Delete Certificate for an Envoy for a Pod that was Terminated

[draychev]

The goal of this PR is to remove certificates for Pods that have been terminated. Without this we would continue to issue certificates and keep them in cache for the life of the OSM Controller pod.

This PR introduces 2 new functions (within Mesh Catalog):

• releaseCertificate()
• updateRelatedProxies()

These functions will be evaluated (sequentially) when an Announcement of type PodDeleted arrives.

To help find the certificate for a given Pod (identified by its Kubernetes UID), this PR introduces podUIDToCN into Mesh Catalog. This is a thread safe map, which will be populated with Pod UID to Certificate mapping.

---

This PR will fix #1719

After this  I am going to hand-off the work around refining and rearchitecting the OSM eventing to @eduser25 and @shashankram who will continue to hack on the signaling mechanism.

I hope that the changes I made here would be easily translated to whatever system we come up with to handle these events in the future. I deliberately did not go into future-proofing this - we could add the entire Kubernetes object in the Announcement or launch the handlers in goroutines to unblock.  I'm leaving this for another iteration (and if at all necessary).

---

Affected area:

• New Functionality [ ]
• Documentation [ ]
• Install [ ]
• Control Plane [ ]
• CLI Tool [ ]
• Certificate Management [ ]
• Networking [ ]
• Metrics [ ]
• SMI Policy [ ]
• Security [ ]
• Tests [ ]
• CI System [ ]
• Performance [ ]
• Other [ ]

Please answer the following questions with yes/no.

• Does this change contain code from or inspired by another project? If so, did you notify the maintainers and provide attribution?

[draychev]

ref #1719

[codecov-io]

Codecov Report

Merging #1956 (12cf167) into main (d4d0a63) will increase coverage by 0.07%.
The diff coverage is 44.00%.

@@            Coverage Diff             @@
##             main    #1956      +/-   ##
==========================================
+ Coverage   57.30%   57.37%   +0.07%     
==========================================
  Files         139      140       +1     
  Lines        5692     5739      +47     
==========================================
+ Hits         3262     3293      +31     
- Misses       2427     2443      +16     
  Partials        3        3              

Impacted Files	Coverage Δ
pkg/catalog/repeater.go	27.58% <0.00%> (-3.19%)	⬇️
...ertificate/providers/tresor/certificate_manager.go	60.63% <0.00%> (-0.66%)	⬇️
pkg/envoy/ads/grpc.go	0.00% <0.00%> (ø)
pkg/envoy/ads/stream.go	0.00% <0.00%> (ø)
pkg/envoy/proxy.go	26.47% <0.00%> (ø)
pkg/catalog/announcement_handlers.go	44.44% <44.44%> (ø)
pkg/envoy/ads/response.go	78.20% <75.00%> (-0.47%)	⬇️
pkg/catalog/catalog.go	100.00% <100.00%> (ø)
pkg/catalog/proxy.go	100.00% <100.00%> (ø)
pkg/endpoint/providers/kube/fake.go	70.83% <0.00%> (ø)
... and 3 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d4d0a63...12cf167. Read the comment docs.

[michelleN]

I know the function is not exported but would you mind adding a comment for this function anyway?

[draychev]

Good idea to document these! Added a docstring here!

[michelleN]

love these variable names