From 424805328608c2bc33153cce9322c823ba28301e Mon Sep 17 00:00:00 2001
From: Tomas Nozicka <tnozicka@gmail.com>
Date: Mon, 20 Apr 2020 15:22:23 +0200
Subject: [PATCH] Sync new client cert-key on recovery

---
 pkg/cmd/recoverycontroller/csrcontroller.go          |  4 ++++
 .../resourcesynccontroller/resourcesynccontroller.go | 12 ++++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/pkg/cmd/recoverycontroller/csrcontroller.go b/pkg/cmd/recoverycontroller/csrcontroller.go
index 1fb132a98..8d26a7e6b 100644
--- a/pkg/cmd/recoverycontroller/csrcontroller.go
+++ b/pkg/cmd/recoverycontroller/csrcontroller.go
@@ -88,6 +88,10 @@ func NewCSRController(
 	if err != nil {
 		return nil, err
 	}
+	err = operatorresourcesync.AddSyncClientCertKeySecret(c.resourceSyncController)
+	if err != nil {
+		return nil, err
+	}
 
 	return c, nil
 }
diff --git a/pkg/operator/resourcesynccontroller/resourcesynccontroller.go b/pkg/operator/resourcesynccontroller/resourcesynccontroller.go
index 7adcc3ab0..af3bd09d7 100644
--- a/pkg/operator/resourcesynccontroller/resourcesynccontroller.go
+++ b/pkg/operator/resourcesynccontroller/resourcesynccontroller.go
@@ -17,6 +17,13 @@ func AddSyncCSRControllerCA(resourceSyncController *resourcesynccontroller.Resou
 	)
 }
 
+func AddSyncClientCertKeySecret(resourceSyncController *resourcesynccontroller.ResourceSyncController) error {
+	return resourceSyncController.SyncSecret(
+		resourcesynccontroller.ResourceLocation{Namespace: operatorclient.TargetNamespace, Name: "kube-controller-manager-client-cert-key"},
+		resourcesynccontroller.ResourceLocation{Namespace: operatorclient.GlobalMachineSpecifiedConfigNamespace, Name: "kube-controller-manager-client-cert-key"},
+	)
+}
+
 func NewResourceSyncController(
 	operatorConfigClient v1helpers.OperatorClient,
 	kubeInformersForNamespaces v1helpers.KubeInformersForNamespaces,
@@ -34,10 +41,7 @@ func NewResourceSyncController(
 	if err := AddSyncCSRControllerCA(resourceSyncController); err != nil {
 		return nil, err
 	}
-	if err := resourceSyncController.SyncSecret(
-		resourcesynccontroller.ResourceLocation{Namespace: operatorclient.TargetNamespace, Name: "kube-controller-manager-client-cert-key"},
-		resourcesynccontroller.ResourceLocation{Namespace: operatorclient.GlobalMachineSpecifiedConfigNamespace, Name: "kube-controller-manager-client-cert-key"},
-	); err != nil {
+	if err := AddSyncClientCertKeySecret(resourceSyncController); err != nil {
 		return nil, err
 	}
 	if err := resourceSyncController.SyncConfigMap(