0% found this document useful (0 votes)

13 views

OCI Devops

The document is an activity guide for Oracle Cloud Infrastructure DevOps, detailing various topics such as configuration management, microservices, continuous integration, and deployment processes. It includes step-by-step instructions for using tools like Ansible, Terraform, Docker, and Kubernetes. Additionally, it emphasizes the importance of copyright and proprietary information protection throughout the document.

Uploaded by

raja sinha

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

13 views

OCI Devops

Uploaded by

raja sinha

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 282

Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Sa
m

Activity Guide
S1106012GC10
ra
tS
inh
a

Professional
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m

Learn more from Oracle University at education.oracle.com

Gu ) h
ide as
. a
no
n-
tra
n sfe
ra
b le

Oracle Cloud Infrastructure DevOps

Disclaimer

This document contains proprietary information and is protected by copyright and other intellectual property laws. The
document may not be modified or altered in any way. Except where your use constitutes "fair use" under copyright law, you
may not use, share, download, upload, copy, print, display, perform, reproduce, publish, license, post, transmit, or distribute
this document in whole or in part without the express authorization of Oracle.

The information contained in this document is subject to change without notice and is not warranted to be error-free. If you
find any errors, please report them to us in writing.

b le
Restricted Rights Notice

ra
sfe
If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the
United States Government, the following notice is applicable:

n
tra
U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs
embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer

n-
documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer

no
software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and
agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure,

. a
modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system,

ide as
integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such
programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in

Gu ) h
the license contained in the applicable contract. The terms governing the U.S. Government's use of Oracle cloud services are
defined by the applicable contract for such services. No other rights are granted to the U.S. Government.
is m
th co
Trademark Notice
e il.

Oracle®, Java, MySQL, and NetSuite are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks
us ma

of their respective owners.

to g
se 5@

Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under
license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMD logo are
trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
en a0
lic sinh

Third-Party Content, Products, and Services Disclaimer

This documentation may provide access to or information about content, products, and services from third parties. Oracle
t
ra

Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-
party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle
am

Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of
third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.
(s
a
inh

1111142023
tS
ra
m
Sa
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Table of Contents

Configuration Management and Infrastructure as Code: Leverage Ansible Collection to Provision

and Manage Resources in Oracle Cloud ........................................................................................ 9

le
Get Started...................................................................................................................................................... 10

b
ra
Install the Oracle Cloud Infrastructure Ansible Collection .................................................................... 12

sfe
Launch and Terminate a Compute Instance Using Ansible Playbook ............................................... 13

n
Purge Instructions......................................................................................................................................... 18

tra
Configuration Management and Infrastructure as Code: Deploy a Web App to Multiple Compute

n-
no
Instances ........................................................................................................................................... 19
Get Started...................................................................................................................................................... 20

. a
ide as
Set Up the Lab Environment ...................................................................................................................... 22

Gu ) h
Configure Ansible Resources and Playbook ............................................................................................ 26
is m
Execute Ansible Playbook to Install and Configure Apache Hosts ..................................................... 28
th co
Purge Instructions......................................................................................................................................... 32
e il.

Configuration Management and Infrastructure as Code: Create a Reusable VCN Configuration with
us ma

Terraform.......................................................................................................................................... 33
to g
se 5@

Create and Destroy a VCN Using Terraform ........................................................................................... 38

lic sinh

Create and Destroy a VCN Using Resource Manager ............................................................................ 45

Purge Instructions......................................................................................................................................... 48
ra
am

Configuration Management and Infrastructure as Code: Replicate an Existing Load Balancer Using
Terraform Configuration Scripts and OCI Resource Manager .................................................... 49
(s

Get Started...................................................................................................................................................... 50
a
inh

Set Up the Lab Environment ...................................................................................................................... 52

Generate Terraform Script with Resource Manager .............................................................................. 54

Edit Auto-Generated Terraform Script ..................................................................................................... 57

Provision Infrastructure Based on the Auto-Generated Terraform Configuration ......................... 58

Purge Instructions......................................................................................................................................... 60

Configuration Management and Infrastructure as Code: Create a Custom Stack to Deploy a HA

Load Balanced Simple Web Application ........................................................................................ 63
Get Started...................................................................................................................................................... 64
Create SSH Keys Using Cloud Shell ........................................................................................................... 66

Copyright © 2023, Oracle and/or its affiliates.

Oracle Cloud Infrastructure DevOps Professional – Table of Contents iii

Create Custom Resource Manager Stack ................................................................................................. 68

Plan & Apply Jobs ......................................................................................................................................... 70
Destroy Job .................................................................................................................................................... 74
Purge Instructions......................................................................................................................................... 76

Microservice and Container Orchestration: Create Docker Image for a Web Application Using
Dockerfile.......................................................................................................................................... 77

b le
Get Started...................................................................................................................................................... 78

ra
sfe
Access the Dockerfile ................................................................................................................................... 79
Build the Docker Image ............................................................................................................................... 80

n
tra
Run Your Docker Image as a Container ................................................................................................... 81

n-
Access the Web Application Running Within the Container ................................................................ 82

no
Delete the Docker Container....................................................................................................................... 83

. a
Microservices and Container Orchestration: Manage OCIR and Push and Pull Images Using Docker

ide as
CLI ...................................................................................................................................................... 85

Gu ) h
Get Started...................................................................................................................................................... 86
is m
Create an Auth Token .................................................................................................................................. 88
th co
Create a New Container Repository .......................................................................................................... 89
e il.
us ma

Sign In to OCIR from the Cloud Shell ........................................................................................................ 90

to g

Tag the Docker Image .................................................................................................................................. 92

se 5@

Push the Tagged Docker Image to OCIR Repository ............................................................................. 93

en a0

Verify if the Image Has Been Pushed ....................................................................................................... 94

lic sinh

Pull the Image from OCIR Repository ....................................................................................................... 95

Microservices and Orchestration: Set Up OKE Cluster Access .................................................... 97

t
ra

Get Started...................................................................................................................................................... 98
am

Set Up the kubeconfig File .......................................................................................................................... 99

Run kubectl Commands Against Kubernetes Clusters.......................................................................... 100

a
inh

Purge Instructions......................................................................................................................................... 104

Microservice and Container Orchestration: Deploy a Sample Web Application on an OKE Cluster
Using kubectl .................................................................................................................................... 105
ra
m

Get Started...................................................................................................................................................... 106

Create a Kubernetes (OKE) Secret ............................................................................................................. 108

Add the Secret and the Image Path to the Deployment Manifest ...................................................... 110
Deploy the Sample Web Application to OKE Cluster ............................................................................. 112
Verify if the Sample Web Application Is Accessible ............................................................................... 113
Clean Up the Resources Deployed Within OKE Cluster......................................................................... 115

Copyright © 2023, Oracle and/or its affiliates.

iv Oracle Cloud Infrastructure DevOps Professional – Table of Contents

Continuous Integration and Continuous Delivery: Work with Code Repositories in OCI DevOps
Project ............................................................................................................................................... 117
Get Started...................................................................................................................................................... 118
Create a Personal Access Token in GitHub.............................................................................................. 120
Create Keys and Vault Secrets.................................................................................................................... 121
Create a DevOps Project .............................................................................................................................. 123

b le
Create an External Connection................................................................................................................... 125

ra
Mirror Your GitHub Repository .................................................................................................................. 126

sfe
Create an OCI Code Repository in Your DevOps Project ...................................................................... 128

n
tra
Clone OCI Code Repository in Your Cloud Shell Session ...................................................................... 129

n-
Perform Basic Git Operations on the Code Repository ......................................................................... 132

no
Continuous Integration and Continuous Delivery: Create an Artifact Registry and Set Up Artifacts

. a
and Environments in a DevOps Project ......................................................................................... 135

ide as
Get Started...................................................................................................................................................... 136

Gu ) h
Create a Repository to Store and Manage Artifacts............................................................................... 138
is m
Add Container Image Repository Artifact to Store Docker Images .................................................... 139
th co
Create a Reference to Kubernetes Manifest ............................................................................................ 141
e il.
us ma

Create a DevOps Environment ................................................................................................................... 142

to g

Continuous Integration and Continuous Delivery: Automate Web App Deployment to an OKE
se 5@

Cluster Using OCI DevOps CI CD Pipeline ...................................................................................... 143

en a0

Get Started...................................................................................................................................................... 144

lic sinh

Prepare the Kubernetes Deployment Manifest for Automated Deployment ................................... 147
Create DevOps Build Pipeline and Build Stages ..................................................................................... 150
t
ra

Create DevOps Deployment Pipeline and Deploy Stage ...................................................................... 154

Create a Trigger Deployment Stage in Build Pipeline ........................................................................... 156

Automate Sample Web Application Deployment to OKE Cluster ....................................................... 157

View the Artifacts Generated as Part of the Automated Build............................................................. 159

inh

Monitoring - Notification: Configure Alarms with Notifications and Create Monitoring Queries
tS

........................................................................................................................................................... 161
ra

Get Started...................................................................................................................................................... 162

m
Sa

Validate Build Run and Deployment ......................................................................................................... 164

Configure Notifications ................................................................................................................................ 165
Monitor Build Execution Time .................................................................................................................... 167
Monitor Build Success.................................................................................................................................. 171
Monitor Deployment Failure....................................................................................................................... 174
Create Monitoring Queries.......................................................................................................................... 178

‘Copyright © 2023, Oracle and/or its affiliates.

Oracle Cloud Infrastructure DevOps Professional: Hands-on Workshop – Table of Contents v

Purge Resources ........................................................................................................................................... 182

Logging Services: Manage DevOps Project Log Using OCI Console ........................................... 183
Get Started...................................................................................................................................................... 184
Configure Logs for DevOps Project........................................................................................................... 186
Run the Build ................................................................................................................................................. 188

le
Search Your Logs .......................................................................................................................................... 189

b
Purge Instructions......................................................................................................................................... 193

ra
sfe
Event Service: Define Rules that Trigger a Specific Action When a DevOps Event Occurs ..... 195

n
Get Started...................................................................................................................................................... 196

tra
Configure a Notification .............................................................................................................................. 198

n-
Create an Event Rule .................................................................................................................................... 200

no
Validate Event Rule by Running a Build ................................................................................................... 201

. a
Purge Instructions......................................................................................................................................... 204

ide as
Gu ) h
Continuous Integration and Continuous Delivery: Deploy a Sample Web Application to an OKE
Cluster Using Helm Chart Deployment in OCI DevOps ................................................................ 205
is m
th co
Get Started...................................................................................................................................................... 206
e il.

Create a DevOps Project and Manage Code Repositories .................................................................... 208

us ma

Create OCI Repositories for Container Image and Helm Chart ........................................................... 214
to g

Set Up Artifacts and Environments for Your DevOps Project.............................................................. 215

se 5@

Create DevOps Build Pipeline and Build Stages ..................................................................................... 219

en a0

Create DevOps Deployment Pipeline and Deploy Stage ...................................................................... 224

lic sinh

Create a Trigger Deployment Stage in Build Pipeline ........................................................................... 226

Set Up the kubeconfig File and Create a Kubernetes Namespace ................................................ 227
t
ra
am

Automate Sample Web Application Deployment to OKE Cluster Using Helm Chart ...................... 229
View the Artifacts Generated as Part of the Automated Build............................................................. 231
(s

Purge Instructions......................................................................................................................................... 232

a
inh

DevSecOps: Generate a Key Using OCI Vault Service to Perform Cryptographic Operations 237
tS

Get Started...................................................................................................................................................... 238

Prepare for Master Encryption Key ........................................................................................................... 239

Create Master Encryption Key .................................................................................................................... 241

Prepare for Encryption and Decryption ................................................................................................... 242

Perform Encryption ...................................................................................................................................... 243
Perform Decryption ...................................................................................................................................... 244
Rotate the Master Encryption Key ............................................................................................................. 245
Purge Instructions......................................................................................................................................... 246

Copyright © 2023, Oracle and/or its affiliates.

vi Oracle Cloud Infrastructure DevOps Professional – Table of Contents

DevSecOps: Scan Container Image for Vulnerabilities ................................................................ 247

Get Started...................................................................................................................................................... 248
Create an Auth Token .................................................................................................................................. 250
Create a New Container Repository .......................................................................................................... 251
Enable Image Scanning ............................................................................................................................... 252
Sign In to OCIR from the Cloud Shell ........................................................................................................ 253

b le
Pull the Docker Image .................................................................................................................................. 255

ra
sfe
Tag the Docker Image .................................................................................................................................. 256
Push the Tagged Docker Image to OCIR .................................................................................................. 257

n
tra
Verify If the Image Has Been Pushed ....................................................................................................... 258

n-
View Scan Results ......................................................................................................................................... 259

no
View Vulnerability Reports .......................................................................................................................... 260

. a
View Container Image Scans ...................................................................................................................... 261

ide as
Export a Vulnerability Report ..................................................................................................................... 263

Gu ) h
Purge Instructions......................................................................................................................................... 264
is m
th co
DevSecOps: Sign and Verify Container Image in OCIR ................................................................ 267
e il.

Get Started...................................................................................................................................................... 268

us ma

Create an Auth Token .................................................................................................................................. 270

to g

Create a Container Registry ........................................................................................................................ 271

se 5@

Pull a Sample Image from Docker Hub..................................................................................................... 272

en a0

Tag and Push the Image to Container Registry ...................................................................................... 273

lic sinh

Create a Master Encryption Key in OCI Vault .......................................................................................... 275

Create an Image Signature using the OCI CLI ......................................................................................... 277
t
ra

View Signed Image and Verify Image Signature .................................................................................... 279

Purge Instructions......................................................................................................................................... 281

(s
a
inh
tS
ra
m
Sa

‘Copyright © 2023, Oracle and/or its affiliates.

Oracle Cloud Infrastructure DevOps Professional: Hands-on Workshop – Table of Contents vii
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

viii
Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h

Copyright © 2023, Oracle and/or its affiliates.

ide as
. a
no
n-
tra
n sfe
ra
b le

Oracle Cloud Infrastructure DevOps Professional – Table of Contents

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h
ide as
. a
Lab 01-1 Practices
no
n-
tra
n
Estimated time: 30 minutes
sfe
ra
b le
to Provision and Manage
Resources in Oracle Cloud
Configuration Management
and Infrastructure as Code:
Leverage Ansible Collection
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

Oracle Cloud Infrastructure Ansible Collection provides an easy way to provision and manage
resources in Oracle Cloud using Ansible. Ansible playbooks automate configuration,
deployment, and orchestration tasks. Ansible playbooks use a declarative language (YAML)

ble
that allows you to describe infrastructure configuration, deployment policy, and the

ra
orchestration of complex process steps. The Ansible basic setup is very easy, and the Oracle

sfe
provided example playbooks in Git are a good base to start with your infrastructure

n
automation project. Oracle provides Ansible example playbooks for Compute, Block Volumes,

tra
Database, File Storage, IAM, Load Balancer, Private Subnets with VPN, Delete Objects, and so

n-
on. In this lab, you will learn how easy it is to bring Ansible and Oracle Cloud Infrastructure

no
together.

. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am

In this lab, you’ll:

(s
a

a. Install the Oracle Cloud Infrastructure Ansible Collection

inh
tS

b. Launch and terminate a compute instance using Ansible Playbook

For more information on OCI Ansible Collection, see the OCI Ansible Collection
m
Sa

Documentation.

Copyright © 2023, Oracle and/or its affiliates.

10 Leverage Ansible Collection to provision and manage resources in Oracle Cloud

Prerequisites
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

• You must have an Oracle Cloud Infrastructure account.

• You have basic know-how of Linux commands.
• You must have the necessary credentials and OCID information:
− Image OCID to be used If this lab is being practiced in the US-ashburn-1 region:
ocid1.image.oc1.iad.aaaaaaaa33a3lofqhzh5wvpi34fnsqiwdwaytjls5

le
2pksm7r5kinnp6ew3na

b
ra
− Region-wise image OCID list:

sfe
https://docs.oracle.com/en-us/iaas/images/image/3baec0b4-4bac-4cb0-ac1d-

n
621846621396/

tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Leverage Ansible Collection to provision and manage resources in Oracle Cloud 11

Install the Oracle Cloud Infrastructure Ansible
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Collection
You will install the OCI Ansible collection from Ansible Galaxy.

Tasks

le
1.

b
Sign in to your Oracle Cloud Infrastructure (OCI) account.

ra
sfe
2. Open the Cloud Shell from the Developer tools listed in the OCI console header

n
tra
n-
no
. a
ide as
Gu ) h
is m
Note: The OCI CLI running in the Cloud Shell will execute commands against the region
th co
selected in the Console's region selection menu when the Cloud Shell was started.
e il.
us ma

3. Install the OCI Ansible collection from Ansible Galaxy.

$ ansible-galaxy collection install oracle.oci
to g
se 5@

4. Test the installation.

en a0

$ ansible localhost -m
lic sinh

oracle.oci.oci_object_storage_namespace_facts
t

On successful execution, this command will return your object storage namespace.
ra
am

For example,
(s

localhost | SUCCESS => {

"changed": false,
inh

"namespace": "oracletenancy"
tS

}
ra

5.
m

Clone the GitHub repository on Cloud Shell.

$ git clone https://github.com/ou-

developers/launch_compute_instance

6. Switch to the cloned repository.

$ ls
$ cd launch_compute_instance

Copyright © 2023, Oracle and/or its affiliates.

12 Leverage Ansible Collection to provision and manage resources in Oracle Cloud

Launch and Terminate a Compute Instance Using
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Ansible Playbook
You will learn how to use Ansible playbook to automate launching a compute instance and
connect to it using SSH.

Tasks

ble
ra
sfe
1. Open Code Editor from the Developer tools listed in the OCI console header.

n
tra
n-
no
. a
ide as
Gu ) h
2. The tool bar is on the left side of the Code Editor window. Click the Explorer (top) icon
is m
from the left side menu within the Code Editor window.
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am

Browse to the launch_compute_instance directory to view the various files you have
(s

in the directory including the sample.yaml, setup.yaml and teardown.yaml

a
inh

• The sample.yaml file is the main Playbook which consists of tasks required to
tS

set up a compute instance using Infrastructure as a code(IaC).

• The setup.yaml file contains tasks to perform pre-checks for environment

m
Sa

variables and setting up of other networking resources required for the launch of
compute instance. This is imported in the sample.yaml file at the start.

• The teardown.yaml file contains tasks to terminate all the resources created in
this lab. The sample.yaml file imports the teardown.yaml file and executes it
as part of play towards the end.

Copyright © 2023, Oracle and/or its affiliates.

Leverage Ansible Collection to provision and manage resources in Oracle Cloud 13

3. Now switch to the Cloud Shell window. Set the environment variables.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

a. Set Image OCID

$ export SAMPLE_IMAGE_OCID=<IMAGE_OCID>

Where,
• The <IMAGE_OCID> is the OCID of the image originally used to launch the instance.

le
For example,

b
ra
$ export
SAMPLE_IMAGE_OCID=ocid1.image.oc1.iad.aaaaaaaa33a3lofqhzh5wvpi34

sfe
fnsqiwdwaytjls52pksm7r5kinnp6ew3na

n
tra
n-
Note: For the <IMAGE_OCID> use the Image OCID that is provided in the example if

no
the region you are working in is us-ashburn-1. If you are working in a different

. a
region, then use the image OCID from this location.

ide as
b.

Gu ) h
Set Compartment OCID
$ export SAMPLE_COMPARTMENT_OCID=<COMPARTMENT_OCID>
is m
th co
Where,
e il.
us ma

• The <COMPARTMENT_OCID> is the OCID of the compartment containing the instance

you want to use as the basis for the image.
to g
se 5@

Replace the <COMPARTMENT_OCID> with the OCID of the compartment assigned to

en a0

you.
lic sinh

To get the OCID for the compartment where compute instance is to be launched:
t
ra
am

a) In the Console, open the navigation menu and click Identity & Security.
Under Identity, click Compartments.
(s
a

b) A list of the compartments in your tenancy is displayed.

inh
tS

c) A shortened version of the OCID is displayed next to each compartment.

ra
m

d) Search for your <assigned compartment> and click the shortened OCID
Sa

string to view the entire value in a pop-up. Click Copy to copy and save the
OCID.

For example,
$ export
SAMPLE_COMPARTMENT_OCID=ocid1.compartment.oc1..xxxxxxxxycxxxxxx0
347034703470347000000o3hx2exkz5pzi6kt4xxxxxx

Copyright © 2023, Oracle and/or its affiliates.

14 Leverage Ansible Collection to provision and manage resources in Oracle Cloud

c. Set Availability Domain name
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

$ export SAMPLE_AD_NAME=<SAMPLE_AD_NAME>

Where,
• The <SAMPLE_AD_NAME> is the availability domains in your tenancy you want the
instance to be hosted in.

le
To get the Availability domain names in your tenancy where the compute instance is to be

b
launched:

ra
sfe
a) Open the navigation menu and click Compute. Under Compute, click

n
tra
Instances.

n-
b) Click Create instance.

no
. a
c) Locate the Placement section on the page, and under the Availability

ide as
domain, copy the complete name from any one of the availability domains

Gu ) h
listed. Refer to the screenshot given below.
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am

d) Set the SAMPLE_AD_NAME environment variable to the name copied above.

For example,
a
inh

$ export SAMPLE_AD_NAME=yQUJ:US-ASHBURN-AD-1
tS

4. Check if the environment variables are set.

$ echo $SAMPLE_IMAGE_OCID
m

$ echo $SAMPLE_COMPARTMENT_OCID
Sa

$ echo $SAMPLE_AD_NAME

The output of these commands will return the OCIDs and name set in the previous step.

Copyright © 2023, Oracle and/or its affiliates.

Leverage Ansible Collection to provision and manage resources in Oracle Cloud 15

5. When you execute the ansible-playbook command, the infrastructure is created; key
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

generation, network configuration, firewall rule setup, instance creation, etc. are all
automated.

Run the following command:

$ ansible-playbook sample.yaml

ble
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh

After a few minutes, the complete infrastructure for an OCI compute instance is created, and
the instance is connected using SSH, whose response is shown on the screen.
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

16 Leverage Ansible Collection to provision and manage resources in Oracle Cloud

ble
ra
Note: Since the teardown.yaml file is called within the sample.yaml file the termination of

sfe
the resources will take place immediately.

n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@

View the Provisioned Compute Instance

en a0

You can also view the compute instance which was provisioned by the ansible playbook.
lic sinh

a. Open the navigation menu. Under Compute, click Instances and select your
t
ra

<assigned compartment> from List scope on the left menu.

am
(s

You will see the compute instance provisioned by the Ansible playbook with the name
a

my_test_instance in Terminating/Terminated state.

inh
tS

Congratulations! You were able to install the OCI Ansible collection to launch and later
terminate a compute instance using the Ansible playbook.
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Leverage Ansible Collection to provision and manage resources in Oracle Cloud 17

Purge Instructions
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Unset the Exported Variables

1. In the Cloud Shell, run the following commands:

$ unset SAMPLE_IMAGE_OCID
$ unset SAMPLE_COMPARTMENT_OCID

le
$ unset SAMPLE_AD_NAME

b
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

18 Leverage Ansible Collection to provision and manage resources in Oracle Cloud

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h
ide as
. a
Lab 02-1 Practices no
n-
tra
Estimated Time: 30 minutes n sfe
ra
Deploy a Web App to

b le
Configuration Management
and Infrastructure as Code:

Multiple Compute Instances

Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

Ansible Playbooks automate configuration, deployment, and orchestration tasks. Ansible

Playbooks use a declarative language (YAML) that allows you to describe infrastructure
configuration, deployment policy, and the orchestration of complex process

b le
steps. OCI provides a set of example playbooks for you to use.

ra
sfe
In this lab, you will learn how to install and configure an Apache webserver using an Ansible

n
Playbook. Additionally, you will learn how to spin up the Apache applications and deploy that

tra
to two compute instances.

n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh

In this lab, you’ll:

a.
ra

Set up the lab environment.

b. Configure Ansible resources and playbook.

(s
a

c. Execute Ansible playbook to install and configure Apache hosts.

inh
tS

For more information on OCI Ansible Collection, see the OCI Ansible Collection
Documentation.
ra
m
Sa

Assumptions
• You are signed in to your Oracle Cloud Infrastructure (OCI) account using your
credentials.
• You are familiar with basic Linux commands.

Copyright © 2023, Oracle and/or its affiliates.

20 Deploy a web app to multiple compute instances

• This lab assumes you’re working in the Ashburn region. The resource naming
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

convention (iad) used in this lab is according to Ashburn.

If you’re working in a different region, change the resource names accordingly. For
example, for Phoenix, use phx.

ble
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Deploy a web app to multiple compute instances 21

Set Up the Lab Environment
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You will create a VCN with two compute instances in a public subnet and a SSH key pair to
establish secure client/server connections via SSH to running instances in the cloud.

Create a VCN

le
1. Open the navigation menu, click Networking, and then click Virtual Cloud Networks.

b
ra
sfe
2. Select your <assigned compartment> from List scope on the left menu.

n
3.

tra
Click Start VCN Wizard.

n-
a. Select Create VCN with Internet Connectivity, and then click Start VCN Wizard.

no
. a
b. Enter the following values in the form:

ide as
• VCN Name: IAD-DOP-LAB02-1-VCN-01

Gu ) h
• Compartment: Select your <assigned compartment>.
is m
th co
• Configure VCN and Subnets: Leave the CIDR blocks as their defaults.
e il.

• Accept the defaults for all other fields.

us ma

4. Click Next.
to g
se 5@

5. Review the list of resources that the wizard will create for you. Notice that the wizard will
en a0

set up security list rules and route table rules to enable basic access for the VCN.
lic sinh

6. Click Create to create the components.

t
ra
am

7. After the components are created, click View Virtual Cloud Network.
(s

8. On the left menu under Resources click Security Lists to view the VCN’s security lists.
a
inh

9. Click the Default Security List for IAD-DOP-LAB02-1-VCN-01 to view its details. By
tS

default, you land on the Ingress Rules page.

ra
m

10. Click Add Ingress Rules.

11. Enter the following values in the form to enable traffic from any source IP address
(represented as 0.0.0.0/0) to destination port 80 only (TCP protocol):
• Stateless: Deselect the box (this is a stateful rule).
• Source Type: Select CIDR.
• Source CIDR: 0.0.0.0/0

Copyright © 2023, Oracle and/or its affiliates.

22 Deploy a web app to multiple compute instances

• IP Protocol: Select TCP
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

• Source Port Range: All

• Destination Port Range: 80

12. Click Add Ingress Rules.

Create SSH Keys in Cloud Shell

ble
ra
You will create an SSH key pair to connect to your environment.

sfe
1. Open Cloud Shell.

n
tra
2. Once the Cloud Shell session is initiated, create and then move to .ssh directory.

n-
no
$ mkdir ~/.ssh (skip this step if the directory already exists)
$ cd ~/.ssh

. a
ide as
3. Create a new public and private key pair.

Gu ) h
$ ssh-keygen -b 2048 -o -t rsa -f key-lab02-<userID>
is m
th co
Where,
e il.
us ma

key-lab02-<userID> is the key name. Replace <userID> with your user ID. You will
to g

use this key name to connect to the compute instances you create.
se 5@

For example,
en a0

$ ssh-keygen -b 2048 -o -t rsa -f key-lab02-user22

lic sinh

4. Press Enter twice on your keyboard to skip entering the passphrase.

t
ra
am

Note: A passphrase is an additional layer of security. It protects your private

key from being used by someone who doesn’t know the passphrase.
(s
a
inh

5. List the two key files (public and private key) that you just created.
$ ls
tS
ra

You will observe two files listed in the output. One is the private key (key-lab02-
m

user22), and the other is the public key (key-lab02-user22.pub). Your files will
Sa

have your user ID in place of user22.

Note: You must never share the private key with anyone.

6. Run the following command to view the contents of the public key:
$ cat key-lab02-<userID>.pub

Copyright © 2023, Oracle and/or its affiliates.

Deploy a web app to multiple compute instances 23

For example,
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

$ cat key-lab02-user22.pub

You will see a random string like the one below as the output:
ssh-rsa
XXXXB3NzaC1yc2EAAAADAQABAAABAQCdQ9+4JM9GxCWPIDGFjO1tk4jkumO2zbhA
1ZaePxEGKwSFDEw/De7HU6wRh+Jbutkw9tOzlUr8FgAGNRgyWgaHbj5YX0h+LXWl
rIiTtBFpZkMYlMwJUAFTmMwWy12rGYeUD/Ba+KVlEYaMT1XY0DCa+SFyq48uWQwg

le
Qns8654UycwFzFsXvZvA1i48Mk63vuSTAw15vGLXXXXXX0jegHOhMGrNMRuE4eMK

b
SECP+CDFFgKb2oCzFz8KwywFuDciHAbMZru5qkiFGomeBvClDEU2BfMOV7k69kfi

ra
voxHHlnwxwgJulMeXrMLsE1/osZcy5s2Eon3WmxJqo1wAAAAAA

sfe
user22_E@3c15a0xxxxxx

n
tra
7. Copy the contents of the public key and save it to your notepad. Later, when pasting the

n-
key into the compute instance, make sure you remove any extra lines/characters that

no
may have been added while copying.

