test/e2e: Provisioning code doesn't install cert-manager and webhook

[stevenhorsman]

I've been using the provisioning code (which is great), but have realised that it doesn't install the webhook, or cert-manager, so I think we should fix this and then probably try and add some tests for the mutation of the resource (in a separate issue).

e.g.

cloud-api-adaptor/test/tools$ ./caa-provisioner-cli -action=install
INFO[0000] IamServiceURL is: https://iam.cloud.ibm.com/identity/token.
INFO[0000] VpcServiceURL is: https://ca-tor.iaas.cloud.ibm.com/v1.
INFO[0000] Installing CoCo operator and cloud-api-adaptor resources
INFO[0000] Install the controller manager
Wait for the cc-operator-controller-manager deployment be available
INFO[0013] Customize the overlay yaml file
INFO[0015] Updating caa image tag with a9941bba4692c22fada21b5b9f70a1986c74690d
INFO[0015] Install CoCo and cloud-api-adaptor
Wait for the cloud-api-adaptor-daemonset DaemonSet be available
Wait for the pod cloud-api-adaptor-daemonset-98npj be ready
Wait for the cc-operator-daemon-install DaemonSet be available
Wait for the pod cc-operator-daemon-install-8l2t6 be ready
Wait for the kata-remote runtimeclass be created
$ kubectl get pods -A
NAMESPACE                        NAME                                                        READY   STATUS    RESTARTS   AGE
confidential-containers-system   cc-operator-controller-manager-6db94bf886-lvx9b             2/2     Running   0          94s
confidential-containers-system   cc-operator-daemon-install-8l2t6                            1/1     Running   0          80s
confidential-containers-system   cloud-api-adaptor-daemonset-98npj                           1/1     Running   0          80s
kube-flannel                     kube-flannel-ds-flwjn                                       1/1     Running   0          4d19h
kube-flannel                     kube-flannel-ds-g28dd                                       1/1     Running   0          4d19h
kube-system                      coredns-5d78c9869d-gmpz9                                    1/1     Running   0          4d19h
kube-system                      coredns-5d78c9869d-p426w                                    1/1     Running   0          4d19h
kube-system                      etcd-sh-sm-z-cluster-2023-05-10-node-0                      1/1     Running   0          4d19h
kube-system                      ext-res-updater-6q59x                                       1/1     Running   0          3d21h
kube-system                      kube-apiserver-sh-sm-z-cluster-2023-05-10-node-0            1/1     Running   0          4d19h
kube-system                      kube-controller-manager-sh-sm-z-cluster-2023-05-10-node-0   1/1     Running   0          4d19h
kube-system                      kube-proxy-5l7r7                                            1/1     Running   0          4d19h
kube-system                      kube-proxy-pntsc                                            1/1     Running   0          4d19h
kube-system                      kube-scheduler-sh-sm-z-cluster-2023-05-10-node-0            1/1     Running   0          4d19h

@huoqifeng - I'm assuming this wasn't a deliberate decision to exclude the webhook from the e2e framework, but just something we haven't got around to adding yet?

[huoqifeng]

@stevenhorsman right, i don't think it's a deliberate decision to exclude the webhook from the e2e framework but just something we'll need add in later time, I think we talked about this some weeks ago on the weekly meeting and decision is that we should do that. Might talk about this again on the meeting tomorrow?

[stevenhorsman]

Sure - I just wanted to check that this issue was valid and I'd not missed/forgotten a reason that it should never go into the e2e provisioning. Thanks!

[stevenhorsman]

So the bit that I missed was that the webhook is planned to be managed by the peer-pod-config controller, but in the short-term we can work on the webhook install through e2e whilst that is looked at in parallell

[tumberino]

@bpradipt @stevenhorsman mentioned you might be looking at including the webhook/cert-manager into the peer-pod config, is that correct?