feat!: Add working conversion webhook with cert rotation

[sbernauer]

Description

Part of stackabletech/issues#642

An working example usage can be found in stackabletech/zookeeper-operator#958 (mainly look at rust/operator-binary/src/main.rs)

Definition of Done Checklist

• Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
• Please make sure all these things are done and tick the boxes

Author

• Changes are OpenShift compatible
• CRD changes approved
• CRD documentation for all fields, following the style guide.
• Integration tests passed (for non trivial changes)
• Changes need to be "offline" compatible

Reviewer

• Code contains useful comments
• Code contains useful logging statements
• (Integration-)Test cases added
• Documentation added or updated. Follows the style guide.
• Changelog updated
• Cargo.toml only contains references to git tags (not specific commits or branches)

Acceptance

• Feature Tracker has been updated
• Proper release label has been added

[sbernauer]

reminder to bump these before merging. Currently they are so low for easy testing

[Techassi]

Partial review, I didn't look at the CertificateResolver yet.

[Techassi]

We are mostly there, just some small things left.

[Techassi]

note: Let's avoid pulling in a type from stackable_operator here. Instead, split it into two separate fields.

Suggested change

	/// The environment the operator is running in, notably the namespace and service name it is
	/// reachable at.
	pub operator_environment: OperatorEnvironmentOptions,
	pub namespace: String,
	pub service_name: String,

[sbernauer]

Hmm, I intentionally sticked with the struct that describes the k8s env. I understand your concerns, but I also really don't like too many function arguments when there is a perfectly fine struct for what we want as "information about the environment of the operator".
Maybe tomorrow we need the k8s version or if we are on OpenShift or whatnot

[Techassi]

The comment of the field perfectly sums this up:

The environment the operator is running in, notably the namespace and service name it is reachable at.

Currently, we only need the namespace and the service name. That's it. Why are we optimizing for something which might or might not come in the future? Regarding how the crates are currently structured, I would like to avoid more entanglement between those.

As discussed multiple times already, this needs better structure in the long run, which I can hopefully pick up soon.

I also really don't like too many function arguments

There is only a single parameter: ConversionWebhookOptions. Everything is contained in there. And having two fields instead of one, doesn't really justify mixing even more types between crates (which are not designed for that currently).

[sbernauer]

Switched to separate namespace and service_name in 568cda7

[Techassi]

note: This is already re-exported via stackable_webhook::servers::conversion::ConversionReview. As such, please remove it from here again.

[sbernauer]

Correct, removed in 8dc1235

[Techassi]

note: I feel like this can be moved into its own function, because we repeat the exact same code below.

[sbernauer]

37818fd

[Techassi]

Any reason why you didn't include the certificate generation in that function as well? That's basically also the same code across two functions.

[sbernauer]

Pls have a look at 39fe001