From 4410b6adc317ca793851027ef798993daffb3f24 Mon Sep 17 00:00:00 2001
From: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>
Date: Fri, 7 Jan 2022 23:03:01 +0530
Subject: [PATCH] Fix condition for rolling update (#2930)

---
 pkg/tls/reader.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/tls/reader.go b/pkg/tls/reader.go
index e8ca0fedbf..d2ea96612e 100644
--- a/pkg/tls/reader.go
+++ b/pkg/tls/reader.go
@@ -42,7 +42,7 @@ func ReadRootCASecret(restConfig *rest.Config, client *client.Client) (result []
 		managedByKyverno = label == "kyverno"
 	}
 	deplHashSec, ok = stlsca.GetAnnotations()[MasterDeploymentUID]
-	if managedByKyverno && (!ok || deplHashSec != deplHash) {
+	if managedByKyverno && (ok && deplHashSec != deplHash) {
 		return nil, fmt.Errorf("outdated secret")
 	}
 
@@ -85,7 +85,7 @@ func ReadTLSPair(restConfig *rest.Config, client *client.Client) (*PemPair, erro
 		managedByKyverno = label == "kyverno"
 	}
 	deplHashSec, ok = unstrSecret.GetAnnotations()[MasterDeploymentUID]
-	if managedByKyverno && (!ok || deplHashSec != deplHash) {
+	if managedByKyverno && (ok && deplHashSec != deplHash) {
 		return nil, fmt.Errorf("outdated secret")
 	}