-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathusage-information.html
More file actions
199 lines (176 loc) · 11.9 KB
/
usage-information.html
File metadata and controls
199 lines (176 loc) · 11.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
<p><strong>Configuration</strong></p>
<p><strong>Application</strong>: The stack allows different types of deployments: <em>source code</em> deployment,
<em>java artifact</em> deployment or <em>container image</em> deployment. <em>Source code</em> deployment is possible
if the source code of the application is stored in OCI DevOps; <em>Java artifact</em> deployment requires a Java
artifact to be present in the OCI Artifact Registry; and <em>Container image</em> deployment requires the container
image to be present in an OCI Container Registry accessible by the Stack, the image must be configured to respond
to HTTPS requests through the exposed port.
</p>
<ul>
<li><strong>Application Name</strong>: application identifier, used as a prefix to some of the resources created by
the stack</li>
<li><strong>Number of deployments</strong>: the number of container instances that will be deployed</li>
<li><strong>Application source</strong>: source code, or artifact or container registry.</li>
<li>If <em>application source</em> is either <em>source code </em>or <em>artifact</em>:
<ul>
<li><strong>Artifact type</strong>:
<ul>
<li>JAR: The executable java archive will be run with the <em>JVM options </em>and <em>Program
arguments </em>provided in the "Other parameters" section.</li>
<li>WAR: The Web Archive will be deployed in a Tomcat Server. This Tomcat Server will be started using
the JVM Options provided in the "Other Parameters" section.</li>
</ul>
</li>
</ul>
</li>
<li>If <em>application source</em> is <em>source code</em>:
<ul>
<li><strong>DevOps repository name (OCID)</strong>: OCID of the repository containing the source code of the
application.</li>
<li><strong>Branch used for build/deployment</strong>: name of the branch to build and deploy. The application
will be built and deployed each time a change is made to this branch.</li>
<li><strong>Application build command</strong>: command will be used by the build pipeline to build the
application.</li>
<li><strong>Artifact path</strong>: path to the generated application artifact (jar or war file) once the
application is built.</li>
</ul>
</li>
<li>If <em>application source</em> is <em>artifact</em>:
<ul>
<li><strong>Artifact repository OCID</strong>: OCID of the repository containing the artifact.</li>
<li><strong>Artifact OCID</strong>: OCID of the artifact to deploy.</li>
</ul>
</li>
<li>If <em>application source</em> is <em>container image</em>:
<ul>
<li><strong>Full path to the image in container registry.</strong></li>
<li><strong>Exposed port</strong>: port exposed by the container image.</li>
</ul>
</li>
</ul>
<p><strong>Stack authentication</strong>: a Vault is used to store sensitive information such as authentication tokens
and passwords. The stack can either use an existing vault or create a new one. To use an existing key vault,
the stack will let you select the existing vault and key (AES). To create a new vault you must provide
the user-friendly name of the vault to create.</p>
<p>An <strong>authentication token</strong> is used by the stack to authenticate the user when connecting to the code
repository or container registry. This token can either be provided or created by the stack.</p>
<p><strong>Database</strong>: The stack assumes that the persistence is handled by a database and this section lets you
configure that database. You can either choose an existing database by selecting the database or create a new one.</p>
<ul>
<li>Use existing database:
<ul>
<li><strong>Autonomous Database</strong>: select the database you want the application to access.</li>
<li><strong>DB username</strong>: database user used to access the database.</li>
<li><strong>DB user password</strong>: provide the user's password.</li>
</ul>
</li>
<li>Create new database:
<ul>
<li><strong>Autonomous Database display name</strong>: user-friendly display name of the autonomous database.</li>
<li><strong>Database ADMIN password</strong>: password of the ADMIN user of the database.</li>
<li><strong>Storage (TB)</strong>: The amount of storage in TB to allocate.</li>
<li><strong>OCPU count</strong>: The number of OCPU cores to enable. Available cores are subject to your
tenancy's service limits.</li>
</ul>
</li>
</ul>
<p>If the application consumes environment variables to configure the database access, the stack can set these
environment variables so that the application will connect to the selected database. If the <em>application
source </em>is either <em>source code </em>or <em>artifact</em>, the stack will configure the
application to use mutual TLS when connecting to the database (using a wallet in which the username and password used
to access the database are stored). Therefore the only configuration parameter needed to connect to the database is
the connection URL that can be set through an environment variable whose name is configurable. If you are
deploying the application using a <em>container image</em>, three environment variables will be available, these
environment variables configure the database connection URL, username and password. A check box will allow you to
choose if you want to use a given environment variable, if you check that checkbox you will be prompted for the
environment variable's name.</p>
<p><strong>Other Parameters</strong>: Besides the above predefined environment variables, the stack allows you to
provide other parameters to your application. This can be achieved by providing environment variables, JVM options
and/or program arguments. The use of JVM option is possible when the <em>application source</em> is either
<em>source code </em>or <em>artifact</em>, and the use of program arguments is only possible when
the <em>artifact type</em> is <em>JAR</em>.
