Use the new recert additional trust bundle options

[omertuc]

Background / Context

Recert recently added ([1], [2]) some options that allow changing the cluster's trust bundle (it's recommended you read the PRs for more background about this).

Issue / Requirement / Reason for change

The lifecycle-agent doesn't make use of the new options added to recert

Solution / Feature Overview

Change the lifecycle-agent to use the new options added to recert

Implementation Details

Multiple new fields have been added.

• AdditionalTrustBundle in SeedReconfiguration. This represents the trust bundle to be used for seed-reconfiguration. This contains the user-ca-bundle contents, the proxy configmap name, and the proxy configmap contents.

• AdditionalTrustBundle in SeedClusterInfo. This represents the state of the trust bundle in the seed cluster. This is simply booleans indicating the presence or lack there-of of the user-ca-bundle and the proxy configmap name (only if it actually has contents, a configmap with no contents is considered invalid OCP configuration). This is useful for when we want to verify that the seed is compatible with our desired SeedReconfiguration.

• RecertConfig will now use the new CryptoDirs and CryptoFiles fields to specify the directories and files that should be considered part of the cluster's crypto material. Along with the ClusterCustomizationDirs and ClusterCustomizationFiles fields that specify the directories and files involved in cluster customization. Since these no longer overlap when it comes to customizing the trust bundle, we must use these new fields instead of the old common StaticDirs and StaticFiles fields.

[1] https://github.com/rh-ecosystem-edge/recert/pull/110 [2] https://github.com/rh-ecosystem-edge/recert/pull/140

[openshift-ci[bot]]

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

[omertuc]

/hold waiting for https://github.com/rh-ecosystem-edge/recert/pull/140

[omertuc]

/remove-label cluster-config-api-changed

[omertuc]

/remove-label cluster-config-api-changed

[omertuc]

/unhold

[omertuc]

/remove-label cluster-config-api-changed

[tsorya]

@omertuc how it will work with IBI? i wonder how we will be able to provide all the needed params?

[omertuc]

/approve

[openshift-ci[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: omertuc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift-kni/lifecycle-agent/blob/main/OWNERS)~~ [omertuc] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[tsorya]

/lgtm