Support cert-manager Certificates for the Stackgres Operator

Problem to solve

We would like to use cert-manager issued TLS certificates instead of passing our own in via values.yaml or using a self-signed certificate.

Further details

This would considerably ease Operations on our side as we already have a working cert-manager installation in all of our clusters.

Proposal

I think the first step would be to generate the self-signed certificates as a kubernetes.io/tls Secret that matches the format that cert-manager creates:

apiVersion: v1
data:
  ca.crt: <ca-cert>
  tls.crt: <tls-cert>
  tls.key: <tls-key>
kind: Secret
metadata:
  annotations:
  name: test-tls-cert
  namespace: test
type: kubernetes.io/tls

After that I believe we would want a flag in values.yaml that would allow us to easily turn off cert generation:

cert:
  auto_generate: true

I think we would also probably want to be able to name the Secret that would get volume mounted?

If you know of a workaround here I am all ears. I searched through the docs and Issues and couldn't find anything relevant.

Testing

Acceptance Criteria

Allow to use an already existent secrets for both operator and REST API
Add a flag in order to create cert manager custom resources that allow to create the operator secret automatically
Tests

Links / references

Edited Jul 07, 2022 by Matteo Melli