This document describes when WebLogic Server instances should and will be restarted in the Kubernetes environment.
There are many situations where changes to the WebLogic or Kubernetes environment configuration require that all the servers in a domain or cluster be restarted, for example, when applying a WebLogic Server patch or when upgrading an application.
One of the operator’s most important jobs is to start and stop WebLogic Server instances by creating and deleting their corresponding Kubernetes pods. Sometimes, you need to make changes that make the pods obsolete, therefore the pods need to be deleted and recreated. Depending on the change, often the pods can be gradually recreated, without taking the domain or cluster out of service (for example, “rolling restarts”) and sometimes all the pods need to be deleted and then recreated as part of a downtime (for example, “full restarts”).
The following types of server restarts are supported by the operator:
Rolling restarts - a coordinated and controlled shut down of all of the servers in a domain or cluster while ensuring that service to the end user is not interrupted.
Operator initiated - where the WebLogic Kubernetes Operator can detect some types of changes and will automatically initiate rolling restarts of pods in a domain or cluster.
Manually initiated - required when certain changes in the Oracle WebLogic Server in Kubernetes environment cannot be detected by the operator, so a rolling restart must be manually initiated.
Full domain restarts - the Administration Server and all the Managed Servers in a domain are shutdown, impacting service availability to the end user, and then restarted. Unlike a rolling restart, the operator cannot detect and initiate a full domain restart; it must always be manually initiated.
For detailed information on how to restart servers using the operator, see Starting, stopping, and restarting servers.
This document describes what actions you need to take to properly restart your servers for a number of common scenarios:
image
, volumes
, and env
)Changes to the WebLogic domain configuration may require either a rolling or full domain restart depending on the domain home location and the type of configuration change.
The Domain in Image domain home source type is deprecated in WebLogic Kubernetes Operator version 4.0. Oracle recommends that you choose either Domain on PV or Model in Image, depending on your needs.
For Domain in Image, you may only perform a rolling restart if both the WebLogic configuration changes between the present image and a new image are dynamic and you have followed the CI/CD guidelines to create an image with compatible encryption keys.
Otherwise, use of a new image that does not have compatible encryption keys or any non-dynamic configuration changes require a full domain restart.
Any image that supplies configuration changes that are incompatible with the current running domain require a full shut down before changing the Domain image
field, instead of a rolling restart. For changes that support a rolling restart, see
Supported updates
and
Unsupported updates
.
If you create a new image with a new name, and you want to avoid a rolling restart, see Avoiding a rolling restart when changing the image field on a Domain.
If you create a new image with the same name, then you must manually initiate either a full domain restart or rolling restart for pods to run with the new image. To initiate a full restart, see Full domain restarts. To initiate a rolling restart, change the value of your Domain restartVersion
field. See Restarting servers and Rolling restarts.
If you are supplying updated models or Secrets for a running domain, then see Runtime updates.
For Domain on PV, the type of restart needed depends on the nature of the WebLogic domain configuration change:
stuck thread timer interval
property. See Restart all the servers in the domain.The preceding description of the operator’s life cycle of responding to WebLogic domain configuration changes applies to version 3.0.0 and later. Prior to operator version 3.0.0, while you could make changes to WebLogic domain configuration using the Administration Console or WLST, the operator would only detect and respond to those changes following a full domain shut down and restart.
Beginning with operator version 3.0.0, many changes to domain configuration overrides can be applied dynamically or as part of a rolling restart. Previously, any changes to the configuration overrides required a full domain shutdown and restart. Changes to configuration overrides include:
configuration.overridesConfigMap
to point to a different ConfigMapconfiguration.secrets
to point to a different list of Secretsconfiguration.overridesConfigMap
configuration.secrets
The changes to the previously listed fields or contents of related resources are not processed automatically. Instead, these fields are processed only when you initiate operator introspection. The operator then will apply the new configuration overrides dynamically or only apply the overrides when WebLogic Server instances restart, depending on the strategy that you select.
Changes to configuration overrides distributed to running WebLogic Server instances can only take effect if the corresponding WebLogic configuration MBean attribute is “dynamic”. For instance, the Data Source “passwordEncrypted” attribute is dynamic while the “Url” attribute is non-dynamic.
A change to the WebLogic Server credentials (the user name and password), contained in the Kubernetes Secret for the domain, requires a
full domain restart. The Kubernetes Secret can be updated directly or a new Secret can be created and then referenced by the webLogicCredentialsSecret
field in the Domain YAML file.
The operator will initiate a rolling restart of the domain when you modify any of the Domain YAML file fields that affect the WebLogic Server instance Pod generation,
such as image
, volumes
, and env
. For a complete list, see Fields that cause servers to be restarted.
You can modify these fields using the kubectl
command-line tool’s edit
and patch
commands or through the Kubernetes REST API.
