1. Deploying and Managing Oracle Identity Governance on Kubernetes
  2. Installing Oracle Identity Governance on Kubernetes
  3. Creating Oracle Identity Governance Domains
  4. Creating OIG Domains Using WLST Offline Scripts
  5. Creating a Kubernetes Persistent Volume and Persistent Volume Claim

7.1.4 Creating a Kubernetes Persistent Volume and Persistent Volume Claim

As referenced in Creating a Persistent Volume Directory, the nodes in the Kubernetes cluster must have access to a persistent volume such as a Network File System (NFS) mount or a shared file system.

A persistent volume is the same as a disk mount but is inside a container. A Kubernetes persistent volume is an arbitrary name (determined in this case, by Oracle) that is mapped to a physical volume on a disk.

When a container is started, it needs to mount that volume. The physical volume should be on a shared disk accessible by all the Kubernetes worker nodes because it is not known on which worker node the container will be started. In the case of Oracle Identity Governance, the persistent volume does not get erased when a container stops. This enables persistent configurations.

The example below uses an NFS mounted volume (<persistent_volume>/governancedomainpv). Other volume types can also be used. See, Volumes for more information.

To create a Kubernetes persistent volume, perform the following steps:
  1. Navigate to the $WORKDIR/kubernetes/create-weblogic-domain-pv-pvc directory:
    cd $WORKDIR/kubernetes/create-weblogic-domain-pv-pvc
  2. Make a backup copy of the create-pv-pvc-inputs.yaml file and create an output directory:
    cp create-pv-pvc-inputs.yaml create-pv-pvc-inputs.yaml.orig
    mkdir output
  3. Edit the create-pv-pvc-inputs.yaml file and update the following parameters to reflect your settings. Save the file when complete:
    baseName: <domain>
domainUID: <domain_uid>
namespace: <domain_namespace>
weblogicDomainStorageType: NFS
weblogicDomainStorageNFSServer: <nfs_server>
weblogicDomainStoragePath: <physical_path_of_persistent_storage>
weblogicDomainStorageSize: 10Gi
    For example:
    # The base name of the pv and pvc
baseName: domain

# Unique ID identifying a domain.
# If left empty, the generated pv can be shared by multiple domains
# This ID must not contain an underscope ("_"), and must be lowercase and unique across all domains in a Kubernetes cluster.
domainUID: governancedomain

# Name of the namespace for the persistent volume claim
namespace: oigns

# Persistent volume type for the persistent storage.
# The value must be 'HOST_PATH' or 'NFS'.
# If using 'NFS', weblogicDomainStorageNFSServer must be specified.
weblogicDomainStorageType: NFS

# The server name or ip address of the NFS server to use for the persistent storage.
# The following line must be uncomment and customized if weblogicDomainStorateType is NFS:
weblogicDomainStorageNFSServer: mynfsserver

# Physical path of the persistent storage.
# When weblogicDomainStorageType is set to HOST_PATH, this value should be set the to path to the
# domain storage on the Kubernetes host.
# When weblogicDomainStorageType is set to NFS, then weblogicDomainStorageNFSServer should be set
# to the IP address or name of the DNS server, and this value should be set to the exported path
# on that server.
# Note that the path where the domain is mounted in the WebLogic containers is not affected by this
# setting, that is determined when you create your domain.
# The following line must be uncomment and customized:
weblogicDomainStoragePath: /nfs_volumes/oig/governancedomainpv
     
# Reclaim policy of the persistent storage
# The valid values are: 'Retain', 'Delete', and 'Recycle'
weblogicDomainStorageReclaimPolicy: Retain

# Total storage allocated to the persistent storage.
weblogicDomainStorageSize: 10Gi
  4. Execute the create-pv-pvc.sh script to create the PV and PVC configuration files:
    ./create-pv-pvc.sh -i create-pv-pvc-inputs.yaml -o output
    The output will be similar to the following:
    Input parameters being used
export version="create-weblogic-sample-domain-pv-pvc-inputs-v1"
export baseName="domain"
export domainUID="governancedomain"
export namespace="oigns"
export weblogicDomainStorageType="NFS"
export weblogicDomainStorageNFSServer="mynfsserver"
export weblogicDomainStoragePath="/nfs_volumes/oig/governancedomainpv"
export weblogicDomainStorageReclaimPolicy="Retain"
export weblogicDomainStorageSize="10Gi"

Generating output/pv-pvcs/governancedomain-domain-pv.yaml
Generating output/pv-pvcs/governancedomain-domain-pvc.yaml
The following files were generated:
  output/pv-pvcs/governancedomain-domain-pv.yaml
  output/pv-pvcs/governancedomain-domain-pvc.yaml

Completed
  5. Run the following command to show the files are created:
    ls output/pv-pvcs
    The output will look similar to the following:
    governancedomain-domain-pv.yaml  governancedomain-domain-pvc.yaml  create-pv-pvc-inputs.yaml
  6. Run the following command to create the PV in the domain namespace:
    kubectl create -f output/pv-pvcs/governancedomain-domain-pv.yaml -n <domain_namespace>
    For example:
    kubectl create -f output/pv-pvcs/governancedomain-domain-pv.yaml -n oigns
    The output will look similar to the following:
    persistentvolume/governancedomain-domain-pv created
  7. Run the following commands to verify the PV was created successfully:
    kubectl describe pv governancedomain-domain-pv
    The output will look similar to the following:
    Name:            governancedomain-domain-pv
Labels:          weblogic.domainUID=governancedomain
Annotations:     pv.kubernetes.io/bound-by-controller: yes
Finalizers:      [kubernetes.io/pv-protection]
StorageClass:    governancedomain-domain-storage-class
Status:          Bound
Claim:           oigns/governancedomain-domain-pvc
Reclaim Policy:  Retain
Access Modes:    RWX
VolumeMode:      Filesystem
Capacity:        10Gi
Node Affinity:   <none>
Message:
Source:
    Type:      NFS (an NFS mount that lasts the lifetime of a pod)
    Server:    mynfsserver
    Path:      /nfs_volumes/oig/governancedomainpv
    ReadOnly:  false
Events:        <none>
  8. Run the following command to create the PVC in the domain namespace:
    kubectl create -f output/pv-pvcs/governancedomain-domain-pvc.yaml -n <domain_namespace>
    For example:
    kubectl create -f output/pv-pvcs/governancedomain-domain-pvc.yaml -n oigns
    The output will look similar to the following:
    persistentvolumeclaim/governancedomain-domain-pvc created
  9. Run the following commands to verify the PVC was created successfully:
    kubectl describe pvc governancedomain-domain-pvc -n <namespace>
    For example:
    kubectl describe pvc governancedomain-domain-pvc -n oigns
    The output will look similar to the following:
    Name:          governancedomain-domain-pvc
Namespace:     oigns
StorageClass:  governancedomain-domain-storage-class
Status:        Bound
Volume:        governancedomain-domain-pv
Labels:        weblogic.domainUID=governancedomain
Annotations:   pv.kubernetes.io/bind-completed: yes
               pv.kubernetes.io/bound-by-controller: yes
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:      10Gi
Access Modes:  RWX
VolumeMode:    Filesystem
Mounted By:    <none>
Events:        <none>