Improve TLS conditions on route reconciliation #15237
Description
Currently the TLS conditions are a bit tricky. We re-use the same condition to reflect the status of external-domain-tls and cluster-local-domain-tls. The first one also needs considering if an external route actually exists. The proposal now is to:
Maybe it would be a good idea to introduce another condition to separate cluster-local from external-domain certificates? It's a bit hard to follow that the condition is influenced by two feature flags and if there is actually a route (e.g. external-domain-tls enabled but no external routes and cluster-local-domain-tls disabled). We could even have better messages like
- external-domain-tls: feature is disabled
- external-domain-tls: no certificate required, no external domains found
Original discussion see: #15234 (comment)