HOWTO
See also
GitHub
Model in Image:
- Set the domain resource
domain.spec.domainHomeSourceType attribute to FromModel.
- Supply a WebLogic installation in an image and supply a WebLogic configuration in one of three ways:
- As WDT model YAML file supplied in separate
auxiliary images.
- As WebLogic Deployment Tool (WDT) model YAML file layered on the WebLogic installation image. NOTE:
Model in Image without auxiliary images (the WDT model and installation
files are included in the same image with the WebLogic Server
installation) is deprecated in WebLogic Kubernetes Operator version
4.0.7. Oracle recommends that you use Model in Image with auxiliary images. See Auxiliary images.
- As WDT model YAML file in a Kubernetes ConfigMap.
- Supply WebLogic applications in one of two ways:
- In auxiliary images.
- Layered on the installation image. NOTE: Model in
Image without auxiliary images (the WDT model and installation files are
included in the same image with the WebLogic Server installation) is
deprecated in WebLogic Kubernetes Operator version 4.0.7. Oracle
recommends that you use Model in Image with Auxiliary images. See Auxiliary images.
- Mutate the WebLogic configuration by supplying a new image and rolling,
or model updates
supplied in a Kubernetes ConfigMap.
Create and label a namespace that can host one or more domains.
$ kubectl create namespace sample-domain1-ns
namespace/sample-domain1-ns created
dave@dave:~$ kubectl label ns sample-domain1-ns weblogic-operator=enabled
namespace/sample-domain1-ns labeled
Configure Traefik to manage ingresses created in this namespace
helm upgrade traefik-operator traefik/traefik \
--namespace traefik \
--reuse-values \
--set "kubernetes.namespaces={traefik,sample-domain1-ns}"
W1214 11:03:23.618551 10551 warnings.go:70] autopilot-default-resources-mutator:Autopilot updated Deployment traefik/traefik-operator: defaulted unspecified resources for containers [traefik-operator] (see http://g.co/gke/autopilot-defaults)
Release "traefik-operator" has been upgraded. Happy Helming!
NAME: traefik-operator
LAST DEPLOYED: Thu Dec 14 11:03:20 2023
NAMESPACE: traefik
STATUS: deployed
REVISION: 2
TEST SUITE: None
NOTES:
Traefik Proxy v2.10.6 has been deployed successfully on traefik namespace !
Domain type - Model in image
Create the domain using a domain resource
Select a user name and password for the WebLogic domain administrator credentials and use them to create a Kubernetes Secret for the domain.
$ kubectl create secret generic sample-domain1-weblogic-credentials \
--from-literal=username=SOME_USER --from-literal=password=SOME_PASSWORD \
-n sample-domain1-ns
secret/sample-domain1-weblogic-credentials created
Create a domain runtime encryption secret.
$ kubectl -n sample-domain1-ns create secret generic \
sample-domain1-runtime-encryption-secret \
--from-literal=password=SOME_PASSWORD
secret/sample-domain1-runtime-encryption-secret created
Create the sample-domain1 domain resource and an associated sample-domain1-cluster-1 cluster resource using a single YAML resource file which defines both resources. The domain resource and cluster resource do not replace the traditional WebLogic configuration files, but instead cooperates with those files to describe the Kubernetes artifacts of the corresponding domain.
If you want to view or need to modify it, you can download the
sample domain resource to a file called
/tmp/quickstart/domain-resource.yaml or similar. Then apply the file using
kubectl apply -f /tmp/quickstart/domain-resource.yaml.
# Copyright (c) 2022, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
apiVersion: "weblogic.oracle/v9"
kind: Domain
metadata:
name: sample-domain1
namespace: sample-domain1-ns
labels:
weblogic.domainUID: sample-domain1
spec:
configuration:
model:
# Optional auxiliary image(s) containing WDT model, archives, and install.
# Files are copied from `sourceModelHome` in the aux image to the `/aux/models` directory
# in running WebLogic Server pods, and files are copied from `sourceWDTInstallHome`
# to the `/aux/weblogic-deploy` directory. Set `sourceModelHome` and/or `sourceWDTInstallHome`
# to "None" if you want skip such copies.
# `image` - Image location
# `imagePullPolicy` - Pull policy, default `IfNotPresent`
# `sourceModelHome` - Model file directory in image, default `/auxiliary/models`.
# `sourceWDTInstallHome` - WDT install directory in image, default `/auxiliary/weblogic-deploy`.
auxiliaryImages:
- image: "phx.ocir.io/weblogick8s/quick-start-aux-image:v1"
