feat: add KongCertificate reconciler (#643)

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

.mockery.yaml

@@ -24,3 +24,4 @@ packages:
       KongCredentialAPIKeySDK:
       KongCredentialBasicAuthSDK:
       CACertificatesSDK:
+      CertificatesSDK:

CHANGELOG.md

@@ -54,6 +54,8 @@
   [#510](https://github.com/Kong/gateway-operator/pull/510)
 - Add `KongCACertificate` reconciler for Konnect CA certificates.
   [#626](https://github.com/Kong/gateway-operator/pull/626)
+- Add `KongCertificate` reconciler for Konnect Certificates.
+  [#643](https://github.com/Kong/gateway-operator/pull/643)
 - Added command line flags to configure the certificate generator job's images.
   [#516](https://github.com/Kong/gateway-operator/pull/516)
 - Add `KongPluginBinding` reconciler for Konnect Plugins.

config/samples/konnect_certificate.yaml

@@ -0,0 +1,88 @@
+kind: KonnectAPIAuthConfiguration
+apiVersion: konnect.konghq.com/v1alpha1
+metadata:
+  name: konnect-api-auth-dev-1
+  namespace: default
+spec:
+  type: token
+  token: kpat_XXXXXXXXXXXXXXXXXXX
+  serverURL: us.api.konghq.tech
+---
+kind: KonnectGatewayControlPlane
+apiVersion: konnect.konghq.com/v1alpha1
+metadata:
+  name: test1
+  namespace: default
+spec:
+  name: test1
+  labels:
+    app: test1
+    key1: test1
+  konnect:
+    authRef:
+      name: konnect-api-auth-dev-1
+---
+kind: KongCertificate
+apiVersion: configuration.konghq.com/v1alpha1
+metadata:
+  name: cert-1
+  namespace: default
+  annotations:
+    konghq.com/tags: "infra"
+spec:
+  controlPlaneRef:
+    type: konnectNamespacedRef
+    konnectNamespacedRef:
+      name: test1
+  tags:
+    - production
+  cert: |
+    -----BEGIN CERTIFICATE-----
+    MIIDPTCCAiUCFG5IolqRiKPMfzTI8peXlaF6cZODMA0GCSqGSIb3DQEBCwUAMFsx
+    CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5
+    MRIwEAYDVQQKDAlLb25nIEluYy4xFDASBgNVBAMMC2tvbmdocS50ZWNoMB4XDTI0
+    MDkyNTA3MjIzOFoXDTM0MDkyMzA3MjIzOFowWzELMAkGA1UEBhMCVVMxCzAJBgNV
+    BAgMAkNBMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxEjAQBgNVBAoMCUtvbmcgSW5j
+    LjEUMBIGA1UEAwwLa29uZ2hxLnRlY2gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+    ggEKAoIBAQDXmNBzpWyJ0YUdfCamZpJiwRQMn5vVY8iKQrd3dD03DWyPHu/fXlrL
+    +QPTRip5d1SrxjzQ4S3fgme442BTlElF9d1w1rhg+DIg6NsW1jd+3IZaICnq7BZH
+    rJGlW+IWJSKHmNQ39nfVQwgL/QdylrYpbB7uwdEDMa78GfXteiXTcuNobCr7VWVz
+    rY6rQXo/dImWE1PtMp/EZEMsEbgbQpK5+fUnKTmFncVlDAZ2Q3s2MPikV5UhMVyQ
+    dKQydU0Ev0LRtpsjW8pQdshMG1ilMq6Yg6YU95gakLVjRXMoDlIJOu08mdped+2Y
+    VIUSXhRyRt1hbkFP0fXG0THfZ3DjH7jRAgMBAAEwDQYJKoZIhvcNAQELBQADggEB
+    ANEXlNaQKLrB+jsnNjybsTRkvRRmwjnXaQV0jHzjseGsTJoKY5ABBsSRDiHtqB+9
+    LPTpHhLYJWsHSLwawIJ3aWDDpF4MNTRsvO12v7wM8Q42OSgkP23O6a5ESkyHRBAb
+    dLVEp+0Z3kjYwPIglIK37PcgDci6Zim73GOfapDEASNbnCu8js2g/ucYPPXkGMxl
+    PSUER7MTNf9wRbXrroCE+tZw4kUyUh+6taNlU4ialAJLO1x6UGVRHvPgEx0fAAxA
+    seBH+A9QMvVl2cKcvrOgZ0CWY01aFRO9ROQ7PrYXqRFvOZu8K3QzLw7xYoK1DTp+
+    kkO/oPy+WIbqEvj7QrhUXpo=
+    -----END CERTIFICATE-----
+  key: |
+    -----BEGIN PRIVATE KEY-----
+    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDXmNBzpWyJ0YUd
+    fCamZpJiwRQMn5vVY8iKQrd3dD03DWyPHu/fXlrL+QPTRip5d1SrxjzQ4S3fgme4
+    42BTlElF9d1w1rhg+DIg6NsW1jd+3IZaICnq7BZHrJGlW+IWJSKHmNQ39nfVQwgL
+    /QdylrYpbB7uwdEDMa78GfXteiXTcuNobCr7VWVzrY6rQXo/dImWE1PtMp/EZEMs
+    EbgbQpK5+fUnKTmFncVlDAZ2Q3s2MPikV5UhMVyQdKQydU0Ev0LRtpsjW8pQdshM
+    G1ilMq6Yg6YU95gakLVjRXMoDlIJOu08mdped+2YVIUSXhRyRt1hbkFP0fXG0THf
+    Z3DjH7jRAgMBAAECggEAOSZ4h1dgDK5+H2FEK5MAFe6BnpEGsYu4YrIpySAGhBvq
+    XYwBYRA1eGFjmrM8WiOATeKIR4SRcPC0BwY7CBzESafRkfJRQN86BpBDV2vknRve
+    /3AMPIplo41CtHdFWMJyQ0iHZOhQPrd8oBTsTvtVgWh4UKkO+05FyO0mzFM3SLPs
+    pqRwMZjLlKVZhbI1l0Ur787tzWpMQQHmd8csAvlak+GIciQWELbVK+5kr/FDpJbq
+    joIeHX7DCmIqrD/Okwa8SfJu1sutmRX+nrxkDi7trPYcpqriDoWs2jMcnS2GHq9M
+    lsy2XHn+qLjCpl3/XU61xenWs+Rmmj6J/oIs1zYXCwKBgQDywRS/MNgwMst703Wh
+    ERJO0rNSR0XVzzoKOqc/ghPkeA8mVNwfNkbgWks+83tuAb6IunMIeyQJ3g/jRhjz
+    KImsqJmO+DoZCioeaR3PeIWibi9I9Irg6dtoNMwxSmmOtCKD0rccxM1V9OnYkn5a
+    0Fb+irQSgJYiHrF2SLAT0NoWEwKBgQDjXGLHCu/WEy49vROdkTia133Wc7m71/D5
+    RDUqvSmAEHJyhTlzCbTO+JcNhC6cx3s102GNcVYHlAq3WoE5EV1YykUNJwUg4XPn
+    AggNkYOiXs6tf+uePmT8MddixFFgFxZ2bIqFhvnY+WqypHuxtwIepqKJjq5xZTiB
+    +lfp7SziCwKBgAivofdpXwLyfldy7I2T18zcOzBhfn01CgWdrahXFjEhnqEnfizb
+    u1OBx5l8CtmX1GJ+EWmnRlXYDUd7lZ71v19fNQdpmGKW+4TVDA0Fafqy6Jw6q9F6
+    bLBg20GUQQyrI2UGICk2XYaK2ec27rB/Le2zttfGpBiaco0h8rLy0SrjAoGBAM4/
+    UY/UOQsOrUTuT2wBf8LfNtUid9uSIZRNrplNrebxhJCkkB/uLyoN0iE9xncMcpW6
+    YmVH6c3IGwyHOnBFc1OHcapjukBApL5rVljQpwPVU1GKmHgdi8hHgmajRlqPtx3I
+    isRkVCPi5kqV8WueY3rgmNOGLnLJasBmE/gt4ihPAoGAG3v93R5tAeSrn7DMHaZt
+    p+udsNw9mDPYHAzlYtnw1OE/I0ceR5UyCFSzCd00Q8ZYBLf9jRvsO/GUA4F51isE
+    8/7xyqSxJqDwzv9N8EGkqf/SfMKA3kK3Sc8u+ovhzJu8OxcY+qrpo4+vYWYeW42n
+    5XBwvWV2ovRMx7Ntw7FUc24=
+    -----END PRIVATE KEY-----

