In Part 1 I described the certified, containerized 14.1.2 platform, and in Part 2 how we migrated onto it. This post is about the part I am most pleased with: how we build the SOA Suite image, and how that same process turns patching from a maintenance-window ordeal into a container restart.
The important thing to understand up front is that there is no separate "patching procedure." The command that builds the image for the initial deployment is the same command we run for every patch round. Patching a SOA Suite environment becomes: build a new image with the new patches, ship it, and restart the container on the new image. That is the whole story, and it is why this matters as much on day one as it does every quarter.
And the cadence is the real driver. Oracle ships Critical Patch Updates (CPUs) quarterly, and there is now a monthly Critical Security Patch Update (CSPU) cadence on top of that. If applying a patch set means a painful in-place OPatch session and a long outage (took us up to 2 hours with 12c and in-place OPatch application), you will not keep up. If it means rebuilding an image and bouncing a container, you can.