issue self signed certificate

[nabuskey]

fixes: #137
related to: #300 #293

With this PR, idpbuilder will:

1. Create a self signed certificate.
2. Create a TLS secret in the ingress-nginx NS.
3. Use it as the default TLS certificate for ingress-nginx. (you can still use other certs configured at ingress level)
4. Update ArgoCD's CM to trust the CA.
5. Create a CM that contains cert to the default NS.

I thought about using cert-manager but decided not to use it. For our purposes, we just need a certificate for ingress-nginx for in-cluster and incoming traffic only. Introducing cert-manager means:

1. We need to maintain cert-manager manifests.
2. Slower installation speed. We now need to wait for cert-manager to do its thing and be ready before anything else can continue.
3. Introduces three pods that will do nothing for the most part.

[nimakaviani]

Thanks for this. made a few minor comments. otherwise looks good.

I hear your points on the use of self-signed certs and it makes sense in the context of idpBuidler alone. However, if we try to move towards an AppSet strategy that also happens to apply to external clusters, then I wonder whether the idea of using CertManager has a stronger ground.

If users will have cert-manager installed to their clusters by default, and if the idpBuilder is supposed to pave the path for them to eventually transitioin from a dev / test environment to a prod env, shall we just bite the bullet and pay the extra cost of enabling them with the cert-manager in the test environment too?

that said, given the amount of work put into this, this works as an interim solution. But lets revisit this as we move towards expanding on the deployment strategy.

[nabuskey]

I think I'd rather wait for concrete use cases for cert-manager until we pull it into core. Ready for another round of review.

[jessesanford]

I agree on waiting for more use cases before bringing in cert manager. It should be reasonably easy to roll forward to it when the time comes.

[cmoulliard]

I think I'd rather wait for concrete use cases for cert-manager until we pull it into core. Ready for another round of review.

Cert Manager can help to deal with many use cases like:

• Generate Self Signed Certificate for the platform where it runs: https://cert-manager.io/docs/configuration/selfsigned/
• Inject OOTB the TLS Secret within the ingress resources - https://cert-manager.io/docs/usage/ingress/
• Trust Certificates issued for domains: LetsEncrypt, etc - https://cert-manager.io/docs/configuration/acme/
• Distribute certifcates as bundle: https://cert-manager.io/docs/trust/trust-manager/
• Create HTTPS/TLS Cert/Key for runtime applications, Java, etc) - https://github.com/snowdrop/pki?tab=readme-ov-file#create-a-pkcs12-using-cert-manager

[nimakaviani]

LGTM. thanks!