API-1800: manifests: convert SecretTypeTLS secrets to kubernetes.io/tls

[vrutkovs]

SecretTypeTLS is a deprecated type, which gets converted to kubernetes.io/tls when controller parses. Changing this type to supported to make controller skip convertion on initial install.

Ref: https://issues.redhat.com/browse/API-1800

[openshift-ci-robot]

@vrutkovs: This pull request explicitly references no jira issue.

In response to [this](https://github.com/openshift/cluster-etcd-operator/pull/1247): >SecretTypeTLS is a deprecated type, which gets converted to kubernetes.io/tls when controller parses. Changing this type to supported to make controller skip convertion on initial install. > >Ref: https://issues.redhat.com/browse/API-1800 Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fcluster-etcd-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

[openshift-ci-robot]

@vrutkovs: This pull request references API-1800 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target the "4.16.0" version, but no target version was set.

In response to [this](https://github.com/openshift/cluster-etcd-operator/pull/1247): >SecretTypeTLS is a deprecated type, which gets converted to kubernetes.io/tls when controller parses. Changing this type to supported to make controller skip convertion on initial install. > >Ref: https://issues.redhat.com/browse/API-1800 Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fcluster-etcd-operator). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

[tjungblu]

/lgtm

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD d8f87ecf9b3af3cde87206762a8ca88d12bc37f5 and 2 for PR HEAD 9bbecb3059025d8549c537b8f954cc2a9bd5b466 in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD ade50d3ed4fc963ea41b0edbd175b52ee17322d5 and 1 for PR HEAD 9bbecb3059025d8549c537b8f954cc2a9bd5b466 in total

[tjungblu]

hmm interesting case:

E0416 04:14:42.256614 1 task.go:124] error running apply for secret "openshift-etcd-operator/etcd-client" (80 of 961): Secret "etcd-client" is invalid: [data[tls.crt]: Required value, data[tls.key]: Required value]

The bootstrap render should create the secret with the proper type in the right place already, so this secret should actually be unnecessary.

[vrutkovs]

etcd-client manifest has release.openshift.io annotations which are not being set by the controller, so we probably still want to keep it.

Lets see if setting empty tls.crt and tls.key helps

[tjungblu]

we have to see how this behaves, I would like to avoid the scenario of:

• bootstrap process creates the client cert correctly
• CEO deployment runs, acknowledges the existing client cert correctly
• CVO re-creates it with empty values
• edit: probably worse: CEO restarts due to changed secret and can't get out of it anymore
• CEO deployment recreates the secret
• CEO restarts

in that sense, I would rather remove it entirely...

[vrutkovs]

CVO re-creates it with empty values

release.openshift.io/create-only: "true" annotation would make sure it touches it just once

[tjungblu]

then the apply is a rather mysterious failure :) let's wait for the CI results

[tjungblu]

/override ci/prow/e2e-operator-fips

that's a known issue. Otherwise, seems the empty list did the trick, great find @vrutkovs

/lgtm

[tjungblu]

feel free to retitle whenever you feel it's ready

[openshift-ci[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tjungblu, vrutkovs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/cluster-etcd-operator/blob/master/OWNERS)~~ [tjungblu] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[openshift-ci[bot]]

@tjungblu: Overrode contexts on behalf of tjungblu: ci/prow/e2e-operator-fips

In response to [this](https://github.com/openshift/cluster-etcd-operator/pull/1247#issuecomment-2060656060): >/override ci/prow/e2e-operator-fips > >that's a known issue. Otherwise, seems the empty list did the trick, great find @vrutkovs > >/lgtm Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 9afc6795eaac93bf854f00ed03db9c243b2157fb and 2 for PR HEAD 69176673139f6baef0b5fe227e60d35bfaf35573 in total

[openshift-ci[bot]]

@vrutkovs: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-gcp-qe-no-capabilities	69176673139f6baef0b5fe227e60d35bfaf35573	link	false	/test e2e-gcp-qe-no-capabilities

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).

[vrutkovs]

/test e2e-aws-ovn-serial

[openshift-bot]

[ART PR BUILD NOTIFIER]

This PR has been included in build cluster-etcd-operator-container-v4.16.0-202404181209.p0.g635c23a.assembly.stream.el9 for distgit cluster-etcd-operator. All builds following this will include this PR.