Configure ArgoCD + Vault for svc-bip-api

[lisac]

User Story

As a VRO engineer, I would like to be able to use ArgoCD for VRO deployments. As a first step: I would like to be able to use ArgoCD to deploy svc-bip-api to environments dev, qa, and sandbox with minimal manual intervention.

Notes about work
This ticket depends on completion of #3030 and targets Problem 3 that was described in that ticket:

Problem 3: while one [ArgoCD] deployment did complete, the app failed to start up due to a gap in secrets management

Recommendations

• reach out to LHDI support, as noted in Resolve ArgoCD sync issues on svc-bip-api #3030
• review other related artifacts, including Determine how to handle secret management/sycnhronization across k8s and HashiCorp Vault #2241 (which includes links to LHDI documentation on Vault) and ArgoCD Vault Plugin Spike (aka Secrets Spike) #2914

Acceptance Criteria

(in the scope of environments dev, qa, and sandbox; this does NOT apply to higher environments)

1. ArgoCD deployments of svc-bip-api to dev, qa, and sandbox successfully retrieve secrets as stored in Vault. There should be no log messaging that leaks the structure of secrets.
2. Documentation of what needed to be done, so that we can repeat as needed in setting up other microservices in ArgoCD.

Note
In order to complete AC1, the current structure of our secrets might need to be altered to comply with the requirements for the Argo Vault Plugin which will require changes to the application as well.

Related
This is a follow up to the deployment improvement workshop (recap) and #2781

[meganhicks]

This should be done after we move all services over.

[meganhicks]

Next steps: Make tickets to move all services to ArgoCD to prodtest, after we do this determine the cutover plan, then revisit secrets management and get this working and then have a separate ticket for prod.

[lisac]

status: still working on this. not blocked, more that it's a learning curve for me.