feat: CLI to manipulate agent configuration

[jannfis]

What does this PR do / why we need it:

This PR introduces a new CLI for argocd-agent, which can be used to manipulate and inspect agent configuration on the principal.

Right now, it will be able to:

• perform CRUD operations on a TLS CA used by the principal to maintain TLS certificates for clients of the resource proxy,
• manipulate and inspect Argo CD cluster secrets so the Argo CD UI can make use of the resource proxy

In the future, we may want to extend this functionality beyond the limited use cases we support initially. I will create feature issues for these things.

It also adds some e2e tests for the resource proxy.

Which issue(s) this PR fixes:

Fixes #?

How to test changes / Special notes to the reviewer:

The new CLI is located in cmd/ctl. The new commands introduced by this CLI for now are ca (for manipulating and inspecting the CA) and agent for manipulating and inspecting cluster configuration.

The names of these commands are not finalized, so if you have suggestions, let me know!

Agent configuration for now is an Argo CD cluster secret that points to the resource proxy, instead of to a real cluster.

With this change, the resource proxy can be easily tested. First, create the CA and an agent configuration like so:

# build the CLI
make cli
# set the kube context to use
export ARGOCD_AGENT_CONTEXT=vcluster-control-plane`
# create a new CA
./dist/argocd-agentctl ca generate
# create a new agent configuration
./dist/argocd-agentctl agent create agent-managed --resource-proxy-server <endpoint_addr_of_rp>:9090

The endpoint_addr_of_rp must be reachable by Argo CD running in your cluster, so it must NOT be 127.0.0.1 or similar. Since the resource proxy will listen on all addresses, it's best to use the address of one of your interfaces.

Then, create a new application on the principal and set the destination cluster to the one created by the previous command (i.e. agent-managed).

The kubeconfig context to use with the agent can be specified by either setting the environment variable ARGOCD_AGENT_CONTEXT or the command line switch --context to the name of the context to use. The command line has precedence over the environment variable.

agentctl - CA related commands

• ca generate - Generate a new CA for use with the agent
• ca inspect - Inspect existing CA
• ca delete - Delete the CA
• ca dump - Dump cert or key of CA to stdout
• ca issue - Issue certificates for particular components from the CA

agentctl - Agent related commands

• agent create - Create a new agent configuration (cluster secret for now)
• agent list - List all configured agents (cluster secrets for now)
• agent inspect - Inspect a particular agent's configuration
• agent print-tls - Print TLS configuration of agent
• agent reconfigure - Reconfigure certain aspects of an agent

Checklist

• Documentation update is required by this PR (and has been updated) OR no documentation update is required.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 15.49451% with 769 lines in your changes missing coverage. Please review.

Project coverage is 44.73%. Comparing base (cd3dc15) to head (731218f).

Files with missing lines	Patch %	Lines
cmd/ctl/agent.go	0.00%	384 Missing ⚠️
cmd/ctl/ca.go	0.00%	309 Missing ⚠️
internal/tlsutil/generate.go	71.09%	26 Missing and 11 partials ⚠️
cmd/ctl/main.go	0.00%	36 Missing ⚠️
agent/outbound.go	0.00%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #282      +/-   ##
==========================================
- Coverage   48.79%   44.73%   -4.06%     
==========================================
  Files          73       78       +5     
  Lines        6400     7309     +909     
==========================================
+ Hits         3123     3270     +147     
- Misses       3017     3767     +750     
- Partials      260      272      +12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.