controller/konnect/constraints/constraints.go

@@ -23,6 +23,7 @@ type SupportedKonnectEntityType interface {
 		configurationv1alpha1.KongCredentialAPIKey |
 		configurationv1alpha1.KongUpstream |
 		configurationv1alpha1.KongCACertificate |
+		configurationv1alpha1.KongCertificate |
 		configurationv1alpha1.KongTarget |
 		configurationv1alpha1.KongVault
 	// TODO: add other types

controller/konnect/ops/kongcertificate.go

@@ -0,0 +1,15 @@
+package ops
+
+import (
+	"context"
+
+	sdkkonnectcomp "github.com/Kong/sdk-konnect-go/models/components"
+	sdkkonnectops "github.com/Kong/sdk-konnect-go/models/operations"
+)
+
+// CertificatesSDK is the interface for the CertificatesSDK.
+type CertificatesSDK interface {
+	CreateCertificate(ctx context.Context, controlPlaneID string, certificate sdkkonnectcomp.CertificateInput, opts ...sdkkonnectops.Option) (*sdkkonnectops.CreateCertificateResponse, error)
+	UpsertCertificate(ctx context.Context, request sdkkonnectops.UpsertCertificateRequest, opts ...sdkkonnectops.Option) (*sdkkonnectops.UpsertCertificateResponse, error)
+	DeleteCertificate(ctx context.Context, controlPlaneID string, certificateID string, opts ...sdkkonnectops.Option) (*sdkkonnectops.DeleteCertificateResponse, error)
+}