Thursday, December 14, 2023

Create domain Model in image - setup Weblogic Kubernetes ( k8s) Operator in GCP

 HOWTO


See also

GitHub

Model in Image:

  • Set the domain resource domain.spec.domainHomeSourceType attribute to FromModel.
  • Supply a WebLogic installation in an image and supply a WebLogic configuration in one of three ways:
    • As WDT model YAML file supplied in separate auxiliary images.
    • As WebLogic Deployment Tool (WDT) model YAML file layered on the WebLogic installation image. NOTE: Model in Image without auxiliary images (the WDT model and installation files are included in the same image with the WebLogic Server installation) is deprecated in WebLogic Kubernetes Operator version 4.0.7. Oracle recommends that you use Model in Image with auxiliary images. See Auxiliary images.
    • As WDT model YAML file in a Kubernetes ConfigMap.
  • Supply WebLogic applications in one of two ways:
    • In auxiliary images.
    • Layered on the installation image. NOTE: Model in Image without auxiliary images (the WDT model and installation files are included in the same image with the WebLogic Server installation) is deprecated in WebLogic Kubernetes Operator version 4.0.7. Oracle recommends that you use Model in Image with Auxiliary images. See Auxiliary images.
  • Mutate the WebLogic configuration by supplying a new image and rolling, or model updates supplied in a Kubernetes ConfigMap.


Create and label a namespace that can host one or more domains.

$ kubectl create namespace sample-domain1-ns
namespace/sample-domain1-ns created
dave@dave:~$ kubectl label ns sample-domain1-ns weblogic-operator=enabled
namespace/sample-domain1-ns labeled

Configure Traefik to manage ingresses created in this namespace 
 helm upgrade traefik-operator traefik/traefik \
    --namespace traefik \
    --reuse-values \
    --set "kubernetes.namespaces={traefik,sample-domain1-ns}"
W1214 11:03:23.618551   10551 warnings.go:70] autopilot-default-resources-mutator:Autopilot updated Deployment traefik/traefik-operator: defaulted unspecified resources for containers [traefik-operator] (see http://g.co/gke/autopilot-defaults)
Release "traefik-operator" has been upgraded. Happy Helming!
NAME: traefik-operator
LAST DEPLOYED: Thu Dec 14 11:03:20 2023
NAMESPACE: traefik
STATUS: deployed
REVISION: 2
TEST SUITE: None
NOTES:
Traefik Proxy v2.10.6 has been deployed successfully on traefik namespace !

Domain type - Model in image



 Create the domain using a domain resource Select a user name and password for the WebLogic domain administrator credentials and use them to create a Kubernetes Secret for the domain. 
$ kubectl create secret generic sample-domain1-weblogic-credentials \
  --from-literal=username=SOME_USER --from-literal=password=SOME_PASSWORD \
  -n sample-domain1-ns
secret/sample-domain1-weblogic-credentials created

Create a domain runtime encryption secret. 
$ kubectl -n sample-domain1-ns create secret generic \
  sample-domain1-runtime-encryption-secret \
   --from-literal=password=SOME_PASSWORD
secret/sample-domain1-runtime-encryption-secret created
Create the sample-domain1 domain resource and an associated sample-domain1-cluster-1 cluster resource using a single YAML resource file which defines both resources. The domain resource and cluster resource do not replace the traditional WebLogic configuration files, but instead cooperates with those files to describe the Kubernetes artifacts of the corresponding domain. 


If you want to view or need to modify it, you can download the sample domain resource to a file called /tmp/quickstart/domain-resource.yaml or similar. Then apply the file using kubectl apply -f /tmp/quickstart/domain-resource.yaml.

