The operator needs to refresh broker tokens periodically

[skitt]

This is part of submariner-io/enhancements#56

When CAs are rotated, the corresponding secrets are automatically regenerated. This happens before CAs expire, and new secrets can be verified with old and new CAs. To survive actual rotation, all users of a given secret need to have the updated secret. As part of this, the operator should retrieve the secret used to access the broker periodically, and ensure that pods deployed with access to that key are made aware of the change.

[tpantelis]

@skitt Wasn't this already done?

submariner-operator/controllers/submariner/submariner_controller.go

Line 329 in 0729c7f

func (r *Reconciler) setupSecretSyncer(instance *submopv1a1.Submariner, logger logr.Logger, namespace string) error {

[skitt]

I’m not sure off-hand but I think there was a missing piece, I’ll check.