You can use the WebLogic Scripting Tool (WLST) to manage a domain running in Kubernetes.
To give WLST access to a domain running in Kubernetes, you can:
NOTE: If your domain home type is either Domain in Image or Model in Image, then do not use the WLST to make changes to the WebLogic domain configuration because these changes are ephemeral and will be lost when servers restart. See Choose a domain home source type.
kubectl execYou can use the kubectl exec command to start an interactive WLST session
within a pod or to remotely run a WLST script on a pod.
Typically, this is the preferred method.
NOTE: The WLST script uses the value of the environment variable USER_MEM_ARGS to control the heap settings of the JVM process. If you have set the environment variable
USER_MEM_ARGS in the domain resource YAML, the WLST process will inherit the memory settings. For example,
if you have USER_MEM_ARGS value set to -Xms2048m -Xmx2048m, the WebLogic server JAVA process will use this heap settings, and if you run the WLST script in the server pod,
the WLST script JAVA process will also use this heap settings. This may cause unexpected behavior in the server pod due to additional memory usage.
In order to change the memory settings, you must do the following:
USER_MEM_ARGS="" $ORACLE_HOME/oracle_common/common/bin/wlst.sh
This will unset the USER_MEM_ARGS and let WLST use the default heap size, -Xms32m -Xmx1024m; this only affects the WLST script process.
If you want to use different memory settings, you can adjust it by
USER_MEM_ARGS="-Xms128m -Xmx128m" $ORACLE_HOME/oracle_common/common/bin/wlst.sh
For example, if a domainUID is sample-domain1,
its Administration Server is named admin-server and is configured with default port 7001,
and its pods are running in namespace sample-domain1-ns,
then you can start an interactive WLST session this way:
$ kubectl -n sample-domain1-ns exec -it sample-domain1-admin-server /bin/bash
[oracle@sample-domain1-admin-server oracle]$ USER_MEM_ARGS="" $ORACLE_HOME/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> connect('myusername','mypassword','t3://sample-domain1-admin-server:7001')
Connecting to t3://sample-domain1-admin-server:7001 with userid myusername ...
Successfully connected to Admin Server "admin-server" that belongs to domain "base_domain".
Warning: An insecure protocol was used to connect to the server.
To ensure on-the-wire security, the SSL port or Admin port should be used instead.
wls:/base_domain/serverConfig/> exit()
Exiting WebLogic Scripting Tool.
[oracle@sample-domain1-admin-server oracle]$ exit
$
NodePortIf you are setting up WLST access through a NodePort and your external port
is not going to be the same as the port number on the WebLogic Administration Server Pod, then see
Enabling WLST access when local and remote ports do not match
for an additional required setup step.
A NodePort can expose a WebLogic T3 or administrative channel
outside the Kubernetes cluster.
For domain security considerations, see External network access security.
You can configure an Administration Server to expose an
externally accessible NodePort using these two steps:
domain.spec.adminServer.adminService.channels attribute.Here is an example snippet of a WebLogic domain config.xml file
for T3 channel T3Channel defined for an Administration Server named admin-server:
<server>
<name>admin-server</name>
<listen-port>7001</listen-port>
<listen-address/>
<network-access-point>
<name>T3Channel</name>
<protocol>t3</protocol>
<public-address>kubernetes001</public-address>
<listen-port>30012</listen-port>
<public-port>30012</public-port>
</network-access-point>
</server>
Here is an example snippet of a domain resource that sets up a NodePort for the channel:
spec:
adminServer:
adminService:
channels:
- channelName: T3Channel
nodePort: 30012
If you set the nodePort: value to 0, then Kubernetes will choose
an open port for you.
For more details on exposing the T3 channel using a NodePort service,
run the kubectl explain domain.spec.adminServer.adminService.channels command
or see the domain resource schema and documentation.
For example, if a domainUID is domain1,
the Administration Server name is admin-server,
and you have set up a NodePort service
on external port 30012 using
the domain.spec.adminServer.adminService.channels attribute,
then the service would be called:
domain1-admin-server-ext
This service will be in the same namespace as the domain, and its external port number can be obtained by checking its nodePort field:
$ kubectl get service domain1-admin-server-ext -n mynamespace -o jsonpath='{.spec.ports[0].nodePort}'
30012
If the Kubernetes node machine address is kubernetes001, then WLST can connect to
the WebLogic Server Administration Server pod through the NodePort as follows:
$ $ORACLE_HOME/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> connect('myusername','mypassword','t3://kubernetes001:30012')
Connecting to t3://kubernetes001:30012 with userid myusername ...
Successfully connected to Admin Server "admin-server" that belongs to domain "base_domain".
Warning: An insecure protocol was used to connect to the server.
To ensure on-the-wire security, the SSL port or Admin port should be used instead.
wls:/base_domain/serverConfig/> exit()
Exiting WebLogic Scripting Tool.
One way to provide external access to WLST is to forward network traffic from a local port on your local machine to the administration port of an Administration Server Pod. See these instructions.
Port forwarding can expose a WebLogic T3 or administrative channel outside the Kubernetes cluster. For domain security considerations, see External network access security.