &lt;pod-name&gt;\nkubectl -n weblogic-domain get secret\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li><strong>Pods stuck in <code>Pending<\/code><\/strong>\n&#8211; <strong>Cause<\/strong>: Not enough node resources; missing storage class; unschedulable due to taints\/affinity.\n&#8211; <strong>Fix<\/strong>:\n  &#8211; Add nodes or use a larger shape.\n  &#8211; Verify PV\/PVC provisioning.\n  &#8211; Review <code>kubectl describe pod<\/code> scheduling messages.<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">kubectl -n weblogic-domain describe pod &lt;pod-name&gt;\nkubectl get nodes -o wide\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li><strong>Load balancer never gets an external IP<\/strong>\n&#8211; <strong>Cause<\/strong>: Networking misconfiguration; missing permissions; subnet issues.\n&#8211; <strong>Fix<\/strong>:\n  &#8211; Verify OKE permissions to create LBs.\n  &#8211; Check LB subnet route tables\/security rules.\n  &#8211; Check service annotations required by your environment (some organizations enforce internal LBs only).<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">kubectl -n weblogic-domain describe svc weblogic-app-lb\nkubectl -n weblogic-domain get events --sort-by=.lastTimestamp | tail -n 50\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li><strong>HTTP 502\/504 from LB<\/strong>\n&#8211; <strong>Cause<\/strong>: Health checks failing; wrong targetPort; pod not listening; security rules blocking.\n&#8211; <strong>Fix<\/strong>:\n  &#8211; Confirm the targetPort matches the pod\u2019s listening port.\n  &#8211; Confirm readiness probe passes and pod is Ready.\n  &#8211; Check NSGs\/security lists allow LB-to-node traffic.<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">kubectl -n weblogic-domain get pods\nkubectl -n weblogic-domain logs &lt;pod-name&gt; --tail=200\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"5\">\n<li><strong>Operator not reconciling the domain<\/strong>\n&#8211; <strong>Cause<\/strong>: Operator not watching the namespace; missing label selector; CRDs missing.\n&#8211; <strong>Fix<\/strong>:\n  &#8211; Confirm namespace labels and operator configuration.\n  &#8211; Confirm CRDs installed.<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">kubectl get crd | grep weblogic\nkubectl get ns --show-labels | grep weblogic-domain\nkubectl -n weblogic-operator logs deployment\/weblogic-operator --tail=200\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid ongoing cost, delete what you created. Do this in reverse order:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Delete the LoadBalancer service (this typically deletes the OCI Load Balancer):<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">kubectl -n weblogic-domain delete svc weblogic-app-lb\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li>Delete the domain resources (replace with your applied manifests):<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">kubectl -n weblogic-domain delete -f &lt;sample-domain-yaml&gt;.yaml\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li>Uninstall the operator:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">helm -n weblogic-operator uninstall weblogic-operator\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li>Delete namespaces:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">kubectl delete namespace weblogic-domain\nkubectl delete namespace weblogic-operator\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"5\">\n<li>Delete the OKE cluster and node pools from the OCI Console (or Terraform destroy).<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; Kubernetes resources are removed.\n&#8211; The OCI Load Balancer is deleted.\n&#8211; OKE cluster and nodes no longer incur charges.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer <strong>private worker nodes<\/strong>; expose apps via controlled LBs\/ingress.<\/li>\n<li>Separate environments (dev\/test\/prod) by:<\/li>\n<li>separate compartments and VCNs for stricter isolation, or<\/li>\n<li>separate clusters at minimum for production vs non-prod<\/li>\n<li>Use multiple node pools:<\/li>\n<li>system\/operator pool (smaller, stable)<\/li>\n<li>application pool (scalable)<\/li>\n<li>Plan state carefully:<\/li>\n<li>externalize state to databases<\/li>\n<li>use PV\/PVC only where required (JMS\/JTA stores, logs), and design for performance and recovery<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use least privilege OCI IAM policies for:<\/li>\n<li>cluster admins<\/li>\n<li>network admins<\/li>\n<li>CI\/CD service identities<\/li>\n<li>Align OCI IAM with Kubernetes RBAC:<\/li>\n<li>don\u2019t give developers cluster-admin by default<\/li>\n<li>use namespace-scoped roles for app teams<\/li>\n<li>Restrict who can create <code>Service type LoadBalancer<\/code> (it can create billable public endpoints).