Ready channel is never signaled on non-leaders

[AlmogBaku]

With the addition of #45, the cert-controller can be set to run only in the leader - instructing the leader to be responsible for the certificate injection and management.

But how can we send the same signal to the followers? With the current implementation, the ready channel will never be signaled.

[maxsmythe]

Good question. I suppose there is no reason the following go routines need to be launched by the manager calling Start():

https://github.com/open-policy-agent/cert-controller/blob/71c4f4ea52d5d8b1f1d89462065535ec7a41a99f/pkg/rotator/rotator.go#L212-L214

Since they are purely passive, though the exponential backoff does assume that something will eventually write a cert file.

[AlmogBaku]

it won't help to take them out since they're waiting on the wasCAInjected atomic boolean which is set only by the reconciler

[zbindenren]

Same Issue here:

I wanted to fatal exit when setup was not possible. This only works with replicas=1.

	//nolint:gocritic // enable again when issue https://github.com/open-policy-agent/cert-controller/issues/53 is fixed
	/* ticker := time.NewTicker(startTimeout)
	defer ticker.Stop() */

	select {
	case err := <-errCh:
		return err
	case <-setupFinished:
		m.manager.GetLogger().Info("rotator setup finished")
		/* case <-ticker.C:
		return errors.New("rotator setup timout") */
	} //nolint:wsl // enable again when issue https://github.com/open-policy-agent/cert-controller/issues/53 is fixed