# Copyright (c) 2022, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.

apiVersion: "weblogic.oracle/v9"
kind: Domain
metadata:
  name: sample-domain1
  namespace: sample-domain1-ns
  labels:
    weblogic.domainUID: sample-domain1

spec:
  configuration:

    model:
      # Optional auxiliary image(s) containing WDT model, archives, and install.
      # Files are copied from `sourceModelHome` in the aux image to the `/aux/models` directory
      # in running WebLogic Server pods, and files are copied from `sourceWDTInstallHome`
      # to the `/aux/weblogic-deploy` directory. Set `sourceModelHome` and/or `sourceWDTInstallHome`
      # to "None" if you want skip such copies.
      #   `image`                - Image location
      #   `imagePullPolicy`      - Pull policy, default `IfNotPresent`
      #   `sourceModelHome`      - Model file directory in image, default `/auxiliary/models`.
      #   `sourceWDTInstallHome` - WDT install directory in image, default `/auxiliary/weblogic-deploy`.
      auxiliaryImages:
      - image: "phx.ocir.io/weblogick8s/quick-start-aux-image:v1"
        #imagePullPolicy: IfNotPresent
        #sourceWDTInstallHome: /auxiliary/weblogic-deploy
        #sourceModelHome: /auxiliary/models

      # Optional configmap for additional models and variable files
      #configMap: sample-domain1-wdt-config-map

      # All 'FromModel' domains require a runtimeEncryptionSecret with a 'password' field
      runtimeEncryptionSecret: sample-domain1-runtime-encryption-secret

  # Set to 'FromModel' to indicate 'Model in Image'.
  domainHomeSourceType: FromModel

  # The WebLogic Domain Home, this must be a location within
  # the image for 'Model in Image' domains.
  domainHome: /u01/domains/sample-domain1

  # The WebLogic Server image that the Operator uses to start the domain
  # **NOTE**:
  # This example uses General Availability (GA) images. GA images are suitable for demonstration and
  # development purposes only where the environments are not available from the public Internet;
  # they are not acceptable for production use. In production, you should always use CPU (patched)
  # images from OCR or create your images using the WebLogic Image Tool.
  # Please refer to the `OCR` and `WebLogic Images` pages in the WebLogic Kubernetes Operator
  # documentation for details.
  image: "container-registry.oracle.com/middleware/weblogic:12.2.1.4"

  # Defaults to "Always" if image tag (version) is ':latest'
  imagePullPolicy: "IfNotPresent"

  # Identify which Secret contains the credentials for pulling an image
  imagePullSecrets:
  - name: weblogic-repo-credentials

  # Identify which Secret contains the WebLogic Admin credentials,
  # the secret must contain 'username' and 'password' fields.
  webLogicCredentialsSecret:
    name: sample-domain1-weblogic-credentials

  # Whether to include the WebLogic Server stdout in the pod's stdout, default is true
  includeServerOutInPodLog: true

  # Whether to enable overriding your log file location, see also 'logHome'
  #logHomeEnabled: false

  # The location for domain log, server logs, server out, introspector out, and Node Manager log files
  # see also 'logHomeEnabled', 'volumes', and 'volumeMounts'.
  #logHome: /shared/logs/sample-domain1

  # Set which WebLogic Servers the Operator will start
  # - "Never" will not start any server in the domain
  # - "AdminOnly" will start up only the administration server (no managed servers will be started)
  # - "IfNeeded" will start all non-clustered servers, including the administration server, and clustered servers up to their replica count.
  serverStartPolicy: IfNeeded

  # Settings for all server pods in the domain including the introspector job pod
  serverPod:
    # Optional new or overridden environment variables for the domain's pods
    env:
    - name: JAVA_OPTIONS
      value: "-Dweblogic.StdoutDebugEnabled=false"
    - name: USER_MEM_ARGS
      value: "-Djava.security.egd=file:/dev/./urandom -Xms256m -Xmx512m "
    resources:
      requests:
        cpu: "250m"
        memory: "768Mi"

    # Optional volumes and mounts for the domain's pods. See also 'logHome'.
    #volumes:
    #- name: weblogic-domain-storage-volume
    #  persistentVolumeClaim:
    #    claimName: sample-domain1-weblogic-sample-pvc
    #volumeMounts:
    #- mountPath: /shared
    #  name: weblogic-domain-storage-volume