. a
ide as
Create Compute Instances

Gu ) h
1. Open the navigation menu and click Compute. Under Compute, click Instances.
is m
th co
2. Click Create instance and enter the following details:
e il.
us ma

a. Name: IAD-DOP-LAB02-1-VM-01
to g
se 5@

b. Create in compartment: Select your <assigned compartment>.

en a0

c.
lic sinh

Placement: Select AD1

d. Image and Shape:

t
ra
am

1) Image: Oracle Linux 8.x (latest version)

2) Click Change shape.

a
inh

Select Ampere in Shape series and select VM. Standard.A1.Flex shape name
tS

with 1 OCPU and change Amount of memory(GB) to 2GB memory. Click Select
ra

shape.
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

24 Deploy a web app to multiple compute instances

e. In the Networking section:
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

1) Primary network: Select existing virtual cloud network option

2) Virtual cloud network in <assigned compartment>: Select your existing VCN, that
is, IAD-DOP-LAB02-1-VCN-01.

3) Subnet: Choose Select existing subnet option.

ble
ra
4) Subnet in <assigned compartment>: Select your existing public subnet, that is,

sfe
Public Subnet-IAD-DOP-LAB02-1-VCN-01.

n
tra
5) Check the Assign a public IPv4 address option.

n-
no
f. Under Add SSH keys: Select Paste public keys and paste the public key key-
lab02-user22.pub contents from your notepad that you copied earlier.

. a
ide as
g. In the Boot volume section, leave all options as default.

Gu ) h
3. Click Create.
is m
th co
e il.

4. Repeat Steps 1 to 3 again to create a new instance with the name as IAD-DOP-LAB02-1-
us ma

VM-02.
to g
se 5@

5. Wait for both the instances to transition to the RUNNING state.

en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Deploy a web app to multiple compute instances 25

Configure Ansible Resources and Playbook
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You will set up Ansible clients to install and configure the web server.

Tasks

1. Within Cloud Shell, clone the GitHub repository to access the Ansible Playbook and the

le
host file to install and configure the Apache webserver.

b
ra
$ cd ~

sfe
$ git clone https://github.com/ou-developers/devops-lab02-
ansible.git

n
tra
2. Navigate to the cloned directory.

n-
$ cd ~/devops-lab02-ansible

no
. a
3. Open Code Editor. The tool bar is on the left side of the Code Editor window. Click

ide as
the Explorer (top) icon from the left-side menu within the Code Editor window.

Gu ) h
is m
Browse to the cloned Git directory to view the various files you have in the directory
th co
including index.html, hosts.yaml, and playbook.yaml for configuring Apache
e il.

webserver.
us ma

4. The hosts.yaml file contains a list of hosts which Ansible will be interacting with. In the
to g
se 5@

hosts.yaml file, you will add the Public IP Addresses of the compute instances you
en a0

created earlier.
lic sinh

a. Open hosts.yaml file to edit by clicking it.

t
ra

b. Replace <public-ip-vm1> and <public-ip-vm2> placeholders in the file with

your compute instances public IP address you created earlier.

(s
a
inh
tS
ra
m
Sa

Note: YAML files are sensitive to code indentation. Make sure you follow the indentation
properly.

Copyright © 2023, Oracle and/or its affiliates.

26 Deploy a web app to multiple compute instances

c. To get the Public IP Address for compute instances:
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

1) Open the navigation menu and click Compute. Under Compute, click Instances.

2) Copy the Public IP Address from the instance table for both the instances.
• IAD-DOP-LAB02-1-VM-01
• IAD-DOP-LAB02-1-VM-02

ble
Your hosts.yaml file will look like this:

ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.

Note: You must insert a colon (:) at the end of each IP.
us ma
to g

5. Save the changes by clicking File and Save.

se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Deploy a web app to multiple compute instances 27

Execute Ansible Playbook to Install and Configure
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Apache Hosts
You will review the Ansible Playbook code piece by piece and will execute it to install and
configure the Apache webserver in the two compute instances you created earlier in this lab.

Tasks

b le
ra
1. Open the Playbook.yaml file in the Code Editor and review the code.

sfe
n
The code snippet should look like this:

tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Where,
• name tag at the beginning of the playbook specifies the play name.
• hosts tag specifies the lists of hosts. The hosts tag is mandatory. It tells Ansible on
which hosts to run the listed tasks.
• remote_user tag specifies the user used to log in to the target hosts.

Copyright © 2023, Oracle and/or its affiliates.

28 Deploy a web app to multiple compute instances

• become: true denotes the privilege escalation to sudo.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

• tasks field contains the names and list of tasks to be performed. Tasks are the
actions to be performed on the hosts.

Your code has four tasks:

1) Ensure Apache is at the latest version.

ble
ra
This task uses the ansible.builtin.yum module which installs, removes,

sfe
upgrades, downgrades packages using yum.

n
• name tag specifies the rpm to be installed. Here httpd will be installed.

tra
• state tag specifies the rpm version to be installed. latest denotes that the

n-
no
latest available httpd version will be installed.

. a
2) Ensure Apache is running.

ide as
Gu ) h
This task uses the ansible.builtin.service module which controls services
on remote hosts. is m
th co
• name tag specifies the service to be controlled. It’s httpd in this case.
e il.
us ma

• state tag specifies the state in which the service should be. started
ensures that the HTTP service is always operational.
to g
se 5@

3) Copying file with playbook.

en a0
lic sinh

This task uses ansible ansible.builtin.copy module which is used to copy a

file.
t
ra

• src tag specifies the source file ~/devops-lab02-ansible/index.html.

• dest tag specifies the destination directory /var/www/html.

• owner tag specifies the user ownership for the copied file. Here the owner is
a
inh

user apache.
tS

• group tag specifies the group ownership for copied file. Here the group
owner is user apache.
ra
m

• mode tag specifies the permissions 0644 for the copied file.
Sa

4) Permit traffic in default zone for http service.

This task uses the Ansible ansible.posix.firewalld module which is used

add or remove services and ports in firewall rules.

Copyright © 2023, Oracle and/or its affiliates.

Deploy a web app to multiple compute instances 29

• service tag specifies the service to be added or removed from firewall.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Here http is to be added.

• permanent tag specifies if the service configuration will be persistent across
reboots. Set it to true to make httpd service persistent.
• state tag specifies the service state. Set it to enabled to enable httpd
service.

le
• immediate tag applies the configuration immediately if the value is set to

b
true.

ra
sfe
2. To launch a terminal panel in Code Editor, right-click the devops-lab02-ansible

n
tra
directory and click Open in terminal.

n-
3. Close the code editor and in the Cloud Shell, execute the Ansible Playbook:

no
$ ansible-playbook -i hosts.yaml playbook.yaml --key-file

. a
"~/.ssh/key-lab02-<userID>"

ide as
Gu ) h
Replace <userID> with your user ID.
For example,
is m
th co
$ ansible-playbook -i hosts.yaml playbook.yaml --key-file
e il.

"~/.ssh/key-lab02-user22"
us ma
to g
se 5@

4. After the playbook execution completes, both compute instances will have Apache installed
with incoming HTTP traffic allowed by the firewall.
en a0
lic sinh

The output should look like this (IP addresses have been censored):
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

30 Deploy a web app to multiple compute instances

5. To test whether the web server is running, enter the Public IP Addresses of the two
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Ansible clients “IAD-DOP-LAB02-1-VM-01 and IAD-DOP-LAB02-1-VM-02” into a

Web browser’s address bar and press Enter.

You will see a webpage that looks like this:

ble
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Deploy a web app to multiple compute instances 31

Purge Instructions
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

There are no purge instructions for this practice.

The resources created in this Lab must be retained as they will be used in the
Configuration Management and Infrastructure as Code: Replicate an existing Load
Balancer using terraform configuration scripts and OCI Resource manager (Lab 04-1) Lab.

b le
ra
sfe
n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

32 Deploy a web app to multiple compute instances

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h
ide as
. a Terraform
Lab 03-1 Practices
no
n-
tra
n
Configuration with

Estimated time: 30 minutes

sfe
ra
b le
Create a Reusable VCN
Configuration Management
and Infrastructure as Code:
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

There are multiple ways to create a VCN and subnet in the Oracle Cloud Console. Particularly if
you want to launch several VCNs with the same configuration, it’s beneficial to use Terraform
or Resource Manager to streamline and automate that process. Terraform can manage low-

b le
level components such as compute, storage, and networking resources, as well as high-level

ra
components such as DNS entries and SaaS features.

sfe
n
You’ll launch and destroy a VCN and subnet by creating Terraform automation scripts and

tra
issuing commands in Code Editor. Thereafter, you’ll download those Terraform scripts and

n-
create a stack by uploading them into Oracle Cloud Infrastructure Resource Manager. You’ll

no
then use that service to launch and destroy the same VCN and subnet.

. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t

In this lab, you’ll:

ra
am

a. Initialize your Terraform script.

(s
a

b. Create and destroy a VCN using Terraform.

inh

c. Create and destroy a VCN using Resource Manager.

tS
ra

For more information on Terraform Provider, see the OCI Terraform Provider
m

Documentation and for OCI Resource Manager, see the OCI Resource Manager
Sa

Documentation.

Copyright © 2023, Oracle and/or its affiliates.

34 Create a reusable VCN configuration with Terraform

Assumptions
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

• You are signed in to your Oracle Cloud Infrastructure (OCI) account using your
credentials.
• You are familiar with basic Linux commands.
• This lab assumes you’re working in the Ashburn region. The resource naming
convention (iad) used in this lab is according to Ashburn.

ble
If you’re working in a different region, change the resource names accordingly. For

ra
example, for Phoenix, use phx.

sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Create a reusable VCN configuration with Terraform 35

Initialize Your Terraform Script
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You’ll review and initialize your Terraform script.

Tasks

1. Click the Cloud Shell icon at the right of the OCI Console header.

b le
Note: The OCI CLI running in the Cloud Shell will execute commands against the region

ra
sfe
selected in the Console's region selection menu when the Cloud Shell was started.

n
2. Within Cloud Shell, clone the GitHub repository to access the Terraform scripts to launch

tra
and destroy a VCN and subnet.

n-
no
$ cd ~

. a
$ git clone https://github.com/ou-developers/devops-lab03-

ide as
terraform.git

Gu ) h
3. Navigate to the cloned directory. is m
th co
$ cd devops-lab03-terraform/
e il.
us ma

4. Open Code Editor. Code Editor allows you to view the files and source codes present in
the home directory within the Cloud Shell terminal.
to g
se 5@

The tool bar is on the left side of the Code Editor window. Click the Explorer (top) icon
en a0

from the left-side menu within the Code Editor window.

lic sinh

5. Browse to the cloned Git directory devops-lab03-terraform to view the various files
t
ra

you have in the directory including vcn.tf, terraform.tfvars, and

variables.tf files.
(s

Review the vcn.tf file that contains code to configure OCI Terraform.
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

36 Create a reusable VCN configuration with Terraform

ble
ra
sfen
tra
n-
no
. a
ide as
6. Right-click the devops-lab03-terraform folder from the left menu in Code Editor and

Gu ) h
open a new terminal by clicking Open in Terminal.
is m
th co
7. A new terminal opens in the split window as shown:
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

8. Initialize this directory for Terraform by running the below given command in the new
terminal window.
$ terraform init

9. Use ls -a and you should see that Terraform has created a hidden directory and file.

Copyright © 2023, Oracle and/or its affiliates.

Create a reusable VCN configuration with Terraform 37

Create and Destroy a VCN Using Terraform
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Terraform uses providers to interface between the Terraform engine and the supported cloud
platform. The Oracle Cloud Infrastructure (OCI) Terraform provider is a component that
connects Terraform to the OCI services that you want to manage.

You’ll create a Terraform script that will launch a VCN and subnet. You’ll then alter your script

le
and create two additional files that will apply a compartment OCID variable to your Terraform

b
ra
script.

sfe
Tasks

n
tra
n-
Edit Your Terraform Script

no
1. Open Code Editor and edit the vcn.tf in the cloned directory devops-lab03-

. a
terraform file as follows:

ide as
Gu ) h
a. Uncomment the VCN declaration code block by deleting the # at the start of the
is m
following lines as marked using the arrows.
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

38 Create a reusable VCN configuration with Terraform

b. Your code block should look like this:
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

ble
ra
sfen
tra
n-
no
. a
ide as
Note: Replace <your_assigned_compartment_ocid> with your assigned

Gu ) h
compartment OCID.
is m
To get your Compartment OCID:
th co
e il.

1) Navigate to Identity & Security, and click Compartments.

us ma
to g

2) Find your compartment name, hover the cursor over the OCID, and click
se 5@

Copy. Make sure you save the Compartment OCID in a notepad for later
en a0

use.
lic sinh

This snippet declares a resource block of type oci_core_vcn. The label that
t

Terraform uses for this resource is example_vcn.

ra
am

c. In the terminal within code editor, run the below command,

(s
a

$ terraform plan
inh

Upon execution of this command, Terraform would create a VCN. Because most of
tS

the parameters were unspecified, Terraform will list their values as “(known after
ra

apply).” You’ll see the compartment_id reflected in Terraform plan.

m
Sa

Note: You can ignore the “-out option to save this plan” warning for this
lab.

Note that terraform plan parses your Terraform configuration and creates an
execution plan for the associated stack, while terraform apply applies the
execution plan to create (or modify) your resources.

Copyright © 2023, Oracle and/or its affiliates.

Create a reusable VCN configuration with Terraform 39

d. In the vcn.tf file, add a display name and CIDR block to the code by uncommenting
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

the lines highlighted using arrows (Delete the # character at the start of the line.).

Note that we want to set the cidr_blocks parameter, rather than cidr_block
(which is deprecated). The region code IAD is used below, for the US East (Ashburn)
region.

b le
ra
sfe
n
tra
n-
no
. a
ide as
Gu ) h
e. After uncommenting the code block, it’ll look like this.
is m
th co
e il.
us ma
to g
se 5@

f. Save the changes and run terraform plan again in the Code Editor terminal
en a0

window.
lic sinh

$ terraform plan
t
ra

You should see the display name IAD-DOP-LAB03-1-VCN-01 and CIDR block
am

10.0.0.0/16 reflected in Terraforms plan.

(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

40 Create a reusable VCN configuration with Terraform

g. Now add a subnet to this VCN by deleting the start and end delimiters for multiline
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

comments /*..*/ from the given code block in the vcn.tf file as highlighted using
arrows. Replace <your_assigned_compartment_ocid> with your assigned
compartment OCID.

ble
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g

Note that the line where you set the vcn_id. Here you reference the OCID of the
se 5@

previously declared VCN, using the name given to Terraform: example_vcn. This
en a0

dependency makes Terraform provision the VCN and wait for OCI to return the OCID.
lic sinh

After the OCID is returned, provision the subnet.

t
ra

After editing the code block, it will look like this,

am
(s
a
inh
tS
ra
m
Sa

h. Run terraform plan in the code editor window:

$terraform plan

You will notice that terraform has updated plan to create the subnet IAD-DOP-
LAB03-1-SNT-01.

Copyright © 2023, Oracle and/or its affiliates.

Create a reusable VCN configuration with Terraform 41

Add Variables
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

1. Before moving on, there are a few ways to improve the existing code. Notice that the subnet
and VCN both need the compartment OCID. We can factor this out into a variable.

2. In the code editor window, review the variables.tf file in the cloned directory devops-
lab03-terraform.

b le
ra
sfe
n
tra
n-
variable.tf are files where all variables are declared.

no
. a
Notice the variable compartment_id of type string is declared.

ide as
Gu ) h
3. Open vcn.tf file in code editor and replace all instances of the compartment OCID with
var.compartment_id as follows: is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

4. Save your changes in vcn.tf

5. If you were to run terraform plan or apply now, Terraform would see a variable and
provide you a prompt to input the compartment OCID. Instead, you’ll provide the variable
value in a dedicated file.

Copyright © 2023, Oracle and/or its affiliates.

42 Create a reusable VCN configuration with Terraform

6. In the Code Editor, edit the file named terraform.tfvars available in the cloned
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

directory devops-lab03-terraform.

Terraform will automatically load values provided in a file with this name. Add the value for
the compartment ID in this file.

Note: Replace <your_assigned_compartment_ocid> with your Compartment OCID

le
you saved earlier.

b
ra
sfen
tra
n-
no
After editing the code block, it will look like this,

. a
ide as
Gu ) h
Be sure to save the file.
is m
th co
e il.

7. Run terraform plan in the Code Editor window:

us ma

$terraform plan
to g
se 5@

You’ll see the same output as before.

en a0

Provision the VCN

lic sinh

1. Run terraform apply in the Code Editor terminal window and confirm that you want to
t
ra

make the changes by entering yes at the prompt.

$terraform apply
(s

Note: On successful execution of the terraform apply command, you’ll see the
a
inh

following message:
tS

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

2. Verify the provision of VCN by navigating back to the OCI Console.

m
Sa

a. Open the navigation menu, click Networking, and then click Virtual Cloud Network.

b. Ensure you have selected your assigned compartment.

You should see your VCN. Click on your VCN IAD-DOP-LAB03-1-VCN-01 to see the
details. You should see its subnet IAD-DOP-LAB03-1-SNT-01 listed.

Copyright © 2023, Oracle and/or its affiliates.

Create a reusable VCN configuration with Terraform 43

Terminate the VCN
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

1. Navigate back to the Code Editor terminal, run terraform destroy.

$terraform destroy

2. Enter yes to confirm. You should see the VCN terminate. Refresh your browser if needed.

Note: On successful execution of terraform apply command, you’ll see the following

b le
message:

ra
Destroy complete! Resources: 2 destroyed.

sfe
n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

44 Create a reusable VCN configuration with Terraform

Create and Destroy a VCN Using Resource Manager
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You can better manage the infrastructure provisioned through Terraform by migrating to
Resource Manager instead of running Terraform locally in Cloud Shell or Code Editor. In this
section, we will reuse the Terraform code but replace the CLI with Resource Manager.

Tasks

ble
ra
1. Create a folder terraform_vcn on your local machine. Download the vcn.tf,

sfe
terraform.tfvars, and variables.tf files from Code Editor and move them to the

n
terraform_vcn folder to your local machine.

tra
n-
To download from Code Editor, right-click the file name in the Explorer panel and select

no
Download.

. a
Create a Stack

ide as
Gu ) h
1. Click the Navigation Menu in the upper-left corner and navigate to Developer Services.
is m
Under Resource Manager, click Stacks.
th co
e il.

2. Click Create stack.

us ma
to g

a. The first page of the form is for stack information.

se 5@

1) For the origin of the Terraform configuration, keep My configuration selected.

en a0
lic sinh

2) Stack configuration: Upload the terraform_vcn folder present in your local

machine.
t
ra
am

3) Custom providers: Use custom Terraform providers unchecked.

4) Name: IOD-DOP-LAB03-1-STK-01
a
inh

5) Description: This stack is created for Lab03.

tS
ra

6) Ensure that your assigned compartment is selected.

m
Sa

7) Click Next.

b. The second page is for variables.

1) Because you uploaded a terraform.tfvars file, Resource Manager will auto-

populate the variable for compartment OCID.

Copyright © 2023, Oracle and/or its affiliates.

Create a reusable VCN configuration with Terraform 45

2) Click Next.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

c. The third page is for review

1) Keep Run apply deselected.

2) Click Create. This will take you to the stack’s details page.

le
Run a Plan Job

b
ra
sfe
1. The stack itself is only a bookkeeping resource, no infrastructure is provisioned yet. From
the stack’s page, click Plan. A form will pop up.

n
tra
a.

n-
Name the job RM-Plan-01.

no
b. Click Plan again at the bottom to submit a job for Resource Manager to run

. a
terraform plan. This will take you to the job’s details page.

ide as
Gu ) h
2. Wait for the job to complete, and then view the logs. They should match what you saw when
you ran Terraform in Code Editor.
is m
th co
e il.

Run an Apply Job

us ma
to g

1. Go back to the stack’s details page (use the breadcrumbs), and click Apply. A form will pop
se 5@

up.
en a0

a. Name the job RM-Apply-01.

lic sinh

b. Under Apply job plan resolution, select the plan job we ran, that is RM-Plan-01
t
ra

(instead of “Automatically approve”). This makes it execute based on the previous plan,
am

instead of running a new one.

c.
a

Click Apply to submit a job for Resource Manager to run terraform apply. This will
inh

take you the job’s details page.

2. Wait for the job to finish. View the logs and confirm that it was successful.
ra
m

View the VCN

1. Navigate to VCNs in the Console through the navigation menu under Networking and
Virtual Cloud Networks.

2. You should see the VCN listed in the table with the name IAD-DOP-LAB03-1-VCN-01.
Click its name to go to its Details page.

Copyright © 2023, Oracle and/or its affiliates.

46 Create a reusable VCN configuration with Terraform

3. You should see the subnet listed with the name IAD-DOP-LAB03-1-SNT-01.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Run a Destroy Job

1. Go back to the stack’s details page in Resource Manager.

2. Click Destroy. Click Destroy again on the menu that pops up.

le
3. Wait for the job to finish. View the logs to see that it was completed successfully.

b
ra
sfe
4. Verify the termination of VCN by navigating back to the OCI Console.

n
tra
a. Open the navigation menu, click Networking, and then click Virtual Cloud Network.

n-
b. Ensure you have selected your assigned compartment.

no
. a
c. You will see your VCN IAD-DOP-LAB03-1-VCN-01 has been deleted by the

ide as
destroyed job.

Gu ) h
5. is m
In the Console, open the navigation menu and click Developer Services. Under Resource
th co
Manager, select Stacks.
e il.
us ma

6. For the stack IOD-DOP-LAB03-1-STK-01, click the three dots on the right to open the
to g

Actions menu. Select Delete and then click Delete to confirm.

se 5@

Congratulations! You’ve now created a Terraform configuration for a VCN, created and
en a0

destroyed the VCN through Terraform running locally in Cloud Shell/Code Editor, and created
lic sinh

and destroyed the VCN through managed Terraform in Resource Manager.

t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Create a reusable VCN configuration with Terraform 47

48
Sa
m
ra
tS
inh
a
(s
am
Purge Instructions

ra
t
lic sinh
There is no purge instruction for this lab.

en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h

Copyright © 2023, Oracle and/or its affiliates.

ide as
. a
no
n-
tra
n sfe
ra
b le

Create a reusable VCN configuration with Terraform

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co

Lab 04-1
is m
Gu ) h
ide as
. a
no
n-
tra
n sfe
Estimated Time: 45 minutes
ra
b le
OCI Resource Manager
Configuration Scripts and
Balancer Using Terraform
Replicate an Existing Load
Configuration Management
and Infrastructure as Code:
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

Resource Manager’s resource discovery allows you to generate Terraform based on existing
infrastructure. This allows use cases such as manually provisioning infrastructure during a
development cycle, then moving to Terraform for a deployment cycle. It also enables use

ble
cases such as migrating environments between regions or replicating environments for

ra
different purposes (for example, development, QA, or production).

sfen
In this lab, you’ll first manually provision a Load Balancer, add backend servers to it, and verify

tra
if the webpage hosted on the backend servers is accessible using Load Balancer’s Public IP

n-
Address. Then, you’ll use Resource Manager to generate Terraform configuration for the Load

no
Balancer. Finally, you’ll use that Terraform configuration to replicate the Load Balancer.

. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t

In this lab, you’ll:

ra
am

a. Set up the lab environment.

b.
a

Generate Terraform configuration using Resource Manager.

inh

c. Edit the auto-generated Terraform configuration.

tS
ra

d. Provision infrastructure using the auto-generated Terraform configuration.

m
Sa

For more information on Terraform Provider, see the OCI Terraform Provider
Documentation and for OCI Resource Manager, see the OCI Resource Manager
Documentation.

Copyright © 2023, Oracle and/or its affiliates.

50 Replicate an existing Load Balancer using terraform configuration scripts and OCI Resource manager
Prerequisites
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

• You must have completed the Configuration Management and Infrastructure as Code:
Deploy a web app to multiple compute instances (Lab02-1) lab.

Assumptions
• You are signed in to your Oracle Cloud Infrastructure (OCI) account using your

le
credentials.

b
ra
• You have the following resources available in your assigned compartment:

sfe
− Virtual Cloud Network: IAD-DOP-LAB02-1-VCN-01

n
tra
− Compute Instances: IAD-DOP-LAB02-1-VM-01 and IAD-DOP-LAB02-1-VM-02

n-
• You are familiar with basic Linux commands.

no
• This lab assumes you’re working in the Ashburn region. The resource naming

. a
convention (iad)used in this lab is according to Ashburn.

ide as
If you’re working in a different region, change the resource names accordingly. For

Gu ) h
example, for Phoenix, use phx.
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Replicate an existing Load Balancer using terraform configuration scripts and OCI Resource manager 51
Set Up the Lab Environment
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You will manually create a Load Balancer, add backend servers to it and verify if the webpage
hosted on the backend servers is accessible using Load Balancer’s Public IP Address.

Provision a Load Balancer

le
1. Open the navigation menu, click Networking, and then click Load Balancers.

b
ra
sfe
2. Select your <assigned compartment> from List scope on the left menu.

n
3.

tra
Click Create Load Balancer. Select Load Balancer as the Load Balancer Type and then
click Create Load Balancer towards the bottom of the window.

n-
no
4. In the Add Details section:

. a
ide as
a. Load Balancer Name: IAD-DOP-LAB04-1-LB-01

Gu ) h
b. Choose Visibility type: Select Public.is m
th co
c. Assign a public IP address: Select Ephemeral IP Address.
e il.
us ma

d. Under Bandwidth Shapes: Select Flexible shapes. Choose 10Mbps as both the
to g
se 5@

minimum and maximum bandwidth.

en a0

e. Leave Enable IPv6 Address Assignment box deselected.

lic sinh

f. Under Choose Networking section:

t
ra

1) Virtual cloud network in <assigned compartment>: Select your existing VCN,

that is, IAD-DOP-LAB02-1-VCN-01.

(s
a

2) Subnet in <assigned compartment>: Select your existing public subnet, that

inh

is, Public Subnet-IAD-DOP-LAB02-1-VCN-01 (regional).

3) Leave Use network security groups to control traffic box deselected.

ra
m

g.
Sa

Click Next.

5. In the Choose Backends section:

a. Specify a Load Balancing Policy: Select Weighted Round Robin.

b. Under Select Backend Servers, click Add Backends.

Copyright © 2023, Oracle and/or its affiliates.

52 Replicate an existing Load Balancer using terraform configuration scripts and OCI Resource manager
c. Select the servers created in the Configuration Management and Infrastructure as
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Code: Deploy a web app to multiple compute instances (Lab02-1) Lab as backends
and click Add Selected Backends:
• IAD-DOP-LAB02-1-VM-01
• IAD-DOP-LAB02-1-VM-02

d. Specify Health Check Policy: Leave the values as default.

le
b
ra
e. Leave Use SSL option deselected.

sfe
f. Click Next.

n
tra
6. In the Configure Listener section:

n-
no
a. Listener Name: IAD-DOP-LAB04-1-LST-01

. a
ide as
b. Specify the type of traffic your listener handles: Select HTTP

Gu ) h
c. Specify the port your listener monitors for ingress traffic: 80
is m
th co
d. Click Next.
e il.
us ma

7. In the Manage Logging section:

to g
se 5@

a. Disable Error Logs

en a0

b. Disable Access Logs

lic sinh

8. Click Submit.
t
ra
am

9. Once the Load Balancer is in Active state, copy its Public IP Address.
(s

Launch a Web browser, paste the copied IP address in the address bar and press Enter.
a
inh

You will see a webpage that looks like this:

tS
ra
m
Sa

This verifies that load balancer is routing traffic to backends servers.

Copyright © 2023, Oracle and/or its affiliates.

Replicate an existing Load Balancer using terraform configuration scripts and OCI Resource manager 53
Generate Terraform Script with Resource Manager
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You will create a stack in Resource Manager based on your assigned compartment. You’ll use
this stack to generate a Terraform configuration that describes the compartment's resources
(Load Balancer). Finally, you’ll update the Terraform file to use it to replicate the Load
Balancer.

le
Create a Stack from Existing Infrastructure

b
ra
sfe
1. Open the navigation menu and click Developer Services. Under Resource Manager, click

n
Stacks.

tra
n-
2. Select your <assigned compartment> from List scope on the left menu.

no
3. Click Create stack.

. a
ide as
a. Under Choose the origin of the Terraform configuration, select Existing

Gu ) h
compartment.
is m
th co
b. In the Stack configuration section:
e il.
us ma

1) Select your <assigned compartment>

to g
se 5@

2) Select the region you are working in.

en a0

For example, us-ashburn-1.

lic sinh

3) Under Terraform provider services, click Selected option.

t
ra
am

4) For Services, select load_balancer.

c. Make sure that the Use custom Terraform provider option under Custom providers
a

is not selected.
inh
tS

d. Enter a name for the stack: IAD-DOP-LAB04-1-STK-01

ra
m

e. Add a description: This stack is created from manual LB for Lab04.

f. Ensure that your <assigned compartment> is selected under Create in

compartment.

g. Click Next to progress from Stack information to Configure variables. There will be
no variables to configure.

Copyright © 2023, Oracle and/or its affiliates.

54 Replicate an existing Load Balancer using terraform configuration scripts and OCI Resource manager
h. Click Next to progress from Configure variables to Review. Confirm that the only
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

service listed for Terraform provider services is load_balancer.

i. Click Create.

4. Wait for the stack to finish creating. It will query Load Balancer service in your assigned
compartment.

le
b
Download Terraform Configuration

ra
sfe
1. You are on the Stack details page of your Stack IAD-DOP-LAB04-1-STK-01.

n
tra
2. Under the Stack information tab, click the download link for the Terraform

n-
configuration to download the configuration on your local machine.

no
3.

