From a99e98ea55a250aa6b90e3620edc380fa796351d Mon Sep 17 00:00:00 2001
From: Mieszko Wawrzyniak <kaaboaye@gmail.com>
Date: Mon, 29 Mar 2021 15:16:18 +0200
Subject: [PATCH] Update gcr access token in place

It's possible to update secrets in place instead of removing and creating a new one.

But what's wrong with the old way of doing things you may ask.

If jobs for GCR synchronization and token refreshment lunch at the same time and they sometimes will we will get the following error:

`Secret "gcr-credentials" not found`

This happens because:
1. token was deleted by Token Refresh Job
2. GCR synchronization will begin and fail because there is no token
3. new token will be created.

Updating the token in place fixes this issue.
---
 docs/guides/image-update.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/guides/image-update.md b/docs/guides/image-update.md
index dfad8eeb..a8659c41 100644
--- a/docs/guides/image-update.md
+++ b/docs/guides/image-update.md
@@ -811,11 +811,13 @@ spec:
             - /bin/bash
             - -ce
             - |-
-              kubectl delete secret --ignore-not-found $SECRET_NAME
               kubectl create secret docker-registry $SECRET_NAME \
                 --docker-server="$GCR_REGISTRY" \
                 --docker-username=oauth2accesstoken \
-                --docker-password="$(gcloud auth print-access-token)" 
+                --docker-password="$(gcloud auth print-access-token)" \
+                --dry-run=client \
+                -o yaml \
+                | kubectl apply -f -
 ```
 
 Since the cronjob will not create a job right away, after applying the manifest,