google · sroettger · Jun 28, 2021 · Jun 28, 2021 · Jun 28, 2021 · Jun 28, 2021
diff --git a/dist/resources/operator.yaml b/dist/resources/operator.yaml
@@ -16,7 +16,7 @@ spec:
       serviceAccountName: kctf-operator
       containers:
         - name: kctf-operator
-          image: gcr.io/kctf-docker/kctf-operator@sha256:a517370bc714a05e1cdec597f8e42033b54267fe2f09baddd18eebbb2486cb35
+          image: gcr.io/kctf-docker/kctf-operator@sha256:34efa36f0d2a02a9237742933f0d82f83b512395c8be40e52a14e0bf1142e2fa
           command:
           - kctf-operator
           imagePullPolicy: Always

diff --git a/docker-images/certbot/certbot.sh b/docker-images/certbot/certbot.sh
@@ -42,7 +42,6 @@ while true; do
   sleep 2m
   if check_tls_validity; then
     echo "Certificate is valid for at least 30 days"
-    sleep 1d
   else
     request_certificate && update_tls_secret && echo "TLS cert updated"
   fi

diff --git a/kctf-operator/pkg/resources/constants.go b/kctf-operator/pkg/resources/constants.go
@@ -5,7 +5,7 @@ package resources
 // == || These are set by automation || ==
 // .. vv ........................... vv ..
 
-const DOCKER_CERTBOT_IMAGE = "gcr.io/kctf-docker/certbot@sha256:ee81493fb7544abf243a5bd5007f040cc821cacf978a516d4b699adac497dc7a"
+const DOCKER_CERTBOT_IMAGE = "gcr.io/kctf-docker/certbot@sha256:101378fb05be8c14f45b99312fc5e5119ec5a2a184eea7fc4b7a29524b7c508f"
 const DOCKER_GCSFUSE_IMAGE = "gcr.io/kctf-docker/gcsfuse@sha256:85f4eac10e254651ab3ff531869b86c3b542d2dd9d0d1dbf8724a552b42ab970"
 
 // .. ^^ ........................... ^^ ..

diff --git a/kctf-operator/pkg/resources/initializer.go b/kctf-operator/pkg/resources/initializer.go
@@ -17,14 +17,22 @@ var log logr.Logger = logf.Log.WithName("cmd")
 func InitializeOperator(client *client.Client) error {
 	// Creates the objects that enable the DNS, external DNS and etc
 
+	// Create the tls secret separately since we don't want to overwrite it if it exists
+	tlsSecret := NewSecretTls()
+	err := (*client).Create(context.Background(), tlsSecret)
+	if err != nil && !errors.IsAlreadyExists(err) {
+		log.Error(err, "Could not create TLS secret")
+		return err
+	}
+
 	objectFunctions := []func() runtime.Object{NewExternalDnsClusterRole, NewExternalDnsClusterRoleBinding,
 		NewExternalDnsDeployment, NewDaemonSetGcsFuse, NewSecretPowBypass,
-		NewSecretPowBypassPub, NewNetworkPolicyBlockInternal, NewAllowDns, NewSecretTls}
+		NewSecretPowBypassPub, NewNetworkPolicyBlockInternal, NewAllowDns}
 
 	names := []string{
 		"External DNS Cluster Role", "External DNS Cluster Role Binding", "External DNS Deployment",
 		"Daemon Set Gcs Fuse", "Secret for PowBypass", "Secret for PowBypassPub",
-		"Network Policy Block Internal", "Allow DNS", "TLS Secret"}
+		"Network Policy Block Internal", "Allow DNS"}
 
 	for i, newObject := range objectFunctions {
 
@@ -37,6 +45,7 @@ func InitializeOperator(client *client.Client) error {
 		if err != nil {
 			if errors.IsAlreadyExists(err) {
 				log.Info("This object already exists.", "Name: ", names[i])
+
 				// Try to update the resource instead
 				err = (*client).Update(context.Background(), obj)
 			}