. a
This will download a .ZIP file containing three files. Extract the .ZIP file.

ide as
Note: For Mac users, use the command-line utility. For example,

Gu ) h
% unzip filename.zip -d terraform-lb is m
th co
e il.
us ma
to g
se 5@

4. There will be three files in the extracted folder:

en a0

• load_balancer.tf
lic sinh

• provider.tf
• vars.tf
t
ra
am

5. Open load_balancer.tf. Scroll through the code and identify different resource
(s

creation blocks.
a
inh

The Load Balancer’s Terraform configuration should look like this:

resource oci_load_balancer_load_balancer export_IAD-DOP-LAB04-1-

LB-01 {
ra

compartment_id = var.compartment_ocid
m

defined_tags = {
Sa

"Oracle-Tags.CreatedBy" = "prateek_devops"
"Oracle-Tags.CreatedOn" = "2022-11-10T09:48:38.235Z"
}
display_name = "IAD-DOP-LAB04-1-LB-01"
freeform_tags = {
}

Copyright © 2023, Oracle and/or its affiliates.

Replicate an existing Load Balancer using terraform configuration scripts and OCI Resource manager 55
ip_mode = "IPV4"
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

is_private = "false"
network_security_group_ids = [
]
#reserved_ips = <<Optional value not found in discovery>>
shape = "flexible"
shape_details {

le
maximum_bandwidth_in_mbps = "10"

b
minimum_bandwidth_in_mbps = "10"

ra
}

sfe
subnet_ids = [

n
tra
"ocid1.subnet.oc1.iad.aaaaaaaagzgdcge7ccqmjaiwyxxxxxxw65wmyy7lgr

n-
3sdfhjysmjmz4xxxxx",

no
]
}

. a
...

ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

56 Replicate an existing Load Balancer using terraform configuration scripts and OCI Resource manager
Edit Auto-Generated Terraform Script
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Before you can reupload the Terraform configuration generated by resource discovery, there
are a few fields that you need to edit.

Tasks

le
1. In the load_balancer.tf file, find the resource block of type

b
ra
oci_load_balancer_load_balancer.

sfe
2. Locate and edit the value of display_name variable to IAD-DOP-LAB04-1-LB-02. This

n
tra
is the name for the new load balancer to be provisioned.

n-
The file should look like this:

no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s

3. Save the load_balancer.tf file.

a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Replicate an existing Load Balancer using terraform configuration scripts and OCI Resource manager 57
Provision Infrastructure Based on the Auto-Generated
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Terraform Configuration
You will provision the Load Balancer from your Terraform configuration.

Create a New Stack from the Terraform configuration

le
1. Open the navigation menu and click Developer Services. Under Resource Manager, click

b
ra
Stacks.

sfen
2. Select your <assigned compartment> from List scope on the left menu.

tra
n-
3. Click Create stack.

no
a. Under Choose the origin of the Terraform configuration, select My configuration.

. a
ide as
b. In the Stack configuration section, select Folder as the source, and upload the

Gu ) h
extracted folder containing vars.tf, provider.tf, and load_balancer.tf.
is m
th co
c. Make sure that the Use custom Terraform provider option under Custom providers
e il.

is not selected.
us ma
to g

d. Enter a name for the stack: IAD-DOP-LAB04-1-STK-02

se 5@

e. Add a description: This stack will replicate an existing load

en a0

balancer with backend sets for Lab04.

lic sinh

f. Ensure that your <assigned compartment> is selected under Create in

t
ra

compartment.
am

g. Click Next to progress from Stack information to Configure variables. Verify the
(s

values for the following auto-populated variables:

a
inh

1) compartment_ocid: is the OCID of your <assigned compartment>.

tS
ra

2) region: The region you’re working in. Here we have assumed us-ashburn-1.
m
Sa

h. Click Next to progress from Configure variables to Review. Check the Run apply
box.

i. Click Create. This will take you to the stack’s details page.

Copyright © 2023, Oracle and/or its affiliates.

58 Replicate an existing Load Balancer using terraform configuration scripts and OCI Resource manager
4. After the Apply job finishes executing, open the navigation menu, click Networking, and
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

then click Load Balancers.

5. You will notice a new load balancer has been provisioned by the name IAD-DOP-LAB04-
1-LB-02.

6. Once the Load Balancer is in Active state, copy its Public IP Address.

le
Launch a Web browser, paste the copied IP address in the address bar and hit Enter.

b
ra
sfe
You will see a webpage that looks like this:

n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@

Congratulations! You created a Load Balancer manually and added backend servers to it. You
en a0

then created a Terraform configuration stack for this load balancer using Resource Manager.
lic sinh

Further you reused the Terraform configuration stack to replicate the existing Load Balancer.
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Replicate an existing Load Balancer using terraform configuration scripts and OCI Resource manager 59
Purge Instructions
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Purge Instructions for Stacks

1. Open the navigation menu and click Developer Services. Under Resource Manager, click
Stacks to go to the list of available stacks.

le
2. Select your <assigned compartment> from List scope on the left menu.

b
ra
3. Click the name of the first stack you created IAD-DOP-LAB04-1-STK-01 to go to its

sfe
details page.

n
tra
a. Click Destroy.

n-
no
b. Wait for the destroy job to finish. Then click Stack details in the breadcrumbs menu

. a
to go back.

ide as
Gu ) h
c. Click More actions, then click Delete stack. Click Delete to confirm. This will take you
back to the list of available stacks.is m
th co
d. Open the navigation menu, click Networking, and then click Load Balancers. You will
e il.
us ma

notice that the Load Balancer IAD-DOP-LAB04-1-LB-01 has been terminated.

to g
se 5@

4. Click the name of the second stack you created IAD-DOP-LAB04-1-STK-02 to go to its
details page.
en a0
lic sinh

a. Click Destroy.
t

b. Wait for the destroy job to finish. Then click Stack details in the breadcrumbs menu
ra
am

to go back.
(s

c. Click More actions, then click Delete stack. Click Delete to confirm. This will take you
a

back to the table of stacks.

inh
tS

d. Open the navigation menu, click Networking, and then click Load Balancers. You will
ra

notice that the Load Balancer IAD-DOP-LAB04-1-LB-02 has been terminated.

m
Sa

Purge Instructions for Compute Instances

1. Open the navigation menu and click Compute. Under Compute, click Instances.

2. Select your <assigned compartment> from the List scope on the left menu.

Copyright © 2023, Oracle and/or its affiliates.

60 Replicate an existing Load Balancer using terraform configuration scripts and OCI Resource manager
3. For each of the instances IAD-DOP-LAB02-1-VM-01 and IAD-DOP-LAB02-1-VM-02,
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

click the three dots on the right to open the Actions menu.

4. Click Terminate and select Permanently delete the attached boot volume.

5. Click Terminate instance.

Purge Instructions for Virtual Cloud Network

le
b
ra
1. Open the navigation menu, click Networking, and then click Virtual Cloud Networks.

sfe
2. Select your <assigned compartment> from List scope on the left menu.

n
tra
n-
3. From the list of VCNs, select IAD-DOP-LAB02-1-VCN-01.

no
4. Click Delete.

. a
ide as
a. Keep Search compartments for resources associated with this VCN selected.

Gu ) h
b. Select Specific Compartments. is m
th co
e il.

c. Select your <assigned compartment>

us ma

d. Click Scan.
to g
se 5@

e. Once the scan completes, click Delete All to terminate the VCN and related
en a0

resources.
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Replicate an existing Load Balancer using terraform configuration scripts and OCI Resource manager 61
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

62
Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h

Copyright © 2023, Oracle and/or its affiliates.

ide as
. a
no
n-
tra
n sfe
ra
b le

Replicate an existing Load Balancer using terraform configuration scripts and OCI Resource manager
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h
ide as
. a
Lab 05-1 Practices
no
n-
tra
n
Estimated time: 45 minutes
sfe
ra
b le
Simple Web Application
Create a Custom Stack to
Configuration Management
and Infrastructure as Code:

Deploy a HA Load Balanced

Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

The Oracle Cloud Infrastructure (OCI) Resource Manager is a fully managed service that lets
you provision infrastructure resources on OCI using Terraform. You can bring in your
Terraform template definition and easily create and manage your infrastructure resources.

ble
This allows you to automate provisioning and management of OCI resources such as

ra
Compute, Networking, Storage, IAM, and so on using infrastructure-as-code.

sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh

In this lab, you’ll:

• Generate SSH keys using Cloud Shell.

ra
am

• Create custom Resource Manager stack.

• Plan and Apply jobs.

• Destroy job.
inh
tS

For more information on OCI Resource Manager, see the OCI Resource Manager
Documentation.
ra
m
Sa

Prerequisites
• You must have an Oracle Cloud Infrastructure account.
• Download the GitHub code (.zip) from the following link:
https://github.com/ou-developers/orm-lbcs-demo/archive/refs/heads/main.zip
• You have basic know-how of Linux commands.

Copyright © 2023, Oracle and/or its affiliates.

64 Create a custom stack to deploy a HA load balanced simple web application

Sa
m
Assumptions

ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.

Create a custom stack to deploy a HA load balanced simple web application

th co
is m
Gu ) h

Copyright © 2023, Oracle and/or its affiliates.

ide as
. a
no
You will replace the <userID> placeholder with your user ID.

n-
tra
n sfe
ra
b le

65
Create SSH Keys Using Cloud Shell
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Cloud Shell is a small virtual machine running a bash shell which you access from within the
OCI Console. In addition to a preauthenticated OCI CLI (Command Line Interface) set to the
Console tenancy home page region, Cloud Shell comes preinstalled with current versions of
many useful tools and utilities such as Git, Java, Python, kubectl, terraform, Docker engine,
and so on.

ble
ra
Task

sfen
1. Sign in to your Oracle Cloud Infrastructure (OCI) account.

tra
n-
2. Open Cloud Shell.

no
3. Once the Cloud Shell session is initiated, move to the .ssh directory.

. a
$ cd ~/.ssh

ide as
Gu ) h
4. Create new public and private keys.
is m
$ ssh-keygen -b 2048 -o -t rsa -f key-lab05-<userID>
th co
e il.

Where,
us ma

key-lab05-<userID> is the keyname. Replace <userID> with your user ID. You will
to g

use this keyname to connect to any compute instances you create.

se 5@
en a0

For example,
$ ssh-keygen -b 2048 -o -t rsa -f key-lab05-user22
lic sinh

5. Press Enter twice on your keyboard to skip entering the passphrase.

t
ra
am

Note: A passphrase is an additional layer of security. It protects your private key from
(s

being used by someone who doesn’t know the passphrase.

a
inh

6. List the two key files (public and private key) that you just created.
$ ls
tS
ra

In the output, two files are listed, a private key: key-lab05-user22 and a public
m

key: key-lab05-user22.pub. You will see these two files with your user ID in place of
Sa

user22.

You must keep the private key safe and never share it with anyone.

Copyright © 2023, Oracle and/or its affiliates.

66 Create a custom stack to deploy a HA load balanced simple web application

7. Run the following command to view the contents of the public key:
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

$ cat key-lab05-<userID>.pub

For example,
$ cat key-lab05-user22.pub

You will see a random string like the one below as the output:
ssh-rsa

le
XXXXB3NzaC1yc2EAAAADAQABAAABAQCdQ9+4JM9GxCWPIDGFjO1tk4jkumO2zbhA1Za

b
ra
ePxEGKwSFDEw/De7HU6wRh+Jbutkw9tOzlUr8FgAGNRgyWgaHbj5YX0h+LXWlrIiTtB

sfe
FpZkMYlMwJUAFTmMwWy12rGYeUD/Ba+KVlEYaMT1XY0DCa+SFyq48uWQwgQns8654Uy
cwFzFsXvZvA1i48Mk63vuSTAw15vGLXXXXXX0jegHOhMGrNMRuE4eMKSECP+CDFFgKb

n
tra
2oCzFz8KwywFuDciHAbMZru5qkiFGomeBvClDEU2BfMOV7k69kfivoxHHlnwxwgJulM

n-
eXrMLsE1/osZcy5s2Eon3WmxJqo1wKYX5M5Z1 mahendra_E@3c15a0xxxxxx

no
8. Copy the contents of the public key and save it to your notepad. Later, when pasting the

. a
key into the compute instance, make sure you remove any hard returns that may have

ide as
been added when copying.

Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Create a custom stack to deploy a HA load balanced simple web application 67

Create Custom Resource Manager Stack
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

A Stack represents the definitions for a collection of OCI resources within a specific
compartment.

You’re going to configure a new stack in your assigned compartment and name it "HA Load
Balanced Simple Web App". As the stack's name suggests, the configuration files define a load

le
balancer, network, and compute resources to deploy the target architecture along with a HTTP

b
ra
server.

sfe
Tasks

n
tra
n-
1. Download HA Load Balanced Simple Web App and save to your local machine.

no
2. In the Console, open the navigation menu and click Developer Services. Under Resource

. a
Manager, select Stacks.

ide as
Gu ) h
3. Select your <assigned compartment> from List scope on the left menu.
is m
th co
4. Click Create Stack.
e il.
us ma

5. Select My Configuration. Under Stack configuration, select .Zip file.

to g
se 5@

6. Click Browse and select the orm-lbcs-demo-main.zip file from your local machine to
upload.
en a0
lic sinh

7. Make sure that the Use custom Terraform provider option under Custom providers is
not selected.
t
ra
am

8. Under Working directory, enter the following details in the form:

• Name: IAD-DOP-LAB05-1-STK-01
a

• Description: Provisions a primary load balancer and a failover

inh

load balancer into public subnets distributing load across 2

compute instances hosting a simple web app application.

• Create in Compartment: Select your <assigned compartment>.

• Terraform Version: Select 1.0.x

9. Click Next to configure variables for the infrastructure resources that this stack creates
when you run the apply job for this execution plan.

Copyright © 2023, Oracle and/or its affiliates.

68 Create a custom stack to deploy a HA load balanced simple web application

You will notice the variables values are auto-populated with following details:
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

• Select a Flex Load Balancer with Minimum and Maximum Bandwidth: 10Mbps for
both minimum and maximum bandwidth
• Select Compute Shape: VM.Standard.A1.Flex
• Select Availability Domain: 1
• SSH Key Configuration: Select Paste ssh keys and paste the public key key-

le
lab05-<userID>.pub contents copied earlier in your notepad.

b
ra
• Virtual Cloud Network Configuration:

sfe
− Enter your VCN Name: VCN01

n
tra
− Enter your CIDR Block: 10.0.0.0/16

n-
− Enter your Subnet Name: Subnet

no
10. Click Next. Verify your configuration variables.

. a
ide as
11. Leave the Run apply deselected and click Create.

Gu ) h
12. Review the newly configured stack details. is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Create a custom stack to deploy a HA load balanced simple web application 69

Plan & Apply Jobs
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Jobs perform actions against the Terraform configuration files associated with a stack. You
can perform three actions: Plan, Apply and Destroy.

Since Terraform command execution is not atomic, it is crucial to prevent any race conditions
or state corruption from occurring due to parallel execution. To prevent this from happening,

le
the Resource Manager ensures only one job can run against a stack at a given time against a

b
ra
single state file.

sfe
You can completely manage the stack's configuration (that is, update, delete, add tags, edit

n
tra
variables), and download the zip archive containing the latest Terraform configuration from

n-
the Stack details page.

no
Tasks

. a
ide as
Run a Plan Job

Gu ) h
1.
is m
The stack itself is only a bookkeeping resource, no infrastructure is provisioned yet. From
th co
the stack’s page, click Plan. A form will pop up.
e il.
us ma

a. Name the job RM-Plan-01.

to g
se 5@

b. Click Plan again at the bottom to submit a job for Resource Manager to run
en a0

terraform plan. This will take you to the job’s details page.
lic sinh

2. Wait for the job to complete, and then view the logs. They should match what you saw when
t

you ran Terraform in Code Editor.

ra
am

Run an Apply Job

(s
a

1. Go back to the stack’s details page (use the breadcrumbs) and click Apply. A form will pop
inh

up.
tS

a. Name the job RM-Apply-01.

ra
m

b. Under Apply job plan resolution, select the plan job we ran, that is RM-Plan-01
Sa

(instead of “Automatically approve”). This makes it execute based on the previous plan,
instead of running a new one.

c. Click Apply to submit a job for Resource Manager to run terraform apply. This will
take you the job’s details page.

Copyright © 2023, Oracle and/or its affiliates.

70 Create a custom stack to deploy a HA load balanced simple web application

2. Wait for the job to finish. View the logs and confirm that it was successful.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Note: Once the window closes, notice the job's state appears as Accepted - which
indicates that the platform is spinning up resources needed for executing the command,
followed by In Progress and then finally either Succeeded or Failed.

3. Once the apply job succeeds, you can check the provisioned resources have been

le
provisioned by reading the Terraform output contained within the logs.

b
ra
View the Provisioned Resources

sfen
1. You can also view the provisioned resources by navigating to the services page.

tra
n-
a. Open the navigation menu. Under Compute, click Instances and select your

no
<assigned compartment> from List scope on the left menu.

. a
You will see the two instances provisioned by the apply job with the names IAD-DOP-

ide as
LAB05-1-VM-01 and IAD-DOP-LAB05-1-VM-02.

Gu ) h
is m
b. Open the navigation menu. Under Networking, click Virtual Cloud Networks and
th co
select your <assigned compartment> from List scope on the left menu.
e il.
us ma

You will see the VCN IAD-DOP-LAB05-1-VCN-01 provisioned by the apply job. Click
to g
se 5@

IAD-DOP-LAB05-1-VCN-01 to see resources created under this VCN.

en a0

c. Open the navigation menu. Under Networking, click Load Balancers and select your
lic sinh

<assigned compartment> from List scope on the left menu.

You will see the Load Balancer IAD-DOP-LAB05-1-LB-01 provisioned by the apply
ra
am

job. The Health Status of the Load Balancer will need a few minutes to get into OK
status.
(s
a
inh

2. As the Load Balancer changes state to Active, copy it’s Public IP Address and paste it
into the address bar in a web browser.
tS
ra

You will reach the sample webpage as shown below. The webpage body displays the
m

private IP Address of the web server you are connected to. If you refresh the webpage a
Sa

few times, the web server IP changes, indicating that the Load Balancer is balancing the
traffic between the two web servers.

Copyright © 2023, Oracle and/or its affiliates.

Create a custom stack to deploy a HA load balanced simple web application 71

le
3. You can also see the Load Balancer in action using Cloud Shell. Run the following

b
ra
command:

sfe
$ for counter in {1..10}; do curl http://<LBPublicIPAddress>/;
done

n
tra
Here, replace <LBPublicIPAddress> with the IP Address you copied in the previous

n-
no
step, for example,
$ for counter in {1..10}; do curl http://129.X.X.47/; done

. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0

You will notice the curl requests are served alternatively by two backend servers. Observe
lic sinh

the different private IPs of Web Server the page is being fetched from.
t

4. Let’s test the SSH connection to the backend web servers using the private key key-
ra
am

lab05-<userID> available in the Cloud Shell.

a. Open Cloud Shell and move to the ~/.ssh directory

$ cd ~/.ssh
inh
tS

b. Run the following command to connect to “IAD-DOP-LAB05-1-VM-01” compute

instance:
m

$ ssh -i key-lab05-<userID> opc@<InstancePublicIPAddress>

Where,

 -i is the flag used to specify the private key.

 key-lab05-<userID> is the private key file name.

Copyright © 2023, Oracle and/or its affiliates.

72 Create a custom stack to deploy a HA load balanced simple web application

 opc is the default username used to log in to Linux instances on OCI.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

 Replace the <InstancePublicIPAddress> with the public IP of the “IAD-DOP-

LAB05-1-VM-01” from the Compute Instance page.

For example,
$ ssh -i key-lab05-user22 [email protected]

ble
When prompted type ‘yes’ and you should be able to SSH into the “IAD-DOP-LAB05-

ra
1-VM-01” compute instance.

sfen
c. To come out of the SSH session, type exit

tra
$ exit

n-
no
You can repeat the above steps to test SSH connection for the “IAD-DOP-LAB05-1-VM-02”

. a
compute instance.

ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Create a custom stack to deploy a HA load balanced simple web application 73

Destroy Job
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You have successfully applied the Resource Manager Stack configuration to provision OCI
resources. Let's now revisit the Stack details page and use the destroy job to tear it all down.

Tasks

le
1. In the Console, open the navigation menu and click Developer Services. Under Resource

b
ra
Manager, select Stacks.

sfe
2. Select your <assigned compartment> from List scope on the left menu.

n
tra
3. On the Stacks page, click the stack you created IAD-DOP-LAB05-1-STK-01.

n-
no
4. On the Stack details page, click Destroy to initiate a destroy job.

. a
ide as
5. Provide job name as RM-Destroy-01. Click Destroy.

Gu ) h
Note: Once the window closes, notice the job's state appears as Accepted - which
is m
th co
indicates that the platform-deleting resources needed for executing the command,
e il.

followed by In Progress and then finally either Succeeded or Failed.

us ma

6. Once the delete job succeeds, you can verify the resources provisioned by the apply job
to g
se 5@

are deleted.
en a0

7. You can also check the resources are no longer available by navigating to the services
lic sinh

page.
t
ra

a. Open the navigation menu. Under Compute, click Instances and select your
am

<assigned compartment> from List scope on the left menu.

You will see the two instances IAD-DOP-LAB05-1-VM-01 and IAD-DOP-LAB05-1-

a
inh

VM-02 have been terminated by the Destroy job.

b. Open the navigation menu. Under Networking, click Virtual Cloud Networks and
ra

select your <assigned compartment> from List scope on the left menu.
m
Sa

You will see the VCN IAD-DOP-LAB05-1-VCN-01 has been deleted by the destroy
job.

Copyright © 2023, Oracle and/or its affiliates.

74 Create a custom stack to deploy a HA load balanced simple web application

c. Open the navigation menu. Under Networking, click Load Balancers and select your
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

<assigned compartment> from List scope on the left menu.

You will see the Load Balancer IAD-DOP-LAB05-1-LB-01 has been deleted by the
destroy job.

Congratulations! You have successfully provisioned a high availability load balanced sample

le
application using the Resource Manager Stack configuration and executed the destroy job to

b
terminate the OCI resources provisioned by the apply job.

ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Create a custom stack to deploy a HA load balanced simple web application 75

Purge Instructions
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Purge instructions for Resource Manager Stack

1. In the Console, open the navigation menu and click Developer Services. Under Resource
Manager, select Stacks.

le
2. For the stack IAD-DOP-LAB05-1-STK-01, click the three dots on the right to open the

b
ra
Actions menu. Select Delete and then click Delete to confirm.

sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

76 Create a custom stack to deploy a HA load balanced simple web application

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h
ide as
. a
Lab 06-1 Practices no
n-
tra
Using Dockerfile

Estimated Time: 30 minutes n sfe

ra
b le
Microservice and Container

Image for a Web Application

Orchestration: Create Docker
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

There are certain ways for creating, running, and deploying applications in containers using
Docker. A Docker image contains application code, libraries, tools, dependencies, and other files
needed to make that application run.

b le
ra
In this lab, you will create a Docker image using a Dockerfile, which will further be used to build a

sfe
container that can run on the Docker platform.

n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma

In this lab, you’ll:

to g
se 5@

a. Access the Dockerfile.

en a0
lic sinh

b. Build the Docker image.

c. Run your Docker image as a container.

ra
am

d. Access the web application running within the container.

(s
a

e. Delete the Docker container.

inh
tS

For more information on Docker, see the OCI Docker Documentation.

Assumptions
m
Sa

• You are signed in to your Oracle Cloud Infrastructure (OCI) account using your
credentials.
• You have access to the Git repository link that contains the Dockerfile.
• You will replace the <userID> placeholder with your user ID.

Copyright © 2023, Oracle and/or its affiliates.

78 Create Docker image for a web application using Dockerfile

Access the Dockerfile
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Access the Dockerfile needed to generate the Docker image by cloning a Git repository.

Tasks

1. Open Cloud Shell.

ble
2. Within Cloud Shell, clone the GitHub repository to access the sample Dockerfile which is a

ra
sfe
simple Nginx HelloWorld application that you will use to build the Docker image.

n
tra
$ cd ~

n-
no
$ git clone https://github.com/ou-developers/docker-helloworld-demo

. a
3. Navigate to the cloned directory.

ide as
$ cd docker-helloworld-demo/

Gu ) h
4. is m
Open Code Editor. Code Editor allows you to view the files and source codes present in the
th co
home directory within the Cloud Shell terminal.
e il.
us ma

The tool bar is on the left side of the Code Editor window. Click the Explorer (top) icon from
to g

the left-side menu within the Code Editor window.

se 5@

Browse to the cloned Git directory “docker-helloworld-demo” to view the various files
en a0

you have in the directory including application code and Dockerfile for creating the sample
lic sinh

Nginx application.
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Create Docker image for a web application using Dockerfile 79

Build the Docker Image
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You’re using Cloud Shell as your development environment which comes preinstalled with
Docker.

Tasks

le
1. Check the Docker version using the following command in Cloud Shell. It will return a string

b
ra
with the Docker version installed.

sfe
$ docker -v
For example, Docker version 19.03.11-ol, build 9bb540d

n
tra
2. Check for existing Docker images in the Cloud Shell.

n-
no
$ docker images

. a
It will return an empty response because there are no docker images at present.

ide as
Gu ) h
3. Create a docker image for the sample Web Application using the docker build
is m
command. This command needs Dockerfile as one of its parameters.
th co
$ docker build -t oci_sample_webapp_<userID>:<tag> .
e il.
us ma

For example,
to g

$ docker build -t oci_sample_webapp_user22:1.0 .

se 5@

Where,
en a0

• -t is the switch used to specify the image name.

lic sinh

• Enter an image name using this format: oci_sample_webapp_<userID>.

t
ra

Replace <userID> with your user ID.

For example, oci_sample_webapp_user22.

• A tag is used to give the image a version. In this lab, you will use 1.0 as tag.
a

• You are currently in the cloned directory which contains the Dockerfile. Use “.” as the
inh

relative path at the end of the command.

tS
ra

4. Upon successful build of a Docker image, verify the image in the local repository using the
m

following command:
Sa

$ docker images

You’ll see two entries in the output. One is the base image “nginx”, and the other is the
custom Docker image for the Web Application “oci_sample_webapp_<userID>”.

Copyright © 2023, Oracle and/or its affiliates.

80 Create Docker image for a web application using Dockerfile

Run Your Docker Image as a Container
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Your Docker image holds the application that you want Docker to run as a container.

Tasks

1. Use the docker run command to spin a container based on the image created.

le
$ docker run -d --name webapp-<userID> -p 80:80/tcp

b
oci_sample_webapp_<userID>:<tag>

ra
sfe
Where,

n
tra
• -d flag is used to run container in background and print CONTAINER_ID.

n-
• --name flag is used to assign a name to the container.

no
• -p flag is used to publish container port 80 to the host machine port 80.

. a
• Replace <userID> with your user ID.

ide as
Gu ) h
For example,
is m
$ docker run -d --name webapp-user22 -p 80:80/tcp
th co
oci_sample_webapp_user22:1.0
e il.
us ma

Note: This command returns the CONTAINER_ID of the container started in the
background.
to g
se 5@

2. Check the container that is currently running using the docker ps command.
en a0

$ docker ps
lic sinh

You will see a container running with the name webapp-<userID> and a corresponding
t
ra

CONTAINER_ID.
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Create Docker image for a web application using Dockerfile 81

Access the Web Application Running Within the
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Container
Verify whether you can access the web application that is running in your container. Once you
have verified, stop the running container.

Tasks

b le
ra
1. Use the curl command to connect to the local host on port 80 to access the web

sfe
application.

n
$ curl -k http://127.0.0.1:80

tra
n-
The output must display the webpage code. This confirms that your web application is up

no
and running.

. a
ide as
2. Get the CONTAINER_ID and copy it on a notepad to use it in your next step.

Gu ) h
$ docker ps -a
is m
3. Stop the running container.
th co
$ docker stop <CONTAINER_ID>
e il.
us ma

For example,
to g

$ docker stop ffab54628f8f

se 5@
en a0

4. Use the curl command to connect to the localhost on port 80 to access the web application.
lic sinh

$ curl -k http://127.0.0.1:80

Output: curl: (7) Failed to connect to 127.0.0.1 port 80 after 0 ms:

t
ra

Connection refused
am
(s

This time output will return the above mentioned error, because the container running the
a

application is no longer active.

inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

82 Create Docker image for a web application using Dockerfile

Delete the Docker Container
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Clean up your resources by removing the container used in this lab.

Tasks

1. Check the status of all the containers in the system.

le
$ docker ps -a

b
ra
The status for the container must show exited which means the container is stopped.

sfen
2. Delete the existing container using the rm flag.

tra
$ docker rm webapp-<userID>

n-
no
For example,

. a
$ docker rm webapp-user22

ide as
Gu ) h
Output: webapp-user22
is m
Note: On successful deletion it’ll return the container name.
th co
e il.

3.
us ma

Verify if the container is deleted.

