> Samples > REST APIs

REST APIs

Sample to create certificate and key

When a user enables the operator’s external REST API (by setting externalRestEnabled to true when installing or upgrading the operator Helm chart), the user also needs to provide the certificates and private key used for the SSL/TLS identity on the external REST API endpoint by creating a kubernetes tls secret and using that secret’s name with the operator Helm chart values.

This sample script generates a self-signed certificate and private key that can be used for the operator’s external REST API when experimenting with the operator.

The certificate and key generated with this script should not be used in a production environment.

The syntax of the script is:

$ kubernetes/samples/scripts/rest/generate-external-rest-identity.sh \
  -a <SANs> -n <operator-namespace> [-s <secret-name>]

Where <SANs> lists the subject alternative names to put into the generated self-signed certificate for the external operator REST HTTPS interface, <operator-namespace> should match the namespace where the operator will be installed, and optionally the secret name, which defaults to weblogic-operator-external-rest-identity.

You should include the addresses of all masters and load balancers (for example, what a client specifies to access the external REST endpoint) in the subject alternative name list. In addition, each name must be prefaced by DNS: for a host name, or IP: for an address, as in this example:

-a "DNS:myhost,DNS:localhost,IP:127.0.0.1"

The external certificate and key can be changed after installation of the operator. For more information, see Updating operator external certificates.

The following script will create the tls secret named weblogic-operator-identity in the namespace weblogic-operator-ns, using a self-signed certificate and private key:

$ echo "externalRestEnabled: true" > my_values.yaml

$ generate-external-rest-identity.sh \
  -a "DNS:${HOSTNAME},DNS:localhost,IP:127.0.0.1" \
  -n weblogic-operator-ns -s weblogic-operator-identity >> my_values.yaml

$ kubectl -n weblogic-operator-ns describe secret weblogic-operator-identity

$ helm install my_operator weblogic-operator/weblogic-operator \
  --namespace weblogic-operator-ns --values my_values.yaml --wait