#imagePullPolicy: IfNotPresent
#sourceWDTInstallHome: /auxiliary/weblogic-deploy
#sourceModelHome: /auxiliary/models
# Optional configmap for additional models and variable files
#configMap: sample-domain1-wdt-config-map
# All 'FromModel' domains require a runtimeEncryptionSecret with a 'password' field
runtimeEncryptionSecret: sample-domain1-runtime-encryption-secret
# Set to 'FromModel' to indicate 'Model in Image'.
domainHomeSourceType: FromModel
# The WebLogic Domain Home, this must be a location within
# the image for 'Model in Image' domains.
domainHome: /u01/domains/sample-domain1
# The WebLogic Server image that the Operator uses to start the domain
# **NOTE**:
# This example uses General Availability (GA) images. GA images are suitable for demonstration and
# development purposes only where the environments are not available from the public Internet;
# they are not acceptable for production use. In production, you should always use CPU (patched)
# images from OCR or create your images using the WebLogic Image Tool.
# Please refer to the `OCR` and `WebLogic Images` pages in the WebLogic Kubernetes Operator
# documentation for details.
image: "container-registry.oracle.com/middleware/weblogic:12.2.1.4"
# Defaults to "Always" if image tag (version) is ':latest'
imagePullPolicy: "IfNotPresent"
# Identify which Secret contains the credentials for pulling an image
imagePullSecrets:
- name: weblogic-repo-credentials
# Identify which Secret contains the WebLogic Admin credentials,
# the secret must contain 'username' and 'password' fields.
webLogicCredentialsSecret:
name: sample-domain1-weblogic-credentials
# Whether to include the WebLogic Server stdout in the pod's stdout, default is true
includeServerOutInPodLog: true
# Whether to enable overriding your log file location, see also 'logHome'
#logHomeEnabled: false
# The location for domain log, server logs, server out, introspector out, and Node Manager log files
# see also 'logHomeEnabled', 'volumes', and 'volumeMounts'.
#logHome: /shared/logs/sample-domain1
# Set which WebLogic Servers the Operator will start
# - "Never" will not start any server in the domain
# - "AdminOnly" will start up only the administration server (no managed servers will be started)
# - "IfNeeded" will start all non-clustered servers, including the administration server, and clustered servers up to their replica count.
serverStartPolicy: IfNeeded
# Settings for all server pods in the domain including the introspector job pod
serverPod:
# Optional new or overridden environment variables for the domain's pods
env:
- name: JAVA_OPTIONS
value: "-Dweblogic.StdoutDebugEnabled=false"
- name: USER_MEM_ARGS
value: "-Djava.security.egd=file:/dev/./urandom -Xms256m -Xmx512m "
resources:
requests:
cpu: "250m"
memory: "768Mi"
# Optional volumes and mounts for the domain's pods. See also 'logHome'.
#volumes:
#- name: weblogic-domain-storage-volume
# persistentVolumeClaim:
# claimName: sample-domain1-weblogic-sample-pvc
#volumeMounts:
#- mountPath: /shared
# name: weblogic-domain-storage-volume
# The desired behavior for starting the domain's administration server.
# adminServer:
# Set up a Kubernetes node port for the administration server default channel
#adminService:
# channels:
# - channelName: default
# nodePort: 30701
# The number of managed servers to start for unlisted clusters
replicas: 1
# The desired behavior for starting a specific cluster's member servers
clusters:
- name: sample-domain1-cluster-1
# Change the restartVersion to force the introspector job to rerun
# and apply any new model configuration, to also force a subsequent
# roll of your domain's WebLogic Server pods.
restartVersion: '1'
# Changes to this field cause the operator to repeat its introspection of the
# WebLogic domain configuration.
introspectVersion: '1'
# Secrets that are referenced by model yaml macros
# (the model yaml in the optional configMap or in the image)
#secrets:
#- sample-domain1-datasource-secret
---
apiVersion: "weblogic.oracle/v1"
kind: Cluster
metadata:
name: sample-domain1-cluster-1
# Update this with the namespace your domain will run in:
namespace: sample-domain1-ns
labels:
# Update this with the `domainUID` of your domain:
weblogic.domainUID: sample-domain1
spec:
replicas: 2
clusterName: cluster-1
GKE cluster logs
Create Weblogic domain type Model in image
Paste your text here.$ kubectl apply -f https://raw.githubusercontent.com/oracle/weblogic-kubernetes-operator/release/4.1/kubernetes/samples/quick-start/domain-resource.yaml
domain.weblogic.oracle/sample-domain1 created
cluster.weblogic.oracle/sample-domain1-cluster-1 created
1st attempt to create domain
$ kubectl describe domain sample-domain1 -n sample-domain1-ns
Name: sample-domain1
Namespace: sample-domain1-ns
Labels: weblogic.domainUID=sample-domain1
Annotations: <none>
API Version: weblogic.oracle/v9
Kind: Domain
Metadata:
Creation Timestamp: 2023-12-15T09:16:03Z
Generation: 1
Resource Version: 993809
UID: 1f7d5657-cac5-442a-9b4c-8554459a4dc2
Spec:
Clusters:
Name: sample-domain1-cluster-1
Configuration:
Model:
Auxiliary Images:
Image: phx.ocir.io/weblogick8s/quick-start-aux-image:v1
Domain Type: WLS
Runtime Encryption Secret: sample-domain1-runtime-encryption-secret
Override Distribution Strategy: Dynamic
Domain Home: /u01/domains/sample-domain1
Domain Home Source Type: FromModel
Failure Retry Interval Seconds: 120
Failure Retry Limit Minutes: 1440
Http Access Log In Log Home: true
Image: container-registry.oracle.com/middleware/weblogic:12.2.1.4
Image Pull Policy: IfNotPresent
Image Pull Secrets:
Name: weblogic-repo-credentials
Include Server Out In Pod Log: true
Introspect Version: 1
Max Cluster Concurrent Shutdown: 1
Max Cluster Concurrent Startup: 0
Max Cluster Unavailable: 1
Replace Variables In Java Options: false
Replicas: 1
Restart Version: 1
Server Pod:
Env:
Name: JAVA_OPTIONS
Value: -Dweblogic.StdoutDebugEnabled=false
Name: USER_MEM_ARGS
Value: -Djava.security.egd=file:/dev/./urandom -Xms256m -Xmx512m
Resources:
Requests:
Cpu: 250m
Memory: 768Mi
Server Start Policy: IfNeeded
Web Logic Credentials Secret:
Name: sample-domain1-weblogic-credentials
Status:
Clusters:
Conditions:
Last Transition Time: 2023-12-15T09:16:15.700869Z
Message: Failure on pod 'sample-domain1-introspector-wrxfg' in namespace 'sample-domain1-ns': 0/1 nodes are available: 1 Insufficient cpu. preemption: 0/1 nodes are available: 1 No preemption victims found for incoming pod..
