Deploying the full application requires cloud backing services from Oracle Cloud Infrastructure. Provisioning these services may be done manually of course, but can also be done automatically through the use of OCI Service Broker. You are encouraged to explore each approach.
In all cases, begin by adding tenancy credentials to manage and connect services from within the cluster. Create a secret containing these values:
kubectl create secret generic oci-credentials \ --namespace mushop \ --from-literal=tenancy=<TENANCY_OCID> \ --from-literal=user=<USER_OCID> \ --from-literal=region=<USER_OCI_REGION> \ --from-literal=fingerprint=<PUBLIC_API_KEY_FINGERPRINT> \ --from-literal=passphrase=<PRIVATE_API_KEY_PASSPHRASE> \ --from-file=privatekey=<PATH_OF_PRIVATE_API_KEY>
NOTE: The passphrase entry is required. If you do not have passphrase for your key, just leave empty.
|Provides steps for provisioning and connecting cloud services to the application||Uses OCI Service Broker to provision and connect the Autonomous Transaction Processing database|
API Gateway, OCI Functions and Email Delivery
Note that this is OPTIONAL. If you don’t want to configure Email Delivery and deploy a function with API Gateway, skip to the deployment section.
Configure Email Delivery
If you are planning to use the API gateway and Oracle Functions, to send emails using OCI Email Delivery you need to configure an approved sender first.
- From the OCI console, click Email Delivery -> Email Approved Sender
- Click the Create Approved Sender
- Enter the email address, for example:
- Click Create Approved Sender
Note: if you have your own domain, you can enter a different address (e.g.
mushop@[yourdomain.com]) and also configure SPF record for the sender. This involves adding a DNS record to your domain. You can follow these instructions to set up SPF.
Next, you need to generate the SMTP credentials that will allow you to log in to the SMTP server and send the email. Follow the Generate SMTP Credentails for a User to get the SMTP host, port, username and password.
The SMTP credentails (host, port, username and password) and the approved sender email address (e.g.
email@example.com) will be provided to the function as configuration values later, so make sure you save these values somewhere.
Configure function application
Each function needs to live inside of an application. You can create a new application either through the console, API or the Fn CLI. An application has a name (e.g.
mushop-app) and the VCN and a subnet in which to run the functions. The one guideline here is to pick the subnets that are in the same region as the Docker registry you specified in your context YAML earlier - check these docs for more information.
The first step you need to do is to ensure your tenancy is configured for function development. You can follow the Configuring Your Tenancy for Function Development documentation.
brew install fn
Finally, you will need configure the Fn CLI - you can follow these instructions that will guide you through creating a context file and configuring it with an image registry.
To create an application using Fn CLI, run:
fn create app [APP_NAME] --annotation oracle.com/oci/subnetIds='["ocid1.subnet.oc1.iad...."]'
Note: make sure you replace
ocid1.subnetwith actual values
Deploy and configure the function
To deploy a function to an app, you can run the following command within the function folder (
fn deploy --app [APP_NAME]
fn -v deploy --app [APP_NAME]to get verbose output in case you’re running into issues.
In the remainder of the document, we will use
mushop-app for the application name.
You need to provide additional configuration (SMTP credentails) for the function to work properly and be able to send emails.
Once you’ve successfully deployed the function, you can use the Fn CLI to add configuration values (note that you can also do the same through the Console UI).
Run the following commands to configure SMTP settings and the approved sender (replace the values):
fn config function mushop-app newsletter-subscription SMTP_USER <smtp_username> fn config function mushop-app newsletter-subscription SMTP_PASSWORD <smtp_password> fn config function mushop-app newsletter-subscription SMTP_HOST <smtp_host> fn config function mushop-app newsletter-subscription SMTP_PORT <smtp_port> fn config function mushop-app newsletter-subscription APPROVED_SENDER_EMAIL <approved_sender_email>
Creating an API gateway
The quickest way to create a gateway is through the OCI console:
- Click Developer Services -> API Gateway from the sidebar on the left
- Click the Create Gateway button
- Enter the following values (you can use a different name if you’d like):
- Name: mushop-gateway
- Type: Public
- Virtual Cloud Network: Pick one from the dropdown
- Subnet: Pick the subnet from the dropdown
- Click Create
- When gateway is created, click the Deployments link from the sidebar on the left
- Under the Deployments, click the Create Deployment button
- Make sure From Scratch option is selected at the top and enter the following values (you can leave the other values as they are - i.e. no need to enable CORS, Authentication or Rate Limiting):
- Name: newsletter-subscription
- Path prefix: /newsletter
- Compartment: < Pick your compartment >
- Execution log: Enabled
- Log level: Error
- Click Next to define the route
- Enter the following values for Route 1:
- Path: /subscribe
- Methods: POST
- Type: Oracle Functions
- Application: mushop-app (or other, if you used a different name)
- Function name: newsletter-subscription
- Click the Show Route Logging Policies link and enable Execution Log
- Click Next and review the deployment
- Click Create to create the gateway deployment
When deployment completes, navigate to it to get the URL for the gateway. Click the Show link next to the Endpoint label to reveal the full URL for the deployment. It should look like this:
You will use this URL in
values-dev.yaml when creating the deployment.
