After you create a stack, use the Jenkins job to create a domain for Oracle WebLogic Server for OKE.
You can create a model in image within the container image using the create domain job.
When you create a domain with the create domain job, a new domain that has a basic configuration with no custom applications or libraries, called the primordial domain, is created. This domain contains the base WebLogic Server image that has the WebLogic installer, JDK installer, and WebLogic patches for Oracle WebLogic Server for OKE.
To know about the primordial domain, see Mutate the Domain Layer in WebLogic Kubernetes Operator documentation.
Before you create a domain, ensure that all the prerequisites are completed. See Prerequisites to Create a Domain.
Configure WebLogic Server
Specify the parameters required to configure a WebLogic server on a container cluster.
- Sign in to the Jenkins console for your domain. See Access the Jenkins Console.
- On the Dashboard page, click create domain.
- Click Build with Parameters.
- For Domain_Name, specify a WebLogic name.
- For WebLogic_Version, select a version of Oracle
WebLogic Server.The available versions are 220.127.116.11.0, 18.104.22.168.0 running on JDK 8, and 22.214.171.124.0 running on JDK 11.
- Optional: Select the required base image from the
The images are displayed based on the Weblogic Server version. For example, if you select 126.96.36.199.0, 188.8.131.52.0 images are displayed, and if you select 184.108.40.206.0, 220.127.116.11.0_jdk8 and 18.104.22.168.0_jdk11 images are displayed.
- Enter a user name for the WebLogic Server administrator.
- Enter the password for the WebLogic Server administrator.
- Select the number of running managed servers in the domain you want to create.
You can specify up to
The number of running managed servers is also the number of WebLogic Server pods in the Kubernetes cluster. Each managed server runs in a separate pod in the Kubernetes cluster.
Managed servers are members of a WebLogic Server cluster.
- Select Patch_Automatically, if you want the domain to be
subscribed for automatic patching.
Once subscribed, the domain is patched periodically with the latest patches available in the patching repository. See Automatic Patching.
- If your previous
create domainjob failed, then select Cleanup_Domain_Resources to cleanup any existing domain resources.
Configure the Registry
Specify the credentials to access container images in the Oracle Cloud Infrastructure Registry (OCIR).
Note:If you want to use another user credentials, other than the one specified when creating a stack, then specify the credentials that Oracle WebLogic Server for OKE must use to access container images in the Oracle Cloud Infrastructure Registry (OCIR).
- In the Registry User Name field, enter a user name that Kubernetes uses to access the image in the registry.
- In the OCIR Auth Token Compartment field, select the compartment where you have the OCIR auth token.
For information about how to create a container registry, see Overview of Registry in the Oracle Cloud Infrastructure documentation.
Configure the Container Cluster
Specify the parameters required to either create a node pool or select an existing node pool for the WebLogic nodes..
Use an Existing Node Pool
- From WebLogic_Node_Pool_Type, select Existing_Node_Pool.
- From Existing_Node_Pool, select the required node
Note:In the Existing_Node_Pool list, the node pools, if any, created during stack creation, and the node pools that are idle, that is, do not have any domains running in them and which are created using the create domain job are listed.
Create a Node Pool
- From WebLogic_Node_Pool_Type, select Create_Node_Pool.
- For Node_Count, specify the number of nodes your want for the WebLogic node pool.
- For Node_Pool_Name, specify the name of the node pool.
- From WebLogic_Node_Pool_Shape, select a shape for each node in
the Kubernetes cluster node pool, for the WebLogic node pools.
For 2 or more running managed servers, select a shape with 2 or more OCPUs. For example,
If you select a flexible shape, specify the OCPU count and the amount of memory for the WebLogic node pool shape. The amount of memory is based on the number of OCPUs.
Note:If you specify the amount of memory that is not allowed for the number of OCPUs, the node pool creation fails. See Flexible Shapes.
- Optional: SSH public key to access the nodes in the WebLogic server
node pool in this domain.
If you want to use another SSH public key for this domain, other than the one specified when creating a stack, then enter the SSH public key by copy-pasting the SSH key information.
Note:If you use another SSH public key, the new SSH public key is used to access the nodes in the WebLogic server node pool. The SSH key for accessing the Administrator node is not changed, which you specified when creating a stack.
- Optional: For NodePool_Subnet_ID, if you want
the node pool to be created in a specific private subnet, then specify the
Oracle Cloud Identifier (OCID) of that private subnet.
- Ensure that the private subnet exists in the same VCN as the Kubernetes cluster.
- If you want the nodepool in another subnet, then
you must to set following additional security rules:
- In the
oke_endpointsecurity list, allow access on ports
12550for the subnets where you want the nodepool created.
- In the
workers_subnetsecurity list, allow access for all protocols for the destination subnet. This must be an ingress rule with the destination subnet CIDR being the source CIDR.
- In the
Configure the Load Balancer
Specify the parameters required to create a public load balancer for the application. The public load balancer is used to access applications on the WebLogic managed servers.
- For External_Lb_Shape_Min and
External_Lb_Shape_Max, specify the minimum and
maximum flexible shape for a public load balancer.
By default, the minimum bandwidth size is set to 10 Mbps and maximum to 400 Mbps.
Note:You can update the shape to a maximum of 8000 Mbps. Before you select the maximum bandwidth, ensure to check the available service limit for the flexible public load balancer bandwidth.
- Optional: Enter the OCID of the load balancer subnet.
Note:Ensure that the subnet exists in the same VCN as the Kubernetes cluster. If you do not specify the OCID, the load balancer is created in the same subnet as the load balancer subnet you specified during stack creation.
- Select Private_Load_Balancer, if you want to create a private load balancer for your applications.
- If you want to use a public load balancer with a reserved public IP, then in
Reserved_Public_IP, specify the public IP for the
WARNING:If you create a load balancer in a private subnet, you must not specify the reserved public IP address, else the domain creation fails.
Note:By default, the reserved public IP address that you specify as the
loadBalancerIPproperty of the
LoadBalancerservice in the manifest file is expected to be a resource in the same compartment as the cluster. If you want to specify a reserved public IP address in a different compartment, add the following policy to the tenancy:
Allow any-user to read public-ips in tenancy where request.principal.type = 'cluster' Allow any-user to manage floating-ips in tenancy where request.principal.type = 'cluster'
Configure the Domain
In the Provision with JRF section, keep the default selection for Domain_Type as Non_JRF.
Configure Identity Cloud Service Integration
You have the option to use IDCS to authenticate application users for your domain. To enable IDCS, specify the parameters required to configure WebLogic Authentication with Oracle Identity Cloud Service (IDCS).
To use Oracle Identity Cloud Service for authentication:
- From IDCS_Enabled, select YES.
- For IDCS_Host_Name, specify the required host name.
The default value of the port name is displayed. If required, you can override the port that you use to access Oracle Identity Cloud Service.
- For IDCS_Tenant, specify your IDCS tenant name, which is also referred to as the instance ID.
This ID is usually found in the URL that you use to access IDCS, and has the format
- For IDCS_Client_ID and IDCS_Client_Secret, specify the client ID and the password. The client ID and secret are from the confidential application that you created as a prerequisite to create a domain. See Create a Confidential Application.
- In IDCS_Redirect_Port, the default port used for the IDCS App Gateway is displayed. If required, you can override the default port.
Create the Domain
Click Build to run the job.
After the job is successful, you can access the WebLogic Console. See Access the WebLogic Console.