Konnect entities: Certificate

[pmalek]

Problem statement

Introduce KongCertificate.

API ref: https://kong-platform-api.netlify.app/konnect/control-planes-config/v2/openapi.yaml/#tag/Certificates

Proposed solution

• Introduce KongCertificate CRD in https://github.com/Kong/kubernetes-configuration

  • All Kong configuration CRDs will live in that repository to prevent import cycles between KGO and KIC
  • This CRD will contain a ControlPlane reference. Only references that refer to Konnect will result in reconciliation against Konnect.

• Implement a reconciler which will use that CRD.

• This reconciler should be able to be disabled via CLI flag / env variable.

  • There should exist only 1 CLI flag / env variable for all Kong configuration entities like Consumers, Services, Routes etc.

Acceptance criteria

• [ ] KGO can create, delete and update Certificates in Konnect based on the CRD spec.
• [ ] Status fields of this CRD are filled with information such as
  • [ ] Indication whether the entity in Konnect has been created via a Programmed status condition

[tao12345666333]

I want to pick it up. Thanks

[pmalek]

One thing I'd keep in mind here is to consider whether we want to allow integration with e.g. certmanager and if it's possible to design the CRD for this in such a way that the integration would be viable.

If we designed this as Secrets then it would be pretty simple, I'm not sure if certmanager could work with CRDs.

cc: @mheap