Make installer idempotent

[dougbtv]

I've ran into some issues before where I've got to remove the CSR to let it regen everything. There's probably a number of these we can fix up in the installer

Feedback from @dcbw

at the very least if the secret exists, bail
eg if we have a secret already, then we don't need to do any of the CSR stuff
it should perhaps still reconcile (and recrete) the webhook config and service, if they don't exist

[dougbtv]

More information:

[zshi@192 openshift-aws]$ oc logs install-net-attach-def-admission-controller-7558f8f477-gnfrg -n multus
I0114 06:16:20.805426       1 main.go:28] starting webhook installation
I0114 06:16:20.807821       1 installer.go:41] generating Certificate Signing Request
2019/01/14 06:16:20 [INFO] received CSR
2019/01/14 06:16:20 [INFO] generating key: rsa-2048
2019/01/14 06:16:21 [INFO] encoded CSR
I0114 06:16:21.603198       1 installer.go:308] raw CSR and private key successfully created
I0114 06:16:21.634796       1 installer.go:58] CSR net-attach-def-admission-controller-csr already exists, trying to reuse it
I0114 06:16:21.634814       1 installer.go:78] using already issued certificate for CSR net-attach-def-admission-controller-csr
I0114 06:16:21.634822       1 installer.go:315] signed certificate successfully obtained
I0114 06:16:21.644833       1 installer.go:280] secret net-attach-def-admission-controller-secret already exists, removing it first
I0114 06:16:21.667687       1 installer.go:285] secret net-attach-def-admission-controller-secret removed
I0114 06:16:21.690156       1 installer.go:322] secret successfully created
I0114 06:16:21.697318       1 installer.go:256] validating webhook net-attach-def-admission-controller-validating-config already exists, removing it first
I0114 06:16:21.710655       1 installer.go:261] validating webhook configuration net-attach-def-admission-controller-validating-config removed
I0114 06:16:21.722235       1 installer.go:329] validating webhook configuration successfully created
I0114 06:16:21.735874       1 installer.go:256] validating webhook net-attach-def-admission-controller-isolating-config already exists, removing it first
I0114 06:16:21.750037       1 installer.go:261] validating webhook configuration net-attach-def-admission-controller-isolating-config removed
I0114 06:16:21.756337       1 installer.go:335] Isolating webhook configuration successfully created
I0114 06:16:21.763667       1 installer.go:244] service net-attach-def-admission-controller-service already exists, removing it first
I0114 06:16:21.844900       1 installer.go:249] service net-attach-def-admission-controller-service removed
I0114 06:16:21.869995       1 installer.go:342] service successfully created
I0114 06:16:21.870012       1 installer.go:344] all resources created successfully

and...

[zshi@192 openshift-aws]$ oc logs net-attach-def-admission-controller-server-5b5d4cbc7d-zmkr2 -n multus
I0114 06:18:24.810735       1 main.go:34] starting net-attach-def-admission-controller webhook server
F0114 06:18:24.813449       1 main.go:46] error starting web server: tls: private key does not match public key
goroutine 1 [running]:
github.com/K8sNetworkPlumbingWG/net-attach-def-admission-controller/vendor/github.com/golang/glog.stacks(0xc420362800, 0xc420368000, 0x70, 0xbb)
	/go/src/github.com/K8sNetworkPlumbingWG/net-attach-def-admission-controller/gopath/src/github.com/K8sNetworkPlumbingWG/net-attach-def-admission-controller/vendor/github.com/golang/glog/glog.go:766 +0xcf
github.com/K8sNetworkPlumbingWG/net-attach-def-admission-controller/vendor/github.com/golang/glog.(*loggingT).output(0x19bf320, 0xc400000003, 0xc4200f4840, 0x1932413, 0x7, 0x2e, 0x0)
	/go/src/github.com/K8sNetworkPlumbingWG/net-attach-def-admission-controller/gopath/src/github.com/K8sNetworkPlumbingWG/net-attach-def-admission-controller/vendor/github.com/golang/glog/glog.go:717 +0x30f
github.com/K8sNetworkPlumbingWG/net-attach-def-admission-controller/vendor/github.com/golang/glog.(*loggingT).printf(0x19bf320, 0xc400000003, 0x1110fd9, 0x1d, 0xc420159f48, 0x1, 0x1)
	/go/src/github.com/K8sNetworkPlumbingWG/net-attach-def-admission-controller/gopath/src/github.com/K8sNetworkPlumbingWG/net-attach-def-admission-controller/vendor/github.com/golang/glog/glog.go:655 +0x14b
github.com/K8sNetworkPlumbingWG/net-attach-def-admission-controller/vendor/github.com/golang/glog.Fatalf(0x1110fd9, 0x1d, 0xc420159f48, 0x1, 0x1)
	/go/src/github.com/K8sNetworkPlumbingWG/net-attach-def-admission-controller/gopath/src/github.com/K8sNetworkPlumbingWG/net-attach-def-admission-controller/vendor/github.com/golang/glog/glog.go:1145 +0x67
main.main()
	/go/src/github.com/K8sNetworkPlumbingWG/net-attach-def-admission-controller/gopath/src/github.com/K8sNetworkPlumbingWG/net-attach-def-admission-controller/cmd/webhook/main.go:46 +0x38c

[dougbtv]

Best practices example for admission controller installation procedure: https://github.com/openshift/library-go/blob/master/pkg/operator/resource/resourceapply/apiregistration.go#L14