$ docker ps -a
to g
se 5@

The container entry should be gone.

en a0

Important Note: Do not delete the Docker image created in this lab, because it will be used
lic sinh

as an artifact in the upcoming labs.

t
ra
am
(s

Congratulations! You have successfully built and containerized a docker image.

a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Create Docker image for a web application using Dockerfile 83

84
Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h

Copyright © 2023, Oracle and/or its affiliates.

ide as
. a
no
n-
tra
n sfe
ra
b le

Create Docker image for a web application using Dockerfile

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h
ide as
. a
Lab 07-1 Practices no
n-
tra
n
Using Docker CLI

sfe
Estimated Time: 30 minutes

ra
b le
and Push and Pull Images
Microservices and Container
Orchestration: Manage OCIR
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

The development to production workflow can be made simpler with the help of an Oracle-
managed registry. For developers, Container Registry makes it simple to store, share, and
manage container images (such as Docker images).

b le
ra
In this lab, you will create a Container Registry and will also perform some basic operations

sfe
such as push and pull a Docker image.

n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0

In this lab, you’ll:

lic sinh

a. Create an Auth Token.

t
ra

b. Create a new Container Repository.

am
(s

c. Sign in to Oracle Cloud Infrastructure Registry (OCIR) from the Cloud Shell.
a
inh

d. Tag the Docker image.

e. Push the tagged Docker image to OCIR Repository.

ra
m

f. Verify if the image has been pushed.

g. Pull the image from OCIR Repository.

For more information on Oracle Cloud Infrastructure Registry (OCIR), see the OCI Container
Registry Documentation.

Copyright © 2023, Oracle and/or its affiliates.

86 Manage OCIR and push and pull images using Docker CLI
Prerequisites
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

• You must complete the following lab to use the same Docker image
“oci_sample_webapp_<userID>” to perform tasks for this practice:
− Microservice and Container Orchestration: Create Docker image for a web
application using Dockerfile (Lab06-1).

le
Assumptions

b
ra
• You are signed in to your Oracle Cloud Infrastructure account using your credentials.

sfe
• You will replace the <userID> placeholder with your user ID.

n
tra
• You will replace the <tenancy-namespace> and <username> values from the info

n-
given in the Profile menu.

no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Manage OCIR and push and pull images using Docker CLI 87
Create an Auth Token
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Create an auth token to use with Oracle Cloud Infrastructure Registry (OCIR).

Tasks

1. In the top-right corner of the OCI Console, open the Profile menu, and then click User

le
Settings.

b
ra
sfe
2. On the Auth Tokens page, click Generate Token.

n
Note: Each user can only have two auth tokens at a time.

tra
n-
3. Enter IAD-DOP-LAB07-1-AT-01, as a friendly description for the auth token.

no
. a
4. Click Generate Token. The new auth token is displayed. Here’s a sample of how an auth

ide as
token looks like: R5kwpS-xxxxx((]51r]]. It’ll be different in your case.

Gu ) h
Note: Copy the auth token to a notepad because you won't see the auth token again in
is m
th co
the Console. You’ll need this auth token later in this and other labs.
e il.
us ma

For example,
R5kwpS-xxxxx((]51r]]
to g
se 5@

5. Click Close.
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

88 Manage OCIR and push and pull images using Docker CLI
Create a New Container Repository
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Create an empty repository in a compartment and give it a name that's unique across all
compartments in the tenancy. Having created the new repository, you can push an image to
the repository using the Docker CLI.

Tasks

ble
ra
1. Check if you can access Oracle Cloud Infrastructure Registry (OCIR):

sfe
a. In the Console, open the navigation menu and click Developer Services. Under

n
tra
Containers & Artifacts, click Container Registry.

n-
b. Select your <assigned compartment> from List scope on the left menu.

no
. a
c. Review the repositories that already exist. This lab assumes that no repositories have

ide as
been created yet.

Gu ) h
2. Click Create Repository. is m
th co
e il.

3. Select your <assigned compartment> to create a new repository.

us ma

4. Enter a name for the new repository: <region-key>-dop-lab07-1-ocir-

to g
se 5@

1/oci_sample_webapp_<userID>
en a0

Where,
lic sinh

• <region-key> is the key for the Oracle Cloud Infrastructure Registry region you're
t

using. For example, iad is the region key for US EAST (Ashburn) region. See the
ra
am

Availability by Region topic in the Oracle Cloud Infrastructure documentation.

• Replace <userID> with your user ID.
(s
a
inh

For example, iad-dop-lab07-1-ocir-1/oci_sample_webapp_user22

5. Select the Private option to limit access to the new repository.

ra
m

6. Click Create Repository.

Copyright © 2023, Oracle and/or its affiliates.

Manage OCIR and push and pull images using Docker CLI 89
Sign In to OCIR from the Cloud Shell
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Once you have generated the auth token and created a new repository, sign in to Oracle Cloud
Infrastructure Registry (OCIR) from Docker CLI in the cloud shell.

Tasks

le
1. Open Cloud Shell.

b
ra
sfe
Note: The OCI CLI running in the Cloud Shell will execute commands against the region
selected in the Console's region selection menu when the Cloud Shell was started.

n
tra
2. In the Cloud Shell, log in to OCIR by entering:

n-
no
$ docker login <region-key>.ocir.io

. a
For example,

ide as
$ docker login iad.ocir.io

Gu ) h
3. is m
When prompted, enter your username in the format given below.
th co

<tenancy-namespace>/<username>.
e il.
us ma

Replace the <tenancy-namespace> and <username> values from the information

to g
se 5@

given in the Profile menu.

en a0

where <tenancy-namespace> is the auto-generated Object Storage namespace string of

lic sinh

the tenancy in which to create repositories (as shown on the Tenancy Information page).
And for username use the username as shown in the profile menu. For
t
ra

example, ansh81vru1zp/[email protected]. Or outenancy29/ 99239886-lab.user16

Note that for some older tenancies, the namespace string might be the same as the
(s

tenancy name in all lower-case letters (for example, acme-dev).

a
inh

If your tenancy is federated with Oracle Identity Cloud Service, use the format <tenancy-
namespace>/oracleidentitycloudservice/<username>.
tS
ra

Enter the auth token IAD-DOP-LAB07-1-AT-01 (random string) you copied earlier as the
m

password.
Sa

For example,
R5kwpS-xxxxx((]51r]]

Copyright © 2023, Oracle and/or its affiliates.

90 Manage OCIR and push and pull images using Docker CLI
Note: When you enter or paste the password, you’ll not see masked characters. Press
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Enter on your keyboard to continue and you should see the “Login Succeeded”
message on the screen.

ble
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Manage OCIR and push and pull images using Docker CLI 91
Tag the Docker Image
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

A tag identifies the Oracle Cloud Infrastructure Registry (OCIR) region, tenancy, and repository
to which you want to push the image.

This task requires the Docker image oci_sample_webapp_<userID>:<tag>, which you

created earlier in the lab on Microservice and Container Orchestration: Create Docker image for

le
a web application using Dockerfile (Lab06-1).

b
ra
sfe
Tasks

n
tra
1. In the Cloud Shell, run the following command to attach a tag to the image that you're

n-
going to push to OCIR repository:

no
$ docker tag oci_sample_webapp_user22:1.0
<region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag>

. a
ide as
Where,

Gu ) h
• <region-key> is the key for the Oracle Cloud Infrastructure Registry region you're
is m
th co
using. For example, iad is the region key for US EAST (Ashburn) region. See the
e il.

Availability by Region topic in the Oracle Cloud Infrastructure documentation.

us ma

• ocir.io is the Oracle Cloud Infrastructure Registry name.

to g

• <tenancy-namespace> is the auto-generated Object Storage namespace string of

se 5@

the tenancy (as shown on the Tenancy Information page) to which you want to push
en a0

the image, for example, oracletenancy.

lic sinh

• <repo-name> is the name of the target repository to which you want to push the
image (for example, iad-dop-lab07-1-ocir-1/oci_sample_webapp_user22).
t
ra

• <tag> is an image tag you want to give the image in Oracle Cloud Infrastructure
am

Registry (for example, latest).

(s
a

For example,
inh

$ docker tag oci_sample_webapp_user22:1.0

iad.ocir.io/oracletenancy/iad-dop-lab07-1-ocir-
1/oci_sample_webapp_user22:latest
ra
m

2. Validate if the new image with the tag is listed.

$ docker images

Note: Although two tagged images will be shown (1.0 and latest), both are based on
the same base image with the same IMAGE_ID.

Copyright © 2023, Oracle and/or its affiliates.

92 Manage OCIR and push and pull images using Docker CLI
Push the Tagged Docker Image to OCIR Repository
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

After assigning a tag to the image, you use the Docker CLI to push it to Oracle Cloud
Infrastructure Registry repository.

Tasks

le
1. In the Cloud Shell, run the following command to push the tagged Docker image to OCIR

b
ra
repository:

sfe
$ docker push <region-key>.ocir.io/<tenancy-namespace>/<repo-
name>:<tag>

n
tra
For example,

n-
$ docker push iad.ocir.io/oracletenancy/iad-dop-lab07-1-ocir-

no
1/oci_sample_webapp_user22:latest

. a
ide as
You will see the different layers of the image are pushed in turn and it prints the sha256

Gu ) h
digest along with the size of the image on the screen.
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Manage OCIR and push and pull images using Docker CLI 93
Verify if the Image Has Been Pushed
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Verify if the image has been pushed successfully to the OCIR repository.

Tasks

1. Go back to the OCIR Service page and select your <assigned compartment> from List

le
scope on the left menu.

b
ra
sfe
2. You’ll see the private repository iad-dop-lab07-1-ocir-
1/oci_sample_webapp_<userID> that you created.

n
tra
3. Click the name of the repository that contains the image you just pushed from the

n-
no
dropdown menu under label Repositories and images. You’ll see:
• An image with the tag latest.

. a
ide as
• A summary page that shows you the details about the repository, including who

Gu ) h
created it and when, its size, and whether it's a public or a private repository.
is m
th co
4. Click the image tag latest from the dropdown menu
e il.
us ma

On the Summary page, you’ll see the image size, when it was pushed and by which user,
image sha256 digest, and the number of times the image has been pulled.
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

94 Manage OCIR and push and pull images using Docker CLI
Pull the Image from OCIR Repository
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Perform pull operation after deleting the existing images from the local docker repository. You
will pull the same image that was previously pushed to the OCIR repository.

Tasks

le
1. Delete the existing images from the local docker repository.

b
ra
sfe
a. In the Cloud Shell, list all the images.

n
$ docker images

tra
n-
b. Run docker rmi command to delete the tagged image and the original image you

no
created earlier.

. a
$ docker rmi oci_sample_webapp_user22:1.0

ide as
Gu ) h
Output: Untagged: oci_sample_webapp_user22:1.0
is m
th co
$ docker rmi iad.ocir.io/oracletenancy/iad-dop-lab07-1-ocir-
1/oci_sample_webapp_user22:latest
e il.
us ma

This command will first untag the image and delete the image by deleting all the
to g
se 5@

associated layers.
en a0

2. Verify if the images are deleted.

lic sinh

$ docker images
t

3. Switch to the OCI Console. From the OCIR page, select the repository and the image tag
ra
am

that needs to be pulled.

4. Click the Actions menu on the image summary page and select Copy pull command
a

from the drop-down list. The command you copy includes the fully qualified path to the
inh

image's location in Container Registry in the following format:

tS
ra

<region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag>
m
Sa

5. Execute the copied command in the Cloud Shell to pull the image to the local repository.

For example,
$ docker pull iad.ocir.io/oracletenancy/iad-dop-lab07-1-ocir-
1/oci_sample_webapp_user22:latest

Copyright © 2023, Oracle and/or its affiliates.

Manage OCIR and push and pull images using Docker CLI 95
6. Verify the pulled image from OCIR repository.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

$ docker images

You should see the pulled image listed within the local repository.

Important Note: Do not delete any artifacts and resources created in this lab because

b le
they will be required in the upcoming labs.

ra
sfe
Congratulations! you have successfully pushed and pulled an image from the OCIR repository.

n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

96 Manage OCIR and push and pull images using Docker CLI
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h
ide as
. a Lab 08-1 Practices
no
Cluster Access

n-
tra
n
Microservices and

sfe
Estimated Time: 45 minutes

ra
b le
Orchestration: Set Up OKE
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

A Kubernetes cluster is a group of nodes (machines running applications). Each node can be a
physical machine or a virtual machine.

le
You need to set up access to your Kubernetes cluster to deploy your application. The kubectl

b
ra
command-line client is a versatile way to interact with a Kubernetes cluster, including

sfe
managing multiple clusters.

n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@

In this lab, you’ll:

en a0

a. Set up the kubeconfig file.

lic sinh

b. Run kubectl commands against Kubernetes cluster.

t
ra

For more information on OCI Container Engine for Kubernetes (OKE), see the OCI Container
am

Engine Documentation.
(s
a

Assumptions
inh
tS

• You are signed in to your Oracle Cloud Infrastructure (OCI) account using your
credentials.
ra
m

• A pre-created OKE cluster <EventID>-OCI-ELS-DEVOPS-OKE is available in the root

compartment. <EventID> can be fetched from the Lab tab available in the course
page.
Example : If your User Name is 99241291-lab.user02, then EventID is 99241291.
The pre-created OKE cluster will be named as 99241291-OU-DEVELOPER-OKE.
• You will replace the <userID> placeholder with your user ID.

Copyright © 2023, Oracle and/or its affiliates.

98 Set up OKE cluster access

Set Up the kubeconfig File
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

To access a cluster using kubectl, you must set up a Kubernetes configuration file
(commonly known as the kubeconfig file) for the cluster. The kubeconfig file provides the
necessary details to access the cluster.

Tasks

ble
ra
1. In the Console, open the navigation menu and click Developer Services. Under

sfe
Containers and Artifacts, click Kubernetes Clusters (OKE).

n
tra
2. Select root compartment from List Scope on the left menu.

n-
no
In the table listing Clusters, click the cluster <EventID>-OCI-ELS-DEVOPS-OKE to access
using kubectl. The Cluster details page shows information on the cluster.

. a
ide as
Note: <EventID> can be fetched from the Lab tab available in the course page.

Gu ) h
is m
3. Click Access Cluster to display the Access Your Cluster window.
th co
e il.

Click Cloud Shell Access and copy the command to access the kubeconfig for your
us ma

4.
cluster via the VCN-Native public endpoint and paste it on notepad.
to g
se 5@

5. Launch Cloud Shell and run the copied command. On successful execution, it will return a
en a0

new config written to kubeconfig file.

lic sinh

For example,
t
ra

$ oci ce cluster create-kubeconfig --cluster-id

ocid1.cluster.oc1.iad.xxxxxaaaziwdigokvlwhuaeslgxi6tdk473xqgodcb
am

oc6nlgecsyudoxxxxx --file $HOME/.kube/config --region us-

ashburn-1 --token-version 2.0.0 --kube-endpoint PUBLIC_ENDPOINT

a
inh

Note: This is just a representation of the command. Do not use this command to connect
with the cluster that’s created for this lab.
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Set up OKE cluster access 99

Run kubectl Commands Against Kubernetes Clusters
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Having set up the kubeconfig file, you can start using kubectl to access the cluster by
creating a sample deployment in OKE cluster.

Tasks

le
1. Verify that kubectl can connect to the cluster.

b
ra
$ kubectl get nodes

sfe
This will return the IP addresses of three worker nodes set up within this OKE cluster.

n
tra
Create namespace in your Kubernetes cluster to manage your resources.

n-
2.

no
$ kubectl create ns ns-<userID>

. a
Where,

ide as
• ns-<userID> - is a unique namespace for your group of resources within a cluster.

Gu ) h
• Replace <userID> with your user ID. is m
th co
For example.
e il.
us ma

$ kubectl create ns ns-user22

to g

View the cluster information.

se 5@

3.
$ kubectl cluster-info
en a0

It dumps relevant information regarding clusters for debugging and diagnosis.

lic sinh

Create a sample deployment in OKE cluster.

4.
ra

$ kubectl create deployment deploy-<userID> --

image=iad.ocir.io/ocuocictrng5/httpd:latest -n ns-<userID>
(s

This command will return deployment.apps/deploy-<userID> created.

a
inh

Where,
tS

• kubectl create deployment - is used to create a pod with a single running

container.
m
Sa

• deploy-<userID> - is a name for your deployment.

• image=iad.ocir.io/ocuocictrng5/httpd:latest
• -n ns-<userID> - is the namespace where your Kubernetes objects are created.

Copyright © 2023, Oracle and/or its affiliates.

100 Set up OKE cluster access

For example.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

$ kubectl create deployment deploy-user22 --

image=iad.ocir.io/ocuocictrng5/httpd:latest -n ns-user22

5. Expose your deployment using service of type load balancer by using the following
command.
$ kubectl expose deployment deploy-<userID> --type=LoadBalancer
--name=svc-<userID> --port=80 --target-port=80 -n ns-<userID>

ble
ra
Where,

sfe
• deploy-<userID> - is a name for your deployment.

n
• --type=LoadBalancer - exposes the service externally using an OCI load

tra
balancer.

n-
no
• svc-<userID> - is the name for your service.

. a
• --port=80 --target-port=80 - is used to expose the application running within

ide as
the cluster on port 80.

Gu ) h
• ns-<userID> - is the namespace where your Kubernetes objects are created.
is m
th co
For example,
e il.

$ kubectl expose deployment deploy-user22 --type=LoadBalancer

us ma

--name=svc-user22 --port=80 --target-port=80 -n ns-user22

to g
se 5@

This command will return svc-<userID> exposed.

en a0

6. View all the deployments in your namespace.

lic sinh

$ kubectl get deploy -n ns-<userID>

The output of this command will be a row with the deployment name and ready column
ra
am

set to 1/1. The age column determines the duration of the deployment created.
(s

7. View all the pods in your namespace.

a
inh

$ kubectl get pods -n ns-<userID>

The output of this command will be a row with the pod name and ready column set to 1/1.
ra

The age column determines the duration of the pod created.

m
Sa

8. View all the services in your namespace.

$ kubectl get svc -n ns-<userID>

The output of this command is a row with service name and type set to Load Balancer. It
shows you the details of CLUSTER-IP and EXTERNAL-IP.

Copyright © 2023, Oracle and/or its affiliates.

Set up OKE cluster access 101

9. Copy the IP address listed under the EXTERNAL-IP column and paste it in a browser to
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

access your httpd application that is deployed within OKE cluster.

The webpage will display:
“It Works!”

10. Check the number of instances of pods running in your deployment.

$ kubectl get replicaset -n ns-<userID>

b le
The output of this command should display the replicaset name. The desired and current

ra
columns specify the number of replicas running. Age column determines the duration of

sfe
replica created.

n
tra
11. Scale up the current replicas by three so that Kubernetes can start new pods to scale up

n-
your service.

no
$ kubectl scale --replicas=3 deployment/deploy-<userID> -n ns-

. a
<userID>

ide as
Gu ) h
On successful execution, this command will return “deployment.apps/deploy-
<userID> scaled”. is m
th co

12. Check if you have three replicas running.

e il.
us ma

$ kubectl get replicaset -n ns-<userID>

to g
se 5@

This shows that the Load Balancer service will now balance the incoming requests among
these three pods (replicaset).
en a0
lic sinh

13. View all the resources running in your namespace.

$ kubectl get all -n ns-<userID>
t
ra

This command shows you all the pods, services, deployments, and replicaset running in
am

your namespace within the OKE cluster.

(s
a

Notice that the pod count has changed to three after the previous scale-up instruction.
inh
tS

14. View the pod logs. The kubectl logs command lets you inspect the logs for a particular
ra

pod.
m

$ kubectl logs <podname> -n ns-<userID>

Where,

<podname> - is the complete pod name to be used from the output of kubectl get
all -n ns-<userID> command. For example, pod/deploy-user22-cd95b4455-
f8plr.

Copyright © 2023, Oracle and/or its affiliates.

102 Set up OKE cluster access

15. Delete your deployment.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

$ kubectl delete deploy deploy-<userID> -n ns-<userID>

On successful execution, this command will display “deployment.apps deploy-

<userID> deleted”.

16. Delete your service object.

le
$ kubectl delete svc svc-<userID> -n ns-<userID>

b
ra
On successful execution, this command will display “service svc-<userID> deleted”.

sfen
17. Run the following command and you’ll not find any resources in your namespace.

tra
$ kubectl get all -n ns-<userID>

n-
no
Output: No resources found in ns-<userID> namespace.

. a
18. Because all the resources are deleted, if you go back to your browser and hit refresh on

ide as
the IP address you pasted earlier, the page will no longer respond.

Gu ) h
is m
th co
e il.

Important Note: Do not delete the namespace and entry created in the kubeconfig
us ma

file in this lab, because they will be required in the upcoming labs.
to g
se 5@

Congratulations! You have successfully deployed a sample web application to the OKE cluster.
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Set up OKE cluster access 103

104
Sa
m
ra
tS
inh
a
(s
am
Purge Instructions

ra
t
lic sinh
en a0
se 5@
to g
There are no purge instructions for this practice.

us ma
e il.
th co
is m
Gu ) h

Copyright © 2023, Oracle and/or its affiliates.

ide as
. a
no
n-
tra
n sfe
ra
b le

Set up OKE cluster access

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m

kubectl
Gu ) h
ide as
. a
Lab 09-1 Practices
no
n-
tra
n sfe
Estimated Time: 45 minutes ra
b
an OKE Cluster Using

le
Orchestration: Deploy a
Sample Web Application on
Microservice and Container
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

In this practice, you will create a named secret which contains your Oracle Cloud Infrastructure
(OCI) credentials and add them to a deployment manifest. You will then use this manifest to
deploy a sample Web application to an OKE cluster and later verify if the application is

ble
accessible.

ra
sfe
n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh

In this lab, you will:

t
ra

a. Create a Kubernetes (OKE) secret.

b. Add the secret and the image path to the deployment manifest.
(s
a

c. Deploy the sample Web Application to OKE cluster.

inh
tS

d. Verify if the sample Web Application is accessible

ra
m

e. Clean up the resources deployed within OKE cluster.

For more information on OCI Container Engine for Kubernetes (OKE), see the OCI Container
Engine Documentation.

Copyright © 2023, Oracle and/or its affiliates.

106 Deploy a sample Web application on a cluster using kubectl

Prerequisites
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You will use the existing Docker image, OCIR repository, Auth token and Kubernetes
namespace from the previous labs to perform tasks for this practice:
• Microservice and Container Orchestration: Create Docker image for a web application
using Dockerfile (Lab06-1)
•

le
Microservices and Container Orchestration: Create and work with OCIR repository

b
(Lab07-1)

ra
sfe
• Microservices and Container Orchestration: Set up cluster access (Lab08-1)

n
Assumptions

tra
n-
• You are signed into your Oracle Cloud Infrastructure (OCI) account using your

no
credentials.

. a
• A pre-created OKE cluster <EventID>-OCI-ELS-DEVOPS-OKE is available in the root

ide as
compartment. <EventID> can be fetched from the Lab tab available in the course

Gu ) h
page.
is m
Example : If your User Name is 99241291-lab.user02, then EventID is 99241291.
th co
e il.

The pre-created OKE cluster will be named as 99241291-OU-DEVELOPER-OKE.

us ma

• You will replace the <userID> placeholder with your user ID.
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Deploy a sample Web application on a cluster using kubectl 107

Create a Kubernetes (OKE) Secret
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

To enable Kubernetes to pull an image from OCIR repository when deploying an application,
you need to create a Kubernetes secret. The secret contains all the login details you would
provide while logging in to OCIR using the docker login command, including your auth
token.

le
Tasks

b
ra
sfe
1. Open Cloud Shell.

n
tra
2. Run the following command to create a secret:
$ kubectl create secret docker-registry <name-of-secret>-<userID> -

n-
no
-docker-server=<region-key>.ocir.io --docker-username=’<tenancy-
name>/<oci-username>’ --docker-password=’<oci-auth-token>’ --

. a
docker-email=’<email-address>’ -n ns-<userID>

ide as
Where,

Gu ) h
• <name-of-secret>-<userID>: A unique name for the secret, for example, ocir-
is m
secret-user22. Replace <userID> with your user ID.
th co
e il.

• <region-key>: The <region-key> is the key for the Oracle Cloud Infrastructure
us ma

Registry region you're using; for example, iad is the region key for US EAST
to g

(Ashburn) region. See the Availability by Region topic in the Oracle Cloud
se 5@

Infrastructure documentation.
en a0

• ocir.io is the Oracle Cloud Infrastructure Registry name.

lic sinh

• <tenancy-namespace> is the auto-generated Object Storage namespace string of

the tenancy (as shown on the Tenancy Information page) to which you want to push
t
ra

the image. For example, oracletenancy.

• <oci-auth-token>: Use the auth token (random string) created in the earlier lab
(s

for IAD-DOP-LAB07-1-AT-01, which was saved in your notepad.

For example, R5kwpS-xxxxx((]51r]].

inh
tS

Note: If you do not have an auth token, create a new one by referring to Microservices and
ra

Container Orchestration: Create and work with OCIR repository (Lab07-1).

• <email-address>: Your email address.

For example,

$ kubectl create secret docker-registry ocir-secret-user22 --

docker-server=iad.ocir.io --docker-
username='oracletenancy/user22' --docker-password='R5kwpS-
xxxxx((]51r]]' --docker-email='[email protected]' -n ns-user22

Copyright © 2023, Oracle and/or its affiliates.

108 Deploy a sample Web application on a cluster using kubectl

You will see this confirmation message “secret/ocir-secret-user22 created” for
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

secret creation on the screen.

3. Run the following command to verify if the secret has been created:
$ kubectl get secrets -n ns-<userID>

For example,

le
$ kubectl get secrets -n ns-user22

b
ra
sfe
You will see the secret details displayed with the name, age, and other attributes.

n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Deploy a sample Web application on a cluster using kubectl 109

Add the Secret and the Image Path to the Deployment
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Manifest
After the secret is created, you are required to include name of the secret (<name-of-
secret>-<userID>) and full path of the image (iad-dop-lab07-1-ocir-
1/oci_sample_webapp_<userID>:latest)pushed to OCIR repository in the deployment

le
manifest which is used for deploying the sample web application to an OKE cluster.

b
ra
Note: You pushed the image to OCIR repository in Microservices and Container Orchestration:

sfe
Create and work with OCIR repository (Lab07-1). That’s the image you’ll be using in this task.

n
tra
Tasks

n-
no
1. Open Code Editor. Code Editor allows you to edit files and source codes present in the

. a
cloned Git directory within the Cloud Shell.

ide as
Gu ) h
The Tool Bar is on the left side of the Code Editor window. Click the Explorer (top) icon
is m
from the left side menu within the code editor window.
th co
e il.

a. Within the Code Editor window, navigate to the cloned Git directory named docker-
us ma

helloworld-demo, which is present in the user’s home directory.

to g
se 5@

b. Browse to the file HelloWorld-lb.yaml in the cloned Git directory and replace the
en a0

placeholders with relevant values in the Deployment section:

lic sinh

1) name: helloworld-deployment-<userID>
t
ra

2) namespace: ns-<userID>
am
(s

3) image: <region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag>
a

Where,
inh

• <region-key>: The <region-key> is the key for the Oracle Cloud

Infrastructure Registry region you're using. For example, iad is the region
ra

key for US EAST (Ashburn) region. See the Availability by Region topic in the
m

Oracle Cloud Infrastructure documentation.

• <tenancy-namespace>: The auto-generated Object Storage namespace

string of the tenancy (as shown on the Tenancy Information page) to which
you want to push the image. For example, oracletenancy.

Copyright © 2023, Oracle and/or its affiliates.

110 Deploy a sample Web application on a cluster using kubectl

• <repo-name>:<tag>: The repository name ‘iad-dop-lab07-1-ocir-
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

1/oci_sample_webapp_<userID>:latest’ used to tag and push the

image.

4) replace <secret-name> with ocir-secret-<userID>

a) name : ocir-secret-<userID>

ble
c. Also, replace the placeholders in the Service section:

ra
sfe
1) name: helloworld-service-<userID>

n
tra
2) namespace: ns-<userID>

n-
no
The file will look similar after you’ve made all the changes:

. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m

Click Save from the File menu and exit the Code Editor.
Sa

Copyright © 2023, Oracle and/or its affiliates.

Deploy a sample Web application on a cluster using kubectl 111

Deploy the Sample Web Application to OKE Cluster
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

After making changes to manifest, you are ready to deploy the application to the OKE cluster.

Tasks

1. Open Cloud Shell and change to the docker-helloworld-demo directory.

le
$ cd ~/docker-helloworld-demo

b
ra
sfe
2. Run the following command:
$ kubectl create -f HelloWorld-lb.yaml

n
tra
A confirmation of deployment and service creation will be displayed.

n-
no
Note: The HelloWorld Service Load Balancer is implemented as an OCI Load Balancer with

. a
a backend set to route incoming traffic to the cluster nodes.

ide as
Gu ) h
The OKE service creates new Load Balancer in the root compartment. You can see the
is m
new Load Balancer in the OCI Console by navigating to the Load Balancers page under
th co
Networking by selecting the root compartment from the List Scope menu from the left
e il.
us ma

menu.
to g

You will be working on a shared tenancy and might spot multiple entries. Choose the one
se 5@

that is created recently.

en a0
lic sinh

Make a note of overall health and public IP address for the Load Balancer.
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

112 Deploy a sample Web application on a cluster using kubectl

Verify if the Sample Web Application Is Accessible
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Your deployment should now be running on an OKE cluster node.

Tasks

1. Open Cloud Shell and run the command:

le
$ kubectl get services -n ns-<userID>

b
ra
sfe
For example,
$ kubectl get services -n ns-user22

n
tra
Note: The status of the EXTERNAL-IP column will show <pending> initially. Re-run the

n-
command at some interval until the IP is allotted.

no
. a
You’ll observe details of the services running on cluster nodes. You’ll also observe

ide as
HelloWorld-Service Load Balancer details such as External/Public IP and Port Number.

