Automatically update `oidc-ca-*` secrets when `oidcCABundle` changes

[dimityrmirchev]

What happened:
I changed the contents of oidcCABundle in the configuration of the oidc-apps-controller. The existing oidc-ca-* secrets were not updated automatically with the new content. As a workaround I deleted the secrets and then they were recreated by the controller. In addition to that some of the mutated pods needed restart because they were not able automatically refresh the new CA content from the already updated secret. A hash produced of the CA secret contents can be added as an annotation to the pod definition so that pods get recreated once the contents of the secret change.

What you expected to happen:
The oidc-ca-* secrets to be updated automatically and pods to restart.

[gardener-ci-robot]

The Gardener project currently lacks enough active contributors to adequately respond to all issues.
This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close

/lifecycle rotten

[gardener-robot]

@gardener-ci-robot Command /add is not available to you but only to a Maintainer, Member, Author.