Selfmanager implementation

[PERES-Richard]

Q	A
Bug fix?	no
New feature?	yes
API breaks?	no
Deprecations?	no
License	Apache 2.0

What's in this PR?

A (Work In Progress) implementation of a custom, integrated, self signed and autonomous way to ensure TLS secured communication even without cert manager deployed. It basically reproduces the cert manager fundamental behavior by delivering self signed tls certs to all Nificlusters and NifiUsers upon specific event which required cert generation.

Why?

To be able to use Nifikop with TLS secured Nificluster without using cert-manager. This makes Nifikop it's own, self-signed CA and certs deliverer. Very useful in specific cluster environments where you cannot deploy cert manager.

Finally, this is also useful because it prevents current strong dependency among Nifikop and Cert Manager in order to deploy secure communication for Nificlusters & NifiUsers.

Downsides are that self manager it's incompatible with user provided certs & issuers. So its an alternative to the use of cert manager for 'auto generate' certs only. Also, it's a dummy implementation of certs management and it should be used only when you cannot use cert-manager.

Checklist

• Implementation tested
• Error handling code meets the guideline
• Logging code meets the guideline
• User guide and development docs updated
• Append changelog with changes

RoadMap

• Skeleton definition of Self Manager
• Self Manager included in current TLS generation process
• Create self signed CA and x509 certs
• Adapt these certs into secrets when required (for Nificluster creation / scale up and when a new NifiUser is created)
• Handle scaleDown deletion
• Test the feature
• Implements a way to manage these certs for renewal
• Create specific documentation

[PERES-Richard]

Okay, I've tested all the implementation on GKE and it's working as expected !
Only issue, but I don't think it's related to this it's this weird error I have 5-10mn after setting up the Nificluster =>
Action cannot be performed because there is currently no Cluster Coordinator elected. The request should be tried again after a moment, after a Cluster Coordinator has been automatically elected.. I think it's an issue with Zookeeper but this need confirmation.

Despite that, the PR is ready for review :)

[PERES-Richard]

2021-06-22T09:19:38.929Z ERROR nifi_client Unknown user with identity 'Nifikop Controller'. Contact the system administrator. {"error": "Non 200 response from nifi node: 403 Forbidden", "errorVerbose": "Non 200 response from nifi node: 403 Forbidden\ngithub.com/Orange-OpenSource/nifikop/pkg/nificlient.errorGetOperation\n\t/workspace/pkg/nificlient/common.go:38\ngithub.com/Orange-OpenSource/nifikop/pkg/nificlient.(*nifiClient).DescribeCluster\n\t/workspace/pkg/nificlient/system.go:31\ngithub.com/Orange-OpenSource/nifikop/pkg/nificlient.(*nifiClient).Build\n\t/workspace/pkg/nificlient/client.go:154\ngithub.com/Orange-OpenSource/nifikop/pkg/nificlient.NewFromCluster\n\t/workspace/pkg/nificlient/client.go:176\ngithub.com/Orange-OpenSource/nifikop/pkg/common.NewNodeConnection\n\t/workspace/pkg/common/common.go:21\ngithub.com/Orange-OpenSource/nifikop/pkg/clientwrappers/scale.EnsureRemovedNodes\n\t/workspace/pkg/clientwrappers/scale/scale.go:201\ngithub.com/Orange-OpenSource/nifikop/pkg/resources/nifi.(*Reconciler).Reconcile\n\t/workspace/pkg/resources/nifi/nifi.go:218\ngithub.com/Orange-OpenSource/nifikop/controllers.(*NifiClusterReconciler).Reconcile\n\t/workspace/controllers/nificluster_controller.go:126\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:263\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:235\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.1\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:198\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.UntilWithContext\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:99\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1374"} github.com/go-logr/zapr.(*zapLogger).Error /go/pkg/mod/github.com/go-logr/[email protected]/zapr.go:132 github.com/Orange-OpenSource/nifikop/pkg/nificlient.errorGetOperation /workspace/pkg/nificlient/common.go:38 github.com/Orange-OpenSource/nifikop/pkg/nificlient.(*nifiClient).DescribeCluster /workspace/pkg/nificlient/system.go:31 github.com/Orange-OpenSource/nifikop/pkg/nificlient.(*nifiClient).Build /workspace/pkg/nificlient/client.go:154 github.com/Orange-OpenSource/nifikop/pkg/nificlient.NewFromCluster /workspace/pkg/nificlient/client.go:176 github.com/Orange-OpenSource/nifikop/pkg/common.NewNodeConnection sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.1 /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:198 k8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1 /go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:185 k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1 /go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:155 k8s.io/apimachinery/pkg/util/wait.BackoffUntil /go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:156 k8s.io/apimachinery/pkg/util/wait.JitterUntil /go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:133 k8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext /go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:185 k8s.io/apimachinery/pkg/util/wait.UntilWithContext /go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:99