1. Deploying and Managing Oracle Identity Governance on Kubernetes
  2. Introduction to Oracle Identity Governance on Kubernetes
  3. About the Kubernetes Deployment
  4. Overview of WebLogic Operator

3.4 Overview of WebLogic Operator

The WebLogic Kubernetes Operator (the “operator”) supports running Oracle Identity Governance (OIG) domains on Kubernetes.

The operator takes advantage of the Kubernetes operator pattern, which means that it uses Kubernetes APIs to provide support for operations, such as: provisioning, lifecycle management, application versioning, product patching, scaling, and security. The operator also enables the use of tooling that is native to this infrastructure for monitoring, logging, tracing, and security.

OIG domains are supported using the “domain on a persistent volume” model only, where the domain home is located in a persistent volume (PV).

Domain on persistent volume (Domain on PV) is an operator domain home source type, which requires that the domain home exists on a persistent volume. The domain home can be created either manually using the WebLogic Scripting Tool (WLST) scripts or automatically with WebLogic Deployment Tool (WDT) models by specifying the section, domain.spec.configuration.initializeDomainOnPV, in the domain resource YAML file. The initial domain topology and resources are described using WebLogic Deploy Tooling (WDT) models.

Note:

The initializeDomainOnPV section provides a one time only domain home initialization. The operator creates the domain when the domain resource is first deployed. After the domain is created, this section is ignored. Subsequent domain lifecycle updates must be controlled by the WebLogic Server Administration Console, WebLogic Scripting Tool (WLST), or other mechanisms.
The WebLogic Kubernetes Operator has several key features to assist you with deploying and managing Oracle Identity Governance domains in a Kubernetes environment. You can:
  • Create OIG instances in a Kubernetes persistent volume. This persistent volume can reside in an NFS file system or other Kubernetes volume types.
  • Start servers based on declarative startup parameters and desired states.
  • Expose the OIG Services through external access.
  • Scale OIG domains by starting and stopping Managed Servers on demand.
  • Publish operator and WebLogic Server logs into Elasticsearch and interact with them in Kibana.
  • Monitor the OIG instance using Prometheus and Grafana.

WebLogic Kubernetes Operator Limitations with OIG

Compared to running a WebLogic Server domain in Kubernetes using the operator, the following limitations currently exist for OIG domains:
  • OIG domains are supported using the “domain on a persistent volume” model only, where the domain home is located in a persistent volume (PV).The “domain in image” model is not supported.
  • Only configured clusters are supported. Dynamic clusters are not supported for OIG domains. Note that you can still use all of the scaling features, but you need to define the maximum size of your cluster at domain creation time, using the parameter configuredManagedServerCount. For more details on this parameter, see Preparing the Create Domain Script. It is recommended to pre-configure your cluster so it’s sized a little larger than the maximum size you plan to expand it to. You must rigorously test at this maximum size to make sure that your system can scale as expected.
  • The WebLogic Monitoring Exporter currently supports the WebLogic MBean trees only. Support for JRF MBeans has not been added yet.
  • We do not currently support running OIG in non-Linux containers.