try to create every secret instead of returning eraly

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
envoyproxy · Mar 8, 2024 · 20d5d3a · 20d5d3a
1 parent 6806195
commit 20d5d3a
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 12 deletions.
diff --git a/internal/cmd/certgen.go b/internal/cmd/certgen.go
@@ -74,17 +74,18 @@ func outputCerts(ctx context.Context, cli client.Client, cfg *config.Server, cer
 	log := cfg.Logger
 
 	if err != nil {
-		if errors.Is(err, kubernetes.ErrSecretExists) {
-			log.Info("exiting early", "reason", err)
-			return nil
+		if !errors.Is(err, kubernetes.ErrSecretExists) {
+			log.Info(err.Error())
+		} else {
+			return fmt.Errorf("failed to create or update secrets: %w", err)
 		}
-
-		return fmt.Errorf("failed to create or update secrets: %w", err)
 	}
 
-	for i := range secrets {
-		s := secrets[i]
-		log.Info("created secret", "namespace", s.Namespace, "name", s.Name)
+	if secrets != nil {
+		for i := range secrets {
+			s := secrets[i]
+			log.Info("created secret", "namespace", s.Namespace, "name", s.Name)
+		}
 	}
 
 	return nil

diff --git a/internal/provider/kubernetes/secrets.go b/internal/provider/kubernetes/secrets.go
@@ -92,7 +92,11 @@ func CertsToSecret(namespace string, certs *crypto.Certificates) []corev1.Secret
 // CreateOrUpdateSecrets creates the provided secrets if they don't exist or updates
 // them if they do.
 func CreateOrUpdateSecrets(ctx context.Context, client client.Client, secrets []corev1.Secret, update bool) ([]corev1.Secret, error) {
-	var tidySecrets []corev1.Secret
+	var (
+		tidySecrets     []corev1.Secret
+		existingSecrets []string
+	)
+
 	for i := range secrets {
 		secret := secrets[i]
 		current := new(corev1.Secret)
@@ -109,9 +113,8 @@ func CreateOrUpdateSecrets(ctx context.Context, client client.Client, secrets []
 			// Update if current value is different and update arg is set.
 		} else {
 			if !update {
-				return nil, fmt.Errorf("%s/%s: %w;"+
-					"Either update it manually or set overwriteControlPlaneCerts "+
-					"in the EnvoyGateway config", secret.Namespace, secret.Name, ErrSecretExists)
+				existingSecrets = append(existingSecrets, fmt.Sprintf("%s/%s", secret.Namespace, secret.Name))
+				continue
 			}
 
 			if !reflect.DeepEqual(secret.Data, current.Data) {
@@ -123,5 +126,11 @@ func CreateOrUpdateSecrets(ctx context.Context, client client.Client, secrets []
 		tidySecrets = append(tidySecrets, secret)
 	}
 
+	if len(existingSecrets) > 0 {
+		return tidySecrets, fmt.Errorf("%v: %w;"+
+			"Either update the secrets manually or set overwriteControlPlaneCerts "+
+			"in the EnvoyGateway config", existingSecrets, ErrSecretExists)
+	}
+
 	return tidySecrets, nil
 }