</p>
<ul>
<li><strong>Other environment variables</strong>: you can use this field to set environment variables consumed by your
applicaiton. These environment variables should be provided as a semicolon separated list of <name, value>
pairs in the following format: var1=value1;var2=value2 ... varN=valueN.</li>
<li><strong>JVM options</strong>: You can also provide JVM options that will be set when starting the java VM. If the
artifact type of you application is a JAR, the JVM Options will be set when starting the JAR file and if the
artifact type is a WAR, the JVM Options will be set when starting Tomcat.</li>
<li><strong>Program arguments</strong>: If your application consumes arguments, you can use this field to set them.
Arguments should be provided as a space separated list and will be passed to the application at start-up :
arg1 arg2 ..., argN.</li>
</ul>
<p><strong>Application configuration - SSL communication between backends and load balancer</strong>: A certificate is
needed to configure the load balancer and the backends so that the communication between them is done using SSL.
</p>
<p>If the <em>application source </em>is either <em>source code </em>or <em>artifact</em>, the
stack creates the self-signed certificate that will be used for the communication between the load balancer and the
backends and stores it in a JKS keystore. If the <em>artifact type </em>is a <em>WAR </em>(web
application deployed using Tomcat) Tomcat will be configured to use this keystore. If the <em>artifact
type </em>is <em>JAR </em>the stack can use <strong>properties </strong>to configure SSL for the
application. By default Spring boot properties will be used by the stack. A checkbox allows to change that
configuration.</p>
<ul>
<li><strong>Server port number property name</strong>: name of the property to configure the server port.</li>
<li><strong>SSL keystore filename property name</strong>: name of the property to configure the SSL keystore filename.
</li>
<li><strong>SSL key alias property name</strong>: name of the property to configure the SSL key alias property name.
</li>
<li><strong>SSL keystore password property name</strong>: name of the property to configure the SSL keystore password
property name.</li>
<li><strong>SSL keystore type property name</strong>: name of the property to configure the SSL keystore type property
name.</li>
</ul>
<p>If the <em>application source</em> is <em>container image</em>, the image must already be
configured to use SSL, the following information is necessary to configure the load balancer (PEM format):</p>
<ul>
<li><strong>SSL certificate</strong>: the public certificate.</li>
<li><strong>Private key</strong>: the certificate's private key.</li>
<li><strong>CA certificate</strong>: the CA certificate.</li>
</ul>
<p><strong>Application URL</strong>: if you have a DNS domain that's managed in OCI you can configure the stack to
add a new record (hostname) for your application. A certificate will also be needed so that the application can be
accessed using SSL.</p>
<ul>
<li><strong>DNS zone</strong>: homain name managed in OCI DNS.</li>
<li><strong>Host name</strong>: host name that will be created on the selected Zone and will resolve to the the load
balancer's IP address.</li>
<li><strong>Certificate OCID</strong>: certificate for the application URL</li>
</ul>
<p><strong>Network</strong>: The stack is designed to create all of its resources in the same VCN. You have the choice
between using an existing VCN or creating a new one. If you chose to use an existing VNC you can either use existing
subnets or create new ones.</p>
<ul>
<li>The <strong>application subnet</strong> is for the container instances running the application and
the deployment pipeline. An Network Security Group (NSG) will be created and configured to allow the
communication between the application and: the load balancer, the database and other OCI Services through a
Service Gateway.</li>
<li>A <strong>database subnet</strong> is only needed if the Stack creates a new database. A NSG will be created and
configured to allow the communication between the application and the database. </li>
<li>The <strong>load balancer subnet </strong>can either be private (accessible from inside OCI) or public (accessible
from both OCI and the Internet). A NSG will be created and configured to allow the communication between the load
balancer and the application. If you chose to <em>open the load balancer to the internet</em>, the load balancer
subnet will be a public subnet and an Internet Gateway will be created.</li>
</ul>
<p>By default the <em>load balancer</em> is configured with minimum and maximum bandwidth of 10Mbps, the health check
URL is set to "/" and the status code 200. These values can be changed if needed.</p>
<p><strong>Container instance configuration</strong>: finally you can chose the shape and size of the container
instances that will run your application.</p>
<p><strong>Once the stack is configured it will</strong>:</p>
<ul>
<li>Create a new repository called "<application-name>_config" that includes:
<ul>
<li><em>wallet.zip</em>: the database wallet (if the database wallet is rotated this zip file needs to be updated)
</li>
<li><em>Dockerfile</em>: used to build the container image</li>
<li><em>build_spec.yaml</em>: build spec for the build pipeline</li>
<li><em>self.keystore</em>: self-signed keystore for the internal https connection between the load balancer and
the container instances</li>
</ul>
</li>
<li>Generate a container image of the application, and add it to the Container Registry</li>
<li>Deploy the application as a container in Container Instances</li>
<li>Leverage OCI services such as VCN, Load Balancer, APM</li>
</ul>
<p> </p>