Skip to content

WKO documentation corrected for AKS for MII and DPV scenarios #5380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ An image can contain multiple properties files, archive ZIP files, and model YAM

#### Creating the image with WIT

{{< readfile file="/samples/azure-kubernetes-service/includes/run-mii-to-create-auxiliary-image.txt" >}}
{{< readfile file="/samples/azure-kubernetes-service/includes/run-dpv-to-create-auxiliary-image.txt" >}}

{{% notice note %}}
The `imagetool.sh` is not supported on macOS with Apple Silicon. See [Troubleshooting - exec format error]({{< relref "/samples/azure-kubernetes-service/troubleshooting#exec-weblogic-operatorscriptsintrospectdomainsh-exec-format-error" >}}).
Expand Down Expand Up @@ -286,6 +286,8 @@ The domain resource references the cluster resource, a WebLogic Server installat

- Create the load balancer services using the following commands:

Note: For secure mode, replace port 7001 with 9002 in admin-lb.yaml file before applying

```shell
$ kubectl apply -f admin-lb.yaml
```
Expand All @@ -296,6 +298,9 @@ The domain resource references the cluster resource, a WebLogic Server installat
service/domain1-admin-server-external-lb created
```

Note: For secure mode, replace port 8001 with 8002 in cluster-lb.yaml file before applying


```shell
$ kubectl apply -f cluster-lb.yaml
```
Expand Down Expand Up @@ -363,7 +368,15 @@ The domain resource references the cluster resource, a WebLogic Server installat

```

For secure mode, notice ports 9002, 8002 respectively, under PORT(S) column for admin-server and cluster
LoadBalancer service configurations, as these ports were included in the admin-lb.yaml and
cluster-lb.yaml files.


In the example, the URL to access the Administration Server is: `http://4.157.147.131:7001/console`.

For secure mode, use `https://4.157.147.131:9002/console`.

The user name and password that you enter for the Administration Console must match the ones you specified for the `domain1-weblogic-credentials` secret in the [Create secrets](#create-secrets) step.

If the WLS Administration Console is still not available, use `kubectl get events --sort-by='.metadata.creationTimestamp' ` to troubleshoot.
Expand Down Expand Up @@ -410,6 +423,8 @@ $ ADMIN_SERVER_IP=$(kubectl get svc domain1-admin-server-external-lb -o=jsonpath
$ echo "Administration Console Address: http://${ADMIN_SERVER_IP}:7001/console/"
```

For secure mode, use Administration Console Address: `https://${ADMIN_SERVER_IP}:9002/console/`.

Access the sample application using the cluster load balancer IP address.

```shell
Expand All @@ -420,6 +435,9 @@ $ CLUSTER_IP=$(kubectl get svc domain1-cluster-1-lb -o=jsonpath='{.status.loadBa
$ curl http://${CLUSTER_IP}:8001/myapp_war/index.jsp
```

For secure mode, use
`curl https://${CLUSTER_IP}:8002/myapp_war/index.jsp`

The test application will list the server host on the output, like the following:

```html
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
Download the WebLogic Kubernetes Operator sample ZIP file. We will use several scripts in this zip file to create a WebLogic domain. This sample was tested with v4.2.8, but should work with the latest release.
Download the WebLogic Kubernetes Operator sample ZIP file. We will use several scripts in this zip file to create a WebLogic domain. This sample was tested with v4.2.16, but should work with the latest release.

```shell
$ cd $BASE_DIR
$ mkdir sample-scripts
$ curl -m 120 -fL https://github.com/oracle/weblogic-kubernetes-operator/releases/download/v4.2.8/sample-scripts.zip \
$ curl -m 120 -fL https://github.com/oracle/weblogic-kubernetes-operator/releases/download/v4.2.16/sample-scripts.zip \
-o ${BASE_DIR}/sample-scripts/sample-scripts.zip
$ unzip ${BASE_DIR}/sample-scripts/sample-scripts.zip -d ${BASE_DIR}/sample-scripts
```
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
At this point, you have all of the files needed for `image wdt-domain-image:WLS-v1` staged; they include:

- `/tmp/dpv-sample/wdt-model-files/WLS-v1/model.10.yaml`
- `/tmp/dpv-sample/wdt-model-files/WLS-v1/model.10.properties`
- `/tmp/dpv-sample/wdt-model-files/WLS-v1/archive.zip`

Now, you use the Image Tool to create an image named `wdt-domain-image:WLS-v1`. You’ve already set up this tool during the prerequisite steps.

