matchbox - Figure out Secret Injection

[ssmiller25]

k3os YAML configuration will eventually require the injection of sensitive information (k3os/k3s token, etc). Need a way to supply these in a gitops manner. A few options.

• Move all the sensitive matchbox config into secrets, managed by SealedSecrets. However, would be nice to keep most of the configuration publically available for use.
• SealedSecrents of just the sensitive parts, then an init container that does a quick sed to search/replace those values in the configmap. Handles single values ok, but not heirarchial values as well...
• SealedSecrets of the sensitive information, and use an init container that leverages yq to merge files. Or for json, use jq with the "-s / slupt" option

[ssmiller25]

Moving away from k3os/closing