k8s: Provide an option to disable cert-manager installation

This change introduces an option to disable the operator built-in
cert-manager installer because it may not be desirable in some cases.

Additionally, we provide a toggle in the helm chart so that we can use
the helm chart to generate the included templates.

Change-Id: I45e6041013637c3816de315e5c5a4bf9ff28f7ee

helm/zuul-operator/templates/090-Deployment.yaml

@@ -39,11 +39,15 @@ spec:
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           {{- end }}
-          {{- if not ( index .Values "pxc-operator" "operatorManaged" ) }}
           env:
+            {{- if not ( index .Values "cert-manager" "operatorManaged" ) }}
+            - name: ZUUL_INSTALL_CERT_MANAGER
+              value: "0"
+            {{- end }}
+            {{- if not ( index .Values "pxc-operator" "operatorManaged" ) }}
             - name: ZUUL_INSTALL_PXC
               value: "0"
-          {{- end }}
+            {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

helm/zuul-operator/values.yaml

@@ -52,6 +52,9 @@ affinity: {}
 
 cert-manager:
   enabled: false
+
+  # cert manager should be managed by the operator
+  operatorManaged: false
   
   serviceAccount:
     name: "cert-manager"

zuul_operator/operator.py

@@ -60,6 +60,8 @@ def memoize_secrets(memo, logger):
 def startup(memo, logger, **kwargs):
     logger.info("Loading operator config")
     memo.operator_config = {
+        'install_cert_manager': distutils.util.strtobool(
+            os.environ.get('ZUUL_INSTALL_CERT_MANAGER', '1')),
         'install_pxc': distutils.util.strtobool(
             os.environ.get('ZUUL_INSTALL_PXC', '1')),
     }
@@ -119,7 +121,8 @@ def create_fn(spec, name, namespace, logger, memo, **kwargs):
     zuul.install_db(install_pxc=memo.operator_config['install_pxc'])
 
     # Request the CA cert before installing ZK
-    zuul.create_cert_manager_ca()
+    zuul.create_cert_manager_ca(
+        install_cert_manager=memo.operator_config['install_cert_manager'])
 
     # Now we can install ZK
     zuul.install_zk()
@@ -156,7 +159,8 @@ def update_fn(name, namespace, logger, old, new, memo, **kwargs):
         logger.info("ZooKeeper changed")
         conf_changed = True
         # redo zk
-        zuul.create_cert_manager_ca()
+        zuul.create_cert_manager_ca(
+            install_cert_manager=memo.operator_config['install_cert_manager'])
 
         # Now we can install ZK
         zuul.install_zk()

zuul_operator/zuul.py

@@ -110,8 +110,10 @@ class Zuul:
         self.cert_manager = certmanager.CertManager(
             self.api, self.namespace, self.log)
 
-    def create_cert_manager_ca(self):
-        self.cert_manager.maybe_install()
+    def create_cert_manager_ca(self, install_cert_manager=True):
+        if install_cert_manager:
+            self.cert_manager.maybe_install()
+
         self.cert_manager.create_ca(instance_name=self.name)
 
     def install_zk(self):