  # The desired behavior for starting the domain's administration server.
  # adminServer:
    # Set up a Kubernetes node port for the administration server default channel
    #adminService:
    #  channels:
    #  - channelName: default
    #    nodePort: 30701

  # The number of managed servers to start for unlisted clusters
  replicas: 1

  # The desired behavior for starting a specific cluster's member servers
  clusters:
  - name: sample-domain1-cluster-1

  # Change the restartVersion to force the introspector job to rerun
  # and apply any new model configuration, to also force a subsequent
  # roll of your domain's WebLogic Server pods.
  restartVersion: '1'

  # Changes to this field cause the operator to repeat its introspection of the
  #  WebLogic domain configuration.
  introspectVersion: '1'

    # Secrets that are referenced by model yaml macros
    # (the model yaml in the optional configMap or in the image)
    #secrets:
    #- sample-domain1-datasource-secret

---

apiVersion: "weblogic.oracle/v1"
kind: Cluster
metadata:
  name: sample-domain1-cluster-1
  # Update this with the namespace your domain will run in:
  namespace: sample-domain1-ns
  labels:
    # Update this with the `domainUID` of your domain:
    weblogic.domainUID: sample-domain1

spec:
  replicas: 2
  clusterName: cluster-1
GKE cluster logs



Create Weblogic domain type Model in image 
Paste your text here.$ kubectl apply -f https://raw.githubusercontent.com/oracle/weblogic-kubernetes-operator/release/4.1/kubernetes/samples/quick-start/domain-resource.yaml
domain.weblogic.oracle/sample-domain1 created
cluster.weblogic.oracle/sample-domain1-cluster-1 created
1st attempt to create domain 
$ kubectl describe domain sample-domain1 -n sample-domain1-ns
Name:         sample-domain1
Namespace:    sample-domain1-ns
Labels:       weblogic.domainUID=sample-domain1
Annotations:  <none>
API Version:  weblogic.oracle/v9
Kind:         Domain
Metadata:
  Creation Timestamp:  2023-12-15T09:16:03Z
  Generation:          1
  Resource Version:    993809
  UID:                 1f7d5657-cac5-442a-9b4c-8554459a4dc2
Spec:
  Clusters:
    Name:  sample-domain1-cluster-1
  Configuration:
    Model:
      Auxiliary Images:
        Image:                       phx.ocir.io/weblogick8s/quick-start-aux-image:v1
      Domain Type:                   WLS
      Runtime Encryption Secret:     sample-domain1-runtime-encryption-secret
    Override Distribution Strategy:  Dynamic
  Domain Home:                       /u01/domains/sample-domain1
  Domain Home Source Type:           FromModel
  Failure Retry Interval Seconds:    120
  Failure Retry Limit Minutes:       1440
  Http Access Log In Log Home:       true
  Image:                             container-registry.oracle.com/middleware/weblogic:12.2.1.4
  Image Pull Policy:                 IfNotPresent
  Image Pull Secrets:
    Name:                             weblogic-repo-credentials
  Include Server Out In Pod Log:      true
  Introspect Version:                 1
  Max Cluster Concurrent Shutdown:    1
  Max Cluster Concurrent Startup:     0
  Max Cluster Unavailable:            1
  Replace Variables In Java Options:  false
  Replicas:                           1
  Restart Version:                    1
  Server Pod:
    Env:
      Name:   JAVA_OPTIONS
      Value:  -Dweblogic.StdoutDebugEnabled=false
      Name:   USER_MEM_ARGS
      Value:  -Djava.security.egd=file:/dev/./urandom -Xms256m -Xmx512m 
    Resources:
      Requests:
        Cpu:            250m
        Memory:         768Mi
  Server Start Policy:  IfNeeded
  Web Logic Credentials Secret:
    Name:  sample-domain1-weblogic-credentials
Status:
  Clusters:
  Conditions:
    Last Transition Time:  2023-12-15T09:16:15.700869Z
    Message:               Failure on pod 'sample-domain1-introspector-wrxfg' in namespace 'sample-domain1-ns': 0/1 nodes are available: 1 Insufficient cpu. preemption: 0/1 nodes are available: 1 No preemption victims found for incoming pod..
