Fix #7490: Replace cert-manager dependency in e2e tests

[shivamx64]

Overview

This PR removes the dependency on cert-manager in the e2e test suite and replaces it with a lightweight in-process certificate generation helper.

Previously, the e2e suite relied on cert-manager CRDs to generate test certificates. Although cert-manager was only used for testing, it was included in go.mod, causing its transitive dependencies (notably gateway-api) to affect Contour’s build.

When cert-manager updated its gateway-api dependency to a newer version, it introduced version conflicts with Contour’s own Gateway API usage, resulting in compilation failures.

What this PR does

• Introduces a local certificate helper (test/e2e/certs.go) that:

  • Generates X.509 certificates using Go’s crypto libraries
  • Tracks issuers in memory
  • Creates TLS Secrets (kubernetes.io/tls) directly
  • Reconciles managed Secrets to preserve behavior like cert rotation

• Refactors e2e tests to use the new helper via the shared framework

• Removes cert-manager usage from e2e tests

• Removes cert-manager dependency from go.mod

• Removes cert-manager installation from test/scripts/make-kind-cluster.sh

• Updates test/scripts/README.md to reflect the new test flow

Why this change

• Avoids dependency leakage from test-only dependencies
• Eliminates gateway-api version conflicts introduced by cert-manager
• Simplifies e2e test setup (no external controller required)
• Improves test determinism and reduces cluster complexity

Behavior parity

The new helper preserves key behaviors previously provided by cert-manager:

• Certificate issuance via issuers
• CA-based signing
• Secret regeneration when deleted (important for rotation-related tests)

Testing

• Ran full e2e test suite locally
• Verified TLS-related tests (backend TLS, mTLS, protocol versions)
• Confirmed no dependency conflicts remain in module graph

Related Issue

Fixes #7490

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.84%. Comparing base (e505630) to head (01e8a96).
⚠️ Report is 15 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #7511   +/-   ##
=======================================
  Coverage   81.84%   81.84%           
=======================================
  Files         130      130           
  Lines       15722    15722           
=======================================
  Hits        12868    12868           
  Misses       2571     2571           
  Partials      283      283           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 30d of inactivity, lifecycle/stale is applied
• After 60d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

• Ensure your PR is passing all CI checks. PRs that are fully green are more likely to be reviewed. If you are having trouble with CI checks, reach out to the #contour channel in the Kubernetes Slack workspace.
• Mark this PR as fresh by commenting or pushing a commit
• Close this PR
• Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

[shivamx64]

/keep