You can use the WebLogic Scripting Tool (WLST) to manage a domain running in Kubernetes.
To give WLST access to a domain running in Kubernetes, you can:
kubectl exec
You can use the kubectl exec
command to start an interactive WLST session
within a pod or to remotely run a WLST script on a pod.
Typically, this is the preferred method.
NOTE: The WLST script uses the value of the environment variable USER_MEM_ARGS
to control the heap settings of the JVM process. If you have set the environment variable
USER_MEM_ARGS
in the domain resource YAML, the WLST process will inherit the memory settings. For example,
if you have the USER_MEM_ARGS
value set to -Xms2048m -Xmx2048m
, the WebLogic Server JAVA process will use this heap settings, and if you run the WLST script in the server pod,
the WLST script JAVA process will also use this heap settings. This may cause unexpected behavior in the server pod due to additional memory usage.
For example, if a domainUID
is sample-domain1
,
its Administration Server is named admin-server
and is configured with default port 7001
,
and its pods are running in namespace sample-domain1-ns
,
then you can start an interactive WLST session this way:
$ kubectl -n sample-domain1-ns exec -it sample-domain1-admin-server /bin/bash
[oracle@sample-domain1-admin-server oracle]$ wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> connect('myusername','mypassword','t3://sample-domain1-admin-server:7001')
Connecting to t3://sample-domain1-admin-server:7001 with userid myusername ...
Successfully connected to Admin Server "admin-server" that belongs to domain "base_domain".
Warning: An insecure protocol was used to connect to the server.
To ensure on-the-wire security, the SSL port or Admin port should be used instead.
wls:/base_domain/serverConfig/> exit()
Exiting WebLogic Scripting Tool.
[oracle@sample-domain1-admin-server oracle]$ exit
$
NodePort
If you are setting up WLST access through a NodePort
and your external port
is not going to be the same as the port number on the WebLogic Administration Server Pod, then see
Enabling WLST access when local and remote ports do not match
for an additional required setup step.
A NodePort
can expose a WebLogic T3 or administrative channel
outside the Kubernetes cluster.
For domain security considerations, see External network access security.
You can configure an Administration Server to expose an
externally accessible NodePort
using these two steps:
domain.spec.adminServer.adminService.channels
attribute.Here is an example snippet of a WebLogic domain config.xml
file
for T3 channel T3Channel
defined for an Administration Server named admin-server
:
<server>
<name>admin-server</name>
<listen-port>7001</listen-port>
<listen-address/>
<network-access-point>
<name>T3Channel</name>
<protocol>t3</protocol>
<public-address>kubernetes001</public-address>
<listen-port>30012</listen-port>
<public-port>30012</public-port>
</network-access-point>
</server>
Here is an example snippet of a domain resource that sets up a NodePort for the channel:
spec:
adminServer:
adminService:
channels:
- channelName: T3Channel
nodePort: 30012
If you set the nodePort:
value to 0
, then Kubernetes will choose
an open port for you.
For more details on exposing the T3 channel using a NodePort service,
run the kubectl explain domain.spec.adminServer.adminService.channels
command
or see the domain resource schema and documentation.
For example, if a domainUID
is domain1
,
the Administration Server name is admin-server
,
and you have set up a NodePort service
on external port 30012
using
the domain.spec.adminServer.adminService.channels
attribute,
then the service would be called:
domain1-admin-server-ext
This service will be in the same namespace as the domain, and its external port number can be obtained by checking its nodePort
field:
$ kubectl get service domain1-admin-server-ext -n mynamespace -o jsonpath='{.spec.ports[0].nodePort}'
30012
If the Kubernetes node machine address is kubernetes001
, then WLST can connect to
the WebLogic Server Administration Server pod through the NodePort
as shown below:
$ $ORACLE_HOME/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> connect('myusername','mypassword','t3://kubernetes001:30012')
Connecting to t3://kubernetes001:30012 with userid myusername ...
Successfully connected to Admin Server "admin-server" that belongs to domain "base_domain".
Warning: An insecure protocol was used to connect to the server.
To ensure on-the-wire security, the SSL port or Admin port should be used instead.
wls:/base_domain/serverConfig/> exit()
Exiting WebLogic Scripting Tool.
One way to provide external access to WLST is to forward network traffic from a local port on your local machine to the administration port of an Administration Server Pod. See these instructions.
Port forwarding can expose a WebLogic T3 or administrative channel outside the Kubernetes cluster. For domain security considerations, see External network access security.