    Reason:                ServerPod
    Severity:              Severe
    Status:                True
    Type:                  Failed
    Last Transition Time:  2023-12-15T09:16:15.773251Z
    Status:                False
    Type:                  Completed
  Initial Failure Time:    2023-12-15T09:16:15.700869Z
  Last Failure Time:       2023-12-15T09:16:15.700869Z
  Message:                 Failure on pod 'sample-domain1-introspector-wrxfg' in namespace 'sample-domain1-ns': 0/1 nodes are available: 1 Insufficient cpu. preemption: 0/1 nodes are available: 1 No preemption victims found for incoming pod..
  Observed Generation:     1
  Reason:                  ServerPod
  Servers:
  Start Time:  2023-12-15T09:16:10.298141Z
Events:
  Type     Reason   Age   From               Message
  ----     ------   ----  ----               -------
  Normal   Created  89s   weblogic.operator  Domain sample-domain1 was created.
  Warning  Failed   82s   weblogic.operator  Domain sample-domain1 failed due to 'Server pod error': Failure on pod 'sample-domain1-introspector-wrxfg' in namespace '
Get domain status 
$ kubectl get domain sample-domain1 -n sample-domain1-ns -o json | jq .status
{
  "clusters": [],
  "conditions": [
    {
      "lastTransitionTime": "2023-12-15T09:18:14.230192Z",
      "message": "Job sample-domain1-introspector failed due to reason: DeadlineExceeded. ActiveDeadlineSeconds of the job is configured with 120 seconds. The job was started 120 seconds ago. Ensure all domain dependencies have been deployed (any secrets, config-maps, PVs, and PVCs that the domain resource references). Use kubectl describe for the job and its pod for more job failure information. The job may be retried by the operator with longer `ActiveDeadlineSeconds` value in each subsequent retry. Use `domain.spec.configuration.introspectorJobActiveDeadlineSeconds` to increase the job timeout interval if the job still fails after the retries are exhausted. The time limit for retries can be configured in `domain.spec.failureRetryLimitMinutes`.",
      "reason": "Introspection",
      "severity": "Severe",
      "status": "True",
      "type": "Failed"
    },
    {
      "lastTransitionTime": "2023-12-15T09:16:15.773251Z",
      "status": "False",
      "type": "Completed"
    }
  ],
  "failedIntrospectionUid": "8a861c80-cb72-4314-802c-f7c8ee53cffb",
  "initialFailureTime": "2023-12-15T09:18:14.230192Z",
  "lastFailureTime": "2023-12-15T09:18:14.230192Z",
  "message": "Job sample-domain1-introspector failed due to reason: DeadlineExceeded. ActiveDeadlineSeconds of the job is configured with 120 seconds. The job was started 120 seconds ago. Ensure all domain dependencies have been deployed (any secrets, config-maps, PVs, and PVCs that the domain resource references). Use kubectl describe for the job and its pod for more job failure information. The job may be retried by the operator with longer `ActiveDeadlineSeconds` value in each subsequent retry. Use `domain.spec.configuration.introspectorJobActiveDeadlineSeconds` to increase the job timeout interval if the job still fails after the retries are exhausted. The time limit for retries can be configured in `domain.spec.failureRetryLimitMinutes`.. Will retry next at 2023-12-15T09:20:14.230192611Z and approximately every 120 seconds afterward until 2023-12-16T09:18:14.230192611Z if the failure is not resolved.",
  "observedGeneration": 1,
  "reason": "Introspection",
  "servers": [],
  "startTime": "2023-12-15T09:16:10.298141Z"
}

Workloads




Logs explorer on GKE


Get pods

$ kubectl get pods -n sample-domain1-ns
NAME                                READY   STATUS    RESTARTS   AGE
sample-domain1-introspector-t9nbl   1/1     Running   0          6m22s
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)