K8SPG-873 support Authenticating Against a TLS-enabled LDAP Server

[gkech]

CHANGE DESCRIPTION

Problem:

Adds support for configuring PostgreSQL LDAP authentication over TLS (ldaps) in PerconaPG clusters.

• Two new fields added to the PerconaPGCluster CR:
  • spec.config.files — mount arbitrary files (e.g. an LDAP CA certificate) into /etc/postgres
  • spec.authentication.rules — define custom pg_hba.conf rules, either structured or as raw HBA lines; rules are evaluated after mandatory operator rules and before the default scram-sha-256 fallback
• CRDs regenerated to reflect the new fields
• Two e2e tests added: one for plain LDAP and one for LDAP over TLS (ldap-tls suite)

Cause:
Short explanation of the root cause of the issue if applicable.

Solution:
Short explanation of the solution we are providing with this PR.

CHECKLIST

Jira

• Is the Jira ticket created and referenced properly?
• Does the Jira ticket have the proper statuses for documentation (Needs Doc) and QA (Needs QA)?
• Does the Jira ticket link to the proper milestone (Fix Version field)?

Tests

• Is an E2E test/test case added for the new feature/change?
• Are unit tests added where appropriate?

Config/Logging/Testability

• Are all needed new/changed options added to default YAML files?
• Are all needed new/changed options added to the Helm Chart?
• Did we add proper logging messages for operator actions?
• Did we ensure compatibility with the previous version or cluster upgrade process?
• Does the change support oldest and newest supported PG version?
• Does the change support oldest and newest supported Kubernetes version?

[JNKPercona]

Test Name	Result	Time
backup-enable-disable	passed	00:06:02
builtin-extensions	passed	00:05:12
custom-envs	passed	00:19:41
custom-extensions	failure	00:11:18
custom-tls	passed	00:05:01
database-init-sql	passed	00:02:09
demand-backup	passed	00:23:15
demand-backup-offline-snapshot	passed	00:12:35
dynamic-configuration	passed	00:03:36
finalizers	passed	00:03:41
init-deploy	passed	00:02:50
huge-pages	passed	00:02:59
ldap	passed	00:03:10
ldap-tls	passed	00:05:38
monitoring	passed	00:07:46
monitoring-pmm3	passed	00:07:59
one-pod	passed	00:05:50
operator-self-healing	passed	00:10:27
pitr	passed	00:11:33
scaling	passed	00:04:47
scheduled-backup	passed	00:33:34
self-healing	passed	00:08:57
sidecars	passed	00:02:33
standby-pgbackrest	passed	00:12:42
standby-streaming	passed	00:09:03
start-from-backup	passed	00:10:34
tablespaces	passed	00:07:08
telemetry-transfer	passed	00:04:38
upgrade-consistency	passed	00:06:21
upgrade-minor	failure	00:03:32
users	passed	00:04:14

Summary	Value
Tests Run	31/31
Job Duration	01:34:06
Total Test Time	04:19:02

commit: 1fc219e
image: perconalab/percona-postgresql-operator:PR-1456-1fc219ecd