Add support for using cert manager to issue TLS certs

[hardillb]

Description

This allows K8s to use cert-manager.io to issue TLS certs for both the core Forge apps and the Instances.

Related Issue(s)

Checklist

• I have read the contribution guidelines
• Suitable unit/system level tests have been added and they pass
• Documentation has been updated
  • Upgrade instructions
  • Configuration details
  • Concepts
• Changes flowforge.yml?
  • Issue/PR raised on FlowFuse/helm to update ConfigMap Template
  • Issue/PR raised on FlowFuse/CloudProject to update values for Staging/Production

Labels

• Backport needed? -> add the backport label
• Includes a DB migration? -> add the area:migration label

[github-actions]

node-red:3.0.2-main-linux-amd64 scan results

1 files  ±0  4 suites  ±0   0s ⏱️ ±0s
7 tests +3  0 ✅ ±0  0 💤 ±0  7 ❌ +3 
8 runs  +3  0 ✅ ±0  0 💤 ±0  8 ❌ +3 

For more details on these failures, see this check.

Results for commit 2348c7d. ± Comparison against base commit 07c5394.

♻️ This comment has been updated with latest results.

[github-actions]

node-red:3.1.x-main-linux-amd64 scan results

3 tests  +3   0 ✅ ±0   0s ⏱️ ±0s
2 suites ±0   0 💤 ±0 
1 files   ±0   3 ❌ +3 

For more details on these failures, see this check.

Results for commit 2348c7d. ± Comparison against base commit 07c5394.

♻️ This comment has been updated with latest results.

[github-actions]

node-red:2.2.3-main-linux-amd64 scan results

 1 files  ±0  4 suites  ±0   0s ⏱️ ±0s
25 tests +5  0 ✅ ±0  0 💤 ±0  25 ❌ +5 
25 runs  +4  0 ✅ ±0  0 💤 ±0  25 ❌ +4 

For more details on these failures, see this check.

Results for commit 2348c7d. ± Comparison against base commit 07c5394.

This pull request removes 11 and adds 16 tests. Note that renamed tests count towards both.

ansi-regex-3.0.0 ‑ [HIGH] CVE-2021-3807
ansi-regex-5.0.0 ‑ [HIGH] CVE-2021-3807
busybox-1.31.1-r21 ‑ [HIGH] CVE-2022-28391
libcrypto1.1-1.1.1l-r0 ‑ [HIGH] CVE-2022-0778
libssl1.1-1.1.1l-r0 ‑ [HIGH] CVE-2022-0778
minimatch-3.0.4 ‑ [HIGH] CVE-2022-3517
npm-8.1.2 ‑ [HIGH] CVE-2022-29244
semver-6.3.0 ‑ [MEDIUM] CVE-2022-25883
ssl_client-1.31.1-r21 ‑ [HIGH] CVE-2022-28391
zlib-1.2.11-r3 ‑ [CRITICAL] CVE-2022-37434
…

libcrypto1.1-1.1.1n-r0 ‑ [HIGH] CVE-2022-4450
libcrypto1.1-1.1.1n-r0 ‑ [HIGH] CVE-2023-0215
libcrypto1.1-1.1.1n-r0 ‑ [HIGH] CVE-2023-0286
libcrypto1.1-1.1.1n-r0 ‑ [HIGH] CVE-2023-0464
libcrypto1.1-1.1.1n-r0 ‑ [MEDIUM] CVE-2022-2097
libcrypto1.1-1.1.1n-r0 ‑ [MEDIUM] CVE-2022-4304
libcrypto1.1-1.1.1n-r0 ‑ [MEDIUM] CVE-2023-0465
libssl1.1-1.1.1n-r0 ‑ [HIGH] CVE-2022-4450
libssl1.1-1.1.1n-r0 ‑ [HIGH] CVE-2023-0215
libssl1.1-1.1.1n-r0 ‑ [HIGH] CVE-2023-0286
…

♻️ This comment has been updated with latest results.

[github-actions]

file-server:main-linux-amd64 scan results

0 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
2 suites ±0   0 💤 ±0 
1 files   ±0   0 ❌ ±0 

Results for commit 2348c7d. ± Comparison against base commit 07c5394.

♻️ This comment has been updated with latest results.

