Owls 91143 - Move internal certificate initialization logic to operator initalization (#2486)

* Move internal certificate initialization logic to operator initalization

* Changes to fail the Operator in case of unexpected exceptions from bouncycastle lib or IOException.

* Fix for liveness probe script and increase initialDelaySeconds to 40.

Author: ankedia

kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl

@@ -112,7 +112,7 @@ spec:
             command:
             - "bash"
             - "/operator/livenessProbe.sh"
-          initialDelaySeconds: 20
+          initialDelaySeconds: 40
           periodSeconds: 5
         readinessProbe:
           exec:

operator/scripts/initialize-internal-operator-identity.sh

@@ -7,6 +7,9 @@
 RETVAL=$(test -f /operator/debug-config/livenessProbeSuccessOverride ; echo $?)
 
 FILE=/operator/.alive
+if [ ! -f ${FILE} ]; then
+  exit $RETVAL
+fi
 OLDTIME=60
 CURTIME=$(date +%s)
 FILETIME=$(stat $FILE -c %Y)

operator/scripts/livenessProbe.sh

@@ -15,8 +15,6 @@ function relay_SIGTERM {
 
 trap relay_SIGTERM SIGTERM
 
-/operator/initialize-internal-operator-identity.sh
-
 /operator/initialize-external-operator-identity.sh
 
 if [[ ! -z "$REMOTE_DEBUG_PORT" ]]; then

operator/scripts/operator.sh

@@ -46,6 +46,7 @@
 import oracle.kubernetes.operator.rest.RestConfigImpl;
 import oracle.kubernetes.operator.rest.RestServer;
 import oracle.kubernetes.operator.steps.DefaultResponseStep;
+import oracle.kubernetes.operator.steps.InitializeInternalIdentityStep;
 import oracle.kubernetes.operator.work.Component;
 import oracle.kubernetes.operator.work.Container;
 import oracle.kubernetes.operator.work.ContainerResolver;
@@ -84,6 +85,8 @@ public class Main {
   private NamespaceWatcher namespaceWatcher;
   protected OperatorEventWatcher operatorNamespaceEventWatcher;
   private boolean warnedOfCrdAbsence;
+  private static NextStepFactory NEXT_STEP_FACTORY =
+          (next) -> createInitializeInternalIdentityStep(next);
 
   private static String getConfiguredServiceAccount() {
     return TuningParameters.getInstance().get("serviceaccount");
@@ -310,7 +313,12 @@ void startOperator(Runnable completionAction) {
   }
 
   private Step createStartupSteps() {
-    return Namespaces.getSelection(new StartupStepsVisitor());
+
+    return NEXT_STEP_FACTORY.createInternalInitializationStep(Namespaces.getSelection(new StartupStepsVisitor()));
+  }
+
+  private static Step createInitializeInternalIdentityStep(Step next) {
+    return new InitializeInternalIdentityStep(next);
   }
 
   private Step createOperatorNamespaceEventListStep() {
@@ -594,4 +602,9 @@ public void onThrowable(Packet packet, Throwable throwable) {
     }
   }
 
+  // an interface to provide a hook for unit testing.
+  interface NextStepFactory {
+    Step createInternalInitializationStep(Step next);
+  }
+
 }

operator/src/main/java/oracle/kubernetes/operator/Main.java

@@ -167,6 +167,11 @@ public <T> T execute(
           wrap(
               createConfigMapAsync(
                   usage, requestParams.namespace, (V1ConfigMap) requestParams.body, callback));
+  private final CallFactory<V1Secret> createSecret =
+          (requestParams, usage, cont, callback) ->
+                  wrap(
+                          createSecretAsync(
+                                  usage, requestParams.namespace, (V1Secret) requestParams.body, callback));
   private final CallFactory<V1ConfigMap> replaceConfigmap =
       (requestParams, usage, cont, callback) ->
           wrap(
@@ -185,6 +190,15 @@ public <T> T execute(
                   requestParams.namespace,
                   (V1Patch) requestParams.body,
                   callback));
+  private final CallFactory<V1Secret> replaceSecret =
+          (requestParams, usage, cont, callback) ->
+                  wrap(
+                          replaceSecretAsync(
+                                  usage,
+                                  requestParams.name,
+                                  requestParams.namespace,
+                                  (V1Secret) requestParams.body,
+                                  callback));
   private final CallFactory<V1Pod> createPod =
       (requestParams, usage, cont, callback) ->
           wrap(
@@ -990,6 +1004,28 @@ responseStep, new RequestParams("createConfigMap", namespace, null, body, callPa
         createConfigmap);
   }
 
+  private Call createSecretAsync(
+          ApiClient client, String namespace, V1Secret body, ApiCallback<V1Secret> callback)
+          throws ApiException {
+    return new CoreV1Api(client)
+            .createNamespacedSecretAsync(namespace, body, pretty, null, null, callback);
+  }
+
+  /**
+   * Asynchronous step for creating secret.
+   *
+   * @param namespace Namespace
+   * @param body Body
+   * @param responseStep Response step for when call completes
+   * @return Asynchronous step
+   */
+  public Step createSecretAsync(
+          String namespace, V1Secret body, ResponseStep<V1Secret> responseStep) {
+    return createRequestAsync(
+            responseStep, new RequestParams("createSecret", namespace, null, body, callParams),
+            createSecret);
+  }
+
   private Call deleteConfigMapAsync(
       ApiClient client,
       String name,
@@ -1086,6 +1122,34 @@ public Step patchConfigMapAsync(
         patchConfigMap);
   }
 
+  /**
+   * Asynchronous step for replacing secret.
+   *
+   * @param name Name
+   * @param namespace Namespace
+   * @param body Body
+   * @param responseStep Response step for when call completes
+   * @return Asynchronous step
+   */
+  public Step replaceSecretAsync(
+          String name, String namespace, V1Secret body, ResponseStep<V1Secret> responseStep) {
+    return createRequestAsync(
+            responseStep,
+            new RequestParams("replaceSecretAsync", namespace, name, body, ""),
+            replaceSecret);
+  }
+
+  private Call replaceSecretAsync(
+          ApiClient client,
+          String name,
+          String namespace,
+          V1Secret body,
+          ApiCallback<V1Secret> callback)
+          throws ApiException {
+    return new CoreV1Api(client)
+            .replaceNamespacedSecretAsync(name, namespace, body, pretty, dryRun, null, callback);
+  }
+
   private Call listPodAsync(
       ApiClient client, String namespace, String cont, ApiCallback<V1PodList> callback)
       throws ApiException {

operator/src/main/java/oracle/kubernetes/operator/helpers/CallBuilder.java

@@ -142,6 +142,8 @@ public class MessageKeys {
   public static final String DOMAIN_ROLL_COMPLETED = "WLSKO-0191";
   public static final String EXECUTE_MAKE_RIGHT_DOMAIN = "WLSKO-0192";
   public static final String LOG_WAITING_COUNT = "WLSKO-0193";
+  public static final String INTERNAL_IDENTITY_INITIALIZATION_FAILED = "WLSKO-0194";
+
 
   // domain status messages
   public static final String DUPLICATE_SERVER_NAME_FOUND = "WLSDO-0001";