Add .Status to JWTAuthenticator with Conditions,Phase

- "Ready" condition & supporting conditions
- Legacy "Phase" for convenience
- Refactor newCachedJWTAuthenticator() func
  to improve ability to provide additional conditions
- Update JWTAuthenticator.Status type
- Update RBAC for SA to get/watch/update JWTAuthenticator.Status
- Update logger to plog, add tests for logs & statuses
- update Sync() to reduce enqueue when error is config/user managed, perhaps remove validateJWKSResponse()

apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go.tmpl

@@ -5,6 +5,19 @@ package v1alpha1
 
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+type JWTAuthenticatorPhase string
+
+const (
+	// JWTAuthenticatorPhasePending is the default phase for newly-created JWTAuthenticator resources.
+	JWTAuthenticatorPhasePending JWTAuthenticatorPhase = "Pending"
+
+	// JWTAuthenticatorPhaseReady is the phase for an JWTAuthenticator resource in a healthy state.
+	JWTAuthenticatorPhaseReady JWTAuthenticatorPhase = "Ready"
+
+	// JWTAuthenticatorPhaseError is the phase for an JWTAuthenticator in an unhealthy state.
+	JWTAuthenticatorPhaseError JWTAuthenticatorPhase = "Error"
+)
+
 // Status of a JWT authenticator.
 type JWTAuthenticatorStatus struct {
 	// Represents the observations of the authenticator's current state.
@@ -13,6 +26,10 @@ type JWTAuthenticatorStatus struct {
 	// +listType=map
 	// +listMapKey=type
 	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+	// Phase summarizes the overall status of the JWTAuthenticator.
+	// +kubebuilder:default=Pending
+	// +kubebuilder:validation:Enum=Pending;Ready;Error
+	Phase JWTAuthenticatorPhase `json:"phase,omitempty"`
 }
 
 // Spec for configuring a JWT authenticator.