[Feature request] Make it possible to inject kubernetes secrets into the locust worker pods

[pmacik]

Is your feature request related to a problem? Please describe.
I'd like to have secrets (such as tokens) available in the locust files to be used in the API calls

Describe the solution you'd like
The idea here is to create a Secret with the tokens in the locust namespace and point the LocustTest to that Secret (similarly as the locust file is mounted from ConfigMap. The controller would then mount the Secret to the worker pods (either as env variables or as a files) and the locust files executed by the workers would then be able to get those tokens from env variables (or by reading the mounted files).

Describe alternatives you've considered
Currently, I need to hard-code the tokens into the locust file directly.

Additional context
n/a

[AbdelrhmanHamouda]

Hello @pmacik,
Thank you for proposing this feature. I for one think that it makes perfect sense that we include something like that. In the description you mention that the secret to be available as environment variable or as a file. I'm wondering if you have a specific requirement in your use case to have it both ways or supporting environment variables can be enough for example?

This question help me size the request properly since I also have been thinking about fully supporting environment variables injection and that can have multiple sources, secrets are one of them.

Also, one last question here to help me size the effort, would you be willing to contribute some of this work needed to secure the feature (it is okay if you wont/can't)?

[PaulRudin]

I think more generally it would be useful to allow arbitrary additions/override of the pod spec for the workers and master. That's much more flexible and would address this and all sorts of other things people might reasonably want.

The nitty gritty of the details need to be decided - but one very reasonable approach would be to merge according to do a json merge patch as per: https://datatracker.ietf.org/doc/html/rfc7396.

[treenerd]

Hello,

I like use external-secrets operator and vault to manage secrets.
So in my case I tend use Environment variables inside the container and the locust files read the environment variables with standard python libraries.
web_ui_auth

If the operator would support to create environment variables from secrets, this would be helpful.
With GitOPS workflows and the useage of tools like ArgoCD, I prefer to avoid to have credentials in configmaps.
I like how this is implemented in cloudnative-pg to give an example.

 managed:
    users:
    - name: loadtest-user1
      ensure: present
      passwordSecret:
        name: loadtest-user1

Just my thoughts on this topic.