[19:30:14] can anyone point me to how secrets are consumed from our private repo? [21:17:45] jhathaway: modules/profile/manifests/kubernetes/deployment_server/helmfile.pp [21:18:31] I don't think that is actually documented anywhere on wikitech? aside from the mention at https://wikitech.wikimedia.org/wiki/Kubernetes/Add_a_new_service#Add_private_data/secrets_(optional) [21:18:59] cdanis: thanks, maybe I should just DM you all my questions during the day ;) [21:19:12] so does it just lay down files, that helm consumes? [21:19:25] technically `helmfile` which is a meta-templating abomination [21:19:27] feel free to just tell me to RTFS [21:19:38] nod, okay makes sense [21:20:16] oh actually [21:20:33] the best documentation is in templates.values in this file https://gerrit.wikimedia.org/r/plugins/gitiles/operations/deployment-charts/+/refs/heads/master/helmfile.d/services/_example_/helmfile.yaml#26 [21:21:03] and then ofc there's the special case of kube-system secrets [21:22:14] ... I think [21:23:31] ah, not for the top-level admin_ng helmfile, but, often the sub-helmfiles work similarly: https://gerrit.wikimedia.org/r/plugins/gitiles/operations/deployment-charts/+/refs/heads/master/helmfile.d/admin_ng/cert-manager/helmfile.yaml [21:25:37] oh and related, there's also `profile::kubernetes::deployment_server::services` which both affects what namespaces (+ role users) exist in the k8s clusters, and, causes kubectl kubeconfigs giving access to those namespaces to materalize on the deployment hosts, with appropriate unix permissions [21:25:45] which is part of the model of just dumping secrets to separate files [21:28:54] thanks that is helpful, the inject_secret function is interesting [21:31:16] though I can't find an example of its use... [21:32:29] uh I think the only usages are in helmfile.pp, and in a spec test haha [21:34:12] I found one is secret puppet, which is surprising, because the function states that its advantage is not having to store the surrounding yaml in secret puppet, \o/ [21:34:40] fascinating