[chart] Refactor chart to only use cert-manager

[aledbf]

• Refactor the helm chart to remove self-generated SSL certificates using helm to certificates from cert-manager.
  The chart already contains a section for cert-manager, something that is being used in staging and prod.

  By using cert-manager, we can use an Issuer (namespaces) to generate the certificates using only one internal CA.

• Install the CA certificate in registry-facade to allow pulls from the internal docker registry (if enabled) without trust issues.

• Simplified configuration of components affinity.

• New Job to ensure the creation of gitpod-sessions database.

[geropl]

Could you elaborate on this change? Why not are the other scripts not needed anymore?

[aledbf]

@geropl 03-recreate-gitpod-db drops the db. Does it seem the scripts expect the chart will be used for testing?

If you provide a connection to MySQL we should only assume the user, password, and database are valid. Everything else should be done by typeorm (even the creation of the sessions db)

[geropl]

Does it seem the scripts expect the chart will be used for testing?

They are used for both use cases: initialization (because it's straight-forward to mount into any DB container) and testing.

If you provide a connection to MySQL we should only assume the user, password, and database are valid. Everything else should be done by typeorm (even the creation of the sessions db)

That's certainly another way to do it. What would be the advantage over the current approach?

[geropl]

@aledbf Although the PR is in Draft-mode I already have a comment: Is it still possible to (easily) manually pass in certs if that is necessary?

[aledbf]

@aledbf Although the PR is in Draft-mode I already have a comment: Is it still possible to (easily) manually pass in certs if that is necessary?

You mean, you already have a secret containing the SSL certificate to be used in proxy?

[aledbf]

@geropl for context, I still have pending changes to this PR.
This is the repository that I am using for the EKS guide https://github.com/aledbf/gitpod-chart-cleanup

[geropl]

You mean, you already have a secret containing the SSL certificate to be used in proxy?

Yes.

for context, I still have pending changes to this PR.

Did not meant to steal your time, sorry! :-D Will come back once it's "green".

[csweichel]

/werft run

👍 started the job as gitpod-build-aledbf-cert-manager.10

[roboquat]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please ask for approval from aledbf after the PR has been reviewed.

No associated issue. Update pull-request body to add a reference to an issue, or get approval with /approve no-issue

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment