Provide option to disable TLS in NATS

[fullykubed]

Is your feature request related to a problem? Please describe.

When deploying Argo Events in a cluster with a service mesh such as Linkerd or Istio, we would want to use our internal x.509 certificate infrastructure and not the one bootstrapped via Argo Events.

While we can double-layer TLS fairly easily, this causes unnecessary overhead. Instead, we would prefer to have an easy mechanism to disable TLS globally for the Argo Events deployment, so that we can simply use the TLS of our injected service mesh sidecars.

Describe the solution you'd like

An option in the main events-controller for deploying NATS without TLS enabled.

Describe alternatives you've considered

We were able to disable TLS in NATs via startArgs = ["--tls=false"] in the EventBus specification.

However, there is no way to disable TLS in the EventSource or Sensor clients and they fail to launch.

As a result, there is currently no way to disable TLS without having to introduce something like a custom mutating webhook to override the pod specs that the event-controller creates.

Additional context

None

---

Message from the maintainers:

If you wish to see this enhancement implemented please add a 👍 reaction to this issue! We often sort issues this way to know what to prioritize.