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use small shapes for dev\/test; scale only when needed.<\/li>\n<li>Turn off or scale down non-prod node pools during off-hours (automation).<\/li>\n<li>Avoid creating many load balancers; consolidate via ingress when appropriate (but validate support and operational overhead).<\/li>\n<li>Set log retention deliberately; export cold logs to Object Storage if needed.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Right-size JVM heap vs container memory limits; avoid OOMKills.<\/li>\n<li>Set resource requests\/limits per pod to improve scheduling stability.<\/li>\n<li>Use readiness and liveness probes tuned to WebLogic startup time.<\/li>\n<li>Keep container images lean and consistent; patch base images regularly.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Distribute nodes across fault domains\/availability domains where possible.<\/li>\n<li>Use PodDisruptionBudgets for controlled maintenance.<\/li>\n<li>Use rolling updates with safe surge\/unavailable settings.<\/li>\n<li>Define backup strategy for:<\/li>\n<li>configuration (Git)<\/li>\n<li>secrets (Vault\/KMS-managed)<\/li>\n<li>persistent stores (volume backups, DB backups)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Standardize:<\/li>\n<li>naming conventions for clusters, namespaces, domains, services<\/li>\n<li>labels and annotations (for cost allocation and policy)<\/li>\n<li>Implement:<\/li>\n<li>monitoring dashboards (JVM, request latency, error rates)<\/li>\n<li>alerting for pod crashes, node pressure, LB health<\/li>\n<li>Maintain runbooks:<\/li>\n<li>scaling procedures<\/li>\n<li>incident response for failed rollouts<\/li>\n<li>certificate rotation procedures<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use OCI tags to track:<\/li>\n<li>environment<\/li>\n<li>cost center<\/li>\n<li>owner team<\/li>\n<li>application name<\/li>\n<li>Use Kubernetes labels consistently:<\/li>\n<li><code>app.kubernetes.io\/name<\/code>, <code>app.kubernetes.io\/instance<\/code><\/li>\n<li>domain UID label conventions used by operator samples<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI IAM controls cloud resources (OKE, LBs, VCN, registry).<\/li>\n<li>Kubernetes RBAC controls in-cluster permissions.<\/li>\n<li>Recommended approach:<\/li>\n<li>Separate duties: platform team manages cluster; app team has namespace-limited access.<\/li>\n<li>Use CI\/CD identities to deploy rather than personal accounts.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>In transit<\/strong>:<\/li>\n<li>Use TLS from clients to Load Balancer.<\/li>\n<li>Use TLS from LB to pods when possible (end-to-end encryption), depending on your operational requirements.<\/li>\n<li><strong>At rest<\/strong>:<\/li>\n<li>OCI Block Volumes are encryptable; OCI Vault-managed keys may be used (verify).<\/li>\n<li>Secrets should not be stored in plaintext in Git.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Avoid exposing admin consoles publicly.<\/li>\n<li>Use private endpoints wherever possible (internal LB).<\/li>\n<li>Restrict LB listener ports to only required protocols\/ports.<\/li>\n<li>Use NSGs\/security lists to restrict:<\/li>\n<li>LB \u2192 node traffic<\/li>\n<li>node \u2192 external egress<\/li>\n<li>pod-to-service communication (where your CNI\/policy supports it)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer external secret management patterns where feasible:<\/li>\n<li>OCI Vault for secret storage and rotation (verify recommended integration patterns)<\/li>\n<li>Kubernetes secrets only for low-sensitivity or short-lived values, and protect etcd\/encryption settings (verify if OKE supports secret encryption configuration in your version)<\/li>\n<li>Rotate:<\/li>\n<li>registry credentials<\/li>\n<li>database passwords<\/li>\n<li>TLS certificates<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable and use:<\/li>\n<li>OCI Audit for control-plane events<\/li>\n<li>Kubernetes audit logs if configured\/available<\/li>\n<li>Centralize logs with clear retention and access controls.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Map controls to frameworks relevant to your org (SOC2, ISO 27001, PCI, HIPAA, etc.).