Allow cloud-cost secret to be optional #331
Description
Problem
The OpenCost Helm chart has a value opencost.cloudIntegrationSecret. If the value is set, the OpenCost deployment won't start if the referenced secret does not exist.
I've got a use case when several development teams want to know the cost of their respective Kubernetes clusters running in the same Azure subscription. Due to the company's security policy, the teams don't have permission to create Azure Storage accounts or generate Billing reports. The billing is managed by a separate finance team.
Current behavior
If opencost.cloudIntegrationSecret is set to anything, the OpenCost pod waits for the secret to be created:
MountVolume.SetUp failed for volume "cloud-integration" : secret "cloud-costs" not found
Expected behavior
The pod should start regardless of existence of the secret.
Proposed solutions
Make cloud-integration secret to be optional.
Impact
Without this feature, users who:
- use GitOps workflows
- don't have necessary permissions to create an Azure Storage account
- delegate creation of the Storage account and the corresponding Kubernetes secret to the finance department
cannot have a working GitOps manifest covering both cases (whether the secret exists or not).