Docs: Clarify development style guide for Certificate secrets
Summary
We should clarify the difference and expectations of Secrets containing certificates.
https://docs.gitlab.com/charts/development/style_guide.html#certificates does not provide enough clarification.
Details
Quoting the docs in their current state:
registry:
certificate:
secret: <secret name>
key: <key name inside the secret to fetch>
Except, in many cases, we're explicitly expect a Secret of type: kubernetes.io/tls
as made by kubectl create secret tls ...
in place of kubectl create secret genertic ...
Why? This particular certificate is not a TLS/SSL certificate, but rather the JWT signing certificate's public content that the Registry chart loads, so that it can verify the authentication payloads from the GitLab API.
There's a distinction between secret type
s, and we should ensure each is clearly documented.