<\/li>\n<li>Use compartment isolation and least privilege to support compliance boundaries.<\/li>\n<li>Document:<\/li>\n<li>patch management process for images<\/li>\n<li>vulnerability scanning (OCI scanning capabilities may apply\u2014verify current OCI container image scanning options)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Running worker nodes in public subnets with broad inbound rules<\/li>\n<li>Exposing WebLogic AdminServer to the internet<\/li>\n<li>Using default passwords or long-lived credentials in manifests<\/li>\n<li>Overusing <code>cluster-admin<\/code> RBAC<\/li>\n<li>Unrestricted <code>LoadBalancer<\/code> services creating unintended public endpoints<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Private nodes + controlled ingress<\/li>\n<li>TLS everywhere feasible<\/li>\n<li>OCI Vault for secrets + key management<\/li>\n<li>Namespace isolation with RBAC and quotas<\/li>\n<li>Regular patching of WebLogic and base OS images<\/li>\n<li>Vulnerability scanning of images in CI pipeline<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<p>Because WebLogic Server for OKE is a composition of WebLogic + Kubernetes + OCI infrastructure, limitations can come from any layer.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Known limitations (verify for your versions)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Operator\/WebLogic\/Kubernetes version compatibility: not all combinations are supported.<\/li>\n<li>Some WebLogic features may require extra configuration in containerized environments (for example, certain clustering or persistence modes).<\/li>\n<li>AdminServer management model varies: always-on AdminServer vs on-demand for operations (choose intentionally).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OKE cluster\/node limits per tenancy<\/li>\n<li>Load balancer limits per compartment\/region<\/li>\n<li>Block volume limits and performance constraints<\/li>\n<li>OCIR repository\/storage limits<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Regional constraints<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Some OCI services, shapes, or features may not be available in every region.<\/li>\n<li>Multi-availability-domain patterns depend on region type (single-AD vs multi-AD). <strong>Verify region capabilities<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing surprises<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Load balancers can be a major cost, especially if you create one per domain\/app.<\/li>\n<li>Log ingestion and retention can grow rapidly with access logs and debug-level logging.<\/li>\n<li>NAT Gateway and egress charges can be non-trivial if nodes pull images frequently from public registries.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compatibility issues<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Java version alignment between app, WebLogic version, and base container image.<\/li>\n<li>TLS\/cipher suite requirements with older apps.<\/li>\n<li>Persistent storage performance and mounting modes impacting JMS\/JTA store behavior.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational gotchas<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Misconfigured readiness probes cause flapping and 502s behind the LB.<\/li>\n<li>JVM memory not aligned with container limits leads to OOMKills.<\/li>\n<li>Overly strict PodDisruptionBudgets can block node maintenance and upgrades.<\/li>\n<li>Upgrading Kubernetes without validating operator compatibility can break reconciliation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Migration challenges<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Translating VM-based domain configuration into model-driven configuration.<\/li>\n<li>Replacing shared file systems (if previously used) with Kubernetes-native storage patterns.<\/li>\n<li>Handling session state and sticky sessions behind load balancers (design explicitly).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Vendor-specific nuances (OCI)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>LB provisioning behavior and annotations may differ from other clouds.<\/li>\n<li>Network security rules are split across NSGs\/security lists and Kubernetes constructs; troubleshooting requires checking both layers.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>WebLogic Server for OKE is one option among several ways to run Java enterprise workloads on Oracle Cloud or elsewhere.