Allow to configure secrets required as `defaultCertificate` of ingresses

[corvus-ch]

Context

The property defaultCertificate of an ingress takes the name of a Secret containing the certificate can key to be used by default. As of now, the component does not allow to manage those secretes. The component should allow to configure those secrets. It should also support to use cert-manager to create those secrets.

  openshift4_ingress:
    ingressControllers:
      default:
        defaultCertificate:
          name: ingress-default-cert
      example.com:
        defaultCertificate:
          name: ingress-example-com-cert

    secrets:
      ingress-example-com-cert:
        stringData:
          tls.crt: ?{vaultkv:${cluster:tenant}/${cluster:name}/whildcard-example-com/cert}
          tls.key: ?{vaultkv:${cluster:tenant}/${cluster:name}/whildcard-example-com/key}

    cert_manager_certs:
      ingress-default-cert:
        … # Spec of cert-manager.io/v1/Certificate

Reuse keys in cert_manager_certs as values for spec.secretName of the created Certificate resource by default, but allow users to override that field from the hierarchy, if they really want.

Alternatives

🤷🏼

[simu]

@corvus-ch, the component currently has some logic to configure acme-based default certificates for OCP4 on cloud providers which have DNS APIs, cf. https://github.com/appuio/component-openshift4-ingress/blob/8fef0c90206844f7647da64efe208a80c2b98d2b/component/main.jsonnet#L28-L47

Should we try to extend the existing logic with the changes required for this issue, or can we safely drop the existing logic?

[corvus-ch]

[…] Should we try to extend the existing logic with the changes required for this issue, or can we safely drop the existing logic?

Try to work with the existing logic. As far as I remember, it justs assumes a working cert manager setup. As we now provide one, it shoud just work ™️