Updating operator external certificate

If the operator needs to update the external certificate and key currently being used or was installed without an external REST API SSL/TLS identity, the helm upgrade command is used to re-start the operator with the new or updated kubernetes tls secret that contains the desired certificate(s).

The operator requires a re-start in order to begin using the new or udpated external certificate. The Helm --recreate-pods flag is used to cause the existing kubernetes pod to be terminated and a new pod to be started with the updated configuration.

For example, if the operator was installed with the Helm release name weblogic-operator in the namespace weblogic-operator-ns and the kubernetes tls secret is named weblogic-operator-cert, the following commands can be used to update the operator certificate(s) and key:

$ kubectl create secret tls weblogic-operator-cert -n weblogic-operator-ns \
  --cert=<path-to-certificate> --key=<path-to-private-key>

For Helm 2.x:

$ helm get values weblogic-operator

$ helm upgrade --wait --recreate-pods --reuse-values \
  --set externalRestEnabled=true \
  --set externalRestIdentitySecret=weblogic-operator-cert \
  weblogic-operator kubernetes/charts/weblogic-operator

For Helm 3.x:

$ helm get values weblogic-operator -n weblogic-operator-ns

$ helm -n weblogic-operator-ns upgrade weblogic-operator kubernetes/charts/weblogic-operator \
  --wait --recreate-pods --reuse-values \
  --set externalRestEnabled=true \
  --set externalRestIdentitySecret=weblogic-operator-cert 

Additional reading