Separate loading of application configurations and secrets into more than one file

[rdsarvar]

The goal of this request is to have the loading of basic configurations and secrets split up to provide a separation of concerns.

An example usage where this would be required would be running Trino Gateway in Kubernetes using the provided Helm chart. Currently, all of the configurations/secrets are merged and mounted to the container as a single YAML file. In order to follow this strategy that means:

• In a secured K8s cluster, you are unable to introspect the configuration being mounted to the pod unless you have elevated permissions to view Secret objects. Usually, ConfigMap resources are R/O to majority of users.
• Your deployment strategy requires elevated permissions to view Secret objects so that a lookup can be done on pre-existing secrets which will be merged into the standalone secret
  • A widely used deployment tool ArgoCD does not support the lookup strategy.

Opening this issue to spur conversations on better strategies for configuring the application.

An initial suggestion could be leveraging Jackson's ObjectMapper with YAMLFactory and the readerForUpdating functionality. This could support loading of multiple configurations by the following strategy:

1. Update the application to allow > 1 configuration file paths through arguments.
2. Leverage Jackson's ObjectMapper with YAMLFactory and initialize/update the application config using the mapper's readerForUpdating method.

I'm not 100% sure how Trino is handling this in their Kubernetes deployment but it would be interesting to see if we can follow suit.