Support TLS in Trigger and Channel reconciler

[pierDipi]

This is looking at making the control plane wiring and resolving for the
triggers Eventing TLS aware.

To support Eventing TLS in trigger reconciler, we need to make sure that
the underlying channel is properly propagating the Status and that the
subscription URI is set to the https endpoint when the TLS feature is
enabled (permissive or strict)

Individual commits might contain more details on the why of certain
changes.

Proposed Changes

• Support TLS in Trigger reconciler
• Set CA certs fields for channel, subscription, broker and trigger resources related to subscriber, reply and dead letter sink

Pre-review Checklist

• At least 80% unit test coverage
• E2E tests for any new behavior
• Docs PR for any user-facing impact
• Spec PR for any new API feature
• Conformance test for any change to the spec

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pierDipi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [pierDipi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

Patch coverage: 77.67% and project coverage change: -0.11 ⚠️

Comparison is base (59118a0) 79.61% compared to head (e68bcaf) 79.51%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6988      +/-   ##
==========================================
- Coverage   79.61%   79.51%   -0.11%     
==========================================
  Files         246      246              
  Lines       12991    13070      +79     
==========================================
+ Hits        10343    10392      +49     
- Misses       2131     2159      +28     
- Partials      517      519       +2     

Impacted Files	Coverage Δ
pkg/apis/duck/v1/delivery_types.go	73.07% <0.00%> (-21.93%)	⬇️
pkg/reconciler/channel/channel.go	70.00% <0.00%> (ø)
pkg/apis/messaging/v1/channel_lifecycle.go	81.03% <75.00%> (ø)
pkg/reconciler/broker/trigger/trigger.go	82.71% <79.06%> (-2.22%)	⬇️
...g/apis/messaging/v1/in_memory_channel_lifecycle.go	74.60% <87.50%> (ø)
pkg/apis/eventing/v1/broker_lifecycle.go	100.00% <100.00%> (ø)
pkg/apis/eventing/v1/test_helper.go	92.30% <100.00%> (ø)
pkg/reconciler/broker/broker.go	77.35% <100.00%> (-0.32%)	⬇️
pkg/reconciler/broker/controller.go	87.83% <100.00%> (+1.47%)	⬆️
pkg/reconciler/broker/resources/subscription.go	100.00% <100.00%> (ø)
... and 3 more

... and 16 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[pierDipi]

/test upgrade-tests

[pierDipi]

/cc @creydr @vishal-chdhry

[pierDipi]

/test unit-tests

[matzew]

wanna apply to v1b2 as well?

[creydr]

Suggested change

	func (imcs *InMemoryChannelStatus) MarkDeadLetterSinkResolvedSucceeded(deadLetterSinkURI eventingduck.DeliveryStatus) {
	imcs.DeliveryStatus = deadLetterSinkURI
	func (imcs *InMemoryChannelStatus) MarkDeadLetterSinkResolvedSucceeded(deadLetterSink eventingduck.DeliveryStatus) {
	imcs.DeliveryStatus = deadLetterSink

[creydr]

nit: WDYT about logging the whole DLS object (including the ca certs)? Just to have this information and it's on debug level anyhow...

[creydr]

Suggested change

	func WithChannelStatusDLSURI(dlsURI eventingduckv1.DeliveryStatus) ChannelOption {
	return func(c *eventingv1.Channel) {
	c.Status.MarkDeadLetterSinkResolvedSucceeded(dlsURI)
	func WithChannelStatusDLSURI(dls eventingduckv1.DeliveryStatus) ChannelOption {
	return func(c *eventingv1.Channel) {
	c.Status.MarkDeadLetterSinkResolvedSucceeded(dls)

[creydr]

Suggested change

	func WithInMemoryChannelStatusDLS(dlsURI *duckv1.Addressable) InMemoryChannelOption {
	func WithInMemoryChannelStatusDLS(dls *duckv1.Addressable) InMemoryChannelOption {

[creydr]

Suggested change

	if dlsURI == nil {
	imc.Status.MarkDeadLetterSinkNotConfigured()
	return
	}
	imc.Status.MarkDeadLetterSinkResolvedSucceeded(eventingv1.NewDeliveryStatusFromAddressable(dlsURI))
	if dls == nil {
	imc.Status.MarkDeadLetterSinkNotConfigured()
	return
	}
	imc.Status.MarkDeadLetterSinkResolvedSucceeded(eventingv1.NewDeliveryStatusFromAddressable(dls))

[creydr]

Shouldn't we rename the function (and its parameters), as we don't take an URI anymore?

[pierDipi]

@matzew @creydr I think I covered your comments, PTAL

[pierDipi]

/test unit-tests

[creydr]

Looks good so far.

/lgtm

Putting it on hold, to give others a bit time to review too. Feel free to unhold when you're fine
/hold

[vishal-chdhry]

/lgtm

[pierDipi]

/unhold