[Epic] TLS configuration enhancements

[andrewazores]

Describe the feature

End users should have the following new options for TLS:

1. If using OpenShift, enable the serving-cert feature. This is implemented now, but only in a way where it is tied to deployment of the openshift-oauth-proxy
2. Supply their own custom certs
3. Configure the auth proxy (OpenShift or OAuth2) to use custom certs
4. Auto-configure the auth proxy (OpenShift or OAuth2) to use OpenShift serving-cert, if serving-cert is enabled and no custom certs are supplied

• [Task] Declarative TLS trusted certs #217

Anything other information?

No response

[andrewazores]

Some discussion here: #167 (comment)

[tthvo]

I guess there is one small thing to note is that the oauth proxy seems not to set some X-Forwarded-* header so redirect will likely fail. When ingress or route is available, those headers are set and forwarded correctly.

https://github.com/mwangggg/cryostat3/blob/35f8a9eff8a3080d2c004ac65efab6c2749ac2f3/compose/auth_proxy_alpha_config_https.yaml#L29-L35

[andrewazores]

The proxy seems not to set those headers on its own, but that configuration adds them in so that it does set them. So long as the relevant environment variables get set then it should work out, I think.

[andrewazores]

#115 (comment)