Refactor references to some variables to secrets where appropriate

In the provided helm charts there are a lot of places where things that should be secrets aren't.

Notes

Below is a (hopefully) exhaustive list of all places where that is.

• RF_APP_ADMIN in backend deployment?
• most env vars in iso-master deployment?
• keycloak deployment
• MYSQL_ROOT_PASSWORD in mysql deployment
• liveness-probe in mysql deployment
• readiness-probe in mysql deployment
• init.sql in mysql subchart has creds in plaintext in it
• rf-scan deployment
• rfpubsub deployment
• bunch of env vars in rfvdb deployment
• some env vars in runner deployment

I wonder if RF_DEBUG should be a secret everywhere?

Definition of Done

• All referenced locations are reviewed

  • If a refactor is necessary, do so and explain the change in BBCHANGES.md.
  • If not necessary, leave a comment here explaining why.

• Backend

  • Environment Variables - https://repo1.dso.mil/platform-one/big-bang/apps/third-party/rapidfort/-/blob/main/chart/charts/backend/templates/deployment.yaml
    • RF_APP_ADMIN

• Iso-master

  • Environment Variables - https://repo1.dso.mil/platform-one/big-bang/apps/third-party/rapidfort/-/blob/main/chart/charts/iso-master/templates/deployment.yaml
    • SECGROUP_ID
    • VPC_SUBNET_ID
    • BACKEND_SERVICE_NAME
    • BACKEND_APP_PORT
    • RF_REDIS_HOST_NAME_HA
    • RF_REDIS_PORT_HA
    • RF_REDIS_PWD_HA
    • RF_REDIS_DB_HA
    • RF_REDIS_HOST_NAME
    • RF_REDIS_PORT
    • RF_REDIS_PWD

• Keycloak deployment

  • Environment variables - https://repo1.dso.mil/platform-one/big-bang/apps/third-party/rapidfort/-/blob/main/chart/charts/keycloak/templates/deployment.yaml
    • DB_VENDOR
    • DB_ADDR
    • DB_USER
    • DB_PASSWORD
    • JDBC_PARAMS

• MySQL

  • https://repo1.dso.mil/platform-one/big-bang/apps/third-party/rapidfort/-/blob/main/chart/charts/mysql/templates/deployment.yaml
    • Environment Variables
      • MYSQL_ROOT_PASSWORD
    • Liveness Probe
    • Readiness Probe
  • Username and password references in the init.sql file - - https://repo1.dso.mil/platform-one/big-bang/apps/third-party/rapidfort/-/blob/main/chart/charts/mysql/init.sql

• RF-Scan

  • Environment Variables - https://repo1.dso.mil/platform-one/big-bang/apps/third-party/rapidfort/-/blob/main/chart/charts/rf-scan/templates/deployment.yaml
    • BACKEND_SERVICE_NAME
    • DEPLOY_MODE
    • AUTH_SERVER_ROOT_URL
    • BACKEND_SERVICE_NAME
    • BACKEND_APP_PORT
    • RF_REDIS_HOST_NAME_HA
    • RF_REDIS_PORT_HA
    • RF_REDIS_PWD_HA
    • RF_REDIS_DB_HA
    • RF_REDIS_HOST_NAME
    • RF_REDIS_PORT
    • RF_REDIS_PWD

• RFpubsub

  • Environment Variables - https://repo1.dso.mil/platform-one/big-bang/apps/third-party/rapidfort/-/blob/main/chart/charts/rfpubsub/templates/deployment.yaml
    • RF_REDIS_HOST_NAME_HA
    • RF_REDIS_PORT_HA
    • RF_REDIS_PWD_HA
    • RF_REDIS_DB_HA
    • RF_REDIS_HOST_NAME
    • RF_REDIS_PORT
    • RF_REDIS_PWD
    • RF_API_SERVER
    • API_KEY

• RFvdb

  • Environment Variables - https://repo1.dso.mil/platform-one/big-bang/apps/third-party/rapidfort/-/blob/main/chart/charts/rfvdb/templates/deployment.yaml
    • AWS_ACCESS_KEY_ID
    • AWS_ACCESS_SECRET_KEY
    • AWS_DEFAULT_REGION
    • RF_RFVDB_REDIS_HOST_NAME
    • RF_RFVDB_REDIS_DB
    • RF_RFVDB_REDIS_PORT
    • RF_PKGDB_REDIS_HOST_NAME

• Runner

  • Environment Variables - https://repo1.dso.mil/platform-one/big-bang/apps/third-party/rapidfort/-/blob/main/chart/charts/runner/templates/deployment.yaml
    • RF_APP_HOST
    • AWS_DEFAULT_REGION
    • RF_APP_ADMIN
    • RF_APP_ADMIN_PASSWD
    • RF_ROOT_URL