Cert rotation for e2e chart

[jsturtevant]

Follow up to #141 to add e2e tests

closes #135

This adds e2e tests for cert rotation using Cert-manager. The general process is the same when using the manual process but I an not going to add those since this tests the functionally of the rotation in the webhook which will be the same no matter how the cert is created/rotated.

This does add root-ca for cert-manager deployment, so that intermediate certs can be signed and issued, while the old one can still be validated. In a real deployment it would be be advised to use a CA issuer for you PKI infrastructure but this enables us to boot strap it here.

Read more about this here https://cert-manager.io/docs/configuration/selfsigned/ and here https://cert-manager.io/docs/usage/certificate/#issuance-behavior-rotation-of-the-private-key

[jsturtevant]

/assign @marosset @aravindhp @ycheng-kareo

[k8s-ci-robot]

@jsturtevant: GitHub didn't allow me to assign the following users: ycheng-kareo.

Note that only kubernetes-sigs members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @marosset @aravindhp @ycheng-kareo

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[jsturtevant]

/cc @ycheng-kareo
This has a change to the loading which let the updates be seen to the webhook that you will likely run into. When the secret propagated the flags we were checking were not being updated. I've updated it to take any change to the file and reload.

[k8s-ci-robot]

@jsturtevant: GitHub didn't allow me to request PR reviews from the following users: ycheng-kareo.

Note that only kubernetes-sigs members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @ycheng-kareo
This has a change to the loading which let the updates be seen to the webhook that you will likely run into. When the secret propagated the flags we were checking were not being updated. I've updated it to take any change to the file and reload.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ycheng-kareo]

/cc @ycheng-kareo This has a change to the loading which let the updates be seen to the webhook that you will likely run into. When the secret propagated the flags we were checking were not being updated. I've updated it to take any change to the file and reload.

thanks @jsturtevant! very helpful to see the code changes you made

[marosset]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jsturtevant, marosset

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jsturtevant,marosset]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment