From ec2bf3b6dadf55737bb94ff8f83e6a810aec8a19 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charled.breteche@gmail.com>
Date: Tue, 10 May 2022 16:08:36 +0200
Subject: [PATCH] refactor: init certs with certs renewer directly (#3853)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
---
 cmd/kyverno/main.go                       |  5 ++++-
 pkg/controllers/certmanager/controller.go | 12 ------------
 2 files changed, 4 insertions(+), 13 deletions(-)

diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go
index f9a42fa541..1e13c3d78c 100755
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@@ -343,7 +343,10 @@ func main() {
 
 	registerWrapperRetry := common.RetryFunc(time.Second, webhookRegistrationTimeout, webhookCfg.Register, "failed to register webhook", setupLog)
 	registerWebhookConfigurations := func() {
-		certManager.InitTLSPemPair()
+		if _, err := certRenewer.InitTLSPemPair(); err != nil {
+			setupLog.Error(err, "tls initialization error")
+			os.Exit(1)
+		}
 		waitForCacheSync(stopCh, kyvernoInformer, kubeInformer, kubeKyvernoInformer)
 
 		// validate the ConfigMap format
diff --git a/pkg/controllers/certmanager/controller.go b/pkg/controllers/certmanager/controller.go
index 9a4444cb16..ef9c6bddd0 100644
--- a/pkg/controllers/certmanager/controller.go
+++ b/pkg/controllers/certmanager/controller.go
@@ -18,10 +18,6 @@ type Controller interface {
 	// Run starts the certManager
 	Run(stopCh <-chan struct{})
 
-	// InitTLSPemPair initializes the TLSPemPair
-	// it should be invoked by the leader
-	InitTLSPemPair()
-
 	// GetTLSPemPair gets the existing TLSPemPair from the secret
 	GetTLSPemPair() (*tls.PemPair, error)
 }
@@ -63,14 +59,6 @@ func (m *controller) updateSecretFunc(oldObj interface{}, newObj interface{}) {
 	}
 }
 
-func (m *controller) InitTLSPemPair() {
-	_, err := m.renewer.InitTLSPemPair()
-	if err != nil {
-		logger.Error(err, "initialization error")
-		os.Exit(1)
-	}
-}
-
 func (m *controller) GetTLSPemPair() (*tls.PemPair, error) {
 	secret, err := m.secretLister.Secrets(config.KyvernoNamespace).Get(m.renewer.GenerateTLSPairSecretName())
 	if err != nil {