[v2] Produce Network Observer Static Manifest YAML with Openshift Auth

[c-kruse]

The skupper network-observer helm chart supports OpenShift authentication by way of introducing the oauth-proxy container in front of the observer deployment. Presently this is accomplished by generating the required cookie secret using a helm template on install here:

skupper/charts/network-observer/templates/_deployment.yaml

Line 57 in b872a1a

- --cookie-secret={{ (randAlphaNum 32 | nospace) }}

In order to produce a secure static yaml manifest file with this configuration enabled, it would require a new Job and associated RBAC resources in addition to the regular network observer deployment resources.

The purpose of this new Job would be only to generate a suitable cookie secret for the oauth-proxy to use.

Proposed solution

• Add a new subcommand to either the network-observer, the skupper CLI or even the kube-adaptor that will ensure a suitable cookie-secret is present in a kubernetes secret.
• Add a new Job resource (as a helm pre-install hook?) and associated RBAC resources to the network-observer chart that invokes that new command to generate the secret.
• Update the chart to mount that secret to the proxy container and update the proxy command to pull that secret from a file instead of *argv.