This document show you how to set up a Kubernetes PersistentVolume and PersistentVolumeClaim, which can be used as storage for WebLogic domain homes and log files. A PersistentVolume can be shared by multiple WebLogic domains or dedicated to a particular domain.
The following prerequisites must be fulfilled before proceeding with the creation of the volume:
PersistentVolumes can point to different storage locations, for example NFS servers or a local directory path. For a list of available options, see the Kubernetes documentation.
Note regarding HostPath: In a single-node Kubernetes cluster, such as may be used for testing or proof of concept activities, HOST_PATH provides the simplest configuration. In a multinode Kubernetes cluster, a HOST_PATH that is located on shared storage mounted by all nodes in the Kubernetes cluster is the simplest configuration. If nodes do not have shared storage, then NFS is probably the most widely available option. There are other options listed in the referenced table.
The PersistentVolume for the domain must be created using the appropriate tools before running the script to create the domain. In the simplest case, namely the HOST_PATH provider, this means creating a directory on the Kubernetes master and ensuring that it has the correct permissions:
$ mkdir -m 777 -p /path/to/domain1PersistentVolume
Note regarding NFS: In the current GA version, the Oracle Container Engine for Kubernetes supports network block storage that can be shared across nodes with access permission RWOnce (meaning that only one can write, others can read only). At this time, the WebLogic on Kubernetes domain created by the WebLogic Kubernetes Operator, requires a shared file system to store the WebLogic domain configuration, which MUST be accessible from all the pods across the nodes. As a workaround, you need to install an NFS server on one node and share the file system across all the nodes.
The HOST_PATH directory permissions can be made more secure by using a Kubernetes annotation on the
PersistentVolume that provides the group identifier (GID) which will be added to pods using the PersistentVolume.
For example, if the GID of the directory is 6789, then the directory can be updated to remove permissions
other than for the user and group along with the PersistentVolume being annotated with the specified GID:
$ chmod 770 /path/to/domain1PersistentVolume
$ kubectl annotate pv domain1-weblogic-sample-pv pv.beta.kubernetes.io/gid=6789
After the domain is created and servers are running, the group ownership of the PersistentVolume files
can be updated to the specified GID which will provide read access to the group members. Typically,
files created from a pod onto the PersistentVolume will have UID 1000 and GID 1000 which is the
oracle user from the WebLogic Server image.
An example of updating the group ownership on the PersistentVolume would be as follows:
$ cd /path/to/domain1PersistentVolume
$ sudo chgrp 6789 applications domains logs stores
$ sudo chgrp -R 6789 domains/
$ sudo chgrp -R 6789 logs/
Persistent volumes and claims are described in YAML files. For each PersistentVolume, you should create one PersistentVolume YAML file and one PersistentVolumeClaim YAML file. In the following example, you will find two YAML templates, one for the volume and one for the claim. As stated previously, they either can be dedicated to a specific domain, or shared across multiple domains. For the use cases where a volume will be dedicated to a particular domain, it is a best practice to label it with weblogic.domainUID=[domain name]. This makes it easy to search for, and clean up resources associated with that particular domain.
For sample YAML templates, refer to the PersistentVolumes example.
After you have written your YAML files, use them to create the PersistentVolume by creating Kubernetes resources using the kubectl create -f command:
$ kubectl create -f pv.yaml
$ kubectl create -f pvc.yaml
To confirm that the PersistentVolume was created, use these commands:
$ kubectl describe pv <persistent volume name>
$ kubectl describe pvc -n NAMESPACE <persistent volume claim name>
This section provides details of common problems that might occur while running the script and how to resolve them.
Possibly the most common problem experienced during testing was the incorrect configuration of the PersistentVolume provider. The PersistentVolume must be accessible to all Kubernetes Nodes, and must be able to be mounted as Read/Write/Many. If this is not the case, the PersistentVolume creation will fail.
The simplest case is where the HOST_PATH provider is used. This can be either with one Kubernetes Node, or with the HOST_PATH residing in shared storage available at the same location on every node (for example, on an NFS mount). In this case, the path used for the PersistentVolume must have its permission bits set to 777.