Consider removing jwt-secret from skaffold

[ahmetb]

deploy:
  kubectl:
    manifests:
    - ./kubernetes-manifests/**.yaml
    # deploy a pre-build secret
    # in practice, this should not be checked in to source control
    - ./extras/jwt/jwt-secret.yaml

due to the last line, skaffold iterations (run + delete) are overwriting and deleting the secret generated via

openssl genrsa -out jwtRS256.key 4096
openssl rsa -in jwtRS256.key -outform PEM -pubout -out jwtRS256.key.pub
kubectl create secret generic jwt-key --from-file=./jwtRS256.key --from-file=./jwtRS256.key.pub

in the README.md. I think checking in the secret isn't such a bad idea and since it doesn't provide actual security to this project, it helps people get thinks get up and running much easier.

[daniel-sanche]

This is working as intended. We have two sometimes conflicting goals:

• make it simple to deploy the project
• demonstrate best practices

We tell users how to generate the secret because it's a best practice to create secrets locally, but we use a checked-in version through skaffold because we don't have real sensitive data, and we want it to be easy to deploy.

I like this idea though, because it would meet both goals in a cleaner way: https://github.com/GoogleCloudPlatform/bank-of-anthos/issues/115