Configure Auto DevOps deployed applications with secrets from prefixed CI variables

What does this MR do?

Detects any CI variables exists where the key starts with K8S_SECRET_.

If so, create a Kubernetes secret called $CI_ENVIRONMENT_SLUG-secret with those variables in it.

Pass that secret name to the auto-deploy helm chart, which will then load the secret key-value pairs as environment variables in the application pods. The environment variables will have the prefix stripped off.

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab-ce/issues/49056

Tasks

• Update auto-deploy-app charts/auto-deploy-app!15 (merged)
• Find all env vars beginning with prefix K8S_SECRET_
• Create secret in Auto DevOps
• pass secret name to Helm
• Update help text in Variables
• Delete secret when environment is stopped
• Add a QA test that uses a K8S secret

Tests

• new QA spec

Manual QA

Scenario 1: ✅

• No K8S_SECRET_* variable
• Run Auto DevOps
• Check deploy succeeded

Scenario 2: ✅

• Create K8S_SECRET_* variables
• Run Auto DevOps
• Check deploy succeeded
• Check new secret created in $KUBE_NAMESPACE with correct values
• Check that application pod has those variables as env vars.

Scenario 3: (see note below)

• Update K8S_SECRET_* variable
• Run Auto DevOps
• Check deploy succeed
• Check secret is updated
• Check env vars in pod has new values

Scenario 4: (see note below)

• Remove all K8S_SECRET_* variables
• Run Auto DevOps
• Check that secret is not used by pod
• Check pod has no more K8S_SECRET_* base env vars

RESULT: If secret is updated without any code change, then pods will not be terminated. The running pods will not have updated env vars.

I'm not sure it is even desirable for ENV to change for a running pod.

Created followup in https://gitlab.com/gitlab-org/gitlab-ce/issues/55540

Scenario 5: ✅

• Update K8S_SECRET_* variable
• Change some code
• Check Auto DevOps deploy succeed
• Check secret is updated
• Check env vars in pod has new values

Scenario 6: ✅

• Remove all K8S_SECRET_* variables
• Change some code
• Check Auto DevOps deploy succeed
• Check secret is updated
• Check pod has no more K8S_SECRET_* base env vars

Stopping review app now removes the review app secret:

$ delete
release "review-hello-bran-ex0z0c" deleted
secret "review-hello-bran-ex0z0c-secret" deleted

Does this MR meet the acceptance criteria?

• Changelog entry added, if necessary
• Documentation created/updated - https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/23970
• Tests added for this feature/bug
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• [-] Conforms to the database guides
• [-] Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process.
• [-] Security reports checked/validated by reviewer