Decouple burnell "provision container" provision-tls-jwt from autorecovery component

[lhotari]

Currently JWT tokens are provisioned by an init container that is part of the autorecovery component.

pulsar-helm-chart/helm-chart-sources/pulsar/templates/autorecovery/autorecovery-deployment.yaml

Lines 168 to 189 in 16a5b81

	{{- if .Values.autoRecovery.enableProvisionContainer }}
	- name: provision-tls-jwt
	image: "{{ .Values.image.burnell.repository }}:{{ .Values.image.burnell.tag }}"
	imagePullPolicy: {{ .Values.image.burnell.pullPolicy }}
	{{- if .Values.proxy.burnellResources }}
	resources:
	{{ toYaml .Values.proxy.burnellResources | indent 10 }}
	{{- end }}
	env:
	- name: ClusterName
	value: "{{ template "pulsar.fullname" . }}"
	- name: SuperRoles
	value: {{ .Values.superUserRoles }}
	- name: ProcessMode
	value: "init"
	- name: PulsarNamespace
	value: {{ .Release.Namespace }}
	- name: PrivateKeySecretName
	value: {{ .Values.tokenPrivateKeyFile }}
	- name: PublicKeySecretName
	value: {{ .Values.tokenPublicKeyFile }}
	{{- end }}

This should be decoupled since provision-tls-jwt has nothing to do with Bookkeeper autorecovery.

[zzzming]

The reason we added here is because AR is the first pod coming up in the cluster. Private/public key pair need to be created ahead of bastion and other pods initialized. We have have a dedicated pod to initialize keys and JWTs.

[michaeljmarshall]

+1. We should create a separate initialization job that runs when needed.