Evaluate migration of self-signed certificate process to a sidecar

[psanders]

Is your feature request related to a problem? Please describe.

The current process for handling self-signed certificates in Routr operates from within the Docker images. This leads to a situation where services create their own self-signed certificates rather than reusing the same one. For example, if we create two instances of the StatefulSet EdgePort, each would create it's own certificate.

Describe the solution you'd like

To facilitate the sharing of a self-signed certificate, we should leverage Kubernetes Secrets. Additionally, we should consider introducing a sidecar that checks if the secret exists and creates a new one if it doesn't.

Describe alternatives you've considered

Keep the existing process since it is not causing any issues at the moment.

Additional context

We should explore making this mechanism reusable for the Let's Encrypt implementation. Also, we might consider removing the self-signed certificate generation from individual services, given that we are shifting operations to a sidecar. This would result in a cleaner Docker image.

An exception would be the fonoster/routr:all-in-one image, which should continue to include certificate generation.

Funding

• You can sponsor this specific effort via a Polar.sh pledge below
• We receive the pledge once the issue is completed & verified