This repository how to use Docker and Kubernetes with Java Applications.
-
Maven: https://maven.apache.org
-
Kubectl: https://kubernetes.io/docs/tasks/tools/install-kubectl/
-
Oracle Cloud ( Functions & API Gateway & Identity Service): https://cloud.oracle.com/home
-
Okta Developer Account: https://developer.okta.com/signup
-
Open a console.
-
Navigate to where you have this repository code in your file system. Compile and Package the application via maven:
mvn package -f function-app/pom.xml-
Make sure Docker is running. Build a Docker image tagged function-app issuing the command:
docker build -t <Function-Name> function-app/.-
Log in to Oracle Container Registry using the docker login command:
docker login -u '<OBJECY-STORAGE-NAMESPACE>/<USERNAME>' iad.ocir.io
-
Tag the image that you are going to push to the registry.
docker tag function-app iad.ocir.io/<OBJECY-STORAGE-NAMESPACE>/<Application-Name>/function-app:v1
-
Push the Docker image to Oracle Container Registry:
docker push iad.ocir.io/<OBJECY-STORAGE-NAMESPACE>/<Application-Name>/function-app:v1
-
Create the function through
Oracle Cloud console > Developer services > Functionsusing the repository pushed in the previous<Application-Name>/function-app -
Invoke the function through the Cloud shell
fn invoke <Application-Name> <Function-Name> echo -n 'Eudris' | fn invoke <Application-Name> <Function-Name>
-
Add then oci-java-sdk dependencias to the pom.xml file
<dependency>
<groupId>com.oracle.oci.sdk</groupId>
<artifactId>oci-java-sdk-common</artifactId>
<version>${oci-sdk.version}</version>
</dependency>
<dependency>
<groupId>com.oracle.oci.sdk</groupId>
<artifactId>oci-java-sdk-functions</artifactId>
<version>${oci-sdk.version}</version>
</dependency>
-
Update the configuration to connect with the Function in Oracle Cloud in client.properties
invokeEndpoint = https://d55ivyd[.....].us-ashburn-1.functions.oci.oraclecloud.com functionId = ocid1.fnfunc.oc1.iad.aaaaaaaaaar[.....] user = ocid1.user.oc1..aaaaaaaa[.....] fingerprint = 8c:d5:f1:f7:84:8e:[.....] key_file = oci/oci_api_key.pem tenancy = ocid1.tenancy.oc1..aaaaaaaaa[.....] region = us-ashburn-1
-
Test the client with the test case ClientOCISDKTest
-
Review the Function Metrics through
Oracle Cloud console > Developer services > Functions > Metrics
-
Navigate to Developer Services > API Gateway
-
Create OCI API Gateway Deployment in OCI In
API Gateway > Gatewaysclick on Deployments and then Create Deployment
Name : api-gw-ogt route: /ogbt
-
Create a Route to Your Function
-
Make sure you have a policy allow it to execute function as Gateway
Identity > PoliciesALLOW any-user to use functions-family in compartment Demo where ALL { request.principal.type= 'ApiGateway' , request.resource.compartment.id = 'ocid1.compartment.oc1..aaaaaaaagsuwidbm4m3rzpcfnefllyozbftfcuvetzqk43b54ar4l5rco5hq' }
-
Create an Application in Okta
Name : oci-gw-ogbt Type: Web Client Type : Client Credentials
-
Create an Scope
API > Authorization ServersChoose your server Ex: default
Scopes > Add Scope gw-ogbt-auth
-
Edit your Gateway Deployment to set the authentication policy
Authentication Type : JWT Authentication token : Header Header Name : Authorization Authentication Scheme : Bearer Allowed Issuers : https://[.....].okta.com/oauth2/default Allowed Audiences: api://default Public Keys Type: Remote JWKS URI: https://[.....].okta.com/oauth2/default/v1/keys
Now you can test your API Gateway with a rest client like curl, postman, etc.
In the previous scenario we expose the function as a gateway using Okta like the identity management. In the next scenario we are going to use the Oracle Cloud Identity.
-
Log in your console as Administrator to create a client application
-
Create an Applications using
Applications > Add Application > Add Confidential ApplicationName : OGBT GW OC Description: Server that provides via REST APIs function Configure this application as a client now : `Client Credentials` In resources > Expose APIs to Other Applications Primary Audience: https://idcs-b2[.....].identity.oraclecloud.com:443 Secondary Audiences: urn:opc:lbaas:logicalguid=idcs-b2[.....]
Copy the client id and secrete id
Client ID: <CLIENT-ID> Client Secret: <CLIENT-SECRET>
Activate the application
Name : `api-gw-ogt-oci` route: `/ogbt-oci` Authentication Type : `JWT` Authentication token : `Header` Header Name : `Authorization` Authentication Scheme : `Bearer` Allowed Issuers : `https://identity.oraclecloud.com/` Allowed Audiences: https://idcs-b2[.....].identity.oraclecloud.com:443 urn:opc:lbaas:logicalguid=idcs-b2[.....] Public Keys Type: `Remote JWKS` URI: https://idcs-b2[.....].identity.oraclecloud.com/admin/v1/SigningCert/jwk
Now you can test your API Gateway with a rest client like curl, postman, etc.
If you want to test the Okta scenario, set the value for the following variables:
-
OKTA-CLIENT_ID
-
OKTA-CLIENT_SECRET
-
OKTA-SCOPE
-
OKTA-ACCOUNT
-
<ORACLE_CLOUD-FUNCTION-API_GATEWAY : API Gateway endpoint + method route
To test the Oracle Cloud Identity scenario set the value for the following variables:
-
ORACLE_CLOUD-CLIENT_ID
-
ORACLE_CLOUD-CLIENT_SECRET
-
ORACLE_CLOUD_IDENTITY_MANAGER_ID
-
ORACLE_CLOUD-FUNCTION-API_GATEWAY : API Gateway endpoint + method route
You can run the test case from your IDE or with maven.
For maven, execute:
mvn testBesides the previous scenario you can use another scenario using a JAX-RS Client to consume the API GATEWAY.
Navigate to the class demo.gateway.Constantes and set the values for:
-
TOKEN_URL
-
CLIENT_ID
-
CLIENT_SECRET
-
CLIENT_SCOPE
-
ORACLE_CLOUD_FUNCTION_API_GATEWAY
And run the test once again.