Gu ) h
2. is m
Launch an Internet Browser and enter the HelloWorld-Service Load Balancer’s
th co
External/Public IP into the browser’s address bar to access the deployed application. The
e il.

load balancer routes the request to available nodes in the cluster.

us ma

In this lab, you’ll see one node as the replica count is set to 1 in the Kubernetes manifest.
to g
se 5@

Once the request reaches the node, you’ll see the following webpage:
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m

Now comes the fun part! Let’s pretend your sample web application has suddenly gained
Sa

popularity and you are now required to allocate more resources to it.

The OKE cluster is running on a single node pool with three worker nodes, thus you can
easily scale your deployment.

Copyright © 2023, Oracle and/or its affiliates.

Deploy a sample Web application on a cluster using kubectl 113

a. To scale up twice as much and run an additional pod for your current single pod
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

deployment, run the command:

$ kubectl -n ns-<userID> scale --replicas=2
deployment/<deploymentname>

For example,
$ kubectl -n ns-user22 scale --replicas=2 deployment/helloworld-
deployment-user22

ble
ra
You will see a confirmation for deployment scaling on screen.

sfe
b. Further, to see pod and deployment details, run the command:

n
tra
$ kubectl get all -n ns-<userID>

n-
For example,

no
$ kubectl get all -n ns-user22

. a
ide as
Here, you will observe an additional row for the new pod that has spawned. You can

Gu ) h
identify the new pod by comparing the Container ID or the value in Age column of the
output.
is m
th co
e il.

Also, the Deployment row shows ‘2/2’ in the READY column, indicating the
us ma

deployment is now hosted on two pods.

to g
se 5@

If you refresh the webpage a few times, you will observe that the two Container IDs
en a0

alternatively serving your request. This is because the traffic can reach any of these
lic sinh

pods via the OCI Load Balancer.

t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

114 Deploy a sample Web application on a cluster using kubectl

Clean Up the Resources Deployed Within OKE Cluster
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Clean up the resources deployed within OKE cluster.

Tasks

1. To delete the sample web application and all other resources you created on the cluster,

le
run the following command:

b
$ kubectl delete -f HelloWorld-lb.yaml -n ns-<userID>

ra
sfe
For example,

n
tra
$ kubectl delete -f HelloWorld-lb.yaml -n ns-user22

n-
2. To confirm the resources are cleared, run the command:

no
$ kubectl get all -n ns-<userID>

. a
ide as
For example,

Gu ) h
$ kubectl get all -n ns-user22
is m
th co
You will observe that no resources are found in the namespace.
e il.
us ma
to g
se 5@

Important Note: Do not delete the namespace and entry created in the kubeconfig
file in this lab, because they will be required in the upcoming labs.
en a0
lic sinh

Congratulations! You have successfully deployed a sample web application to the OKE cluster.
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Deploy a sample Web application on a cluster using kubectl 115

116
Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h

Copyright © 2023, Oracle and/or its affiliates.

ide as
. a
no
n-
tra
n sfe
ra
b le

Deploy a sample Web application on a cluster using kubectl

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m

Project
Gu ) h
ide as
. a
Lab 10-1 Practices
no
n-
Work with Code

tra
n sfe
Estimated Time: 45 minutes ra
Continuous Delivery:

b le
Repositories in OCI DevOps
Continuous Integration and
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

There are many ways you can work with Git in the DevOps service. You can use GitHub,
GitLab, or Bitbucket or create an OCI Code repository inside your project and upload artifacts.

le
In this lab, you’ll create a sample repository and integrate your GitHub repository with OCI

b
ra
DevOps service. You’ll also learn to test and validate your integration.

sfe
n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma

In this lab, you’ll:

to g

a. Create a Personal Access Token in GitHub.

se 5@
en a0

b. Create a Key and Vaults secret in OCI.

lic sinh

c. Create a DevOps project.

t
ra

d. Create an External Connection.

am
(s

e. Mirror your GitHub repository.

a
inh

f. Create an OCI Code Repository in your DevOps project.

g. Clone OCI Code Repository in your Cloud shell session.

ra
m

h. Perform basic Git operations on the Code Repository.

For more information on Code repositories in OCI DevOps project, see the OCI Code
Repositories Documentation.

Copyright © 2023, Oracle and/or its affiliates.

118 Work with code repositories in OCI DevOps project

Prerequisites
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

• You need to have a GitHub account.

Assumptions
• A pre-created OCI Vault OCI-ELS-DEVOPS-VAULT-1 is available in the root
compartment.

ble
• This lab assumes you’re working in the Ashburn region. The resource naming

ra
convention (iad) used in this lab is according to Ashburn.

sfen
If you’re working in a different region, change the resource names accordingly. For

tra
example, for Phoenix, use phx.

n-
no
• You will replace the <userID> placeholder with your user ID.

. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Work with code repositories in OCI DevOps project 119

Create a Personal Access Token in GitHub
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You’ll learn to fork a GitHub repository and create a Personal access token in your GitHub
account.

Tasks

le
1. Sign in to your GitHub account and go to the https://github.com/ou-

b
ra
developers/docker-helloworld-demo repository.

sfe
2. In the top-right corner, click Fork and then click Create fork at the bottom of Create a

n
tra
new fork page.

n-
no
Note: By default, forks use the same name as their upstream repository.

. a
3. In your GitHub account, click your profile icon on the top-right corner, and then go to

ide as
Settings.

Gu ) h
4. is m
Navigate to Developer settings and find Personal access tokens > Token (classic) on
th co
the left menu and then click Generate new token > Generate new token (classic) for
e il.

general use.
us ma
to g

5. On the New personal access token (classic) page.

se 5@

a. Provide a name as OCI-DevOps-ELS-LAB in Note.

en a0
lic sinh

b. Set the token Expiration to 30 days.

t
ra

c. In the Select scopes section, select repo (Full control of private repositories) as your
am

scope.
(s

6. Click Generate token and make a note of it in a notepad. You’ll need this token later when
a
inh

you create secrets. Here’s an example how a token would look like:
ghp_YnDABCDEPQRxzGZXXXXduoAZgrPemTj1xxXxx
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

120 Work with code repositories in OCI DevOps project

Create Keys and Vault Secrets
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You’ll use an existing Vault that is available in the root compartment to create keys and secrets
required to connect to an external repository.

Tasks

le
1. Sign in to your Oracle Cloud Infrastructure (OCI) account.

b
ra
sfe
2. Open the navigation menu. Click Identity & Security and then select Vault.

n
3. Select root compartment from List Scope on the left menu.

tra
n-
4. From the list of available vaults, click OCI-ELS-DEVOPS-VAULT-1

no
. a
5. On the vault Details page, Click Create Key to create a Master Encryption key.

ide as
Gu ) h
6. Enter the following values for your key:
• is m
Create in Compartment: Select your <assigned compartment>.
th co
• Protection Mode: HSM
e il.
us ma

• Name: iad-dop-lab10-1-vk-01
• Leave everything else to default values and click Create Key. It will take about a
to g
se 5@

minute to create the master encryption key. The keys will go through the Creating
state to the Active state.
en a0
lic sinh

7. On the Vault details page, select your <assigned compartment> from List scope on
the left menu. You’ll see the key “iad-dop-lab10-1-vk-01” that you created which is
t
ra

in Enabled state.
am
(s

8. Now, in the Resources section on the left menu of the Vault details page, click Secrets.
a
inh

9. Click Create secret and enter the following values for your secret:
tS

• Compartment: Select your <assigned compartment>.

• Name: iad-dop-lab10-1-vs-01-<userID>
m

For example, iad-dop-lab10-1-vs-01-user22.

• Description: Secret to pull GitHub repositories.

• Encryption Key: iad-dop-lab10-1-vk-01
• Secret Type Template: Plain-Text

Copyright © 2023, Oracle and/or its affiliates.

Work with code repositories in OCI DevOps project 121

• Secret Contents: Add the personal access token you created in your GitHub account
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

and copied into a notepad in the previous task.

For example, ghp_YnDABCDEPQRxzGZXXXXduoAZgrPemTj1xxXxx
• Click the Create Secret button at the bottom to create the secret. It will take few
minutes to create the Vault Secret. The secret will go through the Creating state to
the Enabled state.

b le
ra
sfe
n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

122 Work with code repositories in OCI DevOps project

Create a DevOps Project
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You’ll create a topic and DevOps project.

Tasks

1. In the Console, open the navigation menu and click Developer Services. Under

le
Application Integration, click Notifications.

b
ra
sfe
2. Select your <assigned compartment> from List scope on the left menu. The page gets
updated to display only the resources in that compartment.

n
tra
3. Click Topics under the notification in the left menu. You need this topic when you create

n-
no
your DevOps project. This topic will help you to send messages to its subscriptions.

. a
4. Click Create Topic at the top of the topic list.

ide as
Gu ) h
5. In the Create Topic page, configure your topic and click Create.
•
is m
Name: iad-dop-lab10-1-nt-01-<userID>. It must be unique across the tenancy;
th co
validation is case-sensitive.
e il.
us ma

• Description: This topic is for my DevOps lab.

to g

6.
se 5@

Open the navigation menu and click Developer Services. Under DevOps, click Projects.
en a0

7. On the DevOps Projects page, select your <assigned compartment> from List scope
lic sinh

on the left menu.

8. Click Create devops project.

ra
am

• Name: IAD-DOP-LAB10-1-DP-01-<userID>
(s

• Description: This project is for working with OCI DevOps CI/CD.

• To set up project notifications, click Select Topic.

inh

− In the Select topic window. Select the option “Select topic by name“
tS

− In the compartment field, select your <assigned compartment>

ra
m

− In the Topic field, select the topic that you created earlier iad-dop-lab10-1-
Sa

nt-01-<userID>.
for example, iad-dop-lab10-1-nt-01-user22. Project notifications keep you
informed of important events and the latest project status.
− Click Select Topic at the bottom.
• Click Create devops project.

Copyright © 2023, Oracle and/or its affiliates.

Work with code repositories in OCI DevOps project 123

9. You can use the OCI logging service to record the output it generates when the pipeline
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

runs. This will mean that the build logs are available for use in other tooling. On the page
of your newly created project, click Enable Log which takes you to the log management
page.

In the Logs table, toggle to enable the log. This will pop-up to Enable Log window. Leave
all the options as default and click Enable Log at the bottom. The logs will go through the

le
Creating state to the Active state. You have successfully created a DevOps project.

b
ra
sfe
n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

124 Work with code repositories in OCI DevOps project

Create an External Connection
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You’ll create a connection to external repositories, such as GitHub.

Tasks

1. Open the navigation menu and click Developer Services. Under DevOps, click Projects.

ble
2. Select the project IAD-DOP-LAB10-1-DP-01-<userID> and go to External Connections

ra
sfe
on the left menu.

n
3. Click on Create external connection. Create an external connection by entering these

tra
values.

n-
no
• Name: IAD-DOP-LAB10-1-EC-01

. a
• Description: Connecting to GitHub.

ide as
• Select a type of external connection: GitHub

Gu ) h
• In the Vault Secret section, Under Vault in <compartment_name> click Change
is m
Compartment and select the root compartment.
th co

• Select the OCI-ELS-DEVOPS-VAULT-1 Vault from the drop-down list.

e il.
us ma

• Under the Secret in <assigned compartment> field. Select the secret value iad-
to g

dop-lab10-1-vs-01-<userID> within your compartment that contains your Personal

se 5@

access token (PAT) to connect to GitHub.

en a0

4. Click Create. The connection to the selected external repository is successfully created
lic sinh

and active.
t
ra

You can now mirror a code repository from GitHub.

am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Work with code repositories in OCI DevOps project 125

Mirror Your GitHub Repository
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You’ll learn to mirror repositories to and from external sources.

Tasks

1. Navigate to your DevOps project IAD-DOP-LAB10-1-DP-01-<userID> using the

le
breadcrumb.

b
ra
sfe
2. Click Code Repositories on the left menu of your project page.

n
3. Click Mirror Repository to mirror code repository from GitHub. Fill the details as given

tra
below:

n-
no
• Connection: Select IAD-DOP-LAB10-1-EC-01 from the drop-down list. This is the
external connection you created earlier.

. a
ide as
• Repository: Select the docker-helloworld-demo repository from the drop-down

Gu ) h
list which you had forked earlier.
•
is m
Mirroring Schedule: Select Custom from the drop-down list and set the minutes
th co
field to 1.
e il.
us ma

• Name: IAD-DOP-LAB10-1-MR-01
• Description: This is mirroring GitHub repository.
to g
se 5@

• Click Mirror repository at the bottom.

en a0

After a while, the mirrored repository will be available in OCI Code Repository.
lic sinh

4. Check if your files are getting updated from your Git Repository.
t
ra
am

a. Sign in to your GitHub account and navigate to the forked repository docker-
(s

helloworld-demo.
a
inh

b. Click Add File and select Create a New File. This opens a new file.
tS

c. Give a name to your file, for example, Mirror_test.txt.

Add a line in the file: This is a test file to check if mirroring is

happening in the OCI Code Repository.

d. Scroll down the page and click Commit New File.

e. Switch to the OCI Console and go to your Mirrored Code Repository (IAD-DOP-
LAB10-1-MR-01). You’ll see a message “Mirroring is in Progress” at the top of the
page.

Copyright © 2023, Oracle and/or its affiliates.

126 Work with code repositories in OCI DevOps project

f. Click Files in the left menu. After one minute, scan through the files and check if
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Mirror_test.txt is present in that branch.

5. Clean up your mirrored repo.

a. Click Code Repositories on the left menu of your project page and locate your
mirrored repository IAD-DOP-LAB10-1-MR-01.

ble
b. Click the three dots on the right to open the Actions menu. Select Delete.

ra
sfe
c. Type the repository name in the provided field to confirm the Delete action and then

n
click Delete.

tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Work with code repositories in OCI DevOps project 127

Create an OCI Code Repository in Your DevOps Project
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You’ll learn to create a code repository inside your DevOps project, which is very similar to
your Git repository.

Tasks

le
1. Navigate to your DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.

b
ra
sfe
2. Click Code Repositories on the left menu of your project page.

n
3. Click Create Repository. Enter the following details:

tra
n-
• Repository name: IAD-DOP-LAB10-1-CR-01

no
• Description: This code repository will be cloned with Git.

. a
• Default branch: main

ide as
Gu ) h
4. Click Create Repository. An empty code repository is created with the main branch.
is m
th co
You can perform the following actions on the repository: access your files, access all the
e il.

commits pertaining to the code repository you just created, compare file changes, branch
us ma

actions such as GitHub, view Git tags, and monitor the status of all the operations.
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

128 Work with code repositories in OCI DevOps project

Clone OCI Code Repository in Your Cloud Shell Session
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You’ll clone the code repository to create a local copy on your cloud shell session, add or
remove files, commit changes, and work on different branches by using Git operations. You
can use two methods to clone: HTTPS and SSH keys. In this lab, you’ll use HTTPS.

Tasks

ble
ra
1. Navigate to your DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.

sfe
2. Click Code Repositories on the left menu of your project page.

n
tra
3. Click IAD-DOP-LAB10-1-CR-01 and click Clone in the Code Repository details page.

n-
no
4. In the Clone window, to the right of the Clone with HTTPS field, click Copy to get the

. a
path to access the repository using Git. Save this information in a notepad.

ide as
Gu ) h
5. Open Cloud Shell. In the Cloud Shell, navigate to the home directory and copy-paste the
URL to clone the public repository. is m
th co
e il.

a. Go to home directory.
us ma

$ cd ~
to g
se 5@

b. Clone by copy-pasting the URL.

$ git clone <paste the HTTPS URL copied in the Clone page.>
en a0
lic sinh

Sample code:
$ git clone https://devops.scmservice.us-ashburn-
t
ra

1.oci.oraclecloud.com/namespaces/oracletenancy/projects/IAD-DOP-
LAB10-1-DP-01-<userID>/repositories/IAD-DOP-LAB10-1-CR-01
am
(s

c. You must provide your username: <tenancy-namespace>/<username>. For

example, oracletenancy/user22.
inh
tS

d. Your password is your auth token. When you enter or paste the password, you’ll not
ra

see masked characters. Press Enter on your keyboard to continue.

m
Sa

Note: You need an Auth Token to clone the repository using HTTPS. Use the auth
token created in the earlier lab (IAD-DOP-LAB07-1-AT-1), that is saved in your
notepad. If you don’t have it, then create a new one by referring to the lab
Microservices and Container Orchestration: Create and work with OCIR repository
(Lab07-1).

Copyright © 2023, Oracle and/or its affiliates.

Work with code repositories in OCI DevOps project 129

6. Switch to your recently cloned directory and you’ll see that there are no files.
$ cd ~/IAD-DOP-LAB10-1-CR-01
$ ls

7. You can now add the files from your existing docker-helloworld-demo directory to

le
the IAD-DOP-LAB10-1-CR-01 directory you just cloned.

b
$ cd ~/docker-helloworld-demo

ra
$ cp * ~/IAD-DOP-LAB10-1-CR-01

sfe
n
8. Navigate to the cloned directory (IAD-DOP-LAB10-1-CR-01) in Cloud Shell. You should see

tra
all the files copied.

n-
$ cd ~/IAD-DOP-LAB10-1-CR-01

no
$ ls

. a
ide as
9. Now check the current configuration of Git in your IAD-DOP-LAB10-1-CR-01 directory with

Gu ) h
the following command:
$ git remote -v is m
th co
Check if the configuration for the remote repository is pointing to your OCI Code
e il.
us ma

Repository. For example,

origin https://devops.scmservice.us-ashburn-
to g
se 5@

1.oci.oraclecloud.com/namespaces/oracletenancy/projects/IAD-DOP-
LAB10-1-DP-01-<userID>/repositories/IAD-DOP-LAB10-1-CR-01
en a0

(fetch)
origin https://devops.scmservice.us-ashburn-
lic sinh

1.oci.oraclecloud.com/namespaces/oracletenancy/projects/IAD-DOP-
LAB10-1-DP-01-<userID>/repositories/IAD-DOP-LAB10-1-CR-01 (push)
t
ra
am

10. Every time you make changes to your files and save it, it will not automatically update the
OCI Code Repository (IAD-DOP-LAB10-1-CR-01) within the DevOps Project (IAD-DOP-
(s

LAB10-1-DP-01-<userID>). All the changes you made in the file are updated only in your
a
inh

local repository. To update the changes to the main branch in OCI Code Repository within
tS

the DevOps Project run the following commands:

$ git add .
ra

$ git config --global user.email "enter you email"

m
Sa

$ git config --global user.name "Your Name"

$ git commit -m "first push into OCI Code Repository"
$ git push -u -f origin main

Copyright © 2023, Oracle and/or its affiliates.

130 Work with code repositories in OCI DevOps project

• When it prompts for your username: <tenancy-namespace>/<username>.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Replace the <tenancy-namespace> and <username> values from the info given in
the Profile menu.

For example, oracletenancy/user22.

Your password is the auth token, this is token created in the earlier lab (IAD-DOP-LAB07-

le
1-AT-01), that you saved in your notepad earlier.

b
ra
11. In the OCI Console, go to your DevOps project and then to the IAD-DOP-LAB10-1-CR-01

sfe
code repository you created. Click Files in the left menu and notice all the files are

n
available in the code repository.

tra
n-
The initial push of all your code for a sample Web Application has taken place into your

no
OCI Code Repository. As you do further practices, you will make changes to the files in the

. a
local repository in the Cloud Shell and push it into your OCI Code Repository.

ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Work with code repositories in OCI DevOps project 131

Perform Basic Git Operations on the Code Repository
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Learn to run some basic Git operations.

Tasks

1. In the Cloud Shell, go to the IAD-DOP-LAB10-1-CR-01 directory.

le
$ cd ~/IAD-DOP-LAB10-1-CR-01

b
ra
sfe
2. Create a new branch in the local repository.
$ git branch new_branch

n
tra
3. Move to the newly created branch.

n-
$ git checkout new_branch

no
. a
4. Create a sample file in the new branch.

ide as
$ echo “OCI_GIT_TEST” >> test1.txt

Gu ) h
5. Use the ls command to verify the new file is now present in the directory.
is m
th co
$ ls
e il.
us ma

The test1.txt file must be present in the directory.

to g
se 5@

6. Now add the file to the git repository for commit.

$ git add test1.txt
en a0
lic sinh

Adds the file test1.txt in the local repository and stages them for commit.
t

7. Before you commit, check what files are staged.

ra
am

$ git status
(s

Lists all new or modified files to be committed.

a
inh

8. Commit the changes you made to your Git Repository.

$ git commit -m "second commit- added file test1.txt in

new_branch"
ra
m

9. Push the newly created branch to OCI Code Repository

$ git push -u origin new_branch

Copyright © 2023, Oracle and/or its affiliates.

132 Work with code repositories in OCI DevOps project

• When it prompts for your username: <tenancy-namespace>/<username>.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Replace the <tenancy-namespace> and <username> values from the info given in
the Profile menu.

For example, oracletenancy/user22.

Your password is the auth token, this is token created in the earlier lab (IAD-DOP-LAB07-

le
1-AT-01), that you saved in your notepad earlier.

b
ra
10. In the Console, navigate to the code repository IAD-DOP-LAB10-1-CR-01 within your

sfe
Devops project.

n
tra
11. Select Files in the left menu and click the drop-down list to select a branch. You should

n-
see new_branch. Select the newly created branch and scan through the files and check if

no
test1.txt is present in that branch.

. a
ide as
Gu ) h
Important Note: Do not delete any artifacts and resources created in this lab because
is m
th co
they will be required in the upcoming labs.
e il.
us ma

Congratulations! in this lab, you've learned to create a project, mirror a repository, and clone
the code repository to create a local copy.
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Work with code repositories in OCI DevOps project 133

134
Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h

Copyright © 2023, Oracle and/or its affiliates.

ide as
. a
no
n-
tra
n sfe
ra
b le

Work with code repositories in OCI DevOps project

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m

Project
Gu ) h
ide as
. a

Lab 11-1 Practices

no
n-
Up Artifacts and

tra
n sfe
Estimated Time: 30 minutes
ra
b le
Environments in a DevOps
an Artifact Registry and Set
Continuous Integration and
Continuous Delivery: Create
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

Oracle Cloud Infrastructure (OCI) Artifact Registry is a repository service for storing, sharing,
and managing software development packages.

ble
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh

In this lab, you will:

a. Create a repository to store and manage artifacts.

ra
am

b. Add a Container Image Repository artifact to store your Docker images.

(s
a

c. Create a reference to Kubernetes manifest.

inh

d. Create a DevOps environment.

tS
ra

For more information on OCI Artifact Registry, see the OCI Artifact Registry Documentation.
m
Sa

For more information on setting up artifacts and environments in a DevOps project, see the
OCI Environments Documentation and OCI Artifacts Documentation.

Copyright © 2023, Oracle and/or its affiliates.

136 Create an artifact registry and set up artifacts and environments in a DevOps project.
Prerequisites
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

• You must complete the Continuous Integration and Continuous Delivery: Work with
code repositories in OCI DevOps project (Lab10-1) to perform tasks for this practice.

Assumptions
• You are signed in to your Oracle Cloud Infrastructure (OCI) account using your

le
credentials.

b
ra
• A pre-created OKE cluster <EventID>-OCI-ELS-DEVOPS-OKE is available in the root

sfe
compartment. <EventID> can be fetched from the Lab tab available in the course

n
page.

tra
• This lab assumes you’re working in the Ashburn region. The resource naming

n-
no
convention (iad)used in this lab is according to Ashburn.

. a
ide as
If you’re working in a different region, change the resource names accordingly. For
example, for Phoenix, use phx.

Gu ) h
• is m
You will replace the <userID> placeholder with your user ID.
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Create an artifact registry and set up artifacts and environments in a DevOps project. 137
Create a Repository to Store and Manage Artifacts
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

An artifact is a software package, library, or a zip file used for deploying your applications.
These artifacts are grouped into repositories, which are collections of related artifacts.

In this lab, you will create an Artifact Registry Repository to store your Kubernetes manifest.

le
Tasks

b
ra
sfe
1. In the Console, open the navigation menu and click Developer Services. Under
Containers & Artifacts, click Artifact Registry.

n
tra
2. Select your <assigned compartment> from List scope on the left menu.

n-
no
3. Click Create repository and fill the following values in the form:

. a
ide as
a. Name: IAD-DOP-LAB11-1-AR-01

Gu ) h
b. Compartment: Select your <assigned compartment>.
is m
th co
c. Select Immutable artifacts. Your new repository will make its artifacts immutable.
e il.
us ma

d. Click Create.
to g
se 5@

The IAD-DOP-LAB11-1-AR-01 repository is created and available.

en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

138 Create an artifact registry and set up artifacts and environments in a DevOps project.
Add Container Image Repository Artifact to Store
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Docker Images
Artifacts are used to specify software package versions for deployment. DevOps artifacts can
be of following types:
• Container image repository

le
• Instance group deployment configuration

b
ra
• Kubernetes manifest

sfe
• General artifact

n
• Helm Chart

tra
n-
You will add container image repository artifact to store your Docker images.

no
. a
Tasks

ide as
Gu ) h
1. Open the navigation menu and click Developer Services. Under DevOps, click Projects.
is m
th co
2. Select your <assigned compartment> from List scope on the left menu.
e il.
us ma

3. Open the DevOps project IAD-DOP-LAB10-1-DP-01-<userID> created in Continuous

Integration and Continuous Delivery: Work with code repositories in OCI DevOps project
to g
se 5@

(Lab10-1).
en a0

4. Click Artifacts from the left menu to navigate to the artifacts page.
lic sinh

5. Click Add artifact to create an artifact and fill the form with the following values:
t
ra
am

a. Name: IAD-DOP-LAB11-1-AF-01
(s

b. Type: Select Container image repository from the list of options.

a
inh

c. Fully qualified path to the image in Container Registry:

<region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag>
ra

For example,
m
Sa

iad.ocir.io/oracletenancy/iad-dop-lab07-1-ocir-
1/oci_sample_webapp_<userID>:${BUILDRUN_HASH}

Replace <tenancy-namespace> with your tenancy name, <userID> with your user ID, and
<region-key> with the key for the Oracle Cloud Infrastructure Registry region you're using.
For example, iad is the region key for US EAST (Ashburn) region. See the Availability by
Region topic in the Oracle Cloud Infrastructure documentation.

Copyright © 2023, Oracle and/or its affiliates.

Create an artifact registry and set up artifacts and environments in a DevOps project. 139
Ensure that you append ${BUILDRUN_HASH} in the fully qualified image URL as the tag. This
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

dynamically updates the version of the pushed docker image.

d. Select Allow parameterization and click Add.

b le
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

140 Create an artifact registry and set up artifacts and environments in a DevOps project.
Create a Reference to Kubernetes Manifest
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You will now create a DevOps artifact of type Kubernetes manifest.

Tasks

1. Open the DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.

ble
2. Click Artifacts from the left menu to navigate to the artifacts page.

ra
sfe
3. Click Add artifact to create an artifact and fill the form with the following values:

n
tra
a. Name: IAD-DOP-LAB11-1-AF-02

n-
no
b. Type: Select Kubernetes Manifest from the list of options.

. a
ide as
c. Artifact Source: Select Artifact Registry repository.’

Gu ) h
d. Artifact Registry repository: Click Select and select your artifact registry IAD-DOP-
is m
LAB11-1-AR-01 created earlier.
th co
e il.

e. Artifact Location: Select Set Custom Location.

us ma
to g

1) Artifact Path: lab11-1-<userID>-oke-manifest

se 5@

For example,
en a0

lab11-1-user22-oke-manifest
lic sinh

2) Version: ${BUILDRUN_HASH}
t
ra

f. Select Allow parameterization and click Add.

am
(s

You will now see both the artifacts IAD-DOP-LAB11-1-AF-01 and IAD-DOP-LAB11-1-AF-02,
a

listed in the artifacts page in your DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.

inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Create an artifact registry and set up artifacts and environments in a DevOps project. 141
Create a DevOps Environment
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

An environment is the target platform for your application. You will now create an
Environment to point to your OKE cluster.

Tasks

le
1. Open the DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.

b
ra
sfe
2. Click Environments from the left menu to navigate to the environments page.

n
3. Click Create environment and select Oracle Kubernetes Engine as the Environment

tra
Type. Fill the rest of the form with the following values:

n-
no
a. Name: IAD-DOP-LAB11-1-ENV-01

. a
ide as
b. Description: This environment is pointing to pre created OKE

Gu ) h
cluster.
is m
th co
c. Click Next.
e il.
us ma

d. Region: The region you are working in. This is populated by default.
to g
se 5@

e. Compartment: Select the root compartment.

en a0

f. Cluster: Select <EventID>-OCI-ELS-DEVOPS-OKE from the list.

lic sinh

NOTE: <EventID> can be fetched from the Lab tab available in the course page.
t
ra

g. Click Create environment.

am
(s

You will now see the environment IAD-DOP-LAB11-1-ENV-01 in active state, listed on the
a

environment page in your DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.

inh
tS
ra

Important Note: Do not delete any artifacts and resources created in this lab because
m
Sa

they will be required in the upcoming labs.

Congratulations! in this lab you learned to create a repository to store, share and manage your
artifacts. You added a container image repository artifact to store your Docker images and
created a reference to your manifest in the Artifact Registry repository.

Copyright © 2023, Oracle and/or its affiliates.