[github-actions]

node-red:3.0.2-main-linux-arm64 scan results

1 files  ±0  4 suites  ±0   0s ⏱️ ±0s
7 tests +3  0 ✅ ±0  0 💤 ±0  7 ❌ +3 
8 runs  +3  0 ✅ ±0  0 💤 ±0  8 ❌ +3 

For more details on these failures, see this check.

Results for commit 2348c7d. ± Comparison against base commit 07c5394.

♻️ This comment has been updated with latest results.

[github-actions]

node-red:3.1.x-main-linux-arm64 scan results

3 tests  +3   0 ✅ ±0   0s ⏱️ ±0s
2 suites ±0   0 💤 ±0 
1 files   ±0   3 ❌ +3 

For more details on these failures, see this check.

Results for commit 2348c7d. ± Comparison against base commit 07c5394.

♻️ This comment has been updated with latest results.

[github-actions]

forge-k8s:main-linux-amd64 scan results

1 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
4 suites ±0   0 💤 ±0 
1 files   ±0   1 ❌ ±0 

For more details on these failures, see this check.

Results for commit 2348c7d. ± Comparison against base commit 07c5394.

♻️ This comment has been updated with latest results.

[github-actions]

node-red:2.2.3-main-linux-arm64 scan results

 1 files  ±0  4 suites  ±0   0s ⏱️ ±0s
25 tests +6  0 ✅ ±0  0 💤 ±0  25 ❌ +6 
25 runs  +5  0 ✅ ±0  0 💤 ±0  25 ❌ +5 

For more details on these failures, see this check.

Results for commit 2348c7d. ± Comparison against base commit 07c5394.

This pull request removes 10 and adds 16 tests. Note that renamed tests count towards both.

ansi-regex-3.0.0 ‑ [HIGH] CVE-2021-3807
ansi-regex-5.0.0 ‑ [HIGH] CVE-2021-3807
busybox-1.31.1-r21 ‑ [HIGH] CVE-2022-28391
libcrypto1.1-1.1.1l-r0 ‑ [HIGH] CVE-2022-0778
libssl1.1-1.1.1l-r0 ‑ [HIGH] CVE-2022-0778
minimatch-3.0.4 ‑ [HIGH] CVE-2022-3517
npm-8.1.2 ‑ [HIGH] CVE-2022-29244
ssl_client-1.31.1-r21 ‑ [HIGH] CVE-2022-28391
zlib-1.2.11-r3 ‑ [CRITICAL] CVE-2022-37434
zlib-1.2.11-r3 ‑ [HIGH] CVE-2018-25032

libcrypto1.1-1.1.1n-r0 ‑ [HIGH] CVE-2022-4450
libcrypto1.1-1.1.1n-r0 ‑ [HIGH] CVE-2023-0215
libcrypto1.1-1.1.1n-r0 ‑ [HIGH] CVE-2023-0286
libcrypto1.1-1.1.1n-r0 ‑ [HIGH] CVE-2023-0464
libcrypto1.1-1.1.1n-r0 ‑ [MEDIUM] CVE-2022-2097
libcrypto1.1-1.1.1n-r0 ‑ [MEDIUM] CVE-2022-4304
libcrypto1.1-1.1.1n-r0 ‑ [MEDIUM] CVE-2023-0465
libssl1.1-1.1.1n-r0 ‑ [HIGH] CVE-2022-4450
libssl1.1-1.1.1n-r0 ‑ [HIGH] CVE-2023-0215
libssl1.1-1.1.1n-r0 ‑ [HIGH] CVE-2023-0286
…

♻️ This comment has been updated with latest results.

[github-actions]

file-server:main-linux-arm64 scan results

0 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
2 suites ±0   0 💤 ±0 
1 files   ±0   0 ❌ ±0 

Results for commit 2348c7d. ± Comparison against base commit 07c5394.

♻️ This comment has been updated with latest results.

[github-actions]

forge-k8s:main-linux-arm64 scan results

1 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
4 suites ±0   0 💤 ±0 
1 files   ±0   1 ❌ ±0 

For more details on these failures, see this check.

Results for commit 2348c7d. ± Comparison against base commit 07c5394.

♻️ This comment has been updated with latest results.

[ppawlowski]

Looks fine, just two small suggestions in the secrets naming convention.