Add Venafi NGTS e2e job and credentials preset

[FelixPhipps]

cert-manager/cert-manager has added support for a new Venafi issuer backend called NGTS (Palo Alto Networks Next Generation Trust Services), which uses OAuth 2.0 Client Credentials. The e2e tests are already written and merged in cert-manager (test/e2e/suite/issuers/venafi/ngts/ and test/e2e/suite/conformance/certificates/venafingts/) and skip automatically when the required env vars are absent.

This PR wires up the Prow configuration so the tests can be triggered and run.

[cert-manager-prow]

Hi @FelixPhipps. Thanks for your PR.

I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[maelvls]

I've applied the following to the cluster gke_cert-manager-tests-trusted_europe-west1-b_prow-trusted gke_cert-manager-tests-untrusted_europe-west1-b_prow-untrusted:

apiVersion: v1
kind: Secret
metadata:
  name: venafi-ngts
  namespace: test-pods
stringData:
  zone: "Default"
  token-endpoint: "https://auth.apps.paloaltonetworks.com/oauth2/access_token"
  tsg-id: "tsg_id:1271410543"
  client-id: "Felix-test-2@1271410543.iam.panserviceaccount.com"
  client-secret: REDACTED

$ kubectl get secret -n test-pods
NAME                 TYPE     DATA   AGE
cloudflare-api-key   Opaque   3      2y33d
gcs-credentials      Opaque   1      2y33d
venafi-cloud         Opaque   2      2y33d
venafi-ngts          Opaque   5      23m
venafi-tpp           Opaque   4      2y33d

[maelvls]

/ok-to-test
/approve
/lgtm

[cert-manager-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: maelvls

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [maelvls]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[cert-manager-prow]

@FelixPhipps: Updated the job-config configmap in namespace default at cluster default using the following files:

• key cert-manager-master.yaml using file config/jobs/cert-manager/cert-manager/master/cert-manager-master.yaml
• key cert-manager-release-1.19.yaml using file config/jobs/cert-manager/cert-manager/release-1.19/cert-manager-release-1.19.yaml
• key cert-manager-release-1.20.yaml using file config/jobs/cert-manager/cert-manager/release-1.20/cert-manager-release-1.20.yaml
• key config.yaml using file config/jobs/cert-manager/config.yaml

Details

In response to this:

cert-manager/cert-manager has added support for a new Venafi issuer backend called NGTS (Palo Alto Networks Next Generation Trust Services), which uses OAuth 2.0 Client Credentials. The e2e tests are already written and merged in cert-manager (test/e2e/suite/issuers/venafi/ngts/ and test/e2e/suite/conformance/certificates/venafingts/) and skip automatically when the required env vars are absent.

This PR wires up the Prow configuration so the tests can be triggered and run.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.