refresh certs if needed in reconciler

[acpana]

Basically following Max's advice here: open-policy-agent/gatekeeper#2477 (comment) to call refresh certs if needed in the reconciler.

I also ran gofumpt, gci and godot on the files.

[codecov-commenter]

Codecov Report

Patch coverage: 70.58% and project coverage change: +2.40 🎉

Comparison is base (3b09cd3) 51.78% compared to head (299d680) 54.19%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master      #81      +/-   ##
==========================================
+ Coverage   51.78%   54.19%   +2.40%     
==========================================
  Files           1        1              
  Lines         531      548      +17     
==========================================
+ Hits          275      297      +22     
+ Misses        190      185       -5     
  Partials       66       66              

Flag	Coverage Δ
unittests	54.19% <70.58%> (+2.40%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/rotator/rotator.go	54.19% <70.58%> (+2.40%)	⬆️

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[maxsmythe]

For testing, one way would be to create a mode that enables only the controller, not the rotator (just don't add the rotator to the manager), then there is no race condition.

[acpana]

For testing, one way would be to create a mode that enables only the controller, not the rotator (just don't add the rotator to the manager), then there is no race condition.

@maxsmythe thanks for the suggestion! I added a field on the CertRotator to control whether or not to run in it the background for a reconciler. Let me know what you think 🙏🏼

[maxsmythe]

LGTM after removal of requeue

[maxsmythe]

LGTM

[ritazh]

LGTM