For example, to edit the Domain YAML file directly using the kubectl
command-line tool:
$ kubectl edit domain <domain name> -n <domain namespace>
The edit
command opens a text editor which lets you edit the Domain in place.
Typically, it’s better to edit the Domain YAML file directly; otherwise, if you scaled the domain, and you edit only the original domain.yaml
file and reapply it, you could go back to your old replicas count.
Oracle provides different types of patches for WebLogic Server, such as Patch Set Updates, Security Patch Updates, and One-Off patches. Information on whether a patch is rolling-compatible or requires a manual full domain restart usually can be found in the patch’s documentation, such as the README file.
WebLogic Server patches can be applied to either a domain home in image or a domain home on PV.
With rolling-compatible patches:
image
property with a new image name, then the operator will initiate a rolling restart.With patches that are not rolling-compatible:
image
property with a new image name, then you must avoid the rolling restart by following the steps in Avoiding a rolling restart when changing the image field on a Domain.Frequent updates of deployed applications using a continuous integration/continuous delivery (CI/CD) process is a very common use case. The process for applying an updated application is different for domain home in image and model in image than it is for domain home on PV. A rolling-compatible application update is where some servers are running the old version and some are running the new version of the application during the rolling restart process. On the other hand, an application update that is not rolling-compatible requires that all the servers in the domain be shut down and restarted.
If the application update is rolling-compatible:
image
property with a new image name, then the operator will initiate a rolling restart.If the application update is not rolling-compatible:
image
property with a new image name, then you must avoid the rolling restart by following the steps in Avoiding a rolling restart when changing the image field on a Domain.Follow these steps to create new rolling-compatible image if you only need to patch your WebLogic Server domain or update application deployment files:
a. Select a different name for the new image.
b. For Domain in Image, it is important to keep your original domain home in your new image.
Using the same domain home-in-image image as a base, create a new image by copying (COPY
command in a Dockerfile) the updated application deployment files or WebLogic Server patches into the image during the image build.
The key here is to make sure that you do not re-run WLST or WDT to create a new domain home even though it will have the same configuration. Creating a new domain will change the domain encryption secret and you won’t be able to do a rolling restart.
c. Deploy the new image to your container registry with the new name.
d. Update the image
field of the Domain YAML file, specifying the new image name.
For example:
```yaml
domain:
spec:
image: ghcr.io/oracle/weblogic-updated:4.2.9
```
e. The operator will now initiate a rolling restart, which will apply the updated image, for all the servers in the domain.
If you’ve created a new image that is not rolling-compatible, and you’ve changed the image name, then:
Bring the domain down (stopping all the server pods) by setting the serverStartPolicy
to Never
. See Shut down all the servers.
Update the image
property with a new image name.
Start up the domain (starting all the server pods) by setting the serverStartPolicy
to IfNeeded
.
Consider the order of changes:
If you need to make multiple changes to your domain at the same time, you’ll want to be careful about the order in which you do your changes, so that servers aren’t restarted prematurely or restarted needlessly. For example, if you want to change the readiness probe’s tuning parameters and the Java options (both of which are rolling-compatible), then you should update the Domain YAML file once, changing both values, so that the operator rolling restarts the servers once. Or, if you want to change the readiness probe’s tuning parameters (which is rolling-compatible) and change the domain customizations (which require a full restart), then you should do a full shutdown first, then make the changes, and then restart the servers.
Alternatively, if you know that your set of changes are not rolling-compatible, then you must avoiding a rolling restart by:
Bringing the domain down (stopping all the server pods) by setting the serverStartPolicy
to Never
. See Shut down all the servers.
Make all your changes to the Oracle WebLogic Server in Kubernetes environment.
Starting up the domain (starting all the server pods) by setting the serverStartPolicy
to IfNeeded
.
Changes that require domain knowledge.
Sometimes you need to make changes that require server restarts, yet the changes are not to the domain configuration, the image, or the Kubernetes resources that register your domain with the operator. For example, your servers are caching information from an external database and you’ve modified the contents of the database.
In these cases, you must manually initiate a restart.
Managed Coherence Servers safe shut down.
If the domain is configured to use a Coherence cluster, then you will need to increase the Kubernetes graceful timeout value.
When a server is shut down, Coherence needs time to recover partitions and rebalance the cluster before it is safe to shut down a second server.
Using the Kubernetes graceful termination feature, the operator will automatically wait until the Coherence HAStatus
MBean attribute
indicates that it is safe to shut down the server. However, after the graceful termination timeout expires, the pod will be deleted regardless.
Therefore, it is important to set the domain YAML timeoutSeconds
to a large enough value to prevent the server from shutting down before
Coherence is safe. Furthermore, if the operator is not able to access the Coherence MBean, then the server will not be shut down
until the domain timeoutSeconds
expires. To minimize any possibility of cache data loss, you should increase the timeoutSeconds
value to a large number, for example, 15 minutes.