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Comparison table<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>WebLogic Server for OKE (Oracle Cloud)<\/strong><\/td>\n<td>Running WebLogic apps with Kubernetes operations<\/td>\n<td>Kubernetes automation, OCI-native networking\/LB, operator lifecycle patterns<\/td>\n<td>You manage runtime\/images; requires Kubernetes skills; licensing complexity<\/td>\n<td>When you need WebLogic + Kubernetes on OCI<\/td>\n<\/tr>\n<tr>\n<td><strong>WebLogic on OCI Compute (VMs)<\/strong><\/td>\n<td>Teams wanting traditional WebLogic ops<\/td>\n<td>Familiar admin model, simpler for VM-centric orgs<\/td>\n<td>Less cloud-native automation; scaling and upgrades more manual<\/td>\n<td>When Kubernetes adoption is not ready or not desired<\/td>\n<\/tr>\n<tr>\n<td><strong>Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) with another Java runtime (Tomcat\/Jetty\/Spring Boot)<\/strong><\/td>\n<td>Modern microservices<\/td>\n<td>Lightweight runtime, simpler images, broad community patterns<\/td>\n<td>Not WebLogic; may require refactoring or migrating Java EE features<\/td>\n<td>When apps can move away from WebLogic features<\/td>\n<\/tr>\n<tr>\n<td><strong>Oracle Helidon on OKE<\/strong><\/td>\n<td>Cloud-native Java microservices<\/td>\n<td>Fast startup, modern patterns, Kubernetes-friendly<\/td>\n<td>Not a drop-in for WebLogic apps<\/td>\n<td>When building new services rather than lifting legacy WebLogic apps<\/td>\n<\/tr>\n<tr>\n<td><strong>AWS EKS + WebLogic<\/strong><\/td>\n<td>Running WebLogic on AWS Kubernetes<\/td>\n<td>Managed K8s; broad ecosystem<\/td>\n<td>OCI-specific integrations not available; licensing\/support alignment differs<\/td>\n<td>When AWS is strategic platform<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure AKS + WebLogic<\/strong><\/td>\n<td>Running WebLogic on Azure Kubernetes<\/td>\n<td>Managed K8s; enterprise integration<\/td>\n<td>Different networking\/LB model; licensing\/support varies<\/td>\n<td>When Azure is strategic platform<\/td>\n<\/tr>\n<tr>\n<td><strong>Self-managed Kubernetes + WebLogic<\/strong><\/td>\n<td>Full control environments<\/td>\n<td>Maximum control and customization<\/td>\n<td>Highest ops burden (control plane, upgrades, security)<\/td>\n<td>When you must run on-prem or in restricted environments<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<p>Nearest Oracle Cloud alternatives to consider:\n&#8211; <strong>OKE + different runtime<\/strong> if refactoring away from WebLogic is feasible.\n&#8211; <strong>Compute-based WebLogic<\/strong> if Kubernetes operational maturity is not there yet.<\/p>\n\n\n\n<p>Nearest \u201cother cloud\u201d alternatives:\n&#8211; Running the <strong>same operator-based approach<\/strong> on EKS\/AKS\/GKE is possible in principle, but OCI integrations (LB behavior, IAM patterns, storage classes) will differ and must be re-validated.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example (regulated industry)<\/h3>\n\n\n\n<p><strong>Problem<\/strong><br\/>\nA bank runs multiple WebLogic domains on-prem on VMs. Patching takes long maintenance windows, environment drift is common, and scaling for quarterly peaks is difficult. The bank must keep workloads private, integrate with on-prem identity and databases, and maintain strong audit trails.<\/p>\n\n\n\n<p><strong>Proposed architecture<\/strong>\n&#8211; Separate OCI compartments for prod\/non-prod\n&#8211; OKE clusters per environment\n&#8211; Private worker nodes in private subnets\n&#8211; Internal OCI Load Balancer for app access from corporate networks\n&#8211; VPN\/FastConnect to on-prem for DB and identity integration\n&#8211; OCI Vault for keys\/secrets\n&#8211; Centralized logging and monitoring with alerting<\/p>\n\n\n\n<p><strong>Why WebLogic Server for OKE was chosen<\/strong>\n&#8211; Retains WebLogic runtime for existing apps\n&#8211; Kubernetes provides consistent, automated operations and scaling\n&#8211; OCI networking supports private connectivity and segmentation\n&#8211; Operator-based management reduces manual intervention<\/p>\n\n\n\n<p><strong>Expected outcomes<\/strong>\n&#8211; Reduced patching downtime via rolling updates\n&#8211; Faster environment provisioning\n&#8211; Improved auditability through OCI Audit + declarative configs\n&#8211; Better capacity management during peak periods via scaling<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Startup \/ small-team example<\/h3>\n\n\n\n<p><strong>Problem<\/strong><br\/>\nA small SaaS team inherited a WebLogic-based product from an acquisition. They need to run it on Oracle Cloud with minimal ops headcount, ship frequent bug fixes, and keep costs controlled.