|
| 1 | +--- |
| 2 | +title: "Create images with the WebLogic Image Tool" |
| 3 | +date: 2019-02-22T15:44:42-05:00 |
| 4 | +draft: false |
| 5 | +weight: 6 |
| 6 | +--- |
| 7 | + |
| 8 | +WKTUI uses the WebLogic Image Tool (WIT) to build container images. Each Oracle Fusion Middleware (FMW) Domain Target Location option has its own image requirements. |
| 9 | + |
| 10 | +- Model-in-Image – MII has two approaches: |
| 11 | + - Single Image – This approach uses a single image with Java, FMW, WDT, and the WDT model files all built into a single image. In WKTUI, we use the `Primary Image` tab to build such an image. |
| 12 | + - Dual Images – This approach puts Java and FMW into one image, which WKTUI calls the primary image, and WDT and the WDT model files into a separate image, known as the auxiliary image. In this document, we refer to this as MII with Auxiliary Image. |
| 13 | +- Domain-in-Image – DII uses a single image approach but uses WDT and the WDT model files to create the domain inside the image. |
| 14 | +- Domain-on-PV – DoPV uses a single image with Java and FMW in it. The domain is created on the persistent volume by external means. |
| 15 | + |
| 16 | +Both MII with Auxiliary Image and Domain-on-PV have an image containing only software (Java and FMW) with no configuration. This provides several important, operational advantages: |
| 17 | + |
| 18 | +- Multiple domains can share the same software-only image since no domain-specific configuration is included. Updating hundreds of domains that all share the same image is as simple as updating the WebLogic Kubernetes Operator Domain custom resource specification to change the image. WKO will detect this change and perform a rolling update of the domain, starting with the Administration Server. |
| 19 | +- The Oracle Container Registry (OCR) distributes prebuilt images that you can use directly, after you log in and accept the terms and conditions. Oracle customers with an active support contract can access prebuilt images with the latest set of recommended patches. See https://container-registry.oracle.com for more information about the prebuilt images and to accept the terms and conditions for the repositories of interest. |
| 20 | + |
| 21 | +With DII and MII (without an auxiliary image), you would need to build new images for every domain to roll out a security fix across our entire set of domains. For those with large numbers of domains, this becomes a heavy burden, leading to less secure environments. To take advantage of these operational advantages, you will use MII with Auxiliary Image for the ToDo List domain. |
| 22 | + |
| 23 | +Go to the `Image` page, shown in the following image. |
| 24 | + |
| 25 | +{{< img "Image Page" "images/image-page.png" >}} |
| 26 | + |
| 27 | +You could build your own primary image by enabling `Create New Primary Image`, which is off by default. To do this, you would need to download the Java 11 JDK and WebLogic Server 14.1.1 installers, fill out the form, and run `Create Primary Image`. Then, you would need to create an image repository in an image registry somewhere and push the newly created image there. When Oracle releases the next set of patches, you would have to do it again. |
| 28 | + |
| 29 | +Fortunately, you can simply use the prebuilt images in OCR. Log into [OCR](https://container-registry.oracle.com) and select the **Middleware** category. For those without Oracle Support credentials, make sure that you have accepted the terms and conditions for the `weblogic` repository. In the following image, note the green checkmark at the end of the `weblogic` repository row. For those with Oracle Support credentials, it is highly recommended to use the `weblogic_cpu` repository at the bottom of the page instead. |
| 30 | + |
| 31 | +{{< img "OCR" "images/ocr.png" >}} |
| 32 | + |
| 33 | +For this exercise, you will create a new auxiliary image. This is the default setting and the `Auxiliary Image` tab is active. Select the `Auxiliary Image` tab, as shown in the following image. |
| 34 | + |
| 35 | +{{< img "Aux Image Tab" "images/aux-image-tab.png" >}} |
| 36 | + |
| 37 | +The first thing you need to decide is what image registry to use for the auxiliary image. For this exercise, you will use the Container Registry from the Oracle Cloud (OCIR) but feel free to substitute another image registry. We will try to point out where your image registry selection impacts the rest of the example. |
| 38 | + |
| 39 | + |
| 40 | +After logging in to your Oracle Cloud account, select to the Container Registry option under the **Developer Services** category, as shown in the following image. |
| 41 | + |
| 42 | +{{< img "OCIR Location" "images/ocir-location.png" >}} |
| 43 | + |
