Error updating webhook with certificate

[binbin-li]

Ratify is using cert-controller (v0.8.0) to help maintain the tls cert. This is how we add the rotator: https://github.com/deislabs/ratify/blob/dev/pkg/manager/manager.go#L176

It works fine for most of time, but sometimes the Reconcile could fail unexpected.

The error is like:

time=2024-05-08T05:38:05.435383745Z level=error msg=[cert-rotation] Error updating webhook with certificate error=Operation cannot be fulfilled on providers.externaldata.gatekeeper.sh "ratify-mutation-provider": the object has been modified; please apply your changes to the latest version and try again gvk=externaldata.gatekeeper.sh/v1beta1, Kind=Provider name=ratify-mutation-provider

which thrown at: https://github.com/open-policy-agent/cert-controller/blob/master/pkg/rotator/rotator.go#L838, seems it might update the resource with resourceVersion and creationTimestamp.

Wonder if it's a known issue or something wrong with our usage.