<\/p>\n\n\n\n<p><strong>Proposed architecture<\/strong>\n&#8211; One OKE cluster for dev\/test and one small production cluster\n&#8211; Small node pools with autoscaling (where appropriate)\n&#8211; Single public OCI Load Balancer for production app\n&#8211; OCIR for images; simple CI pipeline\n&#8211; Aggressive log retention policies to control cost<\/p>\n\n\n\n<p><strong>Why WebLogic Server for OKE was chosen<\/strong>\n&#8211; Avoids a major rewrite while enabling modern delivery practices\n&#8211; Simplifies deployments with container images and Kubernetes manifests\n&#8211; Allows incremental modernization (split services later if needed)<\/p>\n\n\n\n<p><strong>Expected outcomes<\/strong>\n&#8211; Repeatable releases with image-based deployments\n&#8211; Lower manual ops effort than hand-managed VM deployments\n&#8211; Clear scaling path as customer count grows<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<p>1) <strong>Is WebLogic Server for OKE a fully managed WebLogic service?<\/strong><br\/>\nTypically, no. OKE manages the Kubernetes control plane, but you manage WebLogic images, domain configuration, patches, and application lifecycle. Verify Oracle\u2019s current positioning for any Marketplace \u201cWebLogic Server for OKE\u201d offering.<\/p>\n\n\n\n<p>2) <strong>Do I need the WebLogic Kubernetes Operator?<\/strong><br\/>\nIn most Kubernetes-based WebLogic deployments, yes\u2014it\u2019s the standard lifecycle automation approach. But some teams deploy WebLogic without an operator (not recommended for production unless you have a strong reason).<\/p>\n\n\n\n<p>3) <strong>Can I use OCI Load Balancer automatically from Kubernetes?<\/strong><br\/>\nCommonly yes, via <code>Service type LoadBalancer<\/code>. Exact behavior and required annotations can vary by OKE version and your network setup\u2014verify in OKE docs.<\/p>\n\n\n\n<p>4) <strong>Should worker nodes be public or private?<\/strong><br\/>\nPrivate is recommended for production. Use a load balancer\/ingress for controlled exposure.<\/p>\n\n\n\n<p>5) <strong>How do I handle WebLogic AdminServer?<\/strong><br\/>\nMany production designs keep AdminServer access private and restrict who can reach it. Some operational models run AdminServer only when needed. Verify best practices for your operator version and ops model.<\/p>\n\n\n\n<p>6) <strong>How do I store database passwords and keys?<\/strong><br\/>\nPrefer managed secret storage such as OCI Vault and integrate carefully. If using Kubernetes secrets, protect access with RBAC and follow your organization\u2019s security standards.<\/p>\n\n\n\n<p>7) <strong>How do I scale WebLogic managed servers?<\/strong><br\/>\nScale the cluster replicas through the operator\/domain configuration and ensure the Kubernetes scheduler has capacity. Also consider node pool scaling.<\/p>\n\n\n\n<p>8) <strong>What about session replication and sticky sessions?<\/strong><br\/>\nDesign explicitly. Many apps require sticky sessions or session replication. Configure load balancer behavior and WebLogic clustering accordingly, and test failover.<\/p>\n\n\n\n<p>9) <strong>Can I run multiple WebLogic domains in one cluster?<\/strong><br\/>\nYes, commonly with separate namespaces and quotas. Evaluate blast radius and noisy-neighbor risks; many organizations isolate production domains with separate clusters.<\/p>\n\n\n\n<p>10) <strong>How do I patch WebLogic?<\/strong><br\/>\nCommonly by rebuilding a base image with the patched WebLogic distribution and rolling out the new image via Kubernetes. Validate compatibility and rollback procedures.<\/p>\n\n\n\n<p>11) <strong>How do I monitor JVM and WebLogic metrics?<\/strong><br\/>\nUse JMX-based exporters (common pattern) and scrape with Prometheus, or integrate with OCI monitoring pipelines. Verify your preferred reference architecture.<\/p>\n\n\n\n<p>12) <strong>How do I centralize logs?<\/strong><br\/>\nUse a log collector (node agent or sidecar) to route logs to OCI Logging or another SIEM. Control volume to manage cost.<\/p>\n\n\n\n<p>13) <strong>Do I need persistent volumes?<\/strong><br\/>\nNot always. Stateless apps can avoid PVs. You may need PVs for JMS\/JTA stores or specific logging requirements. Prefer external databases for durable state where applicable.<\/p>\n\n\n\n<p>14) <strong>Is this suitable for internet-facing production apps?