1apiVersion: external-secrets.io/v1beta1
2kind: ExternalSecret
3metadata:
4 name: ldkey
5 labels:
6 platform.edge.ncr.com/component: clusterctl
7spec:
8 data:
9 - remoteRef:
10 key: edge-backend-launch-darkly-sdk-key
11 secretKey: LD_KEY
12 refreshInterval: 1m
13 secretStoreRef:
14 name: gcp-provider
15 kind: ClusterSecretStore
16 target:
17 name: ldkey
18 creationPolicy: Owner
19---
20apiVersion: iam.cnrm.cloud.google.com/v1beta1
21kind: IAMPolicyMember
22metadata:
23 name: essa-clusterctl-launch-darkly-sdk-key
24spec:
25 member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
26 resourceRef:
27 apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
28 kind: SecretManagerSecret
29 external: projects/${gcp_project_id}/secrets/edge-backend-launch-darkly-sdk-key
30 role: roles/secretmanager.secretAccessor
31---
32apiVersion: external-secrets.io/v1beta1
33kind: ExternalSecret
34metadata:
35 name: edge-totp-secret-key
36 labels:
37 platform.edge.ncr.com/component: clusterctl
38spec:
39 data:
40 - remoteRef:
41 key: edge-backend-totp-secret
42 secretKey: TOTP_SECRET_KEY
43 refreshInterval: 1m
44 secretStoreRef:
45 name: gcp-provider
46 kind: ClusterSecretStore
47 target:
48 name: edge-totp-secret-key
49 creationPolicy: Owner
50---
51apiVersion: iam.cnrm.cloud.google.com/v1beta1
52kind: IAMPolicyMember
53metadata:
54 name: essa-edge-backend-totp-secret
55spec:
56 member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
57 resourceRef:
58 apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
59 kind: SecretManagerSecret
60 external: projects/${gcp_project_id}/secrets/edge-backend-totp-secret
61 role: roles/secretmanager.secretAccessor
62---
63apiVersion: external-secrets.io/v1beta1
64kind: ExternalSecret
65metadata:
66 name: edge-bsl
67 labels:
68 platform.edge.ncr.com/component: clusterctl
69spec:
70 data:
71 - remoteRef:
72 key: edge-bsl-prod-admin
73 property: secret-key
74 secretKey: EDGE_BSL_SECRET_KEY
75 - remoteRef:
76 key: edge-bsl-prod-admin
77 property: shared-key
78 secretKey: EDGE_BSL_SHARED_KEY
79 refreshInterval: 1m
80 secretStoreRef:
81 name: gcp-foreman-provider
82 kind: ClusterSecretStore
83 target:
84 name: edge-bsl
85 creationPolicy: Owner
86---
87apiVersion: iam.cnrm.cloud.google.com/v1beta1
88kind: IAMPolicyMember
89metadata:
90 name: essa-edge-bsl-prod-admin
91spec:
92 member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
93 resourceRef:
94 apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
95 kind: SecretManagerSecret
96 external: projects/${foreman_gcp_project_id}/secrets/edge-bsl-prod-admin
97 role: roles/secretmanager.secretAccessor
View as plain text