Welcome to Cryostat! 👋

Before contributing, make sure you have:

• Read the contributing guidelines
• Linked a relevant issue which this PR resolves
• Linked any other relevant issues, PR's, or documentation, if any
• Resolved all conflicts, if any
• Rebased your branch PR on top of the latest upstream main branch
• Attached at least one of the following labels to the PR: [chore, ci, docs, feat, fix, test]
• Signed all commits: git commit -S -m "YOUR_COMMIT_MESSAGE"

Fixes: #896

Description of the change:

• Detects when updating our CA Issuer causes its secret name to change
• If the secret has changed, delete any certificates owned by the CR (other than the CA), along with the secrets backing those certificates
• The certificates and their secrets will be recreated by the existing reconciliation logic

Motivation for the change:

• Fixes a bug where Cryostat was serving an old certificate after upgrading from 2.4 to 3.0. This could prevent users from accessing the Cryostat application.

How to manually test:

I tested on an OpenShift cluster, since the bug was very apparent when trying to access Cryostat using the route.

1. Build and push an operator controller and bundle image for this PR. (I had to use Docker to make the bundle-upgrade work for some reason.)
   • Feel free to use mine: quay.io/ebaron/cryostat-operator-bundle:delete-cert-chain-01
2. make deploy_bundle BUNDLE_IMG=quay.io/cryostat/cryostat-operator-bundle:2.4.0
3. oc create -f config/samples/operator_v1beta1_cryostat.yaml
4. Wait for Cryostat to be ready
5. ./bin/operator-sdk run bundle-upgrade <bundle image for this PR>
6. Wait for upgraded Cryostat to be ready
7. curl -k -sSI https://cryostat-sample-cryostat-operator-system.apps.example.com

   HTTP/1.1 302 Found
   [...]