<\/strong><br\/>\nYes, with proper security controls: WAF, TLS, private nodes, restricted admin access, least privilege IAM, vulnerability scanning, and monitoring.<\/p>\n\n\n\n<p>15) <strong>What is the fastest way to get started?<\/strong><br\/>\nUse OKE quick create + operator samples and deploy a minimal domain. If Oracle provides a Marketplace\/Resource Manager \u201cWebLogic Server for OKE\u201d stack in your region, that can accelerate provisioning\u2014verify availability.<\/p>\n\n\n\n<p>16) <strong>Can I use OCI DevOps for CI\/CD?<\/strong><br\/>\nOften yes. You can also use Jenkins\/GitHub Actions\/GitLab. The key is safely building and storing images and applying manifests to the cluster.<\/p>\n\n\n\n<p>17) <strong>How do I avoid accidental costs?<\/strong><br\/>\nWatch for load balancers and large node pools. Clean up resources after labs. Use budgets\/alerts in OCI and enforce policies limiting public LBs where appropriate.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn WebLogic Server for OKE<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official documentation<\/td>\n<td>Oracle Cloud OKE Documentation: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/ContEng\/home.htm<\/td>\n<td>Authoritative guidance on OKE clusters, networking, access, and operations<\/td>\n<\/tr>\n<tr>\n<td>Official project (Oracle)<\/td>\n<td>WebLogic Kubernetes Operator (GitHub): https:\/\/github.com\/oracle\/weblogic-kubernetes-operator<\/td>\n<td>Core operator docs, samples, versioning, and installation guidance<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>Oracle Cloud Pricing: https:\/\/www.oracle.com\/cloud\/pricing\/<\/td>\n<td>Official pricing entry point for OCI services used by this architecture<\/td>\n<\/tr>\n<tr>\n<td>Pricing calculator<\/td>\n<td>Oracle Cloud Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/td>\n<td>Build region-specific cost estimates without guessing numbers<\/td>\n<\/tr>\n<tr>\n<td>Architecture center<\/td>\n<td>Oracle Architecture Center: https:\/\/docs.oracle.com\/en\/solutions\/<\/td>\n<td>Reference architectures and best practices (search for WebLogic + OKE)<\/td>\n<\/tr>\n<tr>\n<td>Registry docs<\/td>\n<td>OCIR Documentation (verify current page via OCI docs navigation)<\/td>\n<td>How to create repos, auth tokens, and pull\/push images securely<\/td>\n<\/tr>\n<tr>\n<td>Security docs<\/td>\n<td>OCI IAM Documentation (verify current page via OCI docs navigation)<\/td>\n<td>Required to implement least privilege access for OKE and related services<\/td>\n<\/tr>\n<tr>\n<td>Observability docs<\/td>\n<td>OCI Logging and Monitoring docs (verify current page via OCI docs navigation)<\/td>\n<td>Operational visibility patterns and service configuration<\/td>\n<\/tr>\n<tr>\n<td>Tutorials\/labs<\/td>\n<td>Oracle Cloud tutorials (verify current tutorial hub): https:\/\/docs.oracle.com\/en\/learn\/<\/td>\n<td>Step-by-step labs; search for OKE and WebLogic-related labs<\/td>\n<\/tr>\n<tr>\n<td>Videos<\/td>\n<td>Oracle Developers YouTube: https:\/\/www.youtube.com\/@OracleDevelopers<\/td>\n<td>Practical walkthroughs and demos; search within channel for OKE\/WebLogic<\/td>\n<\/tr>\n<tr>\n<td>Community (trusted)<\/td>\n<td>Kubernetes documentation: https:\/\/kubernetes.io\/docs\/home\/<\/td>\n<td>Canonical Kubernetes concepts used heavily in day-2 operations<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<blockquote>\n<p>For \u201cWebLogic Server for OKE\u201d specifically, also check Oracle Cloud Marketplace and Oracle Solutions pages for any <strong>official stack<\/strong> or <strong>reference deployment<\/strong> bearing that exact name. Availability can be region- and time-dependent\u2014verify in official sources.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Institute<\/th>\n<th>Suitable Audience<\/th>\n<th>Likely Learning Focus<\/th>\n<th>Mode<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps engineers, SREs, platform teams<\/td>\n<td>Kubernetes, CI\/CD, cloud DevOps practices<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>ScmGalaxy.com<\/td>\n<td>Beginners to intermediate DevOps learners<\/td>\n<td>SCM, DevOps fundamentals, tooling<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n<tr>\n<td>CLoudOpsNow.in<\/td>\n<td>Cloud engineers, operations teams<\/td>\n<td>Cloud operations, deployment practices<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n<tr>\n<td>SreSchool.com<\/td>\n<td>SREs, reliability engineers<\/td>\n<td>SRE principles, monitoring, incident response<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>AiOpsSchool.com<\/td>\n<td>Ops