Webhook handle lack of permission and skip installing webhook secret for operatorOnly

Author: rjeberhard

kubernetes/charts/weblogic-operator/templates/_operator-secret.tpl

@@ -1,7 +1,8 @@
-# Copyright (c) 2018, 2022, Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 {{- define "operator.operatorSecrets" }}
+{{- if not .webhookOnly }}
 ---
 apiVersion: "v1"
 kind: "Secret"
@@ -22,6 +23,8 @@ metadata:
   name: "weblogic-operator-secrets"
   namespace:  {{ .Release.Namespace | quote }}
 type: "Opaque"
+{{- end }}
+{{- if not .operatorOnly }}
 ---
 apiVersion: "v1"
 kind: "Secret"
@@ -44,3 +47,4 @@ metadata:
   namespace:  {{ .Release.Namespace | quote }}
 type: "Opaque"
 {{- end }}
+{{- end }}

operator/src/main/java/oracle/kubernetes/operator/helpers/WebhookHelper.java

@@ -259,7 +259,8 @@ protected Result onFailureNoRetry(Packet packet,
                                             KubernetesApiResponse<V1ValidatingWebhookConfiguration> callResponse) {
         LOGGER.info(MessageKeys.READ_VALIDATING_WEBHOOK_CONFIGURATION_FAILED,
             VALIDATING_WEBHOOK_NAME, callResponse.getStatus());
-        return super.onFailureNoRetry(packet, callResponse);
+        return isNotAuthorizedOrForbidden(callResponse)
+                ? doNext(packet) : super.onFailureNoRetry(packet, callResponse);
       }
     }
 
@@ -279,7 +280,8 @@ protected Result onFailureNoRetry(Packet packet,
                                             KubernetesApiResponse<V1ValidatingWebhookConfiguration> callResponse) {
         LOGGER.info(MessageKeys.CREATE_VALIDATING_WEBHOOK_CONFIGURATION_FAILED,
             VALIDATING_WEBHOOK_NAME, callResponse.getStatus());
-        return super.onFailureNoRetry(packet, callResponse);
+        return isNotAuthorizedOrForbidden(callResponse)
+                ? doNext(packet) : super.onFailureNoRetry(packet, callResponse);
       }
     }
 
@@ -312,7 +314,8 @@ protected Result onFailureNoRetry(Packet packet,
                                             KubernetesApiResponse<V1ValidatingWebhookConfiguration> callResponse) {
         LOGGER.info(MessageKeys.REPLACE_VALIDATING_WEBHOOK_CONFIGURATION_FAILED,
             VALIDATING_WEBHOOK_NAME, callResponse.getStatus());
-        return super.onFailureNoRetry(packet, callResponse);
+        return isNotAuthorizedOrForbidden(callResponse)
+                ? doNext(packet) : super.onFailureNoRetry(packet, callResponse);
       }
     }