Helm is a framework that helps you manage Kubernetes applications, and Helm charts help you define and install Helm applications into a Kubernetes cluster. The operator’s Helm chart is located in the
Important note for users of operator releases before 2.0
Helm has two parts: a client (Helm) and a server (Tiller). Tiller runs inside of your Kubernetes cluster, and manages releases (installations) of your charts. For detailed instructions on installing Helm and Tiller, see https://github.com/helm/helm.
In order to use Helm to install and manage the operator, you need to ensure that the service account that Tiller uses
cluster-admin role. The default would be
default in namespace
kube-system. You can give that service
account the necessary permissions with this command:
cat << EOF | kubectl apply -f - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: helm-user-cluster-admin-role roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: default namespace: kube-system EOF
Oracle strongly recommends that you create a new service account to be used exclusively by Tiller and grant
cluster-admin to that service account, rather than using the
The operator Helm chart is pre-configured with default values for the configuration of the operator.
You can override these values by doing one of the following:
--valueoption on the Helm command line.
You can find out the configuration values that the Helm chart supports, as well as the default values, using this command:
$ helm inspect values kubernetes/charts/weblogic-operator
The available configuration values are explained by category in Operator Helm configuration values.
Helm commands are explained in more detail in Useful Helm operations.
The operator can expose an external REST HTTPS interface which can be accessed from outside the Kubernetes cluster. As with the operator’s internal REST interface, the external REST interface requires an SSL/TLS certificate and private key that the operator will use as the identity of the external REST interface (see below).
To enable the external REST interface, configure these values in a custom configuration file, or on the Helm command line:
externalRestIdentitySecretto the name of the kubernetes
tls secretthat contains the certificate(s) and private key.
externalRestHttpsPortto the external port number for the operator REST interface (defaults to
For more detailed information, see the REST interface configuration values.
For testing purposes, the WebLogic Kubernetes Operator project provides a sample script
that generates a self-signed certificate and private key for the operator external REST interface.
The generated certificate and key is stored in a Kubernetes
tls secret and the sample
script outputs the corresponding configuration values in YAML format. These values can be added to your custom YAML configuration file, for use when the operator’s Helm chart is installed.
The sample script should not be used in a production environment because typically a self-signed certificate for external communucation is not considered safe. A certficate signed by a commercial certificate authority is more widely accepted and should contain valid host names, expiration dates and key constraints.
For more detailed information about the sample script and how to run it, see the REST APIs in the Samples section.
The operator Helm chart includes the option of installing the necessary Kubernetes resources for Elastic Stack integration.
You are responsible for configuring Kibana and Elasticsearch, then configuring the operator Helm chart to send events to Elasticsearch. In turn, the operator Helm chart configures Logstash in the operator deployment to send the operator’s log contents to that Elasticsearch location.
As part of the Elastic Stack integration, Logstash configuration occurs for each deployed operator instance. You can use the following configuration values to configure the integration:
trueto enable the integration.
logStashImageto override the default version of Logstash to be used (
elasticSearchPortto override the default location where Elasticsearch is running (
elasticsearch2.default.svc.cluster.local:9201). This will configure Logstash to send the operator’s log contents there.
For more detailed information, see the Operator Helm configuration values.