Addressed PR comments

- inverted large if block and moved check to beginning of func
- small readme fixes

Author: iastewar

README.md

@@ -1,12 +1,12 @@
 # gcp-auth-webhook
 
 A server that includes:
-* A mutating webhook that will patch any newly created pods in your kubernetes cluster with GCP credentials (whose location is currently hardcoded to /var/lib/minikube/google_application_credentials.json).
-* A mutating webhook that will patch any newly created service accounts in your kubernetes cluster with an image pull secret.
+* A mutating webhook that will patch any newly created pods in your Kubernetes cluster with GCP credentials (whose location is currently hardcoded to /var/lib/minikube/google_application_credentials.json).
+* A mutating webhook that will patch any newly created service accounts in your Kubernetes cluster with an image pull secret.
 * A thread that monitors namespaces to make sure all namespaces include a image pull secret to be able to pull from GCR and AR.
 
 ## Deployment
-Use the image gcr.io/k8s-minikube/gcp-auth-webhook as the image for a Deployment in your Kubernetes manifest and add that to a MutatingWebhookConfiguration. See [minikube](https://github.com/kubernetes/minikube/blob/master/deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl) for details.
+Use the image `gcr.io/k8s-minikube/gcp-auth-webhook` as the image for a Deployment in your Kubernetes manifest and add that to a MutatingWebhookConfiguration. See [minikube](https://github.com/kubernetes/minikube/blob/master/deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl) for details.
 
 ## Running Locally
 The easiest way to run the server locally is:

server.go

@@ -103,11 +103,28 @@ func createPullSecret(clientset *kubernetes.Clientset, ns *corev1.Namespace, cre
 		return nil
 	}
 
-	token, err := creds.TokenSource.Token()
+	secrets := clientset.CoreV1().Secrets(ns.Name)
+
+	// check if gcp-auth secret already exists
+	exists := false
+	secList, err := secrets.List(context.TODO(), metav1.ListOptions{})
 	if err != nil {
 		return err
 	}
+	for _, s := range secList.Items {
+		if s.Name == gcpAuth {
+			exists = true
+			break
+		}
+	}
+	if exists {
+		return nil
+	}
 
+	token, err := creds.TokenSource.Token()
+	if err != nil {
+		return err
+	}
 	var dockercfg string
 	registries := append(gcr_config.DefaultGCRRegistries[:], gcr_config.DefaultARRegistries[:]...)
 	for _, reg := range registries {
@@ -117,36 +134,18 @@ func createPullSecret(clientset *kubernetes.Clientset, ns *corev1.Namespace, cre
 	data := map[string][]byte{
 		".dockercfg": []byte(fmt.Sprintf(`{%s}`, dockercfg)),
 	}
-
-	secrets := clientset.CoreV1().Secrets(ns.Name)
-
-	exists := false
-	secList, err := secrets.List(context.TODO(), metav1.ListOptions{})
+	secretObj := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: gcpAuth,
+		},
+		Data: data,
+		Type: "kubernetes.io/dockercfg",
+	}
+	_, err = secrets.Create(context.TODO(), secretObj, metav1.CreateOptions{})
 	if err != nil {
 		return err
 	}
-	for _, s := range secList.Items {
-		if s.Name == gcpAuth {
-			exists = true
-			break
-		}
-	}
 
-	if !exists {
-		secretObj := &corev1.Secret{
-			ObjectMeta: metav1.ObjectMeta{
-				Name: gcpAuth,
-			},
-			Data: data,
-			Type: "kubernetes.io/dockercfg",
-		}
-
-		_, err = secrets.Create(context.TODO(), secretObj, metav1.CreateOptions{})
-		if err != nil {
-			return err
-		}
-
-	}
 	return nil
 }