fix: write secret (#3891)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2025-03-28 02:18:15 +00:00 · 2022-05-11 17:46:37 +02:00 · 2022-05-11 17:46:37 +02:00 · 37a5a6652f
commit 37a5a6652f
parent 31928c9507
1 changed files with 12 additions and 13 deletions
--- a/pkg/tls/renewer.go
+++ b/pkg/tls/renewer.go
@ -126,23 +126,22 @@ func (c *CertRenewer) getTLSSecret() (*corev1.Secret, error) {

 func (c *CertRenewer) writeSecret(secret *corev1.Secret, logger logr.Logger) error {
 	logger = logger.WithValues("name", secret.GetName(), "namespace", secret.GetNamespace())
-	if _, err := c.client.CoreV1().Secrets(config.KyvernoNamespace()).Create(context.TODO(), secret, metav1.CreateOptions{}); err != nil {
-		if apierrors.IsAlreadyExists(err) {
-			if _, err := c.client.CoreV1().Secrets(config.KyvernoNamespace()).Update(context.TODO(), secret, metav1.UpdateOptions{}); err != nil {
-				logger.Error(err, "failed to update secret")
-				return err
-			} else {
-				logger.Info("secret updated")
-				return nil
-			}
-		} else {
-			logger.Error(err, "failed to create secret")
+	if secret.ResourceVersion == "" {
+		if _, err := c.client.CoreV1().Secrets(config.KyvernoNamespace()).Create(context.TODO(), secret, metav1.CreateOptions{}); err != nil {
+			logger.Error(err, "failed to update secret")
 			return err
+		} else {
+			logger.Info("secret created")
 		}
 	} else {
-		logger.Info("secret created")
-		return nil
+		if _, err := c.client.CoreV1().Secrets(config.KyvernoNamespace()).Update(context.TODO(), secret, metav1.UpdateOptions{}); err != nil {
+			logger.Error(err, "failed to update secret")
+			return err
+		} else {
+			logger.Info("secret updated")
+		}
 	}
+	return nil
 }

 // writeCASecret stores the CA cert in secret