Run the following command to create the image and verify that it worked.

```shell
$ ${WDT_MODEL_FILES_PATH}/imagetool/bin/imagetool.sh createAuxImage \
--tag wdt-domain-image:WLS-v1 \
--wdtModel ${WDT_MODEL_FILES_PATH}/WLS-v1/model.10.yaml \
--wdtVariables ${WDT_MODEL_FILES_PATH}/WLS-v1/model.10.properties \
--wdtArchive ${WDT_MODEL_FILES_PATH}/WLS-v1/archive.zip
```

This command runs the WebLogic Image Tool to create the domain creation image and does the following:

- Builds the final container image as a layer on a small `busybox` base image.
- Copies the WDT ZIP file that's referenced in the WIT cache into the image.
- Note that you cached WDT in WIT using the keyword `latest` when you set up the cache during the sample prerequisites steps.
- This lets WIT implicitly assume it's the desired WDT version and removes the need to pass a `-wdtVersion` flag.
- Copies the specified WDT model, properties, and application archives to image location `/auxiliary/models`.

When the command succeeds, it should end with output like the following:

```
[INFO ] Build successful. Build time=70s. Image tag=wdt-domain-image:WLS-v1
```

Verify the image is available in the local Docker server with the following command.

```shell
$ docker images | grep WLS-v1
```

The output will show something similar to the following:

```
wdt-domain-image WLS-v1 012d3bfa3536 5 days ago 1.13GB
```
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
At this point, you have all of the files needed for `image wdt-domain-image:WLS-v1` staged; they include:

- `/tmp/sample/wdt-artifacts/wdt-model-files/WLS-v1/model.10.yaml`
- `/tmp/sample/wdt-artifacts/wdt-model-files/WLS-v1/model.10.properties`
- `/tmp/sample/wdt-artifacts/wdt-model-files/WLS-v1/archive.zip`
- `/tmp/mii-sample/wdt-model-files/WLS-v1/model.10.yaml`
- `/tmp/mii-sample/wdt-model-files/WLS-v1/model.10.properties`
- `/tmp/mii-sample/wdt-model-files/WLS-v1/archive.zip`

Now, you use the Image Tool to create an image named `wdt-domain-image:WLS-v1`. You’ve already set up this tool during the prerequisite steps.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,4 +56,38 @@ The model file:
- _This conveniently provides a simple way to deploy multiple differently named domains using the same model image_.
- The model file administrator user name and password are set using a `weblogic-credentials` secret macro reference to the WebLogic credential secret.
- This secret is in turn referenced using the `webLogicCredentialsSecret` field in the Domain.
- The `weblogic-credentials` is a reserved name that always dereferences to the owning Domain actual WebLogic credentials secret name.
- The `weblogic-credentials` is a reserved name that always dereferences to the owning Domain actual WebLogic credentials secret name.

Secure Mode:

To configure WebLogic Domain in Secure mode, make the following changes in `model.10.yaml` file

- Set server start mode to secure

```
domainInfo:
AdminUserName: '@@SECRET:__weblogic-credentials__:username@@'
AdminPassword: '@@SECRET:__weblogic-credentials__:password@@'
ServerStartMode: 'secure'

```

Include and enable SSL Listen Port 8002 for Server Template and enable secure mode under Security Configuration section
```
Server:
'admin-server':
ListenPort: 7001
ServerTemplate:
'cluster-1-template':
Cluster: 'cluster-1'
ListenPort: 8001
SSL:
ListenPort: 8002
Enabled: true

SecurityConfiguration:
SecureMode:
SecureModeEnabled: true
```

- Note that, when secure mode is enabled, the WebLogic Server Administration port defaults to 9002 (https)
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
title: "Model in Image"
date: 2020-11-24T18:22:31-05:00
date: 2025-05-12T13:22:31-05:00
weight: 3
description: "Sample for creating a WebLogic cluster on the Azure Kubernetes Service with model in image domain home source type."
---
Expand Down Expand Up @@ -114,7 +114,7 @@ Update the repo to get the latest Helm charts. It is a best practice to do this
$ helm repo update
$ helm install weblogic-operator weblogic-operator/weblogic-operator \
--namespace sample-weblogic-operator-ns \
--version 4.2.8 \
--version 4.2.16 \
--set serviceAccount=sample-weblogic-operator-sa \
--wait
```
Expand All @@ -123,14 +123,14 @@ The output will show something similar to the following:

