apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccountKey
metadata:
  name: ${pallet_name}-${cluster_uuid}-gcp-api-key
spec:
  serviceAccountRef:
    name: bff-sa
---
apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
kind: SecretManagerSecret
metadata:
  name: ${pallet_name}-${cluster_uuid}-gcp-api-key
spec:
  replication:
    automatic: true
---
apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
kind: SecretManagerSecretVersion
metadata:
  name: ${pallet_name}-${cluster_uuid}-gcp-api-key
spec:
  secretRef:
    name: ${pallet_name}-${cluster_uuid}-gcp-api-key
  enabled: true
  secretData:
    valueFrom:
      secretKeyRef:
        name: ${pallet_name}-${cluster_uuid}-gcp-api-key
        key: key.json