ROX-22599: Move secrets to RH GCP

[gavin-stackrox]

Changes the deploy script to use secrets from the RH GCP project. Testing detailed in https://github.com/stackrox/automation-iac/pull/121.

[rhacs-bot]

A single node development cluster (infra-pr-1299) was allocated in production infra for this PR.

CI will attempt to deploy quay.io/rhacs-eng/infra-server:0.9.51-1-ga5d7855f63 to it.

🔌 You can connect to this cluster with:

gcloud container clusters get-credentials infra-pr-1299 --zone us-central1-a --project acs-team-temp-dev

🛠️ And pull infractl from the deployed dev infra-server with:

nohup kubectl -n infra port-forward svc/infra-server-service 8443:8443 &
make pull-infractl-from-dev-server

🚲 You can then use the dev infra instance e.g.:

bin/infractl -k -e localhost:8443 whoami

⚠️ Any clusters that you start using your dev infra instance should have a lifespan shorter then the development cluster instance. Otherwise they will not be destroyed when the dev infra instance ceases to exist when the development cluster is deleted. ⚠️

Further Development

☕ If you make changes, you can commit and push and CI will take care of updating the development cluster.

🚀 If you only modify configuration (chart/infra-server/configuration) or templates (chart/infra-server/{static,templates}), you can get a faster update with:

make install-local

Logs

Logs for the development infra depending on your @redhat.com authuser:

• authuser=0
• authuser=1
• authuser=2

Or:

kubectl -n infra logs -l app=infra-server --tail=1 -f

[gavin-stackrox]

In the context of secrets this precheck only has usefulness (IMO) to check that ENVIRONMENT is set and that is handled by the secrets.sh script. Intent of change: be able to manage secrets without being connected to the dev/prod cluster.