```
NAME: weblogic-operator
LAST DEPLOYED: Fri Aug 12 14:28:47 2022
LAST DEPLOYED: Mon May 12 14:28:47 2025
NAMESPACE: sample-weblogic-operator-ns
STATUS: deployed
REVISION: 1
TEST SUITE: None
```

{{% notice tip %}} If you wish to use a more recent version of the operator, replace the `4.2.8` in the preceding command with the other version number. To see the list of versions, visit the [GitHub releases page](https://github.com/oracle/weblogic-kubernetes-operator/releases).
{{% notice tip %}} If you wish to use a more recent version of the operator, replace the `4.2.16` in the preceding command with the other version number. To see the list of versions, visit the [GitHub releases page](https://github.com/oracle/weblogic-kubernetes-operator/releases).
{{% /notice %}}


Expand All @@ -144,7 +144,7 @@ The output will show something similar to the following:

```
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
weblogic-operator sample-weblogic-operator-ns 1 2023-05-15 10:31:05.1890341 +0800 CST deployeweblogic-operator-4.2.8 4.2.8
weblogic-operator sample-weblogic-operator-ns 1 2025-05-12 15:31:05.1890341 +0800 CST deployeweblogic-operator-4.2.16 4.2.16
```

```shell
Expand Down Expand Up @@ -402,6 +402,13 @@ $ bash $BASE_DIR/sample-scripts/create-weblogic-domain-on-azure-kubernetes-servi

After running above commands, you will get three files: `mii-initial.yaml`, `admin-lb.yaml` and `cluster-lb.yaml`.

For secure mode, include "-Dweblogic.security.SSL.ignoreHostnameVerification=true" under JAVA_OPTIONS in mii-initial.yaml file.

```
- name: JAVA_OPTIONS
value: "-Dweblogic.StdoutDebugEnabled=false -Dweblogic.security.SSL.ignoreHostnameVerification=true"
```

Run the following command to create the domain custom resource:

```shell
Expand Down Expand Up @@ -489,6 +496,30 @@ spec:
```
{{% /expand %}}

In secure mode, as Administration port defaults to 9002, replace port 7001 with 9002 in the admin-lb.yaml file in order to create a load balancer service for the Administration Server.

{{%expand "Click here to view YAML content." %}}
```yaml
apiVersion: v1
kind: Service
metadata:
name: sample-domain1-admin-server-external-lb
namespace: sample-domain1-ns
spec:
ports:
- name: default
port: 9002
protocol: TCP
targetPort: 9002
selector:
weblogic.domainUID: sample-domain1
weblogic.serverName: admin-server
sessionAffinity: None
type: LoadBalancer
```
{{% /expand %}}


Use the file `cluster-lb.yaml` to create a load balancer service for the managed servers. If you are choosing not to use the predefined YAML file and instead created new one with customized values, then substitute the following content with your domain values.

{{%expand "Click here to view YAML content." %}}
Expand All @@ -513,6 +544,31 @@ spec:
```
{{% /expand %}}

For Secure mode, similar to the Administration Server Load Balancer service configuration, replace port 8001 with 8002 as Managed Servers will now listen on port 8002 (https) in secure mode

{{%expand "Click here to view YAML content." %}}
```yaml
apiVersion: v1
kind: Service
metadata:
name: sample-domain1-cluster-1-lb
namespace: sample-domain1-ns
spec:
ports:
- name: default
port: 8002
protocol: TCP
targetPort: 8002
selector:
weblogic.domainUID: sample-domain1
weblogic.clusterName: cluster-1
sessionAffinity: None
type: LoadBalancer

```

{{% /expand %}}

Create the load balancer services using the following commands:

```shell
Expand Down Expand Up @@ -553,15 +609,30 @@ sample-domain1-managed-server1 ClusterIP None <none>
sample-domain1-managed-server2 ClusterIP None <none> 8001/TCP 7m52s
```

For secure mode, the Successful output will look like:

```
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
sample-domain1-admin-server ClusterIP None <none> 9002/TCP,7002/TCP 10m
sample-domain1-admin-server-external-lb LoadBalancer 10.0.184.118 52.191.234.149 9002:30087/TCP 4m40s
sample-domain1-cluster-1-lb LoadBalancer 10.0.76.7 52.191.235.71 8002:32600/TCP 71s
sample-domain1-cluster-cluster-1 ClusterIP 10.0.118.225 <none> 7002/TCP,9002/TCP 12m
sample-domain1-managed-server1 ClusterIP None <none> 7002/TCP,9002/TCP 12m
sample-domain1-managed-server2 ClusterIP None <none> 7002/TCP,9002/TCP 12m
```

In the example, the URL to access the Administration Server is: `http://52.191.234.149:7001/console`.

For secure mode, use the URL: `https://52.191.234.149:9002/console`

The expected username and password must match the values that you chose during the [Kubernetes Secrets for WebLogic](#kubernetes-secrets-for-weblogic) step.

**IMPORTANT:** You must ensure that any Network Security Group rules that govern access to the console allow inbound traffic on port 7001.
**IMPORTANT:** You must ensure that any Network Security Group rules that govern access to the console allow inbound traffic on port 7001 (9002 for secure mode).

If the WLS Administration Console is still not available, use `kubectl describe domain` to check domain status.

```shell
$ kubectl describe domain domain1
$ kubectl describe domain sample-domain1 -n sample-domain1-ns
```

Make sure the status of cluster-1 is `ServersReady` and `Available`.
Expand All @@ -575,7 +646,7 @@ Annotations: <none>
API Version: weblogic.oracle/v9
Kind: Domain
Metadata:
Creation Timestamp: 2020-11-30T05:40:11Z
Creation Timestamp: 2025-05-12T15:40:11Z
Generation: 1
Resource Version: 9346
Self Link: /apis/weblogic.oracle/v9/namespaces/sample-domain1-ns/domains/sample-domain1
Expand Down Expand Up @@ -637,7 +708,7 @@ Status:
Replicas: 2
Replicas Goal: 2
Conditions:
Last Transition Time: 2020-11-30T05:45:15.493Z
Last Transition Time: 2025-05-12T15:45:15.493Z
Reason: ServersReady
Status: True
Type: Available
Expand All @@ -657,7 +728,7 @@ Status:
Cluster Name: cluster-1
Desired State: RUNNING
Health:
Activation Time: 2020-11-30T05:44:54.699Z
Activation Time: 2025-05-12T15:44:54.699Z
Overall Health: ok
Subsystems:
Subsystem Name: ServerRuntime
Expand All @@ -668,7 +739,7 @@ Status:
Cluster Name: cluster-1
Desired State: RUNNING
Health:
Activation Time: 2020-11-30T05:45:07.211Z
Activation Time: 2025-05-12T15:45:07.211Z
Overall Health: ok
Subsystems:
Subsystem Name: ServerRuntime
Expand All @@ -685,7 +756,7 @@ Status:
Cluster Name: cluster-1
Desired State: SHUTDOWN
Server Name: managed-server5
Start Time: 2020-11-30T05:40:11.709Z
Start Time: 2025-05-12T15:40:11.709Z
Events: <none>
```
{{% /expand %}}
Expand All @@ -699,16 +770,25 @@ $ ADMIN_SERVER_IP=$(kubectl -n sample-domain1-ns get svc sample-domain1-admin-se
$ echo "Administration Console Address: http://${ADMIN_SERVER_IP}:7001/console/"
```

For secure mode, use `https://${ADMIN_SERVER_IP}:9002/console/`

Access the sample application using the cluster load balancer IP address.

```shell
## Access the sample application using the cluster load balancer IP.
$ CLUSTER_IP=$(kubectl -n sample-domain1-ns get svc sample-domain1-cluster-1-lb -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')
```

**IMPORTANT:** You must ensure that any Network Security Group rules that govern access to the sample application allow inbound traffic on port 8001 (8002 for secure mode).


```shell
$ curl http://${CLUSTER_IP}:8001/myapp_war/index.jsp
```
For secure mode, use
```shell
$ curl -k https://${CLUSTER_IP}:8002/myapp_war/index.jsp
```

Successful output will look like:

Expand Down
Loading