A container image with WebLogic Server or Fusion Middleware Infrastructure is required to run WebLogic domains in Kubernetes. Oracle recommends obtaining these WebLogic images from the Oracle Container Registry (OCR) or creating custom images using the WebLogic Image Tool. Note that all of the OCR images that are described in this document are built using the WebLogic Image Tool (WIT). You can also use WIT to build your own WebLogic Server or Fusion Middleware Infrastructure images. For more information, see Create custom images.
This document describes how to obtain and inspect container images with WebLogic Server or Fusion Middleware Infrastructure from the Oracle Container Registry (OCR) and how to set up Kubernetes to access domain images.
The Oracle Container Registry (OCR) is located at https://container-registry.oracle.com/ and contains images for licensed commercial Oracle software products that may be used in your enterprise for deployment using a container engine and Kubernetes.
OCR contains WebLogic Server images, which have a pre-installed Oracle Home with Oracle WebLogic Server and Coherence. OCR, also, contains Fusion Middleware Infrastructure images, which have a pre-installed Oracle Home with Oracle WebLogic Server, Coherence, Fusion Middleware Control, and Java Required Files (JRF). Note: Oracle strongly recommends that you use only images with the latest set of recommended patches applied.
See the following sections for information about OCR images:
General Availability (GA) images:
Critical Patch Updates (CPU) images:
WebLogic Server GA images and Fusion Middleware Infrastructure GA images on OCR do not include the latest security patches for WebLogic Server or Fusion Middleware Infrastructure. Oracle strongly recommends using images with the latest set of recommended patches applied, such as the Critical Patch Updates (CPU) images provided quarterly on OCR or custom generated images using the WebLogic Image Tool (WIT) with the
--recommendedPatches option. See Ensure you are using recently patched images.
OCR image tags may include keywords like
slim, and such.
This reflects the type of WebLogic distribution installed in the image’s Oracle Home.
There are multiple types
and usually, the type can be determined by examining the image name and tag:
None of the above
.../weblogic...OCR image name does not include a keyword like
generic, then you can assume that the image contains the same binaries as those installed by the WebLogic generic installer.
OCR images are “dated” or “undated”
depending on whether the name tags include an embedded date stamp
in the form
YYMMDD, which represent a specific version that was released on a specific date.
Unlike dated images, undated images are periodically updated to
the latest available versions of their GA or CPU equivalents.
Therefore, undated images change over time in the repository
even though their name and tag remain the same.
Here are some example WebLogic Server Oracle Container Repository (OCR) images,
where the names are abbreviated to omit their
||GA image with latest JDK 8, latest Oracle Linux 7, and the GA Oracle WebLogic Server 126.96.36.199 generic distribution. Note that this image has no date stamp, so it can change over time with potential updates to JDK 8 and Oracle Linux 7.|
||GA image with JDK 8, Oracle Linux 7, and the GA Oracle WebLogic Server 188.8.131.52 generic distribution for the given date.|
||CPU image with latest JDK 8, latest Oracle Linux 7, and the GA Oracle WebLogic Server 184.108.40.206 generic distribution CPU. Note that this image has no date stamp, so it can change over time with potential updates to JDK 8, to Oracle Linux 7, and to the latest CPU.|
||CPU image with latest JDK 8, latest Oracle Linux 8, and the GA Oracle WebLogic Server 220.127.116.11 slim distribution, January 2022 CPU.|
The Oracle Container Registry (OCR) contains images for licensed commercial Oracle software products
that you may use in your enterprise.
To access the Oracle Registry Server, you must have an Oracle Single Sign-On (SSO) account.
OCR provides a web interface that allows an administrator to authenticate
and then to select the images for the software that your organization wishes to use.
You must agree to the Oracle Standard Terms and Restrictions using the web interface.
you can pull images of the software from OCR using the standard
docker pull command
while using your SSO for your
docker login credentials.
For example, to use Docker to pull an image from OCR:
Accept the Oracle Standard Terms and Restrictions for the Oracle software images that you intend to deploy:
In a web browser, navigate to https://container-registry.oracle.com and log in using the Oracle Single Sign-On (SSO) authentication service. If you do not already have SSO credentials, then at the top of the page, click Sign In to create them.
Use the web interface to accept the Oracle Standard Terms and Restrictions for the Oracle software images that you intend to deploy:
Select one of
fmw-infrastructure_cpu, or such,
depending in your image type.
For example, if you are following the operator Quick Start guide
(which uses WebLogic GA images), then select
GA images are suitable for demonstration and development purposes only where the environments
are not available from the public Internet; they are not
acceptable for production use. In production, you should always use CPU (patched) images
from OCR or create your images using the WebLogic Image Tool
(WIT) with the
Follow the prompts to sign in with your SSO and accept the terms.
The newly available patched images in OCR require accepting a second,
different Terms and Restrictions agreement.
Your acceptance of these terms is stored in a database
that links the software images
to your Oracle Single Sign-On login credentials.
This database is automatically checked when
docker pull to obtain images from OCR.
Note: This step is needed only once for each image name (not the tag level).
For example, if you accept the terms for
middleware repository, then
the acceptance applies to all versions of WebLogic CPU images.
Provide Docker with credentials for accessing the Oracle Container Registry. For example, the following command will prompt for your SSO credentials:
$ docker login container-registry.oracle.com
Use Docker to pull the desired image:
$ docker pull container-registry.oracle.com/middleware/weblogic_cpu:18.104.22.168-generic-jdk8-ol8
Use Docker to display an inventory of your local image cache:
$ docker images
If desired, then you can inspect the content of the image.
If you have local access to a WebLogic Server or Fusion Middleware Infrastructure image and the image originates from the Oracle Container Registry or was created using the WebLogic Image Tool, then you can use the following commands to determine their contents:
Check the WLS version:
$ docker run \ container-registry.oracle.com/middleware/weblogic_cpu:22.214.171.124-generic-jdk8-ol8 \ sh -c 'source $ORACLE_HOME/wlserver/server/bin/setWLSEnv.sh > /dev/null 2>&1 && java weblogic.version'
Check the WLS patches:
$ docker run \ container-registry.oracle.com/middleware/weblogic_cpu:126.96.36.199-generic-jdk8-ol8 \ sh -c '$ORACLE_HOME/OPatch/opatch lspatches'
$ /tmp/imagetool/bin/imagetool.sh inspect \ --image=container-registry.oracle.com/middleware/weblogic_cpu:188.8.131.52-generic-jdk8-ol8 \ --patches
You should not use images without the latest set of recommended patches applied. Please review the following guidance to ensure that you are using recently patched images:
For production deployments,
Oracle requires using
fully patched custom images that you generate yourself
or Critical Patch Update (CPU) images from the
Oracle Container Registry (OCR).
CPU images contain
_cpu in their image name,
General Availability (GA) images do not include the latest security patches for WebLogic Server or Fusion Middleware Infrastructure. They are not licensable and are not suitable for production use.
Locally cached OCR images that do not have a date stamp embedded in their tag:
spec.imagereferencing a repository with an updated image, and having a domain resource
Alwayswhen a pod starts.
For detailed information about OCR image naming and the differences between GA and CPU images, see Understand Oracle Container Registry images.
To determine the patches and versions of software within a particular image, see Inspect images.
For information about licensed access to WebLogic patches and CPU images, see Supported environments.