Simplify dev/test environment deployment

[gl-johnson]

Desired Outcome

Clean up some redundancies in the deployment scripts, and make it simpler to specify which mode to run Secrets Provider in.

Implemented Changes

• Consolidated deploy_init_env, deploy_k8s_rotation_env, and deploy_push_to_file into one function
• Update test cases and dev bootstrap.env to use SECRETS_MODE to set the mode for deployment

Definition of Done

At least 1 todo must be completed in the sections below for the PR to be
merged.

Changelog

• The CHANGELOG has been updated, or
• This PR does not include user-facing changes and doesn't require a
  CHANGELOG update

Test coverage

• This PR includes new unit and integration tests to go with the code
  changes, or
• The changes in this PR do not require tests

Documentation

• Docs (e.g. READMEs) were updated in this PR
• A follow-up issue to update official docs has been filed here: [insert issue ID]
• This PR does not require updating any documentation

Behavior

• This PR changes product behavior and has been reviewed by a PO, or
• These changes are part of a larger initiative that will be reviewed later, or
• No behavior was changed with this PR

Security

• Security architect has reviewed the changes in this PR,
• These changes are part of a larger initiative with a separate security review, or
• There are no security aspects to these changes

[codeclimate]

Code Climate has analyzed commit d7593dc and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 89.2% (0.0% change).

View more on Code Climate.

[rpothier]

With this change where are we pulling the images from? Is is the same for GKE and Openshift?

[gl-johnson]

These manifests are only used when running ./bin/start with the --dev flag, so I think we can assume that the image already exists locally per the docs to deploy a local dev environment, the first step of which is to run ./bin/build.

[rpothier]

OK, if it's only the dev image that's fine.

[rpothier]

With the imagePullPolicy to Never is it possible that a cached image will be used and not the build image?

[gl-johnson]

Hmm I'm not sure on this. This change is largely based on the existing dev manifests for K8s secrets mode, both of which omitted the registry path variables and use an imagePullPolicy of Never.

I think the assumption once again is that ./bin/build was run prior to the start script, which tags the locally built secrets-provider image as latest and dev

Edit: ./bin/start --dev actually fails unless you have run the build script first even with a cached secrets-provider:latest image, since it is expecting the dev tag here

[rpothier]

I guess my concern is if I rebuild a dev image with a small change, and redeploy the pod will the latest build be picked up?

[gl-johnson]

Yes it should still be picked up as far as I can tell. Each time you run ./bin/build it overwrites dev/latest tags for the image locally, which is what will be used in the deployment when the imagePullPolicy is 'Never'.

I tested it with ./bin/start --dev and ./bin/start --dev --reload and it picks up code changes

[rpothier]

LGTMM!