Try to fix REST ssl

Author: rjeberhard

pom.xml

@@ -26,9 +26,11 @@
             <id>oss-sonatype</id>
             <name>oss-sonatype</name>
             <url>https://oss.sonatype.org/content/repositories/releases/</url>
+            <!-- For if we need to work with kubernetes-client/java snapshot releases
             <snapshots>
                 <enabled>true</enabled>
             </snapshots>
+            -->
         </repository>
     </repositories>
 

src/main/java/oracle/kubernetes/operator/Main.java

@@ -121,6 +121,15 @@ private static void setTuningParameters() {
     CallBuilder.setTuningParameters(callRequestLimit, callMaxRetryCount, callTimeoutSeconds);
     int watchLifetime = (int) config.readTuningParameter("watchLifetime", 45);
     WatchBuilder.setTuningParameters(watchLifetime);
+    int readinessProbeInitialDelaySeconds = (int) config.readTuningParameter("readinessProbeInitialDelaySeconds", 2);
+    int readinessProbeTimeoutSeconds = (int) config.readTuningParameter("readinessProbeTimeoutSeconds", 5);
+    int readinessProbePeriodSeconds = (int) config.readTuningParameter("readinessProbePeriodSeconds", 10);
+    int livenessProbeInitialDelaySeconds = (int) config.readTuningParameter("livenessProbeInitialDelaySeconds", 10);
+    int livenessProbeTimeoutSeconds = (int) config.readTuningParameter("livenessProbeTimeoutSeconds", 5);
+    int livenessProbePeriodSeconds = (int) config.readTuningParameter("livenessProbePeriodSeconds", 10);
+    PodHelper.setTuningParameters(readinessProbeInitialDelaySeconds, readinessProbeTimeoutSeconds, 
+        readinessProbePeriodSeconds, livenessProbeInitialDelaySeconds, livenessProbeTimeoutSeconds, 
+        livenessProbePeriodSeconds);
   }
 
   private static final ConcurrentMap<String, Boolean> initialized = new ConcurrentHashMap<>();

src/main/java/oracle/kubernetes/operator/helpers/ConfigMapConsumer.java

@@ -53,7 +53,7 @@ public ConfigMapConsumer(ScheduledExecutorService threadPool, String mountPoint,
 
   private void schedule() {
     long initialDelay = readTuningParameter("configMapUpdateInitialDelay", 3); 
-    long delay = readTuningParameter("configMapUpdateDelay", 30);
+    long delay = readTuningParameter("configMapUpdateDelay", 10);
     ScheduledFuture<?> old = future.getAndSet(threadPool.scheduleWithFixedDelay(() -> {
       // wait for key to be signaled
       WatchKey key;

src/main/java/oracle/kubernetes/operator/helpers/PodHelper.java

@@ -49,6 +49,24 @@ public class PodHelper {
 
   private static final LoggingFacade LOGGER = LoggingFactory.getLogger("Operator", "Operator");
 
+  private static int readinessProbeInitialDelaySeconds = 2;
+  private static int readinessProbeTimeoutSeconds = 5;
+  private static int readinessProbePeriodSeconds = 10;
+  private static int livenessProbeInitialDelaySeconds = 10;
+  private static int livenessProbeTimeoutSeconds = 5;
+  private static int livenessProbePeriodSeconds = 10;
+  
+  public static void setTuningParameters(
+      int readinessProbeInitialDelaySeconds, int readinessProbeTimeoutSeconds, int readinessProbePeriodSeconds,
+      int livenessProbeInitialDelaySeconds, int livenessProbeTimeoutSeconds, int livenessProbePeriodSeconds) {
+    PodHelper.readinessProbeInitialDelaySeconds = readinessProbeInitialDelaySeconds;
+    PodHelper.readinessProbeTimeoutSeconds = readinessProbeTimeoutSeconds;
+    PodHelper.readinessProbePeriodSeconds = readinessProbePeriodSeconds;
+    PodHelper.livenessProbeInitialDelaySeconds = readinessProbeInitialDelaySeconds;
+    PodHelper.livenessProbeTimeoutSeconds = livenessProbeTimeoutSeconds;
+    PodHelper.livenessProbePeriodSeconds = livenessProbePeriodSeconds;
+  }
+  
   private PodHelper() {}
 
