Updating operator external certificates

If the operator needs to update the external certificate and key currently being used or was installed without an external REST API SSL/TLS identity, the helm upgrade command is used to restart the operator with the new or updated Kubernetes tls secret that contains the desired certificates.

The operator requires a restart in order to begin using the new or updated external certificate. The Helm --recreate-pods flag is used to cause the existing Kubernetes Pod to be terminated and a new pod to be started with the updated configuration.

For example, if the operator was installed with the Helm release name weblogic-operator in the namespace weblogic-operator-ns and the Kubernetes tls secret is named weblogic-operator-cert, the following commands can be used to update the operator certificates and key:

$ kubectl create secret tls weblogic-operator-cert -n weblogic-operator-ns \
  --cert=<path-to-certificate> --key=<path-to-private-key>
$ helm get values weblogic-operator -n weblogic-operator-ns

$ helm -n weblogic-operator-ns upgrade weblogic-operator kubernetes/charts/weblogic-operator \
  --wait --recreate-pods --reuse-values \
  --set externalRestEnabled=true \
  --set externalRestIdentitySecret=weblogic-operator-cert

Additional reading