142 Create an artifact registry and set up artifacts and environments in a DevOps project.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h
ide as
. a

Lab 12-1 Practices

no
CI/CD Pipeline n-
tra
n sfe
Automate Web App

Estimated Time: 120 minutes

ra
Continuous Delivery:

b le
Deployment to an OKE
Cluster Using OCI DevOps
Continuous Integration and
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

The Oracle Cloud Infrastructure (OCI) DevOps service is an end-to-end, continuous integration
and continuous delivery (CI/CD) platform for developers.

le
You can use OCI DevOps service to easily build, test, and deploy software and applications on

b
ra
Oracle Cloud. The DevOps build and deployment pipelines reduce change-driven errors and

sfe
decrease the time customers spend on building and deploying releases.

n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh

In this lab, you will:

a. Prepare the Kubernetes Deployment Manifest for automated deployment.

ra
m

b. Create DevOps build pipeline and build stages.

c. Create DevOps deployment pipeline and deploy stage.

d. Create Trigger Deployment Stage in build pipeline.

Copyright © 2023, Oracle and/or its affiliates.

144 Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps
e. Automate Sample Web Application deployment to OKE cluster.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

f. View the artifacts generated as part of the automated build.

For more information on OCI DevOps project, see the OCI DevOps Documentation.

Prerequisites

le
• You are signed into your Oracle Cloud Infrastructure (OCI) account using your

b
ra
credentials.

sfe
• You must complete the following labs before you perform tasks for this practice:

n
− Microservices and Container Orchestration: Create Docker image for a web

tra
application using Dockerfile (Lab 06-1).

n-
no
− Microservices and Container Orchestration: Create and work with OCIR repository
(Lab 07-1).

. a
ide as
− Microservices and Orchestration: Set up cluster access (Lab 08-1).

Gu ) h
− Microservice and Container Orchestration: Deploy a sample Web application on a
cluster using kubectl (Lab 09-1). is m
th co
− Continuous Integration and Continuous Delivery: Work with code repositories in OCI
e il.

DevOps project (Lab10-1).

us ma

− Continuous Integration and Continuous Delivery: Create and set up artifacts and
to g
se 5@

environments in DevOps project (Lab11-1).

en a0

Assumptions
lic sinh

• A pre-created OKE cluster <EventID>-OCI-ELS-DEVOPS-OKE is available in the root

compartment. <EventID> can be fetched from the Lab tab available in the course
ra
am

page.
Example : If your User Name is 99241291-lab.user02, then EventID is 99241291.
(s
a

The pre-created OKE cluster will be named as 99241291-OU-DEVELOPER-OKE.

inh

• You have a OCIR repository <region-key>-dop-lab07-1-ocir-

1/oci_sample_webapp_<userID> created in Microservice and Container

Orchestration: Create and work with OCIR repository (Lab 07-1) available.
m

• You have an auth token IAD-DOP-LAB07-1-AT-01 created in Microservice and

Container Orchestration: Create and work with OCIR repository (Lab 07-1) available.
• You have a namespace ns-<userID> created in Microservice and Container
Orchestration: Set up cluster access (Lab 08-1) available.

Copyright © 2023, Oracle and/or its affiliates.

Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps 145
• You have the Kubernetes Secret ocir-secret-<userID> created in Microservice
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

and Container Orchestration: Deploy a sample Web application on a cluster using

kubectl (Lab 09-1) available.
You will replace the <tenancy-namespace> and <username> values from the info
given in the Profile menu.

ble
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

146 Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps
Prepare the Kubernetes Deployment Manifest for
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Automated Deployment
The Manifest is a specification of a Kubernetes API object in JSON or YAML format. A manifest
specifies the desired state of an object that Kubernetes will maintain when you apply the
manifest.

le
In this lab, you will edit the Kubernetes Deployment Manifest HelloWorld-lb.yaml to

b
ra
prepare for an automated deployment.

sfen
Tasks

tra
n-
1. Open Cloud Shell and go to the cloned OCI DevOps Code Repository created in lab10-1.

no
$ cd ~/IAD-DOP-LAB10-1-CR-01/

. a
ide as
2. Make sure that you’re in the git main branch.

Gu ) h
$ git checkout main
is m
3. Open Code Editor. Code Editor allows you to edit files and source codes present in the
th co
cloned Git directory within the cloud shell.
e il.
us ma

The Tool Bar is on the left side of the Code Editor window. Click the Explorer (top) icon
to g
se 5@

from the left-side menu within the Code Editor window.

en a0

a. From inside the Code Editor, navigate to the local code repository IAD-DOP-LAB10-1-
lic sinh

CR-01, which was cloned in the Continuous Integration and Continuous Delivery: Work
with Code Repositories in OCI DevOps Project (Lab 10-1).
t
ra

b. Browse to the file HelloWorld-lb.yaml and replace the tag latest with
am

${BUILDRUN_HASH} in image name, as follows:

image: <region-key>.ocir.io/<tenancy-namespace>/<repo-
a

name>:${BUILDRUN_HASH}
inh
tS

Where,
ra

• <region-key>: <region-key> is the key for the Oracle Cloud Infrastructure

Registry region you're using, for example, iad is the region key for US EAST
Sa

(Ashburn) region. See the Availability by Region topic in the Oracle Cloud
Infrastructure documentation.
• <tenancy-namespace>: This is the auto-generated Object Storage namespace
string of the tenancy (as shown on the Tenancy Information page) to which you
want to push the image.

Copyright © 2023, Oracle and/or its affiliates.

Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps 147
• <repo-name>: The repository name iad-dop-lab07-1-ocir-
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

1/oci_sample_webapp_<userID> used to tag and push the image

• ${BUILDRUN_HASH}: This dynamically updates the tag of a Docker image
pushed into OCIR to be used as a deployment artifact.

The file will look similar when you make the changes:

ble
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.

Note: user22 is a sample reference in the above code snippet. Instead, your files must
us ma

reflect your user ID.

to g
se 5@

4. Click Save from the File menu and exit the Code Editor.
en a0

5. Run the following commands to commit and push your changes to code repository IAD-
lic sinh

DOP-LAB10-1-CR-01 created in Continuous Integration and Continuous Delivery: Work

with code repositories in OCI DevOps project (Lab10-1).

ra
am

a. Switch to the Cloud Shell and add the changes in the working directory to the staging
(s

area:
a

$ git add .
inh
tS

b. Check the status of working directory and staging area:

$ git status
m

You will see the file HelloWorld-lb.yaml shown as modified and displayed in green
Sa

color.

c. Save the changes in the staging area with a relevant message:

$ git commit -m "HelloWorld-lb.yaml modified for Lab12"

Copyright © 2023, Oracle and/or its affiliates.

148 Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps
d. Push the changes to the upstream code repository:
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

$ git push -u -f origin main

When prompted, enter your username <tenancy-namespace>/<username>. For

example, oracletenancy/user22.

Replace the <tenancy-namespace> and <username> values from the information

le
given in the Profile menu.

b
ra
Enter the auth token IAD-DOP-LAB07-1-AT-01 (random string) you copied earlier as the

sfe
password.

n
tra
For example,

n-
R5kwpS-xxxxx((]51r]]

no
. a
Note: When you enter or paste the password, you’ll not see masked characters. Press

ide as
Enter on your keyboard to continue and you should see the following message on the

Gu ) h
screen.
Enumerating objects: 5, done. is m
th co
Counting objects: 100% (5/5), done.
e il.

Delta compression using up to 2 threads

us ma

Compressing objects: 100% (3/3), done.

to g

Writing objects: 100% (3/3), 332 bytes | 332.00 KiB/s, done.

se 5@

6. Verify if the changes have been pushed to the upstream code repository:
en a0
lic sinh

a. Open the DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.

t
ra

b. Navigate to Code Repositories from the left menu and open the repository IAD-
am

DOP-LAB10-1-CR-01.
(s

c. Navigate to Files from the left menu on the code repository page and you will notice
a
inh

the HelloWorld-lb.yaml present with:

1) Commit message you used, “HelloWorld-lb.yaml modified for Lab12.”

ra
m

2) Timestamp matching the time of the push.

3) ${BUILDRUN_HASH} in image name as tag.

Copyright © 2023, Oracle and/or its affiliates.

Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps 149
Create DevOps Build Pipeline and Build Stages
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

A build pipeline contains the stages that define the build process for successfully compiling,
testing, and running software applications before deployment.

A stage is an action in the build pipeline. The OCI DevOps service includes the following
predefined stages that you can use in a build pipeline:

le
• Managed Build: Build and test your software applications.

b
ra
• Deliver Artifacts: Store your software applications created from the Managed Build

sfe
stage in the OCI Artifact Registry or OCI Container Registry repositories.

n
tra
• Trigger Deployment: Start a deployment pipeline to deploy the output from the
build pipeline.

n-
no
• Wait: Pause a specific duration for testing the build pipeline.

. a
You can add multiple stages to a pipeline. Stages can be added in a sequence or in parallel.

ide as
You can remove any stage from the pipeline. When you do, the stage and its associated

Gu ) h
resources are deleted. is m
th co
In this lab, you will create DevOps build pipeline and build stages.
e il.
us ma

Tasks
to g
se 5@

1. Open the navigation menu and click Developer Services. Under DevOps, click Projects.
en a0

2. Select your <assigned compartment> from the List scope on the left menu.
lic sinh

3. Open the DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.

t
ra
am

4. Click Build Pipelines from the left menu to navigate to the Build Pipelines page.
(s

5. Click Create build pipeline and fill the form with the following values:
a
inh

a. Name: IAD-DOP-LAB12-1-BPL-01
tS
ra

b. Description: This is the Build pipeline for Lab12.

m
Sa

c. Click Create. The Build pipeline tab will open.

Copyright © 2023, Oracle and/or its affiliates.

150 Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps
6. To add the first stage to the build pipeline, click the + icon and click Add stage.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

a. Select Managed Build as stage type and click Next. Fill the form with the following
values:

1) Stage name: Build-Demo-WebApp

2) Description: This stage executes the commands specified in

le
build_spec.yaml file.

b
ra
sfe
3) Default compute shape information is displayed for the OCI build agent.

n
Note: The Managed Build stage runs build instructions on a service managed

tra
build runner.

n-
no
4) Base container image: Default is Oracle Linux 7 x86 standard 1:0

. a
5) Connect to your tenancy subnet: This is an optional field. Because there are no

ide as
private resources in your compartment, you will leave this blank.

Gu ) h
6)
is m
Build spec file path: The build specification contains build steps and settings
th co
that the build pipeline uses to run a build. The file build_spec.yaml is in the
e il.
us ma

root directory, so you will leave this field blank.

to g

7) Primary code repository: Click Select. This opens the window to select Primary
se 5@

code repository:
en a0
lic sinh

a) Select the OCI Code Repository from the drop-down list for Source:
Connection type.
t
ra

This will populate the Code repositories available within your DevOps project.
am

b) Select the code repository IAD-DOP-LAB10-1-CR-01. The branch and Build

Source name will auto-populate.

a
inh

c) Click Select.
tS

8) Additional code repositories: You do not have any additional code repositories,
ra
m

therefore, leave this field blank.

9) Timeout (in seconds): This is an optional field. You will continue with the default
value of 36000.

10) Click Add. You will notice a stage with name Build-Demo-WebApp (Managed
Build) has been added.

Copyright © 2023, Oracle and/or its affiliates.

Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps 151
7. Add the second stage to the Build pipeline by clicking the + icon at the bottom of the
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Build-Demo-WebApp (Managed build) box and click Add stage.

a. Select Deliver Artifacts as stage type from the optional section and click Next. Fill
the form with the following values:

1) Stage name: Push WebApp Artifacts

ble
2) Description: This stage uploads artifacts to registries.

ra
sfe
3) Click the Select Artifact(s) button. This opens the window to select artifacts

n
created in Continuous Integration and Continuous Delivery: Create and set up

tra
artifacts and environments in DevOps project (Lab11-1). Select the following

n-
artifacts and click Add:

no
• IAD-DOP-LAB11-1-AF-01 Docker Image

. a
• IAD-DOP-LAB11-1-AF-02 Kubernetes Manifest

ide as
Gu ) h
You will see both the artifacts now listed on the Add a stage page.
is m
th co
b. Associate artifacts with build result: In this section, you will provide the output
e il.

names used in the outputArtifacts section of the build_spec.yaml file

us ma

corresponding to the artifact types in the build config/result artifact name field.
to g
se 5@

A snippet of the build_spec.yaml file:

en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m

The build_spec.yaml is available in the root directory of your DevOps code

repository IAD-DOP-LAB10-1-CR-01.

Copyright © 2023, Oracle and/or its affiliates.

152 Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps
After reading through the file snippet, you will be able to identify the output names
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

used for different artifact types. Fill the fields appropriately as shown in the following
table:

Destination DevOps artifact Type Build config/result artifact

name name

IAD-DOP-LAB11-1-AF-01 Docker image oke_app_base

le
b
IAD-DOP-LAB11-1-AF-02 Kubernetes manifest oke_deploy_manifest

ra
sfe
c. Click Add. You will notice a stage with name Push WebApp Artifacts

n
(DeliverArtifacts) added.

tra
n-
Note: At this point you have two stages in your Build pipeline IAD-DOP-LAB12-1-BPL-01.

no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps 153
Create DevOps Deployment Pipeline and Deploy Stage
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

A deployment pipeline holds the requirements that must be satisfied to deliver a set of
artifacts to the target environment. Deployment pipelines contain different stages for
automated deployment. Each stage is associated with certain actions in the pipeline.

DevOps service includes predefined stages, which could be readily used in a deployment

ble
pipeline:

ra
sfe
• Deploy to a Kubernetes cluster: Uses the built-in Kubernetes rolling update strategy

n
tra
• Deploy to an instance group: Releases update incrementally to the instance group.

n-
You can specify the maximum instances that can be offline at one time. This type

no
supports automatic rollbacks.

. a
• Deploy to Functions: Uses the built-in Functions update strategy

ide as
Gu ) h
In this lab, you will create DevOps deployment pipeline and deploy stage.
is m
th co
Tasks
e il.
us ma

1. Open the DevOps project IAD-DOP-LAB10-1-DP-01-<userID>. For example, IAD-DOP-

to g

LAB10-1-DP-01-user22.
se 5@
en a0

2. Click Deployment Pipelines from the left menu to navigate to the Deployment Pipelines
lic sinh

page.

3. Click Create pipeline and fill the form with the following values:
t
ra
am

a. Name: IAD-DOP-LAB12-1-DPL-01
(s

b. Description: This is Deployment pipeline for Lab12.

a
inh

c. Click Create pipeline. The Pipeline tab will open.

tS
ra

4. To add a stage to the Deployment pipeline, click the + icon and click Add stage.
m
Sa

a. Select Apply manifest to your kubernetes cluster as stage type and click Next. Fill
the form with the following values:

1) Stage name: OCI-WebApp-Deployment

2) Description: Deploys the sample WebApp to OKE cluster.

Copyright © 2023, Oracle and/or its affiliates.

154 Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps
3) Environment: Select the environment IAD-DOP-LAB11-1-ENV-01 you created in
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Continuous Integration and Continuous Delivery: Create and set up artifacts and
environments in DevOps project (Lab11-1).

4) Under Select one or more artifacts field, click Select Artifact. This opens the
window to add Kubernetes Manifest type artifacts.
• Select IAD-DOP-LAB11-1-AF-02 and click Save changes.

ble
5) Override Kubernetes namespace: Leave this field blank.

ra
sfe
Note: The namespace to which the application will be deployed is specified in the

n
tra
HelloWorld-lb.yaml file which is ns-<userID>.

n-
6) If validation fails, automatically roll back to the last successful version?:

no
Select Yes to automatically roll back to the last successful version.

. a
ide as
7) Click Add. You will notice a stage with name OCI-WebApp-Deployment (Deploy

Gu ) h
OKE: Rolling) added.
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps 155
Create a Trigger Deployment Stage in Build Pipeline
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

In this lab, you will create a Trigger Deployment Stage within the build pipeline that triggers
the Deployment pipeline to deploy the application based on the output artifacts from the build
pipeline execution.

Tasks

ble
ra
1. Navigate to the Build pipeline IAD-DOP-LAB12-1-BPL-01 in your DevOps project.

sfe
2. On the Build Pipeline tab, click the + icon at the bottom of the Push WebApp Artifacts

n
tra
(Deliver Artifacts) box and click Add stage.

n-
a.

no
Select Trigger Deployment as stage type from the optional section and click Next.
Fill the form with the following values:

. a
ide as
1) Stage name: Trigger OKE Deployment

Gu ) h
2) is m
Description: This triggers the IAD-DOP-LAB12-1-DPL-01 Deployment
th co
pipeline stages.
e il.
us ma

3) Click Select Deployment Pipeline. This opens the window to select the
to g

deployment pipelines you have created.

se 5@

• Select IAD-DOP-LAB12-1-DPL-01 and click Save changes.

en a0

4) Enable the Send build pipelines Parameters option.

lic sinh

5) Artifacts used in the deployment pipeline auto-populate with the Kubernetes

t
ra

manifest type artifact IAD-DOP-LAB11-1-AF-02. This manifest will be applied to

the OKE cluster every time a deployment is triggered.

6)
a

Click Add. You will notice a stage with name Trigger OKE Deployment (Trigger
inh

deployment) added.
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

156 Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps
Automate Sample Web Application Deployment to OKE
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Cluster
In this lab, you will run the Build pipeline to execute all its stages in sequence and populate the
artifact and container registry with the manifest and Docker image, respectively. The
successful execution of the Build pipeline will trigger the Deployment pipeline, which uses the

le
output artifacts and applies them to the target environment, which in this case is an OKE

b
cluster.

ra
sfe
Tasks

n
tra
1. On the Build Pipeline page IAD-DOP-LAB12-1-BPL-01. Click the Start Manual Run

n-
button. The Start Manual Run page opens.

no
. a
a. OCI assigns your build a Build run name.

ide as
Gu ) h
b. Click Start manual run at the bottom left.
is m
2. You will reach the Build pipeline tab. Observe that all the build stages are listed here.
th co
Build stages will execute sequentially. You can observe the logs for each stage in the right
e il.
us ma

window.
to g
se 5@

3. Once the Trigger OKE Deployment stage completes, click Deployments from the left
menu under your DevOps project IAD-DOP-LAB10-1-DP-01-<userID> to navigate to the
en a0

Deployments page.
lic sinh

You will observe deployment listed here that got automatically kicked-off and is either in
t
ra

an In-progress or Succeeded state.

am
(s

Further, when you click the deployment name, you will reach the Deployments tab. Under
a

the Deployments tab, you can see the logs and additional details for the Deployment
inh

pipeline run.
tS

4.
ra

Because the deployment is successful, let’s now try to access the application using the
m

External (or Public) endpoint that is the HelloWorld Service Load Balancer IP.
Sa

5. Open Cloud Shell

$ kubectl get svc -n ns-<userID>

Copyright © 2023, Oracle and/or its affiliates.

Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps 157
For example,
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

$ kubectl get svc -n ns-user22

You will observe the EXTERNAL-IP listed in the output.

6. Launch a Web browser and enter the EXTERNAL-IP address into the browser’s address
bar to access the application. Once the request is processed, you’ll see the following

le
webpage:

b
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

158 Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps
View the Artifacts Generated as Part of the Automated
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Build
In this lab, you will view the artifacts generated as part of the Build pipeline execution.

Tasks

le
1.

b
To view Container Image Repository Artifact:

ra
sfe
a. In the Console, open the navigation menu and click Developer Services. Under

n
Containers & Artifacts, click Container Registry.

tra
n-
b. Select your <assigned compartment> from List scope on the left menu.

no
c. Select the container repository iad-dop-lab07-1-ocir-

. a
1/oci_sample_webapp_<userID> you created as part of Microservices and

ide as
Container Orchestration: Manage OCIR and Push and Pull Images Using Docker CLI

Gu ) h
(Lab 07-1). is m
th co
d. You will notice a new image present in your repository with a random string like
e il.
us ma

qm3pznq as tag. This random string is the BUILDRUN_HASH of the build that pushed
the image in OCIR.
to g
se 5@

2. To view Kubernetes manifest reference:

en a0
lic sinh

a. In the OCI Console, open the navigation menu and click Developer Services. Under
Containers & Artifacts, click Artifact Registry.
t
ra

b. Select your <assigned compartment> from the List scope on the left menu.
am
(s

c. Select the artifact registry IAD-DOP-LAB11-1-AR-01 you created in Continuous

Integration and Continuous Delivery: Create an Artifact Registry and Set Up Artifacts
inh

and Environments in a DevOps Project (Lab11-1).

tS
ra

d. You will notice the Kubernetes manifest used by the Deployment pipeline listed here
m

with the same string qm3pznq as tag.

Every time you run a build pipeline, these artifacts will be generated and stored in the
container and artifact registry with a unique string to identify them. In case of a build failure,
these artifacts are used to roll back to last successful version.

Copyright © 2023, Oracle and/or its affiliates.

Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps 159
Important Note: Do not delete any artifacts and resources created in this lab because
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

they will be required in the upcoming labs.

Congratulations! You have successfully deployed a Web Application to an OKE cluster using
OCI DevOps Build and Deployment pipelines.

Further, you also verified the artifacts generated as part of the successful Build pipeline run.

ble
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

160 Deploy a Web App with a CI/CD pipeline to an OKE cluster using OCI DevOps
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h
ide as
. a
Lab 13-1 Practices no
n-
tra
Estimated Time: 60 minutes n sfe
Monitoring Queries

ra
b le
Configure Alarms with
Notifications and Create
Monitoring - Notification:
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

The Oracle Cloud Infrastructure Monitoring service lets you actively and passively monitor
your cloud resources using metrics and alarms.

le
The Monitoring service uses metrics to monitor resources and alarms to notify you when

b
ra
these measures respond to the triggers specified by the alarm.

sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh

In this lab, you will:

t
ra
am

a. Validate build run and deployment.

b. Configure notifications.
a
inh

c. Monitor build execution time.

d. Monitor build success.

ra
m

e.
Sa

Monitor deployment failure.

f. Create monitoring queries.

For more information on OCI Alarms and Notifications, see the OCI Notification
Documentation and for Monitoring Queries, see the OCI Monitoring Documentation.

Copyright © 2023, Oracle and/or its affiliates.

162 Configure alarms with notifications and create monitoring queries

Prerequisites
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

• You must complete the following labs before you perform tasks for this practice:
− Microservices and Container Orchestration: Create Docker image for a web
application using Dockerfile (Lab 06-1).
− Microservices and Container Orchestration: Create and work with OCIR repository
(Lab 07-1).

ble
− Microservices and Orchestration: Set up cluster access (Lab 08-1).

ra
− Microservice and Container Orchestration: Deploy a sample Web application on a

sfe
cluster using kubectl (Lab 09-1).

n
tra
− Continuous Integration and Continuous Delivery: Work with code repositories in OCI

n-
DevOps project (Lab10-1).

no
− Continuous Integration and Continuous Delivery: Create and set up artifacts and

. a
environments in DevOps project (Lab11-1).

ide as
− Continuous Integration and Continuous Delivery: Automate Web App deployment

Gu ) h
to an OKE cluster using OCI DevOps CI/CD pipeline (Lab 12-1).
is m
th co
Assumptions
e il.
us ma

• This lab assumes you’re working in the Ashburn region. The resource naming
convention (iad) used in this lab is according to Ashburn.
to g
se 5@

If you’re working in a different region, change the resource names accordingly. For
en a0

example, for Phoenix, use phx.

lic sinh

• You will replace the <userID> placeholder with your user ID.
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Configure alarms with notifications and create monitoring queries 163

Validate Build Run and Deployment
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You will execute build runs from DevOps Project to ensure build runs are successful, measure
the total time taken for execution and verify deployments are working.

Tasks

le
1. Sign in to your Oracle Cloud Infrastructure (OCI) account.

b
ra
sfe
2. Open the navigation menu and select Developer Services. Under DevOps, select
Projects.

n
tra
3. Select your <assigned compartment> from the List scope on the left menu.

n-
no
4. Click to select your project IAD-DOP-LAB10-1-DP-01-<userID> under the Project name

. a
column.

ide as
Gu ) h
5. From the left menu, click Build Pipelines and select IAD-DOP-LAB12-1-BPL-01 pipeline.
is m
th co
6. Verify that there are three stages available in the Build pipeline: Build-Demo-WebApp,
e il.

Push WebApp Artifacts, and Trigger OKE Deployment.

us ma

7. Click Start manual run on the top-right corner of the page.

to g
se 5@

8. Keep the Build run name as default and click Start manual run.
en a0
lic sinh

The status at the top-left corner will be shown In progress, and the execution will take
approximately 5 minutes to complete.
t
ra
am

9. Upon completion, the Status at the top-left corner will be updated to Succeeded.
(s

10. Also, convert the Total duration, mentioned at the top, into seconds.
a
inh

For example, the build run of 3 minutes and 40 seconds will be equal to 220 seconds. You
tS

will use this value as threshold for BuildRunExecutionTime metric. Save this value on a
ra

notepad.
m
Sa

11. Click your DevOps project IAD-DOP-LAB10-DP-01-<userID> using the breadcrumb list at
the top of the page and click Deployments from the left menu.

12. Verify if the status of the last deployment is Succeeded.

Copyright © 2023, Oracle and/or its affiliates.

164 Configure alarms with notifications and create monitoring queries

Configure Notifications
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Now that you have validated build run and deployment, you will configure Notifications to
notify of such events. Alarms is a feature in the Monitoring service which will trigger
notifications based on the monitoring query and trigger rule conditions defined.

To create an alarm, you must first create a notification topic and a subscription so that the

le
alarm has a way to notify the relevant parties; for example, an alarm can email an

b
ra
administrator when a deployment has failed.

sfe
Task

n
tra
n-
1. Open the navigation menu and select Developer Services. Under Application Integration,

no
click Notifications.

. a
2. Select your <assigned compartment> from the List scope on the left menu.

ide as
Gu ) h
3. Click Create Topic at the top of the topic list. Enter the following values to configure your
topic and click Create:
is m
th co
• Name: iad-dop-lab13-1-nt-01-<userID>.It must be unique across the
e il.
us ma

tenancy; validation is case-sensitive.

to g

For Example, iad-dop-lab13-1-nt-01-user22

se 5@

• Description: This topic is for Lab 13.

en a0

Note: Topic name is case-sensitive and must be unique across the tenancy.
lic sinh

4. Once the state of the topic changes to Active, click the topic name iad-dop-lab13-1-
t
ra

nt-01-<userID> to view the details.

am
(s

5. Click Create Subscription and enter the following values to configure your subscription
a

and click Create:

inh

• Protocol: Select Email from the drop-down list.

• Email: Enter your email address.

ra
m

6. Click the subscription that you just created. The Subscription Information will be
Sa

displayed with the status as Pending Confirmation.

7. Check your email account for the confirmation email and click the Confirm subscription
verification link. A pop-up window will tell you that the subscription has been confirmed.

Copyright © 2023, Oracle and/or its affiliates.

Configure alarms with notifications and create monitoring queries 165

8. Switch back to the Subscriptions page, refresh the page and you will observe that the
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

subscription state has changed to Active.

Note: You may need to refresh your browser if the status is not updated.

b le
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

166 Configure alarms with notifications and create monitoring queries

Monitor Build Execution Time
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You will now create an alarm that is triggered when the BuildRunExecutionTime metric
reaches a designated threshold.

Thereafter, you will execute a build run from the build pipeline of your DevOps project and
verify the alarm notifications.

ble
Tasks

ra
sfe
Create an Alarm

n
tra
n-
1. Open the navigation menu and select Observability & Management. Under Monitoring,

no
click Alarm Definitions.

. a
2. Select your <assigned compartment> from the List scope on the left menu.

ide as
Gu ) h
3. Click Create Alarm and enter the following values:
is m
th co
a. Define Alarm section:
e il.

− Alarm name: IAD-DOP-LAB13-1-ALA-01

us ma

− Alarm severity: Select Critical from drop-down list.

to g
se 5@

− Alarm body: Build Execution Time is more than threshold.

en a0

Note: The Tags section is optional. Therefore, keep the default selections.
lic sinh

b. Metric description section:

t
ra

− Compartment: Select your <assigned compartment>.

− Metric namespace: Select oci_devops_build from drop-down list.

− Metric name: Select BuildRunExecutionTime from drop-down list.

a
inh

− Interval: Select 1m from drop-down list.

− Statistic: Select Max from drop-down list.

Note: The Resource Group field is optional, therefore, you can skip it for now. Keep the
m
Sa

Metric dimensions section blank.

c. Trigger rule section:

− operator: Select greater than from the drop-down list.
− Value: 60
− Trigger delay minutes: 1

Copyright © 2023, Oracle and/or its affiliates.

Configure alarms with notifications and create monitoring queries 167

Note: The Trigger rule condition is defined to notify if the build execution time exceeds
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

more than 60 seconds, and an alarm should be triggered which will send an email
notification based on the notifications configured in the previous task.

d. Define alarm notifications section:

− Destination service: Select Notifications from the drop-down list.
− Compartment: Select your <assigned compartment>.

b le
− Topic: Select iad-dop-lab13-1-nt-01-<userID> from the drop-down list.

ra
sfe
Note: You have created the topic earlier and recall that the topic is the communication

n
channel, such as email. When the alarm is triggered, a notification is sent to the

tra
subscribed email addresses.

n-
no
4. Keep the default selection in the Message grouping section which is Group notifications

. a
across metric streams.

ide as
Gu ) h
5. Keep default selection in the Message Format section which is Send formatted
messages. is m
th co
Note:
e il.
us ma

• You can also choose to have a notification repeated at certain frequencies if an alarm
to g

continues. Keep the Repeat notification option deselected.

se 5@

• You have option to suppress (pause) the notification. Keep the Suppress notifications
en a0

option deselected.
lic sinh

6. Select Enable this alarm and click Save Alarm.

t
ra

You should now be able to see the alarm’s details and are ready to execute Build Run from
am

Build Pipeline.
(s

7.
a

Open your DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.

inh

8. Click Build Pipelines from the left menu and click IAD-DOP-LAB12-1-BPL-01.
tS
ra

9. Click Start manual run.

m
Sa

10. Keep the Build run name as default and click Start manual run.

11. Wait until the Build run is finished. Verify that the status of build run is Succeeded.

12. Verify that the Total Duration mentioned on top is greater than 60 seconds which is the
trigger rule condition.

Copyright © 2023, Oracle and/or its affiliates.

