chore: remove cert-manager support (#4085)

BREAKING CHANGE: The previously deprecated `cert-manager` feature has
now been fully removed. Check the documentation for instructions on how
to manage certificates in your project.

.gitbook.yaml

@@ -14,7 +14,6 @@ redirects:
   examples/tls-project: ./example-projects/tls-project.md
   examples/using-garden-in-ci: ./guides/using-garden-in-ci.md
   guides/code-synchronization-dev-mode: ./guides/code-synchronization.md
-  guides/cert-manager-integration: ./advanced/cert-manager-integration.md
   guides/terraform: ./terraform-plugin/about.md
   providers/conftest-container: ./reference/providers/conftest-container.md
   providers/conftest-kubernetes: ./reference/providers/conftest-kubernetes.md

core/src/plugins/kubernetes/config.ts

@@ -48,7 +48,7 @@ export interface ProviderSecretRef {
   namespace: string
 }
 
-export type TlsManager = "cert-manager" | "manual"
+export type TlsManager = "manual"
 export type LetsEncryptServerType = "letsencrypt-staging" | "letsencrypt-prod"
 export type AcmeChallengeType = "HTTP-01"
 export type IssuerType = "acme"
@@ -338,18 +338,6 @@ const tlsCertificateSchema = () =>
     secretRef: secretRef
       .description("A reference to the Kubernetes secret that contains the TLS certificate and key for the domain.")
       .example({ name: "my-tls-secret", namespace: "default" }),
-    managedBy: joi
-      .string()
-      .description(
-        dedent`
-      Set to \`cert-manager\` to configure [cert-manager](https://github.com/jetstack/cert-manager) to manage this
-      certificate. See our
-      [cert-manager integration guide](https://docs.garden.io/advanced/cert-manager-integration) for details.
-    `
-      )
-      .allow("cert-manager")
-      .example("cert-manager")
-      .meta({ deprecated: "The cert-manager integration is deprecated and will be removed in the 0.13 release" }),
   })
 
 const buildkitCacheConfigurationSchema = () =>
@@ -673,59 +661,6 @@ export const kubernetesConfigBase = () =>
       tlsCertificates: joiSparseArray(tlsCertificateSchema())
         .unique("name")
         .description("One or more certificates to use for ingress."),
-      certManager: joi
-        .object()
-        .optional()
-        .keys({
-          install: joi
-            .bool()
-            .default(false)
-            .description(
-              dedent`
-          Automatically install \`cert-manager\` on initialization. See the
-          [cert-manager integration guide](https://docs.garden.io/advanced/cert-manager-integration) for details.
-        `
-            )
-            .meta({ deprecated: "The cert-manager integration is deprecated and will be removed in the 0.13 release" }),
-          email: joi
-            .string()
-            .required()
-            .description("The email to use when requesting Let's Encrypt certificates.")
-            .example("[email protected]")
-            .meta({ deprecated: "The cert-manager integration is deprecated and will be removed in the 0.13 release" }),
-          issuer: joi
-            .string()
-            .allow("acme")
-            .default("acme")
-            .description("The type of issuer for the certificate (only ACME is supported for now).")
-            .example("acme")
-            .meta({ deprecated: "The cert-manager integration is deprecated and will be removed in the 0.13 release" }),
-          acmeServer: joi
-            .string()
-            .allow("letsencrypt-staging", "letsencrypt-prod")
-            .default("letsencrypt-staging")
-            .description(
-              deline`Specify which ACME server to request certificates from. Currently Let's Encrypt staging and prod
-          servers are supported.`
-            )
-            .example("letsencrypt-staging")
-            .meta({ deprecated: "The cert-manager integration is deprecated and will be removed in the 0.13 release" }),
-          acmeChallengeType: joi
-            .string()
-            .allow("HTTP-01")
-            .default("HTTP-01")
-            .description(
-              deline`The type of ACME challenge used to validate hostnames and generate the certificates
-          (only HTTP-01 is supported for now).`
-            )
-            .example("HTTP-01")
-            .meta({ deprecated: "The cert-manager integration is deprecated and will be removed in the 0.13 release" }),
-        })
-        .description(
-          dedent`cert-manager configuration, for creating and managing TLS certificates. See the
-        [cert-manager guide](https://docs.garden.io/advanced/cert-manager-integration) for details.`
-        )
-        .meta({ deprecated: "The cert-manager integration is deprecated and will be removed in the 0.13 release" }),
       _systemServices: joiArray(joiIdentifier()).meta({ internal: true }),
       systemNodeSelector: joiStringMap(joi.string())
         .description(

core/src/plugins/kubernetes/init.ts

@@ -23,12 +23,6 @@ import { millicpuToString, megabytesToString } from "./util"
 import chalk from "chalk"
 import { deline, dedent, gardenAnnotationKey } from "../../util/string"
 import { combineStates, DeployState } from "../../types/service"
-import {
-  setupCertManager,
-  checkCertManagerStatus,
-  checkCertificateStatusByName,
-  getCertificateName,
-} from "./integrations/cert-manager"
 import { ConfigurationError } from "../../exceptions"
 import Bluebird from "bluebird"
 import { readSecret } from "./secrets"
@@ -119,41 +113,6 @@ export async function getEnvironmentStatus({
   const variables = getKubernetesSystemVariables(provider.config)
   const sysGarden = await getSystemGarden(k8sCtx, variables || {}, log)
 
-  if (provider.config.certManager) {
-    const certManagerStatus = await checkCertManagerStatus({ ctx, provider, log })
-
-    // A running cert-manager installation couldn't be found.
-    if (certManagerStatus !== "ready") {
-      if (!provider.config.certManager.install) {
-        // Cert manager installation couldn't be found AND user doesn't want to let garden install it.
-        throw new ConfigurationError(
-          deline`
-          Couldn't find a running installation of cert-manager in namespace "cert-manager".
-          Please set providers[].certManager.install == true or install cert-manager manually.
-        `,
-          {}
-        )
-      } else {
-        // garden will proceed with intstallation and certificate creation.
-        result.ready = false
-        detail.systemCertManagerReady = false
-        detail.systemManagedCertificatesReady = false
-      }
-    } else {
-      // A running cert-manager installation has been found and we can safely check for the status of the certificates.
-      const certManager = provider.config.certManager
-      const certificateNames = provider.config.tlsCertificates
-        .filter((cert) => cert.managedBy === "cert-manager")
-        .map((cert) => getCertificateName(certManager, cert))
-      const certificatesStatus = await checkCertificateStatusByName({ ctx, log, provider, resources: certificateNames })
-      if (!certificatesStatus) {
-        // Some certificates are not ready/created and will be taken care of by the integration.
-        result.ready = false
-        detail.systemManagedCertificatesReady = false
-      }
-    }
-  }
-
   // Check if builder auth secret is up-to-date
   let secretsUpToDate = true
 
@@ -228,7 +187,6 @@ export async function prepareEnvironment(
   // Prepare system services
   await prepareSystem({ ...params, clusterInit: false })
   const ns = await getAppNamespaceStatus(k8sCtx, log, k8sCtx.provider)
-  await setupCertManager({ ctx: k8sCtx, provider: k8sCtx.provider, log, status })
 
   return { status: { namespaceStatuses: [ns], ready: true, outputs: status.outputs } }
 }