Support creating secrets in component (#153)

class/defaults.yml

@@ -76,6 +76,8 @@ parameters:
     namespaceLogForwarderEnabled: false
     namespaceLogForwarder: {}
 
+    secrets: {}
+
     operatorResources:
       clusterLogging:
         requests:

component/main.jsonnet

@@ -84,11 +84,14 @@ local subscriptions = std.filter(function(it) it != null, [
   elasticsearch,
 ]);
 
+local secrets = com.generateResources(params.secrets, kube.Secret);
+
 // Define outputs below
 {
   '00_namespace': namespace,
   '10_operator_group': operatorGroup,
   '20_subscriptions': subscriptions,
+  [if std.length(params.secrets) > 0 then '99_secrets']: secrets,
 }
 + (import 'config_logging.libsonnet')
 + (import 'config_forwarding.libsonnet')

docs/modules/ROOT/pages/references/parameters.adoc

@@ -388,6 +388,17 @@ A dictionary holding the `.spec` for namespaced log forwarding.
 See in examples below for configuration.
 
 
+== `secrets`
+
+[horizontal]
+type:: dict
+default:: `{}`
+
+A dict of secrets to create in the namespace.
+The key is the name of the secret, the value is the content of the secret.
+The value must be a dict with a key `stringData` which is a dict of key/value pairs to add to the secret.
+
+
 == Examples
 
 [source,yaml]

tests/golden/master/openshift4-logging/openshift4-logging/99_secrets.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+data: {}
+kind: Secret
+metadata:
+  annotations: {}
+  labels:
+    name: my-secret
+  name: my-secret
+stringData:
+  secret-key: t-silent-test-1234/c-green-test-1234/secret-value
+type: Opaque

tests/master.yml

@@ -82,3 +82,8 @@ parameters:
               - my-apps
             outputRefs:
               - custom-forwarder
+
+    secrets:
+      my-secret:
+        stringData:
+          secret-key: '?{vaultkv:${cluster:tenant}/${cluster:name}/secret-value}'