Adding K8s remote backend to BYOK

[juandiegopalomino]

Description

Now byo k8s cluster will store its states using k8s secrets via the official k8s backend

Safety checklist

• This change is backwards compatible and safe to apply by existing users
• This change will NOT lead to data loss
• This change will NOT lead to downtime who already has an env/service setup

How has this change been tested, beside unit tests?

manually

[codecov]

Codecov Report

Merging #878 (eef6134) into main (41c4c45) will decrease coverage by 0.52%.
The diff coverage is 16.48%.

@@            Coverage Diff             @@
##             main     #878      +/-   ##
==========================================
- Coverage   73.46%   72.93%   -0.53%     
==========================================
  Files         123      123              
  Lines        8190     8259      +69     
==========================================
+ Hits         6017     6024       +7     
- Misses       2173     2235      +62     

Flag	Coverage Δ
unittests	72.93% <16.48%> (-0.53%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
opta/core/helm_cloud_client.py	25.51% <12.16%> (-27.13%)	⬇️
opta/core/terraform.py	61.95% <26.66%> (-0.06%)	⬇️
opta/layer.py	84.52% <100.00%> (-0.86%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 41c4c45...eef6134. Read the comment docs.

[rabbitfang]

How is this change going to affect existing usage of the helm cloud provider?

[juandiegopalomino]

1. No one is using it
2. It will probably lose the current state, trying to recreate everything

[RemyDeWolf]

1. There is a 1MB limit for k8s secret, is that enough for us? (how much do we use for a typical service?

2. Don't forget to update the documentation, the part with:
   Generate the terraform state files in tfstate - please commit these files after each apply.
   https://github.com/run-x/opta/tree/main/examples/byok-eks#deploy-a-service-to-kubernetes-with-opta__

[RemyDeWolf]

may be we should allow configuring this namespace to something lese than "default" (which would be the default value if not set)

[juandiegopalomino]

Not for now I think-- default has the benefit of always being present/available

[RemyDeWolf]

ok fair enough, helm also uses to this namespace so we are consistent with that

[RemyDeWolf]

no need to have default here since it's a namespace scoped resource

[juandiegopalomino]

That's how terraform names the secret-- we got no choice :(

[juandiegopalomino]

@RemyDeWolf
There is a 1MB limit for k8s secret, is that enough for us? (how much do we use for a typical service?
Yes, absolutely

Don't forget to update the documentation,
Done

[rabbitfang]

Minor suggestion, otherwise LGTM

[rabbitfang]

Suggested change

	except YAMLError:
	except yaml.YAMLError:

(as opposed to from ruamel.yaml import YAMLError above). The yaml util library should be used instead of importing ruamel yaml directly, to discourage unsafe usage. That library reexports YAMLError.