feat: Use Cert Manager to Create Certificates for News Aggregator Server

[werniq]

Introduce Certificate Generation using Helm Chart of Cert-Manager

Summary

This pull request introduces the implementation of certificate generation and management using Cert-Manager.
The main focus is on integrating certificate creation and retrieval within our news aggregator, using Kubernetes' Golang client to manage and apply the certificates dynamically when running the server.

Key Changes

1. Certificate Resource Creation:

   • A new Certificate resource is created using Cert-Manager. This resource defines the specifications for the TLS certificate, such as the issuer, common name, and DNS names.
   • The Certificate resource is managed through Helm, ensuring consistent and reproducible deployments.

2. Secret Management:

   • After the Certificate is issued, the certificate and private key are stored in a Kubernetes secret, identified by defaultSecretName.
   • The program retrieves the certificate and key from this secret using Kubernetes' Golang client.

3. Certificate and Key Handling:

   • The retrieved certificate and key are stored as files with the names defaultCertName and defaultPrivateKey, they are retrieved from secret, generated by cert-manager.
   • We add this secret as additional Volume to the deployment

4. Server Configuration:

   • The server is configured to use the paths to the certificate and key files when starting up.

[VitaliyShevchenko]

shouln't this PR be pointed to a branch with helm ?

[werniq]

shouln't this PR be pointed to a branch with helm ?

Changed base branch

[VitaliyShevchenko]

so if you are using cert-manager there is no need to push certs anymore, they can be created dynamically using cert-manager
pls integrate that

[werniq]

Removed certs from git

[VitaliyShevchenko]

news-aggregator is just a pure https server, it should not care about certs
it should read certs from the file system
you can attach certs generated by k8s to the file system of news-aggregator

[werniq]

Removed

[VitaliyShevchenko]

pls check my comment above, this should not be there

[werniq]

Removed

[VitaliyShevchenko]

??
i think we get rid of makefile

[werniq]

Pulled data from prev PRs. Deleted

[VitaliyShevchenko]

why changed again ?

[werniq]

I haven't changed, I've just have not pulled data from prev PR's. Resolved

[VitaliyShevchenko]

should be under helm chart right?
+ integrate helm values

[werniq]

Added to helm chart

[werniq]

Added values for issuer and secrets in helm

[VitaliyShevchenko]

why removed?

[werniq]

Wrong branch, added dependencies

[VitaliyShevchenko]

do you have such dns name?

[werniq]

It is creating without dnsNames, removed.

[VitaliyShevchenko]

I want you to put a dns name which you use. not just removing it.
what dns name do you use?

[VitaliyShevchenko]

the secret will be created automatically by certificate CR (cert-manager)

[werniq]

But how do we assign it to the deployment? It will add random sequence of letters after cert name

[VitaliyShevchenko]

you can specify secret name in the cert itself

[werniq]

I tried to reproduce this without secret, but:

It is not creating the secret with exactly same name from values.

[VitaliyShevchenko]

why do you need that cert? how is this used? I see you have almost similar below.

[werniq]

Removed

[VitaliyShevchenko]

templates folder can be completely removed since you moved to helm charts

[werniq]

Removed in helm PR, to avoid duplication

[werniq]

@VitaliyShevchenko

Working fine:

[VitaliyShevchenko]

why changed?

[werniq]

I'm not sure from where this changes are, but I will revert to previous version