Advanced actions with Oracle WebLogic Server cluster on Azure Kubernetes Service

This document describes how to create an Oracle WebLogic Server cluster on Azure Kubernetes Service using the Azure CLI.


Oracle and Microsoft maintain an Azure Marketplace offer that makes it easy to get started with Oracle WebLogic Server on Azure. For complete documentation on the offer, see the user guide.

If you need to go beyond the capabilities of the Azure Marketplace offer, this guidance enables several advanced features. The following features and more are possible.

This document will guide you to create a WebLogic Server cluster in ways that supplement and enhance the capabilities offered by the Azure Marketplace offer. The techniques described in this document go beyond what you can configure using the Azure Marketplace offer.


This section lists several prerequisites for activating the features as described in the guidance. Optional prerequisites are marked as (optional)

Environment for Setup

Azure Storage account

If you are deploying a Java EE application or using your own JDBC data source driver, you are required to have application packages and JDBC libraries uploaded to a blob storage container in an Azure Storage Account.

To create Azure Storage Account and blobs, follow the steps in Quickstart: Upload, download, and list blobs with the Azure portal.

Upload your application packages (.jar, .war, .ear files) to the blob.

Upload your JDBC drivers (.jar files) to the blob.

Database Instance (optional)

If you are going to apply a database with Oracle WebLogic Server, you must have an existing database instance to use.

This template builds with data source driver for three popular Azure databases: Oracle, Azure SQL Server, Azure Database for PostgreSQL. If you do not have an instance, please create one from the Azure portal.

If you want to use any other databse, you must provide a running database instance. Make sure the database is accessible from Azure. Specify a data source driver url via dbDriverLibrariesUrls , data source driver name via dbDriverName and test table name dbTestTableName, see Database for more information.

Custom DNS (optional)

Registered Domain Name

You need to buy a domain name to create a custom DNS alias.

Azure DNS Zone

If you create the DNS alias on an existing Azure DNS Zone, make sure you have perfomed the Azure DNS Delegation. After you have completed the delegation, you can verify it with nslookup. For example, assuming your domain name is, this output shows a correct delegation.

$ nslookup -type=SOA

Non-authoritative answer:
        origin =
        mail addr =
        serial = 1
        refresh = 3600
        retry = 300
        expire = 2419200
        minimum = 300
Address: 2603:1061::1

We strongly recommand you create an Azure DNS Zone for domain management and reuse it for other perpose. To create an Azure DNS Zone, follow the steps in Quickstart: Create an Azure DNS zone and record using the Azure portal.

Prepare the Parameters

You must construct a parameters JSON file containing the parameters to be passed to the ARM template. For background information about parameter files, see Create Resource Manager parameter file. This section shows how to obtain the values for the required properties.

Obtain parameter values from Azure portal

The following steps use the Azure Create UI Definition Sandbox to obtain the values. If you prefer to edit a JSON file, you can also create the objects in your parameters file directly. The Azure UI Definition Sandbox provides controls to select resources and input your values easily. More importantly, this approach generates syntactically valid JSON, eliminating an important class of data entry error.

Configure advanced parameters

Now that you have a syntactically and semantically correct parameters.json, you must add some additional parameters, depending on the features you want to configure.

Advanced parameter Name Explanation
_artifactsLocation Required. See below for details.
aciResourcePermissions Optinal. Boolean value.
The parameter activates when Azure Container Insights is enabled. If false: Set the workspace to workspace-context permissions. This is the default setting if the flag isn’t set. If true: Set the workspace to resource-context permissions. See Azure Monitor access control mode
aciRetentionInDays Optinal. Integer value.
Number of days to retain data in Azure Monitor workspace.
aciWorkspaceSku Optinal. Enum value.
For the set of valid values for this parameter, see the sku property in Resource Manager template samples for Log Analytics workspaces in Azure Monitor
aksAgentPoolName Optinal. String value.
The name for this node pool. Node pool must contain only lowercase letters and numbers. For Linux node pools the name cannot be longer than 12 characters.
aksVersion Optinal. String value.
Version of Azure Kubernetes Service. Use default version if no specified value.
enableAdminT3Tunneling Optinal. Boolean value.
Configure a custom channel in Admin Server for the T3 protocol that enables HTTP tunneling.
enableClusterT3Tunneling Optinal. Boolean value.
Configure a custom channel in the Oracle WebLogic Server cluster for the T3 protocol that enables HTTP tunneling.
t3ChannelAdminPort Optinal. Integer value, 1-65535.
Sepcify cublic port of the custom T3 channel in admin server.
t3ChannelClusterPort Optinal. Integer value, 1-65535.
Specify public port of the custom T3 channel in the Oracle WebLogic Server cluster.
wlsCPU Optinal. String value.
Sepcify CPU requests for admin server and managed server pods. See Managing Resources for Containers
wlsMemory Optinal. String value.
Specify memory requests for admin server and managed server pods. See Managing Resources for Containers


This value must be the following.

Append the expected advanced parameter to parameters.json. And make sure _artifactsLocation is present with the value shown above in parameters.json.

Example Parameters JSON

This is a sample to create an Oracle WebLogic Server cluster with custom T3 channel, and expose the T3 channel via Azure Load Balancer Service. The parameters using default value haven’t been shown for brevity.

    "_artifactsLocation": {
        "value": ""
    "acrName": {
      "value": "sampleacr"
    "aksClusterName": {
      "value": "sampleaks"
    "aksClusterRGName": {
      "value": "sampleaksgroup"
    "createACR": {
      "value": false
    "createAKSCluster": {
      "value": false
    "enableAdminT3Tunneling": {
      "value": true
    "enableClusterT3Tunneling": {
      "value": true
    "lbSvcValues": {
      "value": [
          "colName": "domain1-admin-t3",
          "colTarget": "adminServerT3",
          "colPort": "7005"
          "colName": "domain-cluster-t3",
          "colTarget": "cluster1T3",
          "colPort": "8011"
    "location": {
      "value": "eastus"
    "ocrSSOPSW": {
      "value": "Secret123!"
    "ocrSSOUser": {
      "value": ""
    "wdtRuntimePassword": {
      "value": "Secret123!"
    "wlsPassword": {
      "value": "Secret123!"
    "wlsUserName": {
      "value": "weblogic"

Invoke the ARM template

Assume your parameters file is available in the current directory and is named parameters.json. This section shows the commands to create an Oracle WebLogic Server cluster on AKS.

Use the command to create a resoruce group.

az group create --name ${resourceGroupName} -l eastus

Validate your parameters file

The az group deployment validate command is very useful to validate your parameters file is syntactically correct.

az deployment group validate --verbose \
  --resource-group ${resourceGroupName} \
  --parameters @parameters.json \

If the command returns with an exit status other than 0, inspect the output and resolve the problem before proceeding. You can check the exit status by executing the commad echo $? immediately after the az command.

Execute the template

After successfully validating the template invocation, change validate to create to invoke the template.

az deployment group create --verbose \
  --resource-group ${resourceGroupName} \
  --name advanced-deployment \
  --parameters @parameters.json \

As with the validate command, if the command returns with an exit status other than 0, inspect the output and resolve the problem.

After a successful deployment, you should find "provisioningState": "Succeeded" in your output.

Verify deployment

The sample has set up custom T3 channel for Administration Server and cluster, you should be able to access Administration Console portal using the public address of T3 channel.

Obtain the address from deployment output:

Get public IP and port from adminServerT3ExternalUrl, access http://<public-ip>:<port>/console from browser, you should find the login page.