[operator] helm recreates certs repetededly

[tomplus]

Hello Team.

I use the opentelemetry-operator chart as a sub-chart and I've faced the issue where during helm upgrade I get an error:

cannot patch "opentelemetry" with kind OpenTelemetryCollector: 
Internal error occurred: failed calling webhook "mopentelemetrycollector.kb.io": 
failed to call webhook: Post "https://opentelemetry-operator-webhook.test.svc:443/mutate-opentelemetry-io-v1alpha1-opentelemetrycollector?timeout=10s": 
x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "opentelemetry-operator-operator-ca")

It looks like a certificate generated by Helm (certManager.enabled=False) is always replaced and the operator needs some time to reload it, during this time is not possible to update OpenTelemetryCollector's (the webhook has the previous cert). Could the chart use the old Secret if exists or maybe this regeneration is intentional?

I can prepare a PR for it.

Thanks!

[Allex1]

Hey @tomplus , sorry , I just saw this issue . Is the offer still available? :)
We did not reproduce it as we're using cert-manager for the most part.

[tomplus]

Thanks for verifying it. Yeah, the offer is still available :) I'll work on it 👍