Offer an external secret option for prometheus

[petewall]

I love the ability to specify an existing prometheus through the values file like this:

opencost:
  prometheus:
    username: "my-username"
    password: "my-password"
    external:
      enabled: true
      url: https://prometheus.example.com/api/prom

But I'd love to have the option to use an existing secret with something like:

opencost:
  prometheus:
    createSecret: false
    secretName: my-existing-secret
    usernameKey: prom_username
    passwordKey: prom_password
    external:
      enabled: true
      url: https://prometheus.example.com/api/prom

This would lead to the deployment looking like this:

apiVersion: apps/v1
kind: Deployment
spec:
  template:
    spec:
      containers:
      - name: my-opencost
         env:
         - name: DB_BASIC_AUTH_USERNAME
            valueFrom:
              secretKeyRef:
                name: my-existing-secret
                key: prom_username
         - name: DB_BASIC_AUTH_PW
            valueFrom:
              secretKeyRef:
                name: my-existing-secret
                key: prom_password

The reason for this is because I am planning on deploying OpenCost along with other services that need the credentials for prometheus and I'd rather use a single secret than create multiples. That would make things like credential rotation simpler.

[petewall]

If people like the idea, I can work on a PR

[GTamp]

@petewall really useful support option. Thx for that! Is there any plans for also supporting fetching the url as well from the (same or different) k8s secret?