[TT-9919] Allow disabling cert-manager

[taylorsmithgg]

We have has a long history (>1 year of negative support and problems w/cert-manager in our cluster) Due to the webhook deployment being garbage collected/deleted automatically and no sign of where it's happening, we try to avoid using it at all costs. As far as I know, there hasn't been a working solution for anyone impacted.

Reference: https://github.com/cert-manager/cert-manager/issues/6306 https://github.com/cert-manager/cert-manager/issues/5282#issuecomment-1696210558

Expected Behavior

Allow disabling cert-manager dependency.

Current Behavior

cert-manager is a requirement for deploying the operator

Possible Solution

Add a feature flag to allow the operator to be deployed without cert-manager.

Additional Context

[buraksekili]

hi @taylorsmithgg, thanks for raising this. we will investigate if it is feasible to manage webhooks w/o cert-manager. Also, what do you now use in place of cert-manager, if it's not confidential?

[taylorsmithgg]

hi @taylorsmithgg, thanks for raising this. we will investigate if it is feasible to manage webhooks w/o cert-manager. Also, what do you now use in place of cert-manager, if it's not confidential?

Most of our certificates are external from kubernetes, and we manage our own. In most cases, like Tyk, it isn't a requirement for us. Certainly not for the operator.