Support for secrets from CLI

[johnSchnake]

We recognized how useful having configmaps bundled with the plugins are, but the same applies to secrets. Currently you can configure a plugin to do most things, but you won't be following best security practices if you have to put API keys and passwords in a configmap. We really need to support secrets in some capacity.

Putting the secret in the plugin definition itself and saving the combined YAML would be slightly better since we could redact those known locations when gathering data. However, we put the plugins into configmaps before loading them so we'd be wrapping a secret in a plugin, so k8s wouldn't be securing them appropriately.

So what we need to do is enable plugins to easily reference secrets and have a simple way for Sonobuoy to create/bind the secrets to the plugins.

Related to: https://github.com/vmware-tanzu/sonobuoy/issues/1539#issuecomment-995031173_

[andrewyunt]

Proposed solution to this issue is letting Sonobuoy users either specify a list of secrets in the plugin manifest that must exist in the namespace or be entered via the cli when starting a run as a flag.

[LarsBingBong]

What's the status on this one? Still in the planning phase?

[stale[bot]]

There has not been much activity here. We'll be closing this issue if there are no follow-ups within 15 days.