[Feature] Eliminate GCP key from chart

[chipzoller]

Problem Statement

The environment variable CLOUD_PROVIDER_API_KEY is present by default in the chart with a Kubecost-provided, hard-coded value. This is to increase user time-to-value and provide less work for them. However, this goes against basic security practices and as a result is being flagged and alerted on by various linters and scanners in CI. Defining sensitive information such as passwords, keys, and API tokens, even if deemed "safe" for public consumption, should be avoided.

Solution Description

Eliminate the hard-coded CLOUD_PROVIDER_API_KEY value and template allowing users to bring their own. Provide documentation instructing users on how to create a key with the required permissions.

Alternatives

No response

Additional Context

No response

Troubleshooting

• I have read and followed the issue guidelines and this is a feature request only for the Helm chart.
• I have searched other issues in this repository and mine is not recorded.

[ameijer]

+1 here - this would also make our static code analysis tooling much happier, not having this

[chipzoller]

This issue depends on opencost/opencost#2311 before it can be implemented. Would likely require other chart-level changes as well.

[AjayTripathy]

As a note, this would increase install friction since users would get default costs unless they add their key in to get public pricing for gcp nodes.