Set certificate.spec.privateKey.rotationPolicy on Certificates

[mortenmj]

What problem does this PR solve?

As of cert-manager version 1.8, the field spec.privateKey.rotationPolicy on Certificate objects is validated. Valid values are 'Always' or 'Never'.
See the cert-manager release notes for more information: https://cert-manager.io/docs/release-notes/release-notes-1.8#breaking-changes-you-must-read-this-before-you-upgrade

This will close #3324

What's changed and how it works?

This adds the following to the four Certificates created by chaos-mesh:

privateKey:
  rotationPolicy: Never

Related changes

• Need to update chaos-mesh/website
• Need to update Dashboard UI
• Need to cheery-pick to release branches
  • release-2.2
  • release-2.1

Checklist

CHANGELOG

• I have updated the CHANGELOG.md
• I have labeled this PR with "no-need-update-changelog"

Tests

• Unit test
• E2E test
• No code
• Manual test (add steps below)

1. Set webhook.certManager.enabled: true in values.yaml
2. Run helm template chaos-mesh .
3. Look at the created Certificates

The created Certificates should have a value set for spec.privateKey.rotationPolicy, like this:

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: chaos-mesh-cert
  namespace: "default"
  labels:
    helm.sh/chart: chaos-mesh-v0.2.1
    app.kubernetes.io/name: chaos-mesh
    app.kubernetes.io/instance: chaos-mesh
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/part-of: chaos-mesh
    app.kubernetes.io/version: v0.9.0
    app.kubernetes.io/component: chaos-mesh-cert
spec:
  duration: 43800h #5year
  dnsNames:
    - chaos-mesh-controller-manager
    - chaos-mesh-controller-manager.default
    - chaos-mesh-controller-manager.default.svc
  isCA: false
  secretName: chaos-mesh-webhook-certs
  issuerRef:
    name: chaos-mesh-ca
  privateKey:
    rotationPolicy: Never

Side effects

• Breaking backward compatibility

Looking at older cert-manager API docs, the rotationPolicy property looks like it has been there at least as far back as v1alpha2. As such I don't expect any problems with backwards compatibility.

https://cert-manager.io/v1.1-docs/reference/api-docs/#cert-manager.io/v1alpha2.PrivateKeyRotationPolicy
https://cert-manager.io/v1.1-docs/reference/api-docs/#cert-manager.io/v1alpha3.PrivateKeyRotationPolicy
https://cert-manager.io/v1.1-docs/reference/api-docs/#cert-manager.io/v1beta1.PrivateKeyRotationPolicy

[ti-chi-bot]

[REVIEW NOTIFICATION]

This pull request has been approved by:

• STRRL
• cwen0

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

[ti-chi-bot]

Welcome @mortenmj!

It looks like this is your first PR to chaos-mesh/chaos-mesh 🎉.

I'm the bot to help you request reviewers, add labels and more, See available commands.

We want to make sure your contribution gets all the attention it needs!



Thank you, and welcome to chaos-mesh/chaos-mesh. 😃

[STRRL]

Welcome @mortenmj , thanks for your contribution!

[STRRL]

LGTM!

[cwen0]

LGTM

[cwen0]

/merge

[ti-chi-bot]

This pull request has been accepted and is ready to merge.

Commit hash: 8ddcf34