feat: restrict access to secrets

[jnonino]

What does this PR do?

This PR aims to allow to users to restrict the secrets accesible by Traefik on the Kubernetes cluster. For this reason, I have added a new field into RBAC configuration secretResourceNames. By default, that value is an empty list ([]) and the behaviour is the same as before this change, all secrets are accesible from Traefik.

When that field contains one or more secret names, then only those secrets are the ones accessible from Traefik.

Motivation

Access to secrets without limits raises a security concern and Traefik should have access only to the secrets it requires to work properly, for example TLS certificates stored in secrets and used by Traefik. All other secrets in the cluster should not be accessible.
This was raised in the issue 1006.

More

• Yes, I updated the tests accordingly
• Yes, I ran make test and all the tests passed

[ivankatliarchuk]

lgtm. I would assume $ is required for safe null checks

[darkweaver87]

Hello @jnonino,

Thank you for your contribution.
The PR looks good. I'll test it.
In the mean time WDYT about renaming accessibleSecrets by secretResourceNames ?

[jnonino]

Hi @darkweaver87, I'll change the name of the field. I was actually expecting feedback about it 😄

[jnonino]

Linking with issue traefik/traefik#7097 in Traefik repo as the discussion is relevant to the change added in this PR.

[darkweaver87]

LGTM

[darkweaver87]

@jnonino , it looks like our bot is not able to merge this PR because it can't rebase on master and push to your branch. Would you mind to rebase it ?

[mloiseleur]

@jnonino any chance that you can rebase this PR ?

[jnonino]

@jnonino any chance that you can rebase this PR ?

Done!!! Sorry for the delay

[mloiseleur]

LGTM