| 44 | +In the registry of your choosing, create a new private repository called `wktui-qs/todolist-aux`. Note the URL needed to access the new repository. For the OCIR repository, the URL is of the form `<region-abbreviation>.ocir.io/<tenancy-name>/wktui-qs/todolist-aux`, where region-abbreviation is something like `phx` (for the Phoenix region) and tenancy name is the name of the tenancy used to log in to `https://cloud.oracle.com`. For a listing of every available region, refer to this [table](https://docs.oracle.com/en-us/iaas/Content/Registry/Concepts/registryprerequisites.htm#Availab). |
| 45 | + |
| 46 | +To access this OCIR repository from Docker and Kubernetes, you need to use an Auth Token associated with your account in place of your password. To create an Auth Token, go to your User settings, select the Auth Tokens option under Resources, and click **Generate Token**, as shown in the following image. Make sure to retain a copy of the generated token, because this is the _only_ opportunity you will have to see it in clear text! |
| 47 | + |
| 48 | +{{< img "OCI Create Auth Token" "images/oci-create-auth-token.png" >}} |
| 49 | + |
| 50 | +Now that your Image Registry is ready, you simply fill out the `Auxiliary Image` tab in WKTUI. There are a couple of things to note before you fill out the form. |
| 51 | + |
| 52 | +- Most image registries require authentication to push an image. If you are using OCIR, the Auxiliary Image Registry Push Username and Auxiliary Image Registry Push Password must do the following: |
| 53 | + - Username: Must be of the form `<tenancy-name>/<username>`. |
| 54 | + - Password: Must be the value an Auth Token associated with the user’s account. |
| 55 | +- By default, WIT (and therefore WKTUI) use BusyBox as the base image for an auxiliary image. Because BusyBox typically comes from Docker Hub and Docker Hub has implemented anonymous pull request throttling, it is a good idea to enter a valid Docker Hub Username and Docker Hub Password to minimize the change of throttling-related errors while building the image. |
| 56 | +- You can change the base image simply by enabling `Use Custom Base Image` and filling out the form. |
| 57 | +- If your target platform is OpenShift, enable `Make Image Compatible with OpenShift` in the **Advanced** section of the page. |
| 58 | + |
| 59 | +With these things in mind, fill out the form using the data in the following table. If a field’s value is not provided, then leave it set to the default unless otherwise required for your environment. |
| 60 | + |
| 61 | +| Field Name | Value | |
| 62 | +| --- | --- | |
| 63 | +| `Auxiliary Image Tag` | `<image-repository-url>:1.0`; for example, `phx.ocir.io/mytenancy/wktui-qs/todolist:1.0` | |
| 64 | +| `Specify Auxiliary Image Push Credentials` | `ON` | |
| 65 | +| `Auxiliary Image Registry Push Username` | `<tenancy>/<username>`; for example, `mytenancy/[email protected]` | |
| 66 | +| `Auxiliary Image Registry Push Password` | `<auth-token-value>`; for example, `z+M3C2UqRraHG73Z+.X8` | |
| 67 | +| `Use Custom Base Image` | `OFF` | |
| 68 | +| `Docker Hub Username` | Your Docker Hub account user name | |
| 69 | +| `Docker Hub Password` | Your Docker Hub account password | |
| 70 | +| `Download and Use Latest WebLogic Deploy Tooling Installer` | `ON` | |
| 71 | +| `Make Image Compatible with Open Shift` | `OFF` (unless required for your environment)) | |
| 72 | + |
| 73 | +After you complete the form, you are ready to create the auxiliary image. Click **Create Auxiliary Image** to have the application invoke WIT with the specified set of arguments to build the auxiliary image. The application prompts you twice prior to running WIT’s `createAuxImage` command: |
| 74 | + |
| 75 | +- You always should run **Prepare Model** prior to creating the auxiliary image. Because you have already done that, select `No` to continue without running Prepare Model. |
| 76 | +- You need to choose the location to store the downloaded WDT installer. Choose the location and Click **Select**. |
| 77 | + |
| 78 | +The following image shows the application after successfully creating the auxiliary image. |
| 79 | + |
| 80 | +{{< img "Create AUX Image" "images/create-aux-image.png" >}} |
| 81 | + |
| 82 | +Now, you are ready to push the auxiliary image to the image registry. If running on macOS, you need to make sure that your Docker (or Podman) executable directory (for example, `$HOME/.rd/bin`, if using Rancher Desktop) is added to the `Extra Path Directories` table on the `Project Settings` page. Doing this allows Docker to find the executable it uses to interact with the macOS Keychain for storing credentials. |
| 83 | + |
| 84 | +Click **Push Auxiliary Image**. At this point, you are ready to shift your focus to the Kubernetes cluster. Remember, any change to the model files requires creating a new auxiliary image, which may require rerunning **Prepare Model** if fields were added to the model’s YAML file. We strongly recommend that you always increment the version number of the `Auxiliary Image Tag` field prior to creating and pushing a new image. This will make it very clear which image is in use. |
0 commit comments