teams adopting automation<\/td>\n<td>AIOps concepts, automation and operations analytics<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Platform\/Site<\/th>\n<th>Likely Specialization<\/th>\n<th>Suitable Audience<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>RajeshKumar.xyz<\/td>\n<td>DevOps\/cloud training resources<\/td>\n<td>Engineers seeking guided learning<\/td>\n<td>https:\/\/www.rajeshkumar.xyz\/<\/td>\n<\/tr>\n<tr>\n<td>devopstrainer.in<\/td>\n<td>DevOps and tooling training<\/td>\n<td>Beginners to advanced DevOps practitioners<\/td>\n<td>https:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n<tr>\n<td>devopsfreelancer.com<\/td>\n<td>Freelance DevOps guidance\/services<\/td>\n<td>Teams needing short-term expert help<\/td>\n<td>https:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n<tr>\n<td>devopssupport.in<\/td>\n<td>DevOps support and training resources<\/td>\n<td>Ops teams needing ongoing support<\/td>\n<td>https:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Company<\/th>\n<th>Likely Service Area<\/th>\n<th>Where They May Help<\/th>\n<th>Consulting Use Case Examples<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>cotocus.com<\/td>\n<td>Cloud\/DevOps consulting<\/td>\n<td>Architecture, Kubernetes adoption, delivery pipelines<\/td>\n<td>OKE platform setup, migration planning, CI\/CD rollout<\/td>\n<td>https:\/\/cotocus.com\/<\/td>\n<\/tr>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps consulting and enablement<\/td>\n<td>Platform engineering, training-led delivery<\/td>\n<td>OKE baseline, GitOps processes, operational runbooks<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>DEVOPSCONSULTING.IN<\/td>\n<td>DevOps consulting services<\/td>\n<td>Automation, CI\/CD, cloud operations<\/td>\n<td>Kubernetes hardening, monitoring stack setup, cost optimization<\/td>\n<td>https:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before this service<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI fundamentals:<\/li>\n<li>compartments, VCN, subnets, NSGs\/security lists, IAM policies<\/li>\n<li>Kubernetes fundamentals:<\/li>\n<li>pods, deployments\/statefulsets, services, ingress<\/li>\n<li>configmaps, secrets, PV\/PVC<\/li>\n<li>RBAC and namespaces<\/li>\n<li>WebLogic fundamentals:<\/li>\n<li>domains, AdminServer vs Managed Servers, clusters<\/li>\n<li>JDBC data sources, JMS basics, logging and diagnostics<\/li>\n<li>Container basics:<\/li>\n<li>images, registries, Dockerfile fundamentals<\/li>\n<li>resource limits and JVM\/container memory considerations<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after this service<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Advanced Kubernetes operations:<\/li>\n<li>network policies (if supported), service mesh (only if justified), autoscaling<\/li>\n<li>GitOps:<\/li>\n<li>Argo CD or Flux patterns (if your org uses them)<\/li>\n<li>Observability:<\/li>\n<li>Prometheus\/Grafana, OpenTelemetry, log pipelines<\/li>\n<li>Security hardening:<\/li>\n<li>supply-chain security, image signing, vulnerability scanning, policy-as-code<\/li>\n<li>DR and resilience:<\/li>\n<li>multi-region patterns, backup\/restore automation, chaos testing<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud engineer (OCI + Kubernetes)<\/li>\n<li>Platform engineer (internal Kubernetes platform)<\/li>\n<li>DevOps engineer (CI\/CD + deployments)<\/li>\n<li>SRE (reliability and incident response)<\/li>\n<li>Middleware engineer modernizing WebLogic operations<\/li>\n<li>Solutions architect designing OCI application platforms<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (if available)<\/h3>\n\n\n\n<p>Oracle Cloud certifications and Kubernetes certifications can help:\n&#8211; Oracle Cloud Infrastructure certifications (associate\/professional tracks\u2014verify current catalog)\n&#8211; Certified Kubernetes Administrator (CKA) \/ Certified Kubernetes Application Developer (CKAD)<br\/>\n<strong>Verify current certification availability and naming on official sites<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Build a repeatable Terraform module for OKE + networking + baseline policies.