Revert "Modify helm chart: delete validations for certManagerIssuerRef"

This reverts commit bc2ed14.

Currently, in the helm chart, if the cert-manager approach is selected
to generate the hubble and clustermesh certificates but no issuer is
specified, a new issuer is created for each of them, along with a secret
containing the CA information. Still, this approach is currently broken,
since the CA secret which is created does not match the format expected
by cert-manager. At the same time, this might also hide misconfigurations
(e.g., if there is a typo in the issuer configuration) and possibly lead
to different CAs for different components. Hence, let's just stick to
the approach documented in the user guide and make it mandatory to specify
the issuer when cert-manager is used. It is a task of the users (as
unrelated from cilium) to create the appropriate issuer in advance,
according to their own preference.

Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>

install/kubernetes/cilium/templates/validate.yaml

@@ -22,6 +22,18 @@
   {{- end }}
 {{- end }}
 
+{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "certmanager") }}
+  {{- if not .Values.hubble.tls.auto.certManagerIssuerRef }}
+    {{ fail "Hubble TLS certgen method=certmanager requires that user specifies .Values.hubble.tls.auto.certManagerIssuerRef" }}
+  {{- end }}
+{{- end }}
+
+{{- if and (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) .Values.clustermesh.apiserver.tls.auto.enabled (eq .Values.clustermesh.apiserver.tls.auto.method "certmanager") }}
+  {{- if not .Values.clustermesh.apiserver.tls.auto.certManagerIssuerRef }}
+    {{ fail "ClusterMesh TLS certgen method=certmanager requires that user specifies .Values.clustermesh.apiserver.tls.auto.certManagerIssuerRef" }}
+  {{- end }}
+{{- end }}
+
 {{/* validate hubble-ui specific config */}}
 {{- if and .Values.hubble.ui.enabled
   (ne .Values.hubble.ui.backend.image.tag "latest")