USHIFT-6596: introduce trust-manager operand to the cert-manager

[eslutsky]

Introduces trust-manager as a new operand to the cert-manager operator, enabling management of trust bundles across the cluster.

When a TrustManager CR is created, the trust-manager operand will be deployed in the cert-manager namespace, enabling users to create and distribute trust bundles across the cluster using Bundle resources.

This PR depends on openshift/cert-manager-operator#379

testing

1. start MicroShift instance with a cert-manager rpm installed from this PR.
2. build cert-manager-operator image locally from cert-manager-operator-379

     PR_NUMBER=379
     git clone https://github.com/openshift/cert-manager-operator.git
     cd cert-manager-operator/
     git fetch origin refs/pull/${PR_NUMBER}/head:trust-manager
     git checkout trust-manager

     # build the operator locally as `openshift.io/cert-manager-operator:latest`
     make image-build

3. patch the deployment with the local image

   oc -n cert-manager-operator patch deployment/cert-manager-operator-controller-manager \
   --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/image","value": "openshift.io/cert-manager-operator:latest"},{"op": "replace", "path": "/spec/template/spec/containers/0/imagePullPolicy", "value": "Never"}]'

4. create trust-manager CR:

      oc apply -f https://raw.githubusercontent.com/openshift/cert-manager-operator/refs/heads/master/config/samples/tech-preview/operator.openshift.io_v1alpha1_trustmanager.yaml

open-question

• how do we handle UNSUPPORTED_ADDON_FEATURES flag

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (1)

• do-not-merge/work-in-progress

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 7d60b3d6-af80-43e3-b5da-a9bdc9583640

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: eslutsky

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [eslutsky]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@eslutsky: This pull request references USHIFT-6596 which is a valid jira issue.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@eslutsky: This pull request references USHIFT-6596 which is a valid jira issue.

Details

In response to this:

Introduces trust-manager as a new operand to the cert-manager operator, enabling management of trust bundles across the cluster.

When a TrustManager CR is created, the trust-manager operand will be deployed in the cert-manager namespace, enabling users to create and distribute trust bundles across the cluster using Bundle resources.

This PR depends on openshift/cert-manager-operator#379

testing

1. start MicroShift instance with a cert-manager rpm installed from this PR.
2. build cert-manager-operator image locally from cert-manager-operator-379

     PR_NUMBER=379
     git clone https://github.com/openshift/cert-manager-operator.git
     cd cert-manager-operator/
     git fetch origin refs/pull/${PR_NUMBER}/head:trust-manager
     git checkout trust-manager

     # build the operator locally as `openshift.io/cert-manager-operator:latest`
     make image-build

3. patch the deployment with the local image

oc -n cert-manager-operator patch deployment/cert-manager-operator-controller-manager
--type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/image","value": "openshift.io/cert-manager-operator:latest"},{"op": "replace", "path": "/spec/template/spec/containers/0/imagePullPolicy", "value": "Never"}]'

4. create trust-manager CR:
   ```shell
      oc apply -f https://raw.githubusercontent.com/openshift/cert-manager-operator/refs/heads/master/config/samples/tech-preview/operator.openshift.io_v1alpha1_trustmanager.yaml
   ```


## open-question
- how do we handle `UNSUPPORTED_ADDON_FEATURES` flag

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.