1. Proposed title of this feature request

SyncSet created for Certificates in Hive should watch changes to the secrets

2. What is the nature and description of the request?

When applying certificates via ClusterDeployment at install time in Hive via servingCertificates there will be a resulting SyncSet that pushes changes to the managed clusters. This SyncSet is syncing every 2 hours. The controller that generates the syncset is only Watch()ing ClusterDeployment. So if changing the contents of the Secret, that controller won't notice and it takes 2 hours at most for the secret to be updated.

3. Why does the customer need this? (List the business requirements here)

If customer decides to managed the certs on rotation also via Hive by updating the secret with the new certs it takes too much time to roll out the changes to the managed clusters. Adding a watch to the secret will immediately force a resync.

Otherwise when updating the secret on the managed cluster itself the syncset will overwrite those changes on next sync so it is needed to remove the servingCertificates from the ClusterDeployment.

We are lacking a streamlined method for managing the certs in this scenario.

4. List any affected packages or components.
RHACM Hive