Consider using Google-managed SSL certificates for aaa

[ameukam]

Initial conversation : https://groups.google.com/g/kubernetes-wg-k8s-infra/c/MseI6bUqOfY.

/area cluster-mgmt

EDIT(spiffxp):

FYI @munnerz @rikatz I think we're doing this now? I'm not entirely sure what's tipped us over the edge, other than we're getting cert expiry warnings yet again.

This would obviate work in progress to improve cert-manager:

• Update cert-manager from AAA cluster to 1.2 #1512 - updating to latest
• Add Ingress rules syncer controller to resolve dual-stack k8s.io cert-manager renewal #1746 - syncer to resolve dual-stack
• Add cert monitor manifest #1739 - cert monitor manifest (maybe?)

And obviate the following issues:

• cert-manager cannot renew k8s-io-prod certificate due to second IPv6 ingress #1476 - cert-manager can't renew k8s-io-prod cert due to second ipv6 ingress
• Update the cluster cert-manager #1508 - update cert-manager

Services on aaa that need to be converted:

• gcsweb (@thockin, Switch gcsweb to GKE managed certs #2088)
• k8s-io-canary
• k8s-io-prod (@thockin, Switch k8s-io-prod to GKE managed certs #2093)
• node-perf-dash (@ameukam, Switch node-perf-dash to GKE Managed certificate #2092)
• perfdash (@spiffxp, Switch to GKE TLS certficate for perf-dash.k8s.io #2097)
• sippy (@spiffxp, Switch sippy to GKE managed certificate #2127)
• slack-infra (@thockin, Switch slack-infra to GKE managed certs #2090)
• traige-party-release (@ameukam, Switch to ManagedCertificate for Triage-Party. #1942)

[ameukam]

I opened #1942 for Triage-Party

[ameukam]

Things I noticed when I deployed #1942 :

• It takes about 10 minutes before the ManagedCertificate is active
• during those 10 minutes, I got a SSL_ERROR_NO_CYPHER_OVERLAP TLS error

[ameukam]

Current default quota for the SSL certificates:
https://console.cloud.google.com/iam-admin/quotas?service=compute.googleapis.com&metric=%22SSL%20certificates%22

https://cloud.google.com/load-balancing/docs/quotas#ssl_certificates.

[spiffxp]

/assign @thockin @spiffxp @ameukam