HVS: shadow cache for dynamic secret responses (#939)

Caches HVS dynamic secrets (values and TTL/expiration info) for each
HCPVaultSecretsApp in a k8s secret in the operator's namespace, so
that dynamic secrets aren't fetched/created from the HVS API before
the renewalPercent of their TTL.

Author: tvoran

api/v1beta1/hcpvaultsecretsapp_types.go

@@ -45,10 +45,10 @@ type HVSSyncConfig struct {
 // HVSDynamicSyncConfig configures sync behavior for HVS dynamic secrets.
 type HVSDynamicSyncConfig struct {
 	// RenewalPercent is the percent out of 100 of a dynamic secret's TTL when
-	// new secrets are generated. Defaults to 67 percent minus jitter.
+	// new secrets are generated. Defaults to 67 percent plus up to 10% jitter.
 	// +kubebuilder:default=67
 	// +kubebuilder:validation:Minimum=0
-	// +kubebuilder:validation:Maximum=100
+	// +kubebuilder:validation:Maximum=90
 	RenewalPercent int `json:"renewalPercent,omitempty"`
 }
 

chart/crds/secrets.hashicorp.com_hcpvaultsecretsapps.yaml

@@ -253,8 +253,8 @@ spec:
                         default: 67
                         description: |-
                           RenewalPercent is the percent out of 100 of a dynamic secret's TTL when
-                          new secrets are generated. Defaults to 67 percent minus jitter.
-                        maximum: 100
+                          new secrets are generated. Defaults to 67 percent plus up to 10% jitter.
+                        maximum: 90
                         minimum: 0
                         type: integer
                     type: object

config/crd/bases/secrets.hashicorp.com_hcpvaultsecretsapps.yaml

@@ -253,8 +253,8 @@ spec:
                         default: 67
                         description: |-
                           RenewalPercent is the percent out of 100 of a dynamic secret's TTL when
-                          new secrets are generated. Defaults to 67 percent minus jitter.
-                        maximum: 100
+                          new secrets are generated. Defaults to 67 percent plus up to 10% jitter.
+                        maximum: 90
                         minimum: 0
                         type: integer
                     type: object