[13:10:07] <elukey>	 hey folks, after a chat with Federico I expanded https://wikitech.wikimedia.org/wiki/Kubernetes/Add_a_new_service#Add_private_data/secrets_(optional) with what is my understanding of the current options
[13:16:01] <federico3>	 I've noticed that some services seem to be using the k8s Secret "pattern" with name/type/data structure and some their own custom fields. Could it be possible to have a recommended "default" way to implement services?
[13:17:19] <jayme>	 elukey: cool! maybe also add a note to the secret/checksum annotation for rolling restarts on secret changes
[13:17:36] <jayme>	 {{ include "base.helper.resourcesDataChecksum" (dict "resourceFilePath" "/secret.yaml" "Root" $) }}
[13:18:50] <elukey>	 federico3: the name/type/data structure is use case 1), the other custom fields are use case 2)
[13:19:13] <elukey>	 it depends what you want to do, I added at the end that nowadays the most convenient way is 2), at least for me
[13:19:14] <jayme>	 federico3: I think the scaffolding we provide includes a basic structure for secrets (including templating etc.). But that might not fit all the different needs an possibly existing data structures. So people do derive from that
[13:19:38] <elukey>	 jayme: I think that Federico refers to the secrets charts, that require a certain format
[13:19:45] <jayme>	 oh
[13:19:48] <elukey>	 not config->private
[13:19:51] <elukey>	 (that is more free form)
[13:20:06] * jayme said nothig
[13:20:29] <elukey>	 IIRC me and you created that monster (the secrets chart)
[13:20:51] <jayme>	 a very plausible allegation
[13:21:25] <jayme>	 but what for ... :D
[13:21:51] <elukey>	 true I think it was lift-wing related
[13:21:58] <jayme>	 a very plausible allegation
[13:21:58] <elukey>	 that shifts most of the blame on me
[13:21:59] <federico3>	 https://gerrit.wikimedia.org/r/plugins/gitiles/operations/deployment-charts/+/refs/heads/master/charts/python-webapp/templates/secret.yaml   I'm using python-webapp as chart and it has ths
[13:22:38] <jayme>	 that's the basic scaffold structure I was referring to
[13:23:43] <jayme>	 sometimes charts do have secret values in a different .Values structure. That (and history) are probably the reason for different implementations
[13:24:00] <elukey>	 federico3: yep that is solution 2) in the guide
[13:24:06] <federico3>	 afaict https://kubernetes.io/docs/concepts/configuration/secret/ has a specific layout 
[13:25:04] <elukey>	 federico3: yeah so 2) uses "Opaque" that is defined as "arbitrary user-defined data"
[13:25:48] <elukey>	 the secrets chart has this: type: {{ .type | default "Opaque" }}
[13:26:16] <elukey>	 but they do the same thing, if you check the templates
[13:26:26] <elukey>	 most of the settings are generated for you
[13:35:37] <federico3>	 ok I updated the wiki
[13:41:14] <elukey>	 mmm there was already "Ensure that your chart's template directory contains a file called secret.yaml, with a format similar to the following"