From 0ffde44dded5c06572deff07cf626a26f6726cf4 Mon Sep 17 00:00:00 2001
From: Stephen Roettger <stephen.roettger@gmail.com>
Date: Mon, 28 Jun 2021 15:22:32 +0200
Subject: [PATCH 1/3] don't kill tls

---
 docker-images/certbot/certbot.sh           |  1 -
 kctf-operator/pkg/resources/initializer.go | 13 +++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/docker-images/certbot/certbot.sh b/docker-images/certbot/certbot.sh
index f0041740..e845845d 100644
--- a/docker-images/certbot/certbot.sh
+++ b/docker-images/certbot/certbot.sh
@@ -42,7 +42,6 @@ while true; do
   sleep 2m
   if check_tls_validity; then
     echo "Certificate is valid for at least 30 days"
-    sleep 1d
   else
     request_certificate && update_tls_secret && echo "TLS cert updated"
   fi
diff --git a/kctf-operator/pkg/resources/initializer.go b/kctf-operator/pkg/resources/initializer.go
index 7feaa1f0..f8056a17 100644
--- a/kctf-operator/pkg/resources/initializer.go
+++ b/kctf-operator/pkg/resources/initializer.go
@@ -17,14 +17,22 @@ var log logr.Logger = logf.Log.WithName("cmd")
 func InitializeOperator(client *client.Client) error {
 	// Creates the objects that enable the DNS, external DNS and etc
 
+	// Create the tls secret separately since we don't want to overwrite it if it exists
+	tlsSecret := NewSecretTls()
+	err := (*client).Create(context.Background(), tlsSecret)
+	if err != nil && !errors.IsNotFound(err) {
+		log.Error(err, "Could not create TLS secret")
+		return err
+	}
+
 	objectFunctions := []func() runtime.Object{NewExternalDnsClusterRole, NewExternalDnsClusterRoleBinding,
 		NewExternalDnsDeployment, NewDaemonSetGcsFuse, NewSecretPowBypass,
-		NewSecretPowBypassPub, NewNetworkPolicyBlockInternal, NewAllowDns, NewSecretTls}
+		NewSecretPowBypassPub, NewNetworkPolicyBlockInternal, NewAllowDns}
 
 	names := []string{
 		"External DNS Cluster Role", "External DNS Cluster Role Binding", "External DNS Deployment",
 		"Daemon Set Gcs Fuse", "Secret for PowBypass", "Secret for PowBypassPub",
-		"Network Policy Block Internal", "Allow DNS", "TLS Secret"}
+		"Network Policy Block Internal", "Allow DNS"}
 
 	for i, newObject := range objectFunctions {
 
@@ -37,6 +45,7 @@ func InitializeOperator(client *client.Client) error {
 		if err != nil {
 			if errors.IsAlreadyExists(err) {
 				log.Info("This object already exists.", "Name: ", names[i])
+
 				// Try to update the resource instead
 				err = (*client).Update(context.Background(), obj)
 			}

From eac9be165aefbe8e63d6dc0684037df3a6685a78 Mon Sep 17 00:00:00 2001
From: sroettger <sroettger@google.com>
Date: Mon, 28 Jun 2021 17:10:18 +0200
Subject: [PATCH 2/3] IsAlreadyExists

---
 kctf-operator/pkg/resources/initializer.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kctf-operator/pkg/resources/initializer.go b/kctf-operator/pkg/resources/initializer.go
index f8056a17..8a481a2f 100644
--- a/kctf-operator/pkg/resources/initializer.go
+++ b/kctf-operator/pkg/resources/initializer.go
@@ -20,7 +20,7 @@ func InitializeOperator(client *client.Client) error {
 	// Create the tls secret separately since we don't want to overwrite it if it exists
 	tlsSecret := NewSecretTls()
 	err := (*client).Create(context.Background(), tlsSecret)
-	if err != nil && !errors.IsNotFound(err) {
+	if err != nil && !errors.IsAlreadyExists(err) {
 		log.Error(err, "Could not create TLS secret")
 		return err
 	}

From 85e81927a50d8abd20c07a26c8f8cb1c1f7bc8cf Mon Sep 17 00:00:00 2001
From: GitHub Action <sroettger@google.com>
Date: Mon, 28 Jun 2021 15:21:30 +0000
Subject: [PATCH 3/3] Automated commit: update images.

---
 dist/resources/operator.yaml             | 2 +-
 kctf-operator/pkg/resources/constants.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dist/resources/operator.yaml b/dist/resources/operator.yaml
index 0573e6e6..a29adb64 100644
--- a/dist/resources/operator.yaml
+++ b/dist/resources/operator.yaml
@@ -16,7 +16,7 @@ spec:
       serviceAccountName: kctf-operator
       containers:
         - name: kctf-operator
-          image: gcr.io/kctf-docker/kctf-operator@sha256:a517370bc714a05e1cdec597f8e42033b54267fe2f09baddd18eebbb2486cb35
+          image: gcr.io/kctf-docker/kctf-operator@sha256:34efa36f0d2a02a9237742933f0d82f83b512395c8be40e52a14e0bf1142e2fa
           command:
           - kctf-operator
           imagePullPolicy: Always
diff --git a/kctf-operator/pkg/resources/constants.go b/kctf-operator/pkg/resources/constants.go
index ec1c6e08..303bf0c3 100644
--- a/kctf-operator/pkg/resources/constants.go
+++ b/kctf-operator/pkg/resources/constants.go
@@ -5,7 +5,7 @@ package resources
 // == || These are set by automation || ==
 // .. vv ........................... vv ..
 
-const DOCKER_CERTBOT_IMAGE = "gcr.io/kctf-docker/certbot@sha256:ee81493fb7544abf243a5bd5007f040cc821cacf978a516d4b699adac497dc7a"
+const DOCKER_CERTBOT_IMAGE = "gcr.io/kctf-docker/certbot@sha256:101378fb05be8c14f45b99312fc5e5119ec5a2a184eea7fc4b7a29524b7c508f"
 const DOCKER_GCSFUSE_IMAGE = "gcr.io/kctf-docker/gcsfuse@sha256:85f4eac10e254651ab3ff531869b86c3b542d2dd9d0d1dbf8724a552b42ab970"
 
 // .. ^^ ........................... ^^ ..