refactor: extract secrets from Secret to ConfigMap

[mike1808]

• we had some configurations which didn't require keeping them hashed
• having those configuration in plain text make them easier to change, e.g. via kubectl edit
• easier to provide values for those configruration via Helm (no need to encrypt to base64)

[mike1808]

Also, in Kubernetes 1.14 it's possible to inject configs like secret via files, but currently we're using 1.13

[rosenhouse]

Cool. The CA doesn’t need to be in the secret either, since it is a public cert. That could be extracted to.

[rosenhouse]

Also: After we merge it’s worth informing downstream teams since they would need to update how they generate values.

[mike1808]

@rosenhouse move CA configuration to ConfigMap. And here is the migration script, I do not know where to put it.

secret="$(kubectl -n cf-system get secrets cfroutesync -o yaml)" && \
kubectl -n cf-system create configmap cfroutesync \
  --from-literal="ccBaseURL=$(echo "$secret" | yq -r ".data.ccBaseURL" | base64 --decode)" \
  --from-literal="uaaBaseURL=$(echo "$secret" | yq -r ".data.uaaBaseURL" | base64 --decode)" \
  --from-literal="clientName=$(echo "$secret" | yq -r ".data.clientName" | base64 --decode)" \
  --from-literal="eiriniPodLabelPrefix=$(echo "$secret" | yq -r ".data.eiriniPodLabelPrefix" | base64 --decode)" \
  --from-literal="ccCA=$(echo "$secret" | yq -r ".data.ccCA" | base64 --decode)" \
  --from-literal="uaaCA=$(echo "$secret" | yq -r ".data.uaaCA" | base64 --decode)" && \
kubectl -n cf-system apply -f \
  <(echo "$secret" | yq -r 'del(.data.ccBaseURL, .data.uaaBaseURL, .data.clientName, .data.eiriniPodLabelPrefix, .data.ccCA, .data.uaaCA)')