Having completed the provisioning steps above, the
helm chart is installed using settings to leverage cloud backing services.
Make a copy of the
values-dev.yamlfile and store somewhere on your machine as
myvalues.yaml. Then complete the missing values (e.g. secret names) like the following:
global: ociAuthSecret: oci-credentials # OCI authentication credentials secret ossStreamSecret: oss-connection # Name of Stream connection secret oadbAdminSecret: oadb-admin # Name of DB Admin secret oadbWalletSecret: oadb-wallet # Name of Wallet secret oadbConnectionSecret: oadb-connection # Name of DB Connection secret oosBucketSecret: oos-bucket # Object storage bucket secret name (optional)
NOTE: If it’s desired to connect a separate databases for a given service, you can specify values specific for each service, such as
oadb-*), stream (
oss-*), and bucket (
oos-*) secrets may be omitted if using the automated service broker approach.
Optional: If an Object Storage bucket is provisioned, you can configure the
apienvironment to use the object URL prefix in
api: env: mediaUrl: # https://objectstorage.[REGION].oraclecloud.com/n/[NAMESPACE]/b/[BUCKET_NAME]/o/
Optional: If you configured the Email Delivery, API gateway and the function, add the following snippet to your
api: env: mediaUrl: # ... newsletterSubscribeUrl: https://[API_GATEWAY_URL]
mushopapplication helm chart using the
OPTION 1: With cloud services provisioned manually:
helm install ./mushop \ --name mushop \ --namespace mushop \ --values myvalues.yaml
helm install mushop ./mushop \ --namespace mushop \ --values myvalues.yaml
OPTION 2: When using OCI Service Broker (
helm install ./mushop \ --name mushop \ --namespace mushop \ --set global.osb.atp=true \ --set global.osb.oss=true \ --set global.osb.objectstorage=true \ --values myvalues.yaml
helm install mushop ./mushop \ --namespace mushop \ --set global.osb.atp=true \ --set global.osb.oss=true \ --set global.osb.objectstorage=true \ --values myvalues.yaml
Wait for deployment pods to be RUNNING and init pods to show COMPLETED:
kubectl get pods --namespace mushop --watch
NAME READY STATUS RESTARTS AGE mushop-api-769c4d9fd8-hp7mc 1/1 Running 0 31s mushop-assets-dd5756599-pxngg 1/1 Running 0 33s mushop-assets-deploy-1-n2bk6 0/1 Completed 0 33s mushop-carts-6f5db9565f-4w65t 1/1 Running 0 33s mushop-carts-init-1-dcs82 0/1 Completed 0 33s mushop-catalogue-76977479fd-thdq4 1/1 Running 0 32s mushop-catalogue-init-1-twx9x 0/1 Completed 0 33s mushop-edge-648c989cd4-6g9dk 1/1 Running 0 32s mushop-events-569f4744c9-l7pqt 1/1 Running 0 30s mushop-fulfillment-85489cd99b-lzwqp 1/1 Running 0 30s mushop-nats-84dc5db659-7rpbl 1/1 Running 0 32s mushop-orders-6dcc7bbbb6-658tq 1/1 Running 0 33s mushop-orders-init-1-tm8ls 0/1 Completed 0 33s mushop-payment-c7dccd8cc-t9wmj 1/1 Running 0 33s mushop-session-5ff4c9557f-dmbq8 1/1 Running 0 33s mushop-storefront-8656597656-lgdlk 1/1 Running 0 33s mushop-user-54f4978d68-qhr7n 0/1 Running 0 31s mushop-user-init-1-8k62c 0/1 Completed 0 33s
Note: if you installed Istio service mesh, you should see
1/2for the init pods and the assets deploy pod. The reason you see
2/2is because Istio injects a sidecar proxy container into each pod.
Open a browser with the
EXTERNAL-IPcreated during setup, OR
port-forwarddirectly to the
kubectl port-forward \ --namespace mushop \ svc/edge 8000:80
port-forwardconnecting localhost:8000 to the
kubectl get svc mushop-utils-ingress-nginx-controller \ --namespace mushop-utilities
EXTERNAL-IPfor Ingress Controller. NOTE this will be localhost on local clusters.
kubectl get svc istio-ingressgateway \ --namespace istio-system
EXTERNAL-IPfor Istio Ingress Gateway. NOTE this will be localhost on local clusters.