cmd/k8s-operator: emit event if HTTPS is disabled on Tailnet

Instead of confusing users, emit an event that explicitly tells the
user that HTTPS is disabled on the tailnet and that ingress may not
work until they enable it.

Updates #9141

Signed-off-by: Maisem Ali <maisem@tailscale.com>

cmd/k8s-operator/sts.go

@@ -24,6 +24,7 @@ import (
 	"tailscale.com/client/tailscale"
 	"tailscale.com/ipn"
 	"tailscale.com/tailcfg"
+	"tailscale.com/tsnet"
 	"tailscale.com/types/opt"
 	"tailscale.com/util/dnsname"
 	"tailscale.com/util/mak"
@@ -71,6 +72,7 @@ type tailscaleSTSConfig struct {
 
 type tailscaleSTSReconciler struct {
 	client.Client
+	tsnetServer            *tsnet.Server
 	tsClient               tsClient
 	defaultTags            []string
 	operatorNamespace      string
@@ -78,6 +80,11 @@ type tailscaleSTSReconciler struct {
 	proxyPriorityClassName string
 }
 
+// IsHTTPSEnabledOnTailnet reports whether HTTPS is enabled on the tailnet.
+func (a *tailscaleSTSReconciler) IsHTTPSEnabledOnTailnet() bool {
+	return len(a.tsnetServer.CertDomains()) > 0
+}
+
 // Provision ensures that the StatefulSet for the given service is running and
 // up to date.
 func (a *tailscaleSTSReconciler) Provision(ctx context.Context, logger *zap.SugaredLogger, sts *tailscaleSTSConfig) (*corev1.Service, error) {