Undocumented key in signing_secret called signing_service.asc

[mgoldenberg]

Version
v1.0.0-beta.4

Describe the bug

The documentation for metadata signing does not mention that one needs to include two values in the signing_secret - it only mentions that the secret key must be assigned to signing_service.gpg, but not that the public key be assigned to signing_service.asc.

The resulting error is that the relevant pods fail to initialize and we see mount failures that tell us we must include signing_service.asc; however, it is not entirely clear that the public key must be assigned to this value, which requires a bit more digging in the code base.

Events:
  Type     Reason       Age                 From               Message
  ----     ------       ----                ----               -------
  Normal   Scheduled    2m7s                default-scheduler  Successfully assigned pulp/pulp-api-7fb5f45bb-hg2l4 to ip-172-20-46-54.us-west-2.compute.internal
  Warning  FailedMount  64s (x8 over 2m7s)  kubelet            MountVolume.SetUp failed for volume "gpg-keys" : references non-existent secret key: signing_service.asc
  Warning  FailedMount  5s                  kubelet            Unable to attach or mount volumes: unmounted volumes=[gpg-keys], unattached volumes=[kube-api-access-hvm8j gpg-keys ephemeral-gpg pulp-admin-password pulp-container-auth-certs pulp-server pulp-db-fields-encryption]: timed out waiting for the condition

To Reproduce

Follow instructions in documentation here.

Expected behavior

I expected the private key to be imported into the key ring successfully and for the signing services to be created.

Additional context

None

[gerrod3]

It seems we made a mistake requiring signing_service.asc as a needed secret. We'll create a fix to remove it.