<\/li>\n<li>Create a GitOps repo that deploys:\n   &#8211; operator\n   &#8211; a WebLogic domain\n   &#8211; a sample app<\/li>\n<li>Implement TLS end-to-end:\n   &#8211; LB TLS termination and\/or re-encryption to pods<\/li>\n<li>Add observability:\n   &#8211; JVM metrics, request latency dashboards, alerting rules<\/li>\n<li>Build a safe rollout strategy:\n   &#8211; blue\/green domain deployment with traffic switching<\/li>\n<li>Implement cost controls:\n   &#8211; budgets, tagging, and automated scale-down for non-prod<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OKE (Oracle Container Engine for Kubernetes)<\/strong>: Oracle Cloud\u2019s managed Kubernetes service.<\/li>\n<li><strong>WebLogic Server<\/strong>: Oracle\u2019s enterprise Java application server.<\/li>\n<li><strong>Domain (WebLogic)<\/strong>: Administrative unit containing configuration, servers, clusters, and resources.<\/li>\n<li><strong>AdminServer<\/strong>: WebLogic server that hosts the administration console and manages the domain.<\/li>\n<li><strong>Managed Server<\/strong>: WebLogic server instance that hosts deployed applications.<\/li>\n<li><strong>Cluster (WebLogic)<\/strong>: Group of managed servers for scalability and availability.<\/li>\n<li><strong>Kubernetes Operator<\/strong>: Controller that manages an application using custom resources and reconciliation loops.<\/li>\n<li><strong>CRD (CustomResourceDefinition)<\/strong>: Extends Kubernetes API with custom resource types.<\/li>\n<li><strong>Namespace<\/strong>: Kubernetes logical partition for isolation and RBAC boundaries.<\/li>\n<li><strong>Service (Kubernetes)<\/strong>: Stable endpoint for accessing pods; can provision load balancers in cloud environments.<\/li>\n<li><strong>Service type LoadBalancer<\/strong>: Service that triggers creation of a cloud load balancer.<\/li>\n<li><strong>VCN (Virtual Cloud Network)<\/strong>: Oracle Cloud virtual network construct.<\/li>\n<li><strong>NSG (Network Security Group)<\/strong>: Virtual firewall rules applied to VNICs\/resources.<\/li>\n<li><strong>OCIR (Oracle Cloud Infrastructure Registry)<\/strong>: OCI container registry for private images.<\/li>\n<li><strong>PV\/PVC<\/strong>: PersistentVolume\/PersistentVolumeClaim\u2014Kubernetes storage abstraction.<\/li>\n<li><strong>Readiness probe<\/strong>: Determines when a pod is ready to receive traffic.<\/li>\n<li><strong>Liveness probe<\/strong>: Determines when a pod should be restarted.<\/li>\n<li><strong>GitOps<\/strong>: Managing deployments via Git as the source of truth with automated reconciliation.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>WebLogic Server for OKE on <strong>Oracle Cloud<\/strong> is a practical way to run <strong>Oracle WebLogic Server<\/strong> workloads using <strong>Kubernetes on OKE<\/strong>. It matters because it modernizes operations\u2014scaling, upgrades, and consistency\u2014without requiring an immediate rewrite of existing WebLogic applications. Architecturally, it fits best when you want WebLogic\u2019s enterprise capabilities but also want Kubernetes-native automation, OCI networking, and OCI governance.<\/p>\n\n\n\n<p>Cost-wise, there is rarely a single meter: the primary drivers are <strong>OKE worker nodes (compute)<\/strong>, <strong>OCI Load Balancers<\/strong>, <strong>storage<\/strong>, <strong>logging<\/strong>, and <strong>data egress<\/strong>, plus <strong>WebLogic licensing<\/strong> (which must be verified for your situation). Security-wise, the strongest patterns use <strong>private nodes<\/strong>, tightly controlled load balancers\/ingress, least-privilege <strong>OCI IAM<\/strong> and Kubernetes RBAC, and careful <strong>secrets management<\/strong> (preferably via OCI Vault patterns).<\/p>\n\n\n\n<p>Use it when you need to keep WebLogic while adopting Kubernetes operations on Oracle Cloud; avoid it if you need a fully managed runtime or if your team is not ready to operate Kubernetes and containerized middleware. Next step: follow the official OKE docs and the WebLogic Kubernetes Operator documentation, then standardize your deployment with Infrastructure-as-Code and a CI\/CD pipeline.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Application Development<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54,62],"tags":[],"class_list":["post-861","post","type-post","status-publish","format-standard","hentry","category-application-development","category-oracle-cloud"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/861","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=861"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/861\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=861"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=861"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=861"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}