Reason: ServerPod
Severity: Severe
Status: True
Type: Failed
Last Transition Time: 2023-12-15T09:16:15.773251Z
Status: False
Type: Completed
Initial Failure Time: 2023-12-15T09:16:15.700869Z
Last Failure Time: 2023-12-15T09:16:15.700869Z
Message: Failure on pod 'sample-domain1-introspector-wrxfg' in namespace 'sample-domain1-ns': 0/1 nodes are available: 1 Insufficient cpu. preemption: 0/1 nodes are available: 1 No preemption victims found for incoming pod..
Observed Generation: 1
Reason: ServerPod
Servers:
Start Time: 2023-12-15T09:16:10.298141Z
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Created 89s weblogic.operator Domain sample-domain1 was created.
Warning Failed 82s weblogic.operator Domain sample-domain1 failed due to 'Server pod error': Failure on pod 'sample-domain1-introspector-wrxfg' in namespace '
Get domain status
$ kubectl get domain sample-domain1 -n sample-domain1-ns -o json | jq .status
{
"clusters": [],
"conditions": [
{
"lastTransitionTime": "2023-12-15T09:18:14.230192Z",
"message": "Job sample-domain1-introspector failed due to reason: DeadlineExceeded. ActiveDeadlineSeconds of the job is configured with 120 seconds. The job was started 120 seconds ago. Ensure all domain dependencies have been deployed (any secrets, config-maps, PVs, and PVCs that the domain resource references). Use kubectl describe for the job and its pod for more job failure information. The job may be retried by the operator with longer `ActiveDeadlineSeconds` value in each subsequent retry. Use `domain.spec.configuration.introspectorJobActiveDeadlineSeconds` to increase the job timeout interval if the job still fails after the retries are exhausted. The time limit for retries can be configured in `domain.spec.failureRetryLimitMinutes`.",
"reason": "Introspection",
"severity": "Severe",
"status": "True",
"type": "Failed"
},
{
"lastTransitionTime": "2023-12-15T09:16:15.773251Z",
"status": "False",
"type": "Completed"
}
],
"failedIntrospectionUid": "8a861c80-cb72-4314-802c-f7c8ee53cffb",
"initialFailureTime": "2023-12-15T09:18:14.230192Z",
"lastFailureTime": "2023-12-15T09:18:14.230192Z",
"message": "Job sample-domain1-introspector failed due to reason: DeadlineExceeded. ActiveDeadlineSeconds of the job is configured with 120 seconds. The job was started 120 seconds ago. Ensure all domain dependencies have been deployed (any secrets, config-maps, PVs, and PVCs that the domain resource references). Use kubectl describe for the job and its pod for more job failure information. The job may be retried by the operator with longer `ActiveDeadlineSeconds` value in each subsequent retry. Use `domain.spec.configuration.introspectorJobActiveDeadlineSeconds` to increase the job timeout interval if the job still fails after the retries are exhausted. The time limit for retries can be configured in `domain.spec.failureRetryLimitMinutes`.. Will retry next at 2023-12-15T09:20:14.230192611Z and approximately every 120 seconds afterward until 2023-12-16T09:18:14.230192611Z if the failure is not resolved.",
"observedGeneration": 1,
"reason": "Introspection",
"servers": [],
"startTime": "2023-12-15T09:16:10.298141Z"
}
Workloads
Logs explorer on GKE
Get pods
$ kubectl get pods -n sample-domain1-ns
NAME READY STATUS RESTARTS AGE
sample-domain1-introspector-t9nbl 1/1 Running 0 6m22s