   /**
@@ -166,10 +184,10 @@ public NextAction apply(Packet packet) {
       readinessAction.addCommandItem(weblogicDomainName);
       readinessAction.addCommandItem(spec.getAsName());
       readinessProbe.exec(readinessAction);
-      readinessProbe.setInitialDelaySeconds(5);
-      readinessProbe.setTimeoutSeconds(5);
-      readinessProbe.setPeriodSeconds(5);
-      readinessProbe.setFailureThreshold(1);
+      readinessProbe.setInitialDelaySeconds(readinessProbeInitialDelaySeconds);
+      readinessProbe.setTimeoutSeconds(readinessProbeTimeoutSeconds);
+      readinessProbe.setPeriodSeconds(readinessProbePeriodSeconds);
+      readinessProbe.setFailureThreshold(1); // must be 1
       container.readinessProbe(readinessProbe);
 
       V1Probe livenessProbe = new V1Probe();
@@ -178,10 +196,10 @@ public NextAction apply(Packet packet) {
       livenessAction.addCommandItem(weblogicDomainName);
       livenessAction.addCommandItem(spec.getAsName());
       livenessProbe.exec(livenessAction);
-      livenessProbe.setInitialDelaySeconds(10);
-      livenessProbe.setTimeoutSeconds(5);
-      livenessProbe.setPeriodSeconds(5);
-      livenessProbe.setFailureThreshold(1);
+      livenessProbe.setInitialDelaySeconds(livenessProbeInitialDelaySeconds);
+      livenessProbe.setTimeoutSeconds(livenessProbeTimeoutSeconds);
+      livenessProbe.setPeriodSeconds(livenessProbePeriodSeconds);
+      livenessProbe.setFailureThreshold(1); // must be 1
       container.livenessProbe(livenessProbe);
 
       if (spec.getServerStartup() != null) {
@@ -550,10 +568,10 @@ public NextAction apply(Packet packet) {
       readinessAction.addCommandItem(weblogicDomainName);
       readinessAction.addCommandItem(weblogicServerName);
       readinessProbe.exec(readinessAction);
-      readinessProbe.setInitialDelaySeconds(2);
-      readinessProbe.setTimeoutSeconds(5);
-      readinessProbe.setPeriodSeconds(10);
-      readinessProbe.setFailureThreshold(1);
+      readinessProbe.setInitialDelaySeconds(readinessProbeInitialDelaySeconds);
+      readinessProbe.setTimeoutSeconds(readinessProbeTimeoutSeconds);
+      readinessProbe.setPeriodSeconds(readinessProbePeriodSeconds);
+      readinessProbe.setFailureThreshold(1); // must be 1
       container.readinessProbe(readinessProbe);
 
       V1Probe livenessProbe = new V1Probe();
@@ -562,10 +580,10 @@ public NextAction apply(Packet packet) {
       livenessAction.addCommandItem(weblogicDomainName);
       livenessAction.addCommandItem(weblogicServerName);
       livenessProbe.exec(livenessAction);
-      livenessProbe.setInitialDelaySeconds(10);
-      livenessProbe.setTimeoutSeconds(5);
-      livenessProbe.setPeriodSeconds(10);
-      livenessProbe.setFailureThreshold(1);
+      livenessProbe.setInitialDelaySeconds(livenessProbeInitialDelaySeconds);
+      livenessProbe.setTimeoutSeconds(livenessProbeTimeoutSeconds);
+      livenessProbe.setPeriodSeconds(livenessProbePeriodSeconds);
+      livenessProbe.setFailureThreshold(1); // must be 1
       container.livenessProbe(livenessProbe);
 
       if (!info.getClaims().getItems().isEmpty()) {

src/main/java/oracle/kubernetes/operator/rest/RestServer.java

@@ -21,8 +21,9 @@
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
 import java.net.URI;
-import java.nio.charset.StandardCharsets;
 import java.security.SecureRandom;
 import java.util.Collection;
 import java.util.HashMap;
@@ -273,8 +274,8 @@ private KeyManager[] createKeyManagers(
     LOGGER.entering(certificateData, certificateFile);
     KeyManager[] result =
       SSLUtils.keyManagers(
-        Base64.decodeBase64(certificateData),
-        Base64.decodeBase64(keyData),
+        readFromDataOrFile(certificateData, certificateFile),
+        readFromDataOrFile(keyData, keyFile),
         "", // Let utility figure it out, "RSA", // key algorithm
         "", // operator key passphrase in the temp keystore that gets created to hold the keypair
         null, // file name of the temp keystore
@@ -284,6 +285,15 @@ private KeyManager[] createKeyManagers(
     return result;
   }
 
+  private static byte[] readFromDataOrFile(String data, String file) throws IOException {
+    if (data != null && data.length() > 0) {
+      return Base64.decodeBase64(data);
+    } 
+    try (FileInputStream fis = new FileInputStream(file)) {
+      return fis.readAllBytes();
+    }
+  }
+  
   private boolean isExternalSSLConfigured() {
     return
       isSSLConfigured(