Remove unused caCertSecret

[aledbf]

Description

Remove an unused feature that also creates an invalid configuration in registry-facade.

It also introduces trust-manager to centralize and simplify the management of ca-certificate.crt in the components

If in the future we need to add support for a custom CA certificate, we only need to add a reference to a secret in the bundle

How to test

• cert-manager certificates should generates all the secrets
• the file /etc/ss/ca-certificates should be mounted from a configmap
• integration tests should pass
• open workspaces should work

Related issues

fixes #16767

• Any Dedicated cell older than 2 months will experience trouble renewing TLS certificates w/o this change

Release Notes

NONE

Build Options:

• /werft with-werft
  Run the build with werft instead of GHA
• leeway-no-cache
  leeway-target=components:all
• /werft no-test
  Run Leeway with --dont-test

Publish Options

• /werft publish-to-npm
• /werft publish-to-jb-marketplace

Installer Options

• with-ee-license
• with-dedicated-emulation
• with-ws-manager-mk2
• workspace-feature-flags
  Add desired feature flags to the end of the line above, space separated

Preview Environment Options:

• /werft with-local-preview
  If enabled this will build install/preview
• /werft with-preview
• /werft with-large-vm
• /werft with-gce-vm
  If enabled this will create the environment on GCE infra
• /werft with-integration-tests=workspace
  Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh

[werft-gitpod-dev-com]

started the job as gitpod-build-aledbf-bye-custom-ca-cert.8 because the annotations in the pull request description changed
(with .werft/ from main)

[werft-gitpod-dev-com]

started the job as gitpod-build-aledbf-bye-custom-ca-cert.26 because the annotations in the pull request description changed
(with .werft/ from main)

[werft-gitpod-dev-com]

started the job as gitpod-build-aledbf-bye-custom-ca-cert.30 because the annotations in the pull request description changed
(with .werft/ from main)

[werft-gitpod-dev-com]

started the job as gitpod-build-aledbf-bye-custom-ca-cert.31 because the annotations in the pull request description changed
(with .werft/ from main)

[werft-gitpod-dev-com]

started the job as gitpod-build-aledbf-bye-custom-ca-cert.32 because the annotations in the pull request description changed
(with .werft/ from main)

[werft-gitpod-dev-com]

started the job as gitpod-build-aledbf-bye-custom-ca-cert.34 because the annotations in the pull request description changed
(with .werft/ from main)

[aledbf]

/werft with-integration-tests=workspace with-large-vm=true with-gce-vm=true

👎 unknown command: with-integration-tests=workspace
Use /werft help to list the available commands

[aledbf]

/werft run with-integration-tests=workspace with-large-vm=true with-gce-vm=true

👍 started the job as gitpod-build-aledbf-bye-custom-ca-cert.35
(with .werft/ from main)

[werft-gitpod-dev-com]

started the job as gitpod-build-aledbf-bye-custom-ca-cert.36 because the annotations in the pull request description changed
(with .werft/ from main)

[werft-gitpod-dev-com]

started the job as gitpod-build-aledbf-bye-custom-ca-cert.37 because the annotations in the pull request description changed
(with .werft/ from main)

[aledbf]

/werft run with-integration-tests=workspace with-large-vm=true with-gce-vm=true

👍 started the job as gitpod-build-aledbf-bye-custom-ca-cert.39
(with .werft/ from main)

[werft-gitpod-dev-com]

started the job as gitpod-build-aledbf-bye-custom-ca-cert.54 because the annotations in the pull request description changed
(with .werft/ from main)

[easyCZ]

The combination of installer and application level changes make this PR more difficult to review. An approach to make that easier is to first update/remove from the installer, and then make the application level changes. This also ensures that we can do an install in between (with just installer config changes) without actually removing the app code. That in turn can make our life easier should we need to revert this.

[easyCZ]

How is this change related to this PR?

[aledbf]

To be able to get a workspace preview running after running the installer

[easyCZ]

Sorry, I don't follow. What in this PR makes it so that we now have to install the trust manager which we didn't need before?

[aledbf]

The new Bundle definitions solve the issues we have right an invalid cert-manager CA, certificate rotation, and complexity to update /etc/ssl/ca-certificates.crt

[aledbf]

The combination of installer and application level changes make this PR more difficult to review. An approach to make that easier is to first update/remove from the installer, and then make the application level changes. This also ensures that we can do an install in between (with just installer config changes) without actually removing the app code. That in turn can make our life easier should we need to revert this.

I can't do that here. If I only remove the feature without fixing the CA state, we break registry-facade (in particular)
For context please check https://gitpod.slack.com/archives/C04EY56P1HN/p1678552918962709

[WVerlaek]

lgtm, tested in a preview env starting a workspace and an image build