(egress) use secret instead of configmap

Because the config.yaml contains secrets (S3 credentials, LiveKit API
credentials), it is better to use a secret to avoid leaking secrets in
the ArgoCD UI, for instance.

Author: rouja

egress/templates/deployment.yaml

@@ -17,7 +17,7 @@ spec:
       annotations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
       labels:
         {{- include "egress.selectorLabels" . | nindent 8 }}
     spec:
@@ -34,7 +34,7 @@ spec:
           env:
             - name: EGRESS_CONFIG_BODY
               valueFrom:
-                configMapKeyRef:
+                secretKeyRef:
                   name: {{ include "egress.fullname" . }}
                   key: config.yaml
           ports:

egress/templates/secret.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "egress.fullname" . }}
+stringData:
+  config.yaml: |
+{{ toYaml .Values.egress | indent 4 }}