OCPBUGS-51098: 4.17 Add HostedCluster additional trustbundles to konnectivity-https-proxy

[enxebre]

cherry-picks

• main OCPBUGS-48619: Add HostedCluster additional trustbundles to konnectivity-https-proxy #5525
• 4.18 OCPBUGS-51050: Add HostedCluster additional trustbundles to konnectivity-https-proxy #5667

When using the konnectivity-https-proxy sidecar to communicate through workers, the proxy dials any configured proxy directly and fails to connect if it cannot trust the proxy's serving certificate. This commit adds mounts for the trusted-ca-bundle-managed configmap to sidecar containers that run the konnectivity-https-proxy. The configmap contains the aggregate of .spec.additionalTrustBundle and
.spec.configuration.proxy.trustedCA.

This fixes the issue of the ingress operator not becoming available when using a proxy with a custom certificate.

In addition it propagates any proxy environment variables that are set on the control plane operator to the konnectivity-https-proxy containers. This is needed when the management cluster itself requires a proxy and the proxy container dials an address directly such as when it needs to communicate with a cloud provider endpoint.

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

[openshift-ci-robot]

@enxebre: This pull request references Jira Issue OCPBUGS-51098, which is invalid:

• expected dependent Jira Issue OCPBUGS-51050 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is MODIFIED instead
• expected dependent Jira Issue OCPBUGS-51050 to target a version in 4.18.0, but it targets "4.18.z" instead
• expected dependent Jira Issue OCPBUGS-48619 to target a version in 4.18.0, but it targets "4.19.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

cherry-picks

• main OCPBUGS-48619: Add HostedCluster additional trustbundles to konnectivity-https-proxy #5525
• 4.18 OCPBUGS-51050: Add HostedCluster additional trustbundles to konnectivity-https-proxy #5667

When using the konnectivity-https-proxy sidecar to communicate through workers, the proxy dials any configured proxy directly and fails to connect if it cannot trust the proxy's serving certificate. This commit adds mounts for the trusted-ca-bundle-managed configmap to sidecar containers that run the konnectivity-https-proxy. The configmap contains the aggregate of .spec.additionalTrustBundle and
.spec.configuration.proxy.trustedCA.

This fixes the issue of the ingress operator not becoming available when using a proxy with a custom certificate.

In addition it propagates any proxy environment variables that are set on the control plane operator to the konnectivity-https-proxy containers. This is needed when the management cluster itself requires a proxy and the proxy container dials an address directly such as when it needs to communicate with a cloud provider endpoint.

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enxebre

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [enxebre]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[enxebre]

/jira refresh

[openshift-ci-robot]

@enxebre: This pull request references Jira Issue OCPBUGS-51098, which is invalid:

• expected dependent Jira Issue OCPBUGS-51050 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is MODIFIED instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[devguyio]

/lgtm

[openshift-ci]

@enxebre: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.