Prometheus: add overlays to replace self-signed CA

manifests/prometheus-replace-self-signed-ca-overlays/00-remove-self-signed-ca.yaml

@@ -0,0 +1,5 @@
+#@ load("@ytt:overlay", "overlay")
+
+# Remove the self-signed issuer
+#@overlay/match by=overlay.subset({"kind": "Issuer"}), expects="1+"
+#@overlay/remove

manifests/prometheus-replace-self-signed-ca-overlays/01-remove-ca-certificate-request.yaml

@@ -0,0 +1,5 @@
+#@ load("@ytt:overlay", "overlay")
+
+# Remove self-signed CA certificate request
+#@overlay/match by=lambda indexOrKey, left, right: left["metadata"]["name"].startswith("prometheus-ca"), expects=1
+#@overlay/remove

manifests/prometheus-replace-self-signed-ca-overlays/02-replace-certificate-request-issuer.yaml

@@ -0,0 +1,11 @@
+#@ load("@ytt:overlay", "overlay")
+
+# Override issuer of Prometheus certificate
+#@overlay/match by=lambda indexOrKey, left, right: left["metadata"]["name"].startswith("prometheus-tls-cert"), expects=1
+---
+spec:
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    # Replace with the name of a pre-existing Cluster Issuer
+    name: tmc-issuer

manifests/prometheus-replace-self-signed-ca-overlays/README.md

@@ -0,0 +1,11 @@
+# Replace self-signed CA
+
+The folder contains a set of overlays to be applied during the installation of Prometheus package. The overlays remove the self-signed issuer and inject the provided issuer reference in the certificate request.
+
+## Usage
+
+Use the `ytt-overlay-file` flag and specify this directory as the value to apply the overlays contained in this folder.
+
+```sh
+tanzu package install prometheus -n tkg-packages  -p prometheus.tanzu.vmware.com -v 2.37.0+vmware.3-tkg.1 --values-file prometheus-values.yaml --ytt-overlay-file prometheus-replace-self-signed-ca-overlays
+```