If you are running your Kubernetes cluster on Oracle Container Engine for Kubernetes (commonly known as OKE), and you use OCI File Storage (FSS) for persistent volumes to store the WebLogic domain home, then the file system handling, as demonstrated in the operator persistent volume sample, will require an update to properly initialize the file ownership on the persistent volume when the domain is initially created.
File permission handling on persistent volumes can differ between
cloud providers and even with the underlying storage handling on
Linux based systems. These instructions provide one option to
update file ownership used by the standard Oracle images where
1000 and GID
1000 typically represent the
For more information on persistent volume handling,
see Persistent storage.
The existing sample for creation of a domain home on persistent volume
uses a Kubernetes Job to create the domain. The sample uses an
initContainers section to change the file ownership which will
fail for OCI FSS created volumes used with an OKE cluster.
The OCI FSS volume contains some files that are not modifiable thus causing the Kubernetes Job to fail. The failure is seen in the description of the Kubernetes Job pod:
$ kubectl describe -n domain1-ns pod domain1-create-weblogic-sample-domain-job-wdkvs
Init Containers: fix-pvc-owner: Container ID: docker://7051b6abdc296c76e937246df03d157926f2f7477e63b6af3bf65f6ae1ceddee Image: container-registry.oracle.com/middleware/weblogic:188.8.131.52 Image ID: docker-pullable://container-registry.oracle.com/middleware/weblogic@sha256:47dfd4fdf6b56210a6c49021b57dc2a6f2b0d3b3cfcd253af7a75ff6e7421498 Port: <none> Host Port: <none> Command: sh -c chown -R 1000:0 /shared State: Terminated Reason: Error Exit Code: 1 Started: Wed, 12 Feb 2020 18:28:53 +0000 Finished: Wed, 12 Feb 2020 18:28:53 +0000 Ready: False Restart Count: 0 Environment: <none>
In the following snippet of the create-domain-job-template.yaml,
you can see the updated
command for the init container:
apiVersion: batch/v1 kind: Job metadata: name: %DOMAIN_UID%-create-weblogic-sample-domain-job namespace: %NAMESPACE% spec: template: metadata: ... spec: restartPolicy: Never initContainers: - name: fix-pvc-owner image: %WEBLOGIC_IMAGE% command: ["sh", "-c", "chown 1000:0 %DOMAIN_ROOT_DIR%/. && find %DOMAIN_ROOT_DIR%/. -maxdepth 1 ! -name '.snapshot' ! -name '.' -print0 | xargs -r -0 chown -R 1000:0"] volumeMounts: - name: weblogic-sample-domain-storage-volume mountPath: %DOMAIN_ROOT_DIR% securityContext: runAsUser: 0 runAsGroup: 0 containers: - name: create-weblogic-sample-domain-job image: %WEBLOGIC_IMAGE% ...
Use this new
command in your copy of this template file. This will result in
the ownership being updated for the expected files only, before the WebLogic
domain is created on the persistent volume.