From 37a5a6652fb6298c6cde194d6fee1375dc83fe37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Wed, 11 May 2022 17:46:37 +0200 Subject: [PATCH] fix: write secret (#3891) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché Co-authored-by: shuting --- pkg/tls/renewer.go | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/pkg/tls/renewer.go b/pkg/tls/renewer.go index f516afb3c6..9ce2761cc6 100644 --- a/pkg/tls/renewer.go +++ b/pkg/tls/renewer.go @@ -126,23 +126,22 @@ func (c *CertRenewer) getTLSSecret() (*corev1.Secret, error) { func (c *CertRenewer) writeSecret(secret *corev1.Secret, logger logr.Logger) error { logger = logger.WithValues("name", secret.GetName(), "namespace", secret.GetNamespace()) - if _, err := c.client.CoreV1().Secrets(config.KyvernoNamespace()).Create(context.TODO(), secret, metav1.CreateOptions{}); err != nil { - if apierrors.IsAlreadyExists(err) { - if _, err := c.client.CoreV1().Secrets(config.KyvernoNamespace()).Update(context.TODO(), secret, metav1.UpdateOptions{}); err != nil { - logger.Error(err, "failed to update secret") - return err - } else { - logger.Info("secret updated") - return nil - } - } else { - logger.Error(err, "failed to create secret") + if secret.ResourceVersion == "" { + if _, err := c.client.CoreV1().Secrets(config.KyvernoNamespace()).Create(context.TODO(), secret, metav1.CreateOptions{}); err != nil { + logger.Error(err, "failed to update secret") return err + } else { + logger.Info("secret created") } } else { - logger.Info("secret created") - return nil + if _, err := c.client.CoreV1().Secrets(config.KyvernoNamespace()).Update(context.TODO(), secret, metav1.UpdateOptions{}); err != nil { + logger.Error(err, "failed to update secret") + return err + } else { + logger.Info("secret updated") + } } + return nil } // writeCASecret stores the CA cert in secret