Allow dynamic loading of bootstrap credentials #712
Description
Currently the Digital Ocean access key is read from an environment variable in
This means that digital ocean account that the controller serves would need its own deployment of the controller. For better audit control as well as the ability to create clusters on behalf of another user; it would simplify the setup if the controller instead could load the credentials from a reference on one of the clusters CRDs.
For example the DOCluster could have a secret ref in the spec:
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: DOCluster
metadata:
name: "${CLUSTER_NAME}"
spec:
region: ${DO_REGION}
credentialsRef:
kind: Secret
namespace: default
name: capdo-manager-bootstrap-credentials