KM498 ✅ Rotate GitHub deploy key

[yngvark]

Description

oslokommune/okctl#894 introduces the ed25519 algorithm for deploy keys. We need to upgrade existing deploy keys, which uses an old algorithm, which will be deprecated by GitHub soon.

This upgrade deletes any previous existing deploy keys in GitHub for this cluster, and then creates one deploy key. It imports a version of Okctl that uses the new ed25519 algorithm.

Motivation and Context

https://trello.com/c/9GxBElfD/498-argocd-stops-working-2022-03-15-due-to-old-format-of-deploy-key

How to prove the effect of this PR?

• Run the upgrade by following the description in the README: https://github.com/oslokommune/okctl-upgrade#test-the-upgrade
• Open In https://github.com/oslokommune/your-iac-repo/settings/keys, see that you have a new, unsued deploy key (never used, black color)
• Trigger an application synchronization in ArgoCD
• In GitHub, verify that the deploy key now has status used "Last week", and is green
• You can also do some other checks described in KM498 ✅ Use ed25519 key algorithm for ArgoCD deploy key okctl#894.

Additional info

Upgrade for oslokommune/okctl#894

Documentation: https://okctl-2.ghost.io/ghost/#/editor/post/62066142c91338003b4883e2

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

[deifyed]

Nice!

Consider moving the key creation code over to this repo so its not dependent on the okctl release. That way you'll be able to release the upgrade before the okctl release ref best practice discussions

[yngvark]

We need to update state, meaning we need to import okctl. When we already have okctl, we might as well use the key creation from there instead of copying it.