168 Configure alarms with notifications and create monitoring queries

Trigger the Alarm
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

1. Open the navigation menu and select Observability & Management. Under Monitoring,
click Alarm Definitions.

2. Click IAD-DOP-LAB13-1-ALA-01 alarm you created earlier.

le
3. The icon before IAD-DOP-LAB13-1-ALA-01 would have changed to Firing mode due to the

b
overall build execution time exceeding the threshold. Please wait for a minute if the status

ra
is not changed to Firing, and then refresh the page.

sfe
• Scroll down to the Alarm history graph which signifies that the execution time of the

n
tra
build has surpassed the set threshold.

n-
• An email notification is sent to the configured subscription email of the notification’s

no
topic as alarm status changes from OK to Firing.

. a
• The email provides details about alarm OCID, number of metrics breaching threshold,

ide as
and dimensions as shown below in the screenshot.

Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

4. Navigate back to the Alarm Definitions page and select the check box against the IAD-
DOP-LAB13-1-ALA-01 alarm name.

5. Click Actions drop-down list and select Add suppressions.

Copyright © 2023, Oracle and/or its affiliates.

Configure alarms with notifications and create monitoring queries 169

6. In the Suppress Alarms window, keep the default Start time and End time.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

7. Click Apply suppressions to confirm.

8. Click Close and verify that the Suppressed column shows the alarm is suppressed for the
period.

b le
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

170 Configure alarms with notifications and create monitoring queries

Monitor Build Success
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You will now create an alarm that is triggered when the build is succeeded.

Thereafter, you will execute a build run from the build pipeline of your DevOps project and
verify alarm notifications using the BuildSuccess metric.

le
Tasks

b
ra
sfe
Create an Alarm

n
tra
1. Open the navigation menu and select Observability & Management. Under Monitoring,

n-
click Alarm Definitions.

no
2. Select your <assigned compartment> from the List scope on the left menu.

. a
ide as
3. Click Create Alarm and enter the following values:

Gu ) h
a. Define alarm section: is m
th co
− Alarm name: IAD-DOP-LAB13-1-ALA-02
e il.
us ma

− Alarm severity: Select Info from drop-down list.

− Alarm body: Build Run has succeeded.
to g
se 5@

Note: The Tags section is optional. Therefore, keep the default selections.
en a0
lic sinh

b. Metric description section:

− Compartment: Select your <assigned compartment>.
t
ra

− Metric namespace: Select oci_devops_build from drop-down list.

− Metric name: Select BuildSuccess from drop-down list.

− Interval: Select 1m from drop-down list.

a
inh

− Statistic: Select Min from drop-down list.

Note: The Resource Group field is optional, therefore, you can skip it for now. Keep the
ra

Metric dimensions section blank.

m
Sa

c. Trigger rule section:

− operator: Select equal to from the drop-down list.
− Value: 1
− Trigger delay minutes: 1

Copyright © 2023, Oracle and/or its affiliates.

Configure alarms with notifications and create monitoring queries 171

d. Define alarm notifications section:
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

− Destination service: Select Notifications from the drop-down list.

− Compartment: Select your <assigned compartment>.
− Topic: Select iad-dop-lab13-1-nt-01-<userID> from the drop-down list.

4. Keep the default selection in the Message grouping section which is Group notifications
across metric streams.

b le
ra
5. Keep the default selection in the Message Format section which is Send formatted

sfe
messages.

n
tra
6. Select Enable this alarm and click Save Alarm.

n-
no
You should now be able to see the alarm’s details and are ready to execute Build Run from
Build Pipeline.

. a
ide as
7. Open your DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.

Gu ) h
8.
is m
Select Build Pipelines from the left navigation panel and click IAD-DOP-LAB12-1-BPL-01
th co
pipeline.
e il.
us ma

9. Click Start manual run.

to g
se 5@

10. Keep the Build run name as default and click Start manual run.
en a0

11. Wait until the Build run is finished. Verify that the Status of Build run is succeeded.
lic sinh

Trigger the Alarm

t
ra
am

1. From the navigation menu, select Observability & Management. Under Monitoring, click
(s

Alarm Definitions.
a
inh

2. Click IAD-DOP-LAB13-1-ALA-02 alarm you created earlier.

3. The icon before IAD-DOP-LAB13-1-ALA-02 would have changed to Firing mode as the
ra

build run has succeeded. Please wait for a minute if the status is not changed to Firing,
m

and then refresh the page.

• Scroll down to the Alarm history graph which signifies that the build has succeeded.
• An email notification is sent to the configured subscription email of the notifications
topic as alarm status changes from OK to Firing.

Copyright © 2023, Oracle and/or its affiliates.

172 Configure alarms with notifications and create monitoring queries

• The email provides details about alarm OCID, number of metrics breaching threshold,
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

and dimensions as shown below in the screenshot.

ble
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@

4. Navigate back to the Alarm Definitions page and select the check box against the IAD-
DOP-LAB13-1-ALA-02 alarm.
en a0
lic sinh

5. Click Actions drop-down list and select Add suppressions.

6. In the Suppress alarms window, keep the default Start time and End time and click
ra
am

Apply suppressions to confirm.

7. Click Close and verify that the column Suppressed shows the alarm is suppressed for the
a

period.
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Configure alarms with notifications and create monitoring queries 173

Monitor Deployment Failure
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You will now create an alarm that is triggered when the Deployment gets Failed.

Thereafter, you will configure the Build run stage to fail the deployment, execute a build run
from the Build pipeline which will initiate the deployment and verify alarm notifications.

le
Tasks

b
ra
sfe
Create an Alarm

n
tra
You will now create an alarm for notifying Build Success Runs.

n-
1.

no
Open the navigation menu and select Observability & Management. Under Monitoring,
click Alarm Definitions.

. a
ide as
2. Select your <assigned compartment> from the List scope on the left menu.

Gu ) h
3. is m
Click Create Alarm and enter the following values:
th co
e il.

a. Define alarm section:

us ma

− Alarm name: IAD-DOP-LAB13-1-ALA-03

to g

− Alarm severity: Select Critical from drop-down list.

se 5@

− Alarm body: Deployment has Failed.

en a0
lic sinh

Note: The Tags section is optional. Therefore, keep the default selections.
t
ra

b. Metric description section:

− Compartment: Select your <assigned compartment>.

− Metric namespace: Select oci_devops_deployment from the drop-down list.

− Metric name: Select DeploymentFailure from the drop-down list.

inh

− Interval: Select 1m from the drop-down list.

− Statistic: Select Min from the drop-down list.

ra
m

Note: The Resource Group field is optional, therefore, you can skip it for now. Keep the
Sa

Metric dimensions section blank.

Copyright © 2023, Oracle and/or its affiliates.

174 Configure alarms with notifications and create monitoring queries

c. Trigger rule section:
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

− operator: Select equal to from the drop-down list.

− Value: 1
− Trigger delay minutes: 1

d. Define alarm notifications section:

le
− Destination service: Select Notifications from the drop-down list.

b
ra
− Compartment: Select your <assigned compartment>.

sfe
− Topic: Select iad-dop-lab13-1-nt-01-<userID> from the drop-down list.

n
tra
4. Keep the default selection in the Message grouping section which is Group notifications

n-
across metric streams.

no
5. Keep default selection in the Message Format section which is Send formatted

. a
messages.

ide as
Gu ) h
6. Select Enable this alarm and click Save Alarm.
is m
th co
You should now be able to see the alarm’s details.
e il.
us ma

Update Build Pipeline Stage and Execute Build Run

to g
se 5@

You will disable the option to send build pipeline parameters so that the deployment task can
en a0

be failed which will trigger the alarm.

lic sinh

1. Open your DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.

t
ra

2. Select Build Pipelines from the left menu and click IAD-DOP-LAB12-1-BPL-01.
am
(s

3. Click the three dots on Trigger OKE Deployment and click View details.
a
inh

4. Click Edit Stage and deselect the Send build pipelines Parameters box.
tS

Note: This will block the build pipeline parameters to be shared with deployment pipeline
ra

and thus trigger a failure in deployment.

m
Sa

Note: Select the Send build pipelines Parameters box after the alarm has been tested at
the end of this lab.

5. Click Save changes.

6. Click Start manual run.

Copyright © 2023, Oracle and/or its affiliates.

Configure alarms with notifications and create monitoring queries 175

7. Keep the Build run name as default and click Start manual run.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

8. Wait until the Status of build run shows Succeeded.

9. Click Project using the breadcrumb list and click Deployments from the left menu.

10. Verify that the last deployment is shown as Failed.

le
Trigger the Alarm

b
ra
sfe
1. Open the navigation menu and select Observability & Management. Under Monitoring,

n
click Alarm Definitions.

tra
n-
2. Click IAD-DOP-LAB13-1-ALA-03 alarm you created earlier.

no
3. The icon before IAD-DOP-LAB13-1-ALA-03 would have changed to Firing mode as the

. a
deployment has Failed. Please wait for a minute if the status is not changed to Firing, and

ide as
then refresh the page.

Gu ) h
• is m
Scroll down to the Alarm history graph which signifies that the deployment has
th co
failed.
e il.

• An email notification is sent to the configured subscription email of the notifications

us ma

topic as alarm status changes from OK to Firing.

to g

•
se 5@

The email provides details about alarm OCID, Query, number of metrics breaching
threshold, and dimensions as shown below in the screenshot.
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

176 Configure alarms with notifications and create monitoring queries

4. Navigate back to the Alarm Definitions page and select the check box against the IAD-
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

DOP-LAB13-1-ALA-03 alarm.

5. Click Actions drop-down list and select Add suppressions.

6. In the Suppress Alarms window, select the default Start time and End time and click
Apply suppressions to confirm.

ble
7. Click Close and verify that the column Suppressed shows the alarm is suppressed for the

ra
period.

sfen
Update Build Pipeline Stage

tra
n-
You will enable the option to send build pipeline parameters so that the deployment task can

no
run successfully.

. a
ide as
1. Open your DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.

Gu ) h
2. Select Build Pipelines from the left menu and click IAD-DOP-LAB12-1-BPL-01.
is m
th co
3. Click the three dots on Trigger OKE Deployment and click View details.
e il.
us ma

4. Click Edit Stage and select the Send build pipelines Parameters checkbox.
to g
se 5@

5. Click Save changes.

en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Configure alarms with notifications and create monitoring queries 177

Create Monitoring Queries
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You will learn about query expressions and components, and you will execute sample queries
that can be used with the Monitoring. The Metrics Explorer creates queries that are used to
search and aggregate metric data points collected from resources.

A standard query includes a metric namespace (the source or application being measured), a

le
metric (what is being measured), an interval (over what period), and a statistic (how it’s being

b
ra
measured, for example, a sum, rate, or max value).

sfe
Tasks

n
tra
n-
Create Standard Queries

no
1. Open the navigation menu and select Observability & Management. Under Monitoring,

. a
ide as
click Metrics Explorer.

Gu ) h
2. To create a standard query, scroll down to the Query section and enter the following
is m
values:
th co
e il.

• Compartment: Select your <assigned compartment>.

us ma

• Metric namespace: Select oci_devops_code_repos from the drop-down list.

to g

• Metric name: Select CodeRepositoriesPulls from the drop-down list.

se 5@

• Interval: Select 1m from the drop-down list.

en a0

• Statistic: Select Mean from the drop-down list.

lic sinh

3. Keep Metric dimensions section blank and click Update Chart.

t
ra
am

If the chart does not display the data, select Last 24 hours under Quick Selects on top of
the page. You can also toggle between Show Data Table and Show Graph option.
(s
a
inh

The chart generated is the output of the query. It represents the number of pulls done on the
code repository in every 1-minute interval. The corresponding Monitoring Query Language
tS

(MQL) is displayed under Query 1.

ra
m

Create Standard Queries with a Filter

A filter condition is used along with a standard query to display graphs that satisfy specific
conditions. The filter condition is entered in the metric dimensions area which is optional and
includes a dimension name and a dimension value.

Copyright © 2023, Oracle and/or its affiliates.

178 Configure alarms with notifications and create monitoring queries

1. From the navigation menu, select Observability & Management. Under Monitoring,
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

click Metrics Explorer.

2. Enter the following values to create a grouping function using the Basic mode in the
Query section:
• Compartment: Select your <assigned compartment>.
• Metric namespace: Select oci_devops_build from the drop-down list.

ble
• Metric name: Select StageExecutionTime from the drop-down list.

ra
• Interval: Select 1m from the drop-down list.

sfe
• Statistic: Select Mean from the drop-down list.

n
tra
3. In the Metric dimensions section, enter the following values:

n-
no
• Dimension name: Select stageType from the drop-down list.

. a
• Dimension value: Select BUILD from the drop-down list.

ide as
• Do not enable the Aggregate metric streams.

Gu ) h
4. Click Update Chart. is m
th co
e il.

The graph displays the time chart with time taken to execute the build stage. If the chart
us ma

does not display data, select Last 24 hours under Quick Selects on top of the page. You
to g

can also toggle between Show Data Table and Show Graph option.
se 5@

5. Scroll down to the Query section.

en a0
lic sinh

6. In the Metric dimensions section, update the following information:

• Dimension name: Select stageType from the drop-down list.
t
ra

• Dimension value: Select TRIGGER_DEPLOYMENT_PIPELINE from the drop-down

list.
(s

• Do not enable the Aggregate metric streams.

a
inh

5. Click Update Chart.

tS
ra

The graph displays the time chart with time taken to complete trigger deployment pipeline
m

stage.
Sa

Copyright © 2023, Oracle and/or its affiliates.

Configure alarms with notifications and create monitoring queries 179

Create Aggregation Using Basic Queries
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

The simple aggregation (grouping) function queries return the combined value of all metric
streams for the selected statistic. They can be written manually in the Query Code Editor pane
by checking the Advanced mode option, or you can use the Standard Query mode used above.

1. From the navigation menu, select Observability & Management. Under Monitoring,

le
click Metrics Explorer.

b
ra
2. Enter the following values to create a grouping function using Basic mode in the Query

sfe
section:

n
tra
• Compartment: Select your <assigned compartment>.

n-
• Metric namespace: Select oci_devops_build from the drop-down list.

no
• Metric name: Select BuildSuccess from the drop-down list.

. a
• Interval: Select 1m from the drop-down list.

ide as
• Statistic: Select Mean from the drop-down list.

Gu ) h
is m
3. In the Metric dimensions section, enter the following values:
th co
• Dimension name: Select projectId from the drop-down list.
e il.
us ma

• Dimension value: Select <Project OCID> from the drop-down list. This is the OCID
to g

of the DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.

se 5@

• Enable Aggregate metric streams.

en a0

4. Click Update Chart.

lic sinh

If the chart does not display data, select Last 24 hours under Quick Selects on top of the
t
ra

page. You can also toggle between Show Data Table and Show Graph option.
am
(s

The graph displays the aggregation of successful builds run on the project, with an interval of 1
a

minute, and a statistic option of the Mean function. The function Mean returns the value of
inh

sum divided by count during the specified period.

The selection of Aggregate metric streams check box is referred to as grouping function
ra
m

while using Advanced mode. This query can be viewed with selecting Advanced mode check
Sa

box.

Copyright © 2023, Oracle and/or its affiliates.

180 Configure alarms with notifications and create monitoring queries

Create Advanced Queries
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

The nested queries are written as part of the Advanced mode in the Query code editor.

1. Open the navigation menu and select Observability & Management. Under Monitoring,
click Metrics Explorer.

le
2. Enter the following values to create a grouping function using Basic mode in the Query

b
section:

ra
sfe
• Compartment: Select your <assigned compartment>.

n
• Metric namespace: Select oci_devops_deployment from the drop-down list.

tra
• Metric name: Select DeploymentExecutionTime from the drop-down list.

n-
• Interval: Select 1m from the drop-down list.

no
• Statistic: Select Max from the drop-down list.

. a
ide as
3. Leave the Metric dimensions section blank. Do not enable Aggregate metric streams

Gu ) h
and click Update Chart.
is m
th co
If the chart does not display data, select Last 7 days under Quick Selects on top of the
e il.

page.
us ma
to g

The graph shows the deployment executions and time taken to complete in milliseconds,
se 5@

collected with an interval of 1m and shows the maximum reported duration of each
en a0

Deployment. You can also toggle between Show Data Table and Show Graph option.
lic sinh

4. Select the Advanced mode checkbox at the top-right corner of the Query 1 section.
t
ra

5. Enter the following code in the Query code editor field.

(DeploymentExecutionTime[1m].max() > 20000).grouping().max()

(s
a
inh

6. Click Update Chart.

The displayed output groups the deployments and displays the ones that took more than
ra

20,000 milliseconds to complete within each 1-minute interval.

m
Sa

Congratulations! You have successfully tested various types of Alarms and Monitoring Queries
which can be used with DevOps pipelines.

Copyright © 2023, Oracle and/or its affiliates.

Configure alarms with notifications and create monitoring queries 181

Purge Resources
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Purge Instructions for Alarms

1. Open the navigation menu and select Observability & Management. Under Monitoring,
click Alarm Definitions.

le
2. Select your <assigned compartment> from List scope on the left menu.

b
ra
3. Select all the check boxes that correspond to the alarms IAD-DOP-LAB13-1-ALA-01, IAD-

sfe
DOP-LAB13-1-ALA-02, and IAD-DOP-LAB13-1-ALA-03.

n
tra
4. Click the Actions drop-down list and select Delete alarms.

n-
no
5. Confirm to delete and click Close.

. a
ide as
Purge Instructions for Topics and Subscriptions

Gu ) h
6. From the navigation menu, select Developer Services. Under Application Integration, click
is m
Notifications.
th co
e il.

7. Click iad-dop-lab13-1-nt-01-<userID> topic.

us ma
to g

8. Click the three dots on the right of the subscription to open the Actions menu and click
se 5@

Delete.
en a0

9. Click Delete Subscription to confirm.

lic sinh

10. Navigate back to the Notifications page.

t
ra
am

11. Open the Actions menu and click Delete.

12. Click Delete Topic to confirm.

a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

182 Configure alarms with notifications and create monitoring queries

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h
ide as
. a Lab 14-1 Practices
OCI Console

no
n-
tra
n
Estimated time: 40 minutes

sfe
ra
b le
DevOps Project Log Using
Logging Services: Manage
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

The Oracle Cloud Infrastructure Logging service offers a fully managed, highly scalable single
point of access to all the logs in your tenancy. Logging provides access to logs from Oracle
Cloud Infrastructure resources. These logs include critical diagnostic information that

b le
describes how resources are performing and being accessed.

ra
sfe
n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma

In this lab, you’ll:

to g
se 5@

a. Configure logs for DevOps project

en a0

b. Run the build manually

lic sinh

c. Search your logs

t
ra
am

For more information on OCI Logging, see the OCI Logging Documentation.
(s

Prerequisites
a
inh

• You must complete the following labs before you perform tasks for this practice:
tS

− Microservices and Container Orchestration: Create Docker image for a web

application using Dockerfile (Lab 06-1).

m
Sa

− Microservices and Container Orchestration: Create and work with OCIR repository
(Lab 07-1).
− Microservices and Orchestration: Set up cluster access (Lab 08-1).
− Microservice and Container Orchestration: Deploy a sample Web application on a
cluster using kubectl (Lab 09-1).

Copyright © 2023, Oracle and/or its affiliates.

184 Manage DevOps project log using OCI Console

− Continuous Integration and Continuous Delivery: Work with code repositories in OCI
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

DevOps project (Lab10-1).

− Continuous Integration and Continuous Delivery: Create and set up artifacts and
environments in DevOps project (Lab11-1).
− Continuous Integration and Continuous Delivery: Automate Web App deployment
to an OKE cluster using OCI DevOps CI/CD pipeline (Lab 12-1).

le
Assumptions

b
ra
sfe
• You are signed into your Oracle Cloud Infrastructure (OCI) account using your
credentials.

n
tra
• This lab assumes you’re working in the Ashburn region. The resource naming

n-
convention (iad) used in this lab is according to Ashburn.

no
If you’re working in a different region, change the resource names accordingly. For

. a
example, for Phoenix, use phx.

ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Manage DevOps project log using OCI Console 185

Configure Logs for DevOps Project
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

The log groups are logical containers for organizing and managing logs. A log must always be
inside a log group. You will first create a log group to enable or create logs.

After creating a log group, you will update logging for the DevOps Project.

le
Tasks

b
ra
sfe
1. Open the navigation menu and select Observability & Management. Under Logging,
click Log Groups.

n
tra
2. Select your <assigned compartment> from List scope on the left menu.

n-
no
3. Click Create Log Group.

. a
ide as
4. In the Create Log Group window, enter the following values:

Gu ) h
• Compartment: auto-populated with your <assigned-compartment>.
is m
• Name: IAD-DOP-LAB14-1-LGP-01
th co
e il.

• Description: log group for service logs.

us ma

5. Click Create.
to g
se 5@

Note: The DevOps Project is created with logs enabled with a default log group named
en a0

Default_Group. You will change this log group to IAD-DOP-LAB14-1-LGP-01 and create a
lic sinh

new log for DevOps Logs.

t
ra

6. Open the navigation menu and select Developer Services. Under DevOps, click Projects.
am

7. Open the DevOps project IAD-DOP-LAB10-DP-01-<userID>.

(s
a

8. Under DevOps project resources section on left menu, click Logs.

inh
tS

9. Click the three dots on the right to open the Actions menu and click Edit Log.
ra

a. Click the Change Log Group button under the Choose new group field. Select IAD-
m
Sa

DOP-LAB14-1-LGP-01 from the drop-down list.

b. Click Change Log Group.

c. Click the Edit button next to Disable Log.

d. Enter the Log Name as IAD-DOP-LAB14-1-SLOG-01

Copyright © 2023, Oracle and/or its affiliates.

186 Manage DevOps project log using OCI Console

e. Click Save Changes.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

10. Open the navigation menu and select Observability & Management. Under Logging,
click Log Groups.

11. Select your <assigned compartment> from List scope on the left menu.

12. Click Log Group IAD-DOP-LAB14-1-LGP-01.

ble
ra
13. Click Logs, verify the log name with IAD-DOP-LAB14-1-SLOG-01 is shown Active for

sfe
Service: DevOps; Category: DevOps Logs.

n
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Manage DevOps project log using OCI Console 187

Run the Build
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Execute the build pipeline which will trigger the deployment pipeline as well. During and after
the execution for build and deployment pipelines, the logs are generated.

Tasks

le
1. Open the DevOps project IAD-DOP-LAB10-DP-01-<userID>.

b
ra
sfe
2. Select Build Pipelines on the left menu and click IAD-DOP-LAB12-1-BPL-01.

n
3. Verify that three stages are available in the build pipeline: Build-Demo-WebApp, Push

tra
WebApp Artifacts, and Trigger OKE Deployment.

n-
no
4. Click Start manual run on the top right corner of the page.

. a
ide as
5. Keep Build run name as default and click Start manual run.

Gu ) h
The Status on the top left will be shown as In progress, and the execution will take
is m
th co
approximately 5 minutes to complete.
e il.
us ma

6. Upon completion, the status on top left will be updated to Succeeded.

to g

7.
se 5@

Click your DevOps project IAD-DOP-LAB10-DP-01-<userID> using the breadcrumb list at

the top of the page and click Deployments from the left menu.
en a0
lic sinh

8. Verify if the status of the last deployment is Succeeded.

t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

188 Manage DevOps project log using OCI Console

Search Your Logs
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Logging provides the tools to search any combination or scale of logs to identify events or
patterns that may be difficult to observe via legacy methods. This is especially true when
working in a distributed scale-out environment comprising several services and platforms.

You will explore the contents of your logs and become familiar with the built-in search

le
capabilities provided by the logging service. You will learn to select service logs to be included

b
ra
in search, examine results, and refine search for service logs. Additionally, you will update a

sfe
build stage and execute build run to generate corresponding log records.

n
tra
You will also learn to search logs from saved searches.

n-
no
Tasks

. a
Search your logs

ide as
Gu ) h
1. Open the navigation menu and select Observability & Management. Under Logging,
is m
click Search.
th co
e il.

2. Click Select logs to search text field. The Select logs to search window appears.
us ma
to g

3. In the Select logs to search field, click (x) to remove your <assigned_compartment> if
se 5@

selected by default.
en a0

4.
lic sinh

Expand the root compartment under the Compartment column and select your
<assigned_compartment> from the Compartment list.
t
ra

Note: Do not click the plus (+) sign. Click the compartment name only.
am
(s

This will bring up the log groups in that compartment without including the compartment
a

itself as part of the search criteria. You don’t want the compartment itself included,
inh

because you don’t want all the logs for that compartment in the search results.
tS

5. In the Log Groups column, select IAD-DOP-LAB14-1-LGP-01 log group, but again, click
ra
m

the name only without clicking the plus (+) sign. This will bring up the logs for that log
Sa

group.

6. In the Logs column, select IAD-DOP-LAB14-1-SLOG-01 log. This time, click the plus (+)
sign to add it as the only search criteria. The Select logs to search field at the top of the
window will be updated to <assigned_compartment>/IAD-DOP-LAB14-1-LGP-
01/IAD-DOP-LAB14-1-SLOG-01.

Copyright © 2023, Oracle and/or its affiliates.

Manage DevOps project log using OCI Console 189

7. Click Continue to execute the search.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Explore Filters

1. To examine results and refine search for service logs, in the Custom filters field at the top
of the Search area, enter the following and hit enter on your keyboard:
data.deployPipelineId = <Select pipleline OCID from the list>

b le
This will show the log records that were executed for the selected pipeline.

ra
sfe
2. If there are no log records displayed, then Filter by time and select Today from the drop-

n
down list. This will return all the log records matching the condition for the entire day.

tra
n-
3. In the Custom filters field at the top of the Search area, enter the following and hit enter

no
on your keyboard:

. a
data.message = Completed Deployment execution

ide as
Gu ) h
This will show the log records that contains the message Completed Deployment
execution for the selected pipeline. is m
th co
Note: You can remove the search filters by clicking (x) for Filters under Custom filters.
e il.
us ma

4. In the Custom filters, enter the keyword failed and hit Enter on your keyboard.
to g
se 5@

The Filters will show the following filter applied, which returns log records that contain
en a0

the keyword failed:

lic sinh

logContent=’*failed*’
t

5. Select Filter by time as Past 5 minutes. Verify there is no recent log data. You may note
ra
am

the timestamp if there are log records.

6. Click Save search. Enter the following values in the form:

a
inh

• Search Name: Deployment-failures

• Compartment: Select your <assigned compartment>.
tS
ra

• Description: Search for failed deployments.

• Click Save Search.

7. Click Reset Search to reset the search filters.

Copyright © 2023, Oracle and/or its affiliates.

190 Manage DevOps project log using OCI Console

Update a build stage and generate corresponding log records
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

1. Open the DevOps project IAD-DOP-LAB10-DP-01-<userID>.

2. Select Build Pipelines on the left menu and click IAD-DOP-LAB12-1-BPL-01.

3. Click the three dots on Trigger OKE Deployment and click View details.

ble
4. Click Edit Stage and uncheck to disable the Send build pipelines Parameters box.

ra
sfe
Note: This will block the build pipeline parameters to be shared with deployment pipeline

n
and thus trigger a failure in deployment.

tra
n-
5. Click Save changes.

no
6. Click Start manual run.

. a
ide as
7. Keep the build run name as default and click Start manual run.

Gu ) h
8. is m
Wait until the status of build run shows Succeeded.
th co
e il.

9. Click your DevOps project IAD-DOP-LAB10-DP-01-<userID> using the breadcrumb list at

us ma

the top of the page and click Deployments from the left menu.
to g
se 5@

10. Verify that the last deployment is shown as Failed.

en a0

11. From the navigation menu, select Observability & Management, then click Search under
lic sinh

Logging. Under Logging, click Saved Searches to reach previously saved search
Deployment-failures.
t
ra
am

12. Choose Filter by time as Past 15 minutes if the data is not shown for Past 5 minutes.
(s

Verify the log records containing the string failed is shown for the deployment failures.
a
inh

13. Expand one of the log records by clicking the down-arrow icon on the right.
tS

a. On the JSON tab, the log data is shown in JSON format. Review the message under
ra

the data section, which shows the log message for the failure.
m
Sa

b. Click the Before & After Tab. This shows the logs representing what was going on
before and after the log message was generated, which helps in the troubleshooting.

14. From the OCI Console Main Menu, select Developer Services. Under DevOps, select
Projects.

Copyright © 2023, Oracle and/or its affiliates.

Manage DevOps project log using OCI Console 191

15. Select your <assigned compartment> from List scope on the left menu.
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

16. Click Project IAD-DOP-LAB10-DP-01-<userID> under Project name column.

17. Select Build Pipelines on the left and click the pipeline IAD-DOP-LAB12-1-BPL-01.

18. Click the three dots on Trigger OKE Deployment stage. Click View details.

le
19. Click Edit Stage, enable Send build pipelines Parameters.

b
ra
sfe
20. Click Save changes, Do NOT click Start manual run.

n
tra
21. Click DevOps Projects on top to return to the Projects page.

n-
no
. a
Congratulations! You have successfully configured and explored logs for your build and

ide as
deployment pipelines in your DevOps Project.

Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

192 Manage DevOps project log using OCI Console

Purge Instructions
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Purge instructions for Logs and Log Groups

1. Open the navigation menu and select Observability and Management. Under Logging,
click Log Groups.

le
2. Click IAD-DOP-LAB14-1-LGP-01 log group.

b
ra
3. Under Resources in the left menu, click Logs.

sfen
4. For IAD-DOP-LAB14-1-SLOG-01, click the three dots on the right to open the Actions

tra
menu and click Delete. Confirm to Delete.

n-
no
5. Click Log Group.

. a
ide as
6. For IAD-DOP-LAB14-1-LGP-01, click the three dots on the right to open the Actions menu

Gu ) h
and click Delete. Confirm to Delete.
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Manage DevOps project log using OCI Console 193

194
Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Gu ) h

Copyright © 2023, Oracle and/or its affiliates.

ide as
. a
no
n-
tra
n sfe
ra
b le

Manage DevOps project log using OCI Console

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m
Occurs
Gu ) h
ide as
. a
Lab 15-1 Practices no
n-
tra
Estimated Time: 20 minutes n sfe
ra
b
When a DevOps Event

le
Event Service: Define Rules
that Trigger a Specific Action
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

Oracle Cloud Infrastructure (OCI) Events enables the creation of automations based on
resource state changes across the tenancy. Use Events to allow your development teams to
react automatically when a resource changes state.

b le
ra
Events are structured messages indicating changes in resources.

sfe
The use of events goes through the creation of rules. The rules include a filter that you define

n
tra
to indicate events produced by resources in your tenancy.

n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am

In this lab, you’ll:

a. Configure a notification
a
inh

b. Create an event rule

c. Validate the event rule by running a build

ra
m

For more information on OCI Events, see the OCI Events Documentation.
Sa

Copyright © 2023, Oracle and/or its affiliates.

196 Define rules that trigger a specific action when a DevOps event occurs
Prerequisites
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

ble
− Microservices and Orchestration: Set up cluster access (Lab 08-1).

ra
− Microservice and Container Orchestration: Deploy a sample Web application on a

sfe
cluster using kubectl (Lab 09-1).

n
tra
− Continuous Integration and Continuous Delivery: Work with code repositories in OCI

n-
DevOps project (Lab10-1).

no
− Continuous Integration and Continuous Delivery: Create and set up artifacts and

. a
environments in DevOps project (Lab11-1).

ide as
− Continuous Integration and Continuous Delivery: Deploy a Web App with a CI/CD

Gu ) h
pipeline to an OKE cluster using OCI DevOps (Lab12-1)
•
is m
You are signed into your Oracle Cloud Infrastructure (OCI) account using your
th co
credentials.
e il.
us ma

Assumptions
to g
se 5@

• This lab assumes you’re working in the Ashburn region. The resource naming
en a0

convention (iad) used in this lab is according to Ashburn.

lic sinh

If you’re working in a different region, change the resource names accordingly. For
example, for Phoenix, use phx.
t
ra

• You will replace the <userID> placeholder with your user ID.
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Define rules that trigger a specific action when a DevOps event occurs 197
Configure a Notification
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Events Rules specify an action to trigger when the filter finds a matching event. The Action can
be the Notifications service to notify based on the rule conditions defined.

To configure an Events Rule, you must first create a Notifications Topic and Subscription so
that the rule condition has a way to notify the relevant parties.

b le
Tasks

ra
sfe
1. Open the navigation menu and select Developer Services. Under Application

n
tra
Integration, select Notifications.

n-
2. Select your <assigned compartment> from List scope on the left menu.

no
. a
3. Click Create Topic and enter the following values in the form:

ide as
• Name iad-dop-lab15-1-nt-01-<userID>

Gu ) h
For Example, iad-dop-lab15-1-nt-01-user22
is m
th co
• Description Topic for Lab15.
e il.
us ma

Note: Topic name must be unique across the tenancy; validation is case-sensitive.
to g
se 5@

4. Click Create.
en a0

5. Once the topic changes state to Active, click the topic to view the details.
lic sinh

6. Select Subscriptions under Resources on the left menu, click Create Subscription and
t
ra

enter the following values in the form:

• Protocol: Select Email.

• Email: Enter your email address.

a
inh

7. Click Create.
tS

8. Click the subscription that you just created. The Subscription Information will be displayed
ra

with the status as Pending.

m
Sa

9. Check the verification email received on the email account you specified. Click the
Confirm subscription verification link. A pop-up browser window will tell you that the
subscription has been confirmed.

Note: If the email does not arrive in the inbox, look for it in the Promotions category or
the spam box.

Copyright © 2023, Oracle and/or its affiliates.

198 Define rules that trigger a specific action when a DevOps event occurs
10. Navigate back to the Subscriptions page and verify that the subscription status has
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

changed to Active. You may need to refresh your browser if the status is not updated.

ble
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Define rules that trigger a specific action when a DevOps event occurs 199
Create an Event Rule
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You will create Events Rule with few conditions and an action to send a notification.

Tasks

1. Open the navigation menu and select Observability & Management. Under Events, click

le
Rules.

b
ra
sfe
2. Select your <assigned compartment> from List scope on the left menu.

n
3.

tra
Click Create Rule and enter the following values in the form:

n-
a. Display Name: IAD-DOP-LAB15-1-RLE-01

no
. a
b. Description: Notify on Build Runs and Deployments.

ide as
Gu ) h
c. Under the Rule Conditions section, choose Condition as Event Type and Service
Name as DevOps Build. is m
th co
d. Click within Event Type field and select BuildRun - Create
e il.
us ma

e. Under Actions, select the following:

to g
se 5@

• Action Type: Notifications

• Notification Compartment: Select your <assigned compartment>.
en a0
lic sinh

• Topic: iad-dop-lab15-1-nt-01-<userID>
t

4. Click Create Rule.

ra
am

5. Click Rules on top; verify the State is shown as Active.

(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

200 Define rules that trigger a specific action when a DevOps event occurs
Validate Event Rule by Running a Build
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Execute a manual build run from DevOps Project. After the build run, an email will be triggered
with event details.

Tasks

le
1. Open the navigation menu and select Developer Services. Under DevOps, select

b
ra
Projects.

sfe
2. Select your <assigned compartment> from List scope on the left menu.

n
tra
3. Open the DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.

n-
no
4. Select Build Pipelines on the left menu and click the IAD-DOP-LAB12-1-BPL-01 pipeline.

. a
ide as
5. Verify the three stages are available: Build WebApp, Push WebApp Artifacts, and Trigger

Gu ) h
OKE Deployment.
is m
th co
6. Click Start manual run on the top right. Enter the Build run name as IAD-DOP-LAB15-1-
e il.

BRUN-01.
us ma

7. Click Start manual run. A Build Run is created with name IAD-DOP-LAB15-1-BRUN-01.
to g
se 5@

8. You will receive an email with the subject line Event -

en a0

com.oraclecloud.devopsbuild.createbuildrun along with Event details in the body in

lic sinh

JSON format, including: resourceName as IAD-DOP-LAB15-1-BRUN-01.

t
ra
am
(s
a
inh
tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

Define rules that trigger a specific action when a DevOps event occurs 201
9. Open the navigation menu, select Observability & Management. Under Events, click
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Rules.

10. Select your <assigned compartment> from List scope on the left menu.

11. Click IAD-DOP-LAB15-1-RLE-01 and click Edit Rule.

12. Under Rule Conditions, click + Another Condition to add a second condition as follows:

b le
• Condition: Event Type

ra
sfe
• Service Name: Devops Deploy
• Click within Event Type field and select: DeployStage – Create Begin, and

n
tra
Deployment – Create.

n-
no
13. Click Save changes.

. a
After updating the event rule, execute another manual build run to receive email

ide as
notification according to the updated event rules.

Gu ) h
is m
14. Open the DevOps project IAD-DOP-LAB10-1-DP-01-<userID>.
th co
e il.

15. Select Build Pipelines on the left menu and click the IAD-DOP-LAB11-1-BPL-1 pipeline.
us ma

16. Verify the three stages are available: Build WebApp, Push WebApp Artifacts, and Trigger
to g
se 5@

OKE Deployment.
en a0

17. Click Start manual run on top right. Enter the Build run name as IAD-DOP-LAB15-1-
lic sinh

BRUN-02.
t
ra

18. Click Start manual run. A Build Run is created with name IAD-DOP-LAB15-1-BRUN-02.
am

19. You will receive an email with the subject line Event -
(s

com.oraclecloud.devopsbuild.createbuildrun along with Event details in the body in

a
inh

JSON format, including: resourceName as IAD-DOP-LAB15-1-BRUN-02.

tS
ra
m
Sa

Copyright © 2023, Oracle and/or its affiliates.

202 Define rules that trigger a specific action when a DevOps event occurs
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

ble
ra
sfen
tra
n-
20. You will receive another email with the subject line Event -

no
com.oraclecloud.devopsbuild.createdeployment along with Event details in the body in

. a
JSON format.

ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS

Congratulations! You have successfully configured event rules to trigger email notifications for
ra

specific actions.
m
Sa

Define rules that trigger a specific action when a DevOps event occurs 203
Purge Instructions
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Purge Instructions for Event Rule

1. Open the navigation menu and select Observability & Management. Under Events, click
Rules.

le
2. Select your <assigned compartment> from List scope on the left menu.

b
ra
3. For the rule IAD-DOP-LAB15-1-RLE-01, click the three dots on the right to open the

sfe
Actions menu and select Delete

n
tra
4. Type DELETE to confirm, click Delete.

n-
no
Purge Instructions for Subscription

. a
ide as
1. Open the navigation menu and select Developer Services. Under Application

Gu ) h
Integration, click Notifications.
is m
2. Select your <assigned compartment> from List scope on the left menu.
th co
e il.

3. Click the topic IAD-DOP-LAB15-1-TOP-01.

us ma
to g

4. For the subscription, click the three dots on the right to open the Actions menu and select
se 5@

Delete.
en a0

5. Click Delete Subscription to confirm.

lic sinh

Purge Instructions for Topic

t
ra
am

1. Open the navigation menu and select Developer Services. Under Application Integration,
(s

click Notifications.
a
inh

2. Select your <assigned compartment> from List scope on the left menu.
tS

3. For the topic IAD-DOP-LAB15-1-TOP-01, click the three dots on the right to open the
ra

Actions menu and select Delete.

m
Sa

4. Click Delete Topic to confirm.

Sa
m
ra
tS
inh
a
(s
am
ra
t
lic sinh
en a0
se 5@
to g
us ma
e il.
th co
is m

DevOps
Gu ) h
ide as
. a

Lab 18-1 Practices

no
n-
tra
n sfe
Estimated Time: 120 minutes
ra
b le
Chart Deployment in OCI
an OKE Cluster Using Helm
Continuous Integration and
Continuous Delivery: Deploy
a Sample Web Application to
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Overview

Rapid delivery of software is essential for efficiently running your applications in the cloud.
Automating software releases with pipeline deployment increases developer productivity and
allows you to release features more frequently and with fewer errors. It helps avoid downtime

ble
during deployments and automates the complexity of updating applications.

ra
sfe
The Oracle Cloud Infrastructure (OCI) DevOps service is an end-to-end, continuous integration

n
and continuous delivery (CI/CD) platform for developers. You can use OCI DevOps service to

tra
easily build, test, and deploy software and applications on Oracle Cloud. The DevOps build and

n-
deployment pipelines reduce change-driven errors and decrease the time customers spend on

no
building and deploying releases.

. a
ide as
Oracle Cloud Infrastructure (OCI) DevOps service supports deployment of Helm charts to

Gu ) h
Container Engine for Kubernetes (OKE) cluster. The developers can add a specific Helm chart
is m
stage to deployment pipelines to automate the Helm deployment and automatically roll back
th co
on OKE environments.
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

276 Deploy a sample web application to OKE cluster using Helm Chart deployment in OCI DevOps in OCI DevOps
For more information on OCI DevOps Project Helm Chart Deployment, see the OCI Deploying
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

a helm chart Documentation.

In this lab, you’ll:

a. Create a DevOps project and manage code repositories

b. Create OCIR repositories for Container Image and Helm Chart

ble
ra
c. Set up artifacts and environments for your DevOps project

sfe
d. Create DevOps build pipeline and build stages

n
tra
e. Create DevOps deployment pipeline and deploy stage

n-
no
f. Create a Trigger Deployment Stage in build pipeline

. a
ide as
g. Set up the kubeconfig file and create a Kubernetes namespace.

Gu ) h
h. is m
Automate sample web application deployment to OKE cluster using Helm Chart
th co
i. View the artifacts generated as part of the automated build
e il.
us ma

Prerequisites
to g
se 5@

• You are signed in to your Oracle Cloud Infrastructure (OCI) account using your
en a0

credentials.
lic sinh

• You need to have a GitHub account.

• A pre-created OKE cluster <EventID>-OCI-ELS-DEVOPS-OKE is available in the root
t
ra

compartment. <EventID> can be fetched from the Lab tab available in the course
am

page.
(s
a

Assumptions
inh

• You will replace the <userID> placeholder with your user ID.
tS

• This lab assumes you’re working in the Ashburn region. The resource naming
ra
m

convention (iad) used in this lab is according to Ashburn.

If you’re working in a different region, change the resource names accordingly. For
example, for Phoenix, use phx.

Deploy a sample web application to OKE cluster using Helm Chart deployment in OCI DevOps 277
Create a DevOps Project and Manage Code Repositories
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

You will fork a repository, create access token, and use an existing Vault that is at the root level
compartment to create keys and secrets required to connect to an external repository.

You’ll then create a topic, a DevOps project, and a connection to external repositories, such as
GitHub.

ble
You’ll also learn to mirror repositories to and from external sources.

ra
sfe
Fork GitHub Repository

n
tra
1. Sign in to your GitHub account and go to the https://github.com/ou-developers/oci-

n-
helm-node-service repository.

no
. a
2. In the top right, click Fork and then click Create fork at the bottom of Create a new fork

ide as
page.

Gu ) h
is m
Note: By default, forks use the same name as their upstream repository.
th co

Create a Personal Access Token

e il.
us ma

1. In your GitHub account, click the profile icon on the top-right corner, and then go to
to g
se 5@

Settings.
en a0

2. Navigate to Developer settings and find Personal access tokens > Token (classic) on
lic sinh

the left menu and then click Generate new token > Generate new token (classic) for
general use.
t
ra
am

3. On the New personal access token (classic) page,

a. Provide a name as OCI-DevOps-ELS-LAB18 in Note

a
inh

b. Set the token Expiration to 30 days

tS
ra

c. In the Select scopes section, select repo (Full control of private repositories) as your
m

scope
Sa

4. Click Generate token and make a note of it in a notepad. You’ll need this token later when
you create secrets. Here’s an example how a token would look like:
ghp_YnDABCDEPQRxzGZXXXXduoAZgrPemTj1xxXxx

278 Deploy a sample web application to OKE cluster using Helm Chart deployment in OCI DevOps in OCI DevOps
Create a Master Encryption Key in OCI Vault
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

1. Switch to the OCI Console, navigate to Identity & Security, and select Vault. From the list
of vaults, select OCI-ELS-DEVOPS-VAULT-1 under the root compartment.

2. On the Vault details page, click Create Key to create a master encryption key.

le
Enter the following values for your key:

b
• Create in Compartment: Select your <assigned compartment>.

ra
sfe
• Protection Mode: HSM

n
• Name: iad-dop-lab18-1-vk-01

tra
• Leave everything else to default values and click Create Key.

n-
no
It will take about a minute to create the master encryption key. The key will go from the
Creating state to the Enabled state.

. a
ide as
3. On the Vault details page, select your <assigned compartment> from List scope on

Gu ) h
the left menu. You’ll see the key “iad-dop-lab18-1-vk-01” that you created which is
is m
in Enabled state.
th co
e il.

Create a Secret in OCI Vault

us ma
to g
se 5@

1. In the Resources section of the Vault details page, click Secrets. Click Create Secret and
enter the following values for the secret:
en a0

• Compartment: Select your <assigned compartment>.

lic sinh

• Name: iad-dop-lab18-1-vs-01-<userID>
t
ra

For example, iad-dop-lab18-1-vs-01-user22

• Description: Secret to pull GitHub repo.

• Encryption Key: iad-dop-lab18-1-vk-01

• Secret Type Template: Plain-Text

inh

• Secret Contents: <Add the Personal access token string that you created in GitHub
tS

earlier>
ra
m

• Click Create Secret. It will take few minutes to create the Vault Secret. The secret will
Sa

go through the Creating state to the Enabled state.

Deploy a sample web application to OKE cluster using Helm Chart deployment in OCI DevOps 279
Create a Topic
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

1. In the Console, open the navigation menu and click Developer Services. Under
Application Integration, click Notifications.

2. Select your <assigned compartment> from List scope on the left menu. The page
updates to display only the resources in that compartment.

ble
3. Click Topics. Click Create Topic at the top of the topic list.

ra
sfe
4. In the Create Topic page, configure your topic and click Create.

n
tra
• Name: iad-dop-lab18-1-nt-01-<userID>.

n-
• Description: This topic is for my Devops lab.

no
Note: Topic name is case-sensitive and must be unique across the tenancy.

. a
ide as
Create a DevOps project

Gu ) h
1.
is m
Open the navigation menu and click Developer Services. Under DevOps, click Projects.
th co
e il.

2. Click Create DevOps project.

us ma

• Name: IAD-DOP-LAB18-1-DP-01-<userID>
to g
se 5@

• Description: This project is for Devops lab18.

en a0

• To set up project notifications, click Select Topic. Select the topic that you created
earlier, for example iad-dop-lab18-1-nt-01-user22. Project notifications keep you
lic sinh

informed of important events and the latest project status.

t
ra

• Click Create DevOps project.

3. You can use the OCI logging service to record the output it generates when the pipeline
(s

runs. On the page of your newly created project, click Enable Log which takes you to the
a
inh

log management page.

4. In the Logs table, toggle to enable the log. This will pop-up to the Enable Log window.
ra

Leave all the options as default and click Enable Log at the bottom. The logs will go
m

through the Creating state to the Active state. You have successfully created a DevOps
Sa

project.

280 Deploy a sample web application to OKE cluster using Helm Chart deployment in OCI DevOps in OCI DevOps
Create an External Connection
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

1. Open the navigation menu and click Developer Services. Under DevOps, click Projects.

2. Select the project IAD-DOP-LAB18-1-DP-01-<userID> and go to External Connections

on the left menu. Click Create external connection and enter following values:
• Name: IAD-DOP-LAB18-1-EC-01

le
Description: Connecting to GitHub.

b
•

ra
• Type: GitHub

sfe
• In the Vault Secret section,

n
tra
1) Click Change Compartment and select the root compartment.

n-
no
2) Select the Vault OCI-ELS-DEVOPS-VAULT-1 from the drop-down list.

. a
ide as
3) Select the secret iad-dop-lab18-1-vs-01-<userID> within you compartment that

Gu ) h
contains your Personal Access Token (PAT) to connect to GitHub.
• Click Create.
is m
th co
e il.

The connection to the selected external repository is successfully created and active.
us ma
to g

Create a Mirrored Code Repository

se 5@

1. Navigate to your DevOps project IAD-DOP-LAB18-1-DP-01-<userID>.

en a0
lic sinh

2. Click Code Repositories on the left menu and then click Mirror Repository to mirror
code repository from GitHub. Enter the following values:
t
ra

• Connection: IAD-DOP-LAB18-1-EC-01. This is the external connection you created.

• Repository: Select the oci-helm-node-service repository from the drop-down

list which you had forked earlier.

a
inh

• Mirroring Schedule: Select Custom from the drop-down list and set the minutes
tS

field to 2.
ra

• Name: IAD-DOP-LAB18-1-MR-01
m

• Description: This is mirroring GitHub repository.

Click Mirror repository at the bottom. After some time, the mirrored repository will be
available in OCI Code Repository.

Deploy a sample web application to OKE cluster using Helm Chart deployment in OCI DevOps 281
3. You will have to update the build_spec.yaml file in your git repository to have it
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

mirrored in the code repository.

a. Sign in to your GitHub account and navigate to the forked oci-helm-node-service

repository.

b. Click the build_spec.yaml file to open for editing.

ble
c. Click the Edit this file option and make the following two changes in the highlighted

ra
section:

sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma

• Scroll to the end of the file and locate line containing following code:
docker build --pull --rm -t iad-dop-lab18-1-ocir-1/node-
to g
se 5@

service-<userID> .
en a0

Here, replace userID with your user ID. For example,

lic sinh

docker build --pull --rm -t iad-dop-lab18-1-ocir-1/node-

service-user22 .
t
ra
am

• Move to the last line of this file and make the following change in the
(s

outputArtifacts section:
a

location: iad-dop-lab18-1-ocir-1/node-service-<userID>:latest
inh
tS

Here, replace <userID> with your user ID. For example,

iad-dop-lab18-1-ocir-1/node-service-user22:latest
m
Sa

d. Scroll to the bottom of the page and click Commit Changes.

e. Switch to the OCI Console, navigate to the Mirrored Code Repository IAD-DOP-
LAB18-1-MR-01. You’ll see a message “Mirroring is in Progress” at the top of the
page. You can also start the Mirroring process manually by clicking the Synchronize
now button.

282 Deploy a sample web application to OKE cluster using Helm Chart deployment in OCI DevOps in OCI DevOps
f. After two minutes, click Files from the left menu and scan through the
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

build_spec.yaml file to see if the changes are now reflecting in the mirrored OCI
Repository.

ble
ra
sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

Deploy a sample web application to OKE cluster using Helm Chart deployment in OCI DevOps 283
Create OCI Repositories for Container Image and Helm
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Chart
You will create two empty repositories in your compartment and give them a name that's
unique in the entire tenancy. One repository will be used to host the container image and the
other one for Helm artifacts.

le
Tasks

b
ra
sfe
1. Navigate to the Oracle Cloud Infrastructure Registry (OCIR):

n
tra
a. In the Console, open the navigation menu and click Developer Services. Under

n-
Containers & Artifacts, click Container Registry.

no
b. Select your <assigned compartment> from List scope on the left menu.

. a
ide as
2. Click Create Repository to create a new repository.

Gu ) h
a.
is m
Compartment: Select your <assigned compartment>.
th co
e il.

b. Repository name: <region-key>-dop-lab18-1-ocir-1/node-service-

us ma

<userID>
to g
se 5@

Where,
en a0

• <region-key> is the key for the Oracle Cloud Infrastructure Registry region
lic sinh

you're using. For example, iad is the region key for US EAST (Ashburn)
region. See the Availability by Region topic in the Oracle Cloud Infrastructure
t
ra

documentation.
am

• Replace <userID> with your user ID.

For example, iad-dop-lab18-1-ocir-1/node-service-user22

a
inh

c. Select Public access option to enable unauthenticated access.

tS
ra

d. Click Create Repository.

m
Sa

3. Now, repeat the Step 2 to create another public repository with the name <region-
key>-dop-lab18-1-ocir-2/helm-repo-<userID>/node-service

Replace <userID> with your user ID.

For example, iad-dop-lab18-1-ocir-2/helm-repo-user22/node-service

284 Deploy a sample web application to OKE cluster using Helm Chart deployment in OCI DevOps in OCI DevOps
Set Up Artifacts and Environments for Your DevOps
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

Project
Artifacts are used to specify software package versions for deployment. DevOps artifacts can
be of following types:
• Container image repository

le
• Instance group deployment configuration

b
ra
• Kubernetes manifest

sfe
• General artifact

n
• Helm Chart

tra
n-
You will add Container image repository, Helm Chart, and general artifacts to the OCI

no
Repositories. Additionally, you will create an environment to point to your OKE cluster which

. a
will work as a target platform for your application.

ide as
Gu ) h
Tasks
is m
th co
1. Let’s add the container image repository artifact. Open the navigation menu and click
e il.

Developer Services. Under DevOps, click Projects.

us ma
to g

2. Select your <assigned compartment> from List scope on the left menu.
se 5@

3. Open the DevOps project IAD-DOP-LAB18-1-DP-01-<userID>.

en a0
lic sinh

4. Click Artifacts from the left menu to navigate to the artifacts page.
t
ra

5. Click Add artifact to create an artifact and fill the form with following values:
am

• Name: IAD-DOP-LAB18-1-AF-01
(s

• Type: Select Container image repository from the list of options.

• Fully qualified path to the image in Container Registry:

inh

<region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag>
tS
ra

For example,
m

iad.ocir.io/oracletenancy/iad-dop-lab18-1-ocir-1/node-service-
Sa

user22:${BUILDRUN_HASH}

Note: Replace <tenancy-namespace> with your tenancy name and <userID> with your
user ID and ensure you append ${BUILDRUN_HASH} in the fully qualified image URL.
This dynamically updates the version of the pushed docker image.
• Select Allow parameterization and click Add.

Deploy a sample web application to OKE cluster using Helm Chart deployment in OCI DevOps 285
6. Again, click Add artifact to create a Helm Chart artifact and enter the following values in
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

the form:
• Name: IAD-DOP-LAB18-1-AF-02
• Type: Select Helm Chart from the list of options.
• Helm Chart URL:
oci://<region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag>

ble
For example,

ra
oci://iad.ocir.io/oracletenancy/iad-dop-lab18-1-ocir-2/helm-

sfe
repo-<userID>/node-service

n
tra
Note: Replace <tenancy-namespace> with your tenancy name, <region-key> with

n-
the code for the region in use i.e., iad, <userID> with your user ID.

no
• Version: 0.1.0-${BUILDRUN_HASH}

. a
• Click Add.

ide as
Gu ) h
7. Finally, click Add artifact to create a Generic artifact and enter the following values in the
form:
is m
th co
• Name: values.yaml
e il.
us ma

• Type: Select General artifact from the list of options.

to g

• Artifact source: Select inline.

se 5@

• Value: Paste the following code snippet in this field

en a0

replicaCount: 3
lic sinh

service:
t
ra

type: LoadBalancer
am

port: 80
(s

image:
a
inh

repository: iad.ocir.io/<tenancy-namespace>/iad-dop-lab18-1-
ocir-1/node-service-<userID>
tS

pullPolicy: IfNotPresent
ra

# Overrides the image tag whose default is the chart

appVersion.
Sa

tag: ${BUILDRUN_HASH}

Note: Replace <tenancy-namespace> with your tenancy name and <userID> with your
user ID under the image: section in the code snippet.

286 Deploy a sample web application to OKE cluster using Helm Chart deployment in OCI DevOps in OCI DevOps
For example,
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

iad.ocir.io/oracletenancy/iad-dop-lab18-1-ocir-1/node-service-
user22

Note: Also ensure if you are working in any region other than US EAST(Ashburn) then
replace “iad” with the respective region key of the region you are working in. See
the Availability by Region topic in the Oracle Cloud Infrastructure documentation.

ble
• Select Allow parameterization and click Add.

ra
sfe
8. On the Artifacts page, you will see the following three artifacts created:

n
tra
Name Type Source Path Version

n-
no
General
values.yaml Inline - -

. a
artifact

ide as
Gu ) h
oci://iad.ocir.io/<tena 0.1.0-
IAD-DOP- is m ncy-namespace>/iad-dop-
Helm lab18-1-ocir-2/helm- ${BUILD
LAB18-1-AF- Helm chart
th co
Chart repo-<userID>/node- RUN_HAS
02
e il.

service H}
us ma

iad.ocir.io/<tenancy-
to g

namespace>/iad-dop-
IAD-DOP-
se 5@

Docker OCI lab18-1-ocir-1/node-

LAB18-1-AF- service- -
image Registry
en a0

01 <userID>:${BUILDRUN_HAS
H}
lic sinh

After creating the artifacts, you’ll now create an Environment for your project.
t
ra
am

9. Open the DevOps project IAD-DOP-LAB18-1-DP-01-<userID>.

10. Click Environments from the left menu to navigate to the environments page.
a
inh

11. Click Create environment. Select Oracle Kubernetes Engine as the Environment Type.
tS
ra

a. Enter the following values in the form:

− Name: IAD-DOP-LAB18-1-ENV-01
Sa

− Description: This environment is pointing to pre created OKE

cluster <EventID>-OCI-ELS-DEVOPS-OKE.

Deploy a sample web application to OKE cluster using Helm Chart deployment in OCI DevOps 287
b. Click Next and enter the following information:
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.

− Region: The region you are working in. This is populated by default.
− Compartment: Select the root compartment.
− Cluster: Select <EventID>-OCI-ELS-DEVOPS-OKE from the list.

c. Click Create environment.

le
You will now see the environment IAD-DOP-LAB18-1-ENV-01 in Active state, listed on the

b
ra
Environment details page in your DevOps project IAD-DOP-LAB18-1-DP-01-<userID>.

sfen
tra
n-
no
. a
ide as
Gu ) h
is m
th co
e il.
us ma
to g
se 5@
en a0
lic sinh
t
ra
am
(s
a
inh
tS
ra
m
Sa

288 Deploy a sample web application to OKE cluster using Helm Chart deployment in OCI DevOps in OCI DevOps
Create DevOps Build Pipeline and Build Stages
Unauthorized reproduction or distribution prohibited. Copyright© 2024, Oracle University and/or its affiliates.