...

Text file src/edge-infra.dev/config/pallets/edge/clusterctl/base/external-secrets.yaml

Documentation: edge-infra.dev/config/pallets/edge/clusterctl/base

     1apiVersion: external-secrets.io/v1beta1
     2kind: ExternalSecret
     3metadata:
     4  name: ldkey
     5  labels:
     6    platform.edge.ncr.com/component: clusterctl
     7spec:
     8  data:
     9  - remoteRef:
    10      key: edge-backend-launch-darkly-sdk-key
    11    secretKey: LD_KEY
    12  refreshInterval: 1m
    13  secretStoreRef:
    14    name: gcp-provider
    15    kind: ClusterSecretStore
    16  target:
    17    name: ldkey
    18    creationPolicy: Owner
    19---
    20apiVersion: iam.cnrm.cloud.google.com/v1beta1
    21kind: IAMPolicyMember
    22metadata:
    23  name: essa-clusterctl-launch-darkly-sdk-key
    24spec:
    25  member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    26  resourceRef:
    27    apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
    28    kind: SecretManagerSecret
    29    external: projects/${gcp_project_id}/secrets/edge-backend-launch-darkly-sdk-key
    30  role: roles/secretmanager.secretAccessor
    31---
    32apiVersion: external-secrets.io/v1beta1
    33kind: ExternalSecret
    34metadata:
    35  name: edge-totp-secret-key
    36  labels:
    37    platform.edge.ncr.com/component: clusterctl
    38spec:
    39  data:
    40  - remoteRef:
    41      key: edge-backend-totp-secret
    42    secretKey: TOTP_SECRET_KEY
    43  refreshInterval: 1m
    44  secretStoreRef:
    45    name: gcp-provider
    46    kind: ClusterSecretStore
    47  target:
    48    name: edge-totp-secret-key
    49    creationPolicy: Owner
    50---
    51apiVersion: iam.cnrm.cloud.google.com/v1beta1
    52kind: IAMPolicyMember
    53metadata:
    54  name: essa-edge-backend-totp-secret
    55spec:
    56  member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    57  resourceRef:
    58    apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
    59    kind: SecretManagerSecret
    60    external: projects/${gcp_project_id}/secrets/edge-backend-totp-secret
    61  role: roles/secretmanager.secretAccessor
    62---
    63apiVersion: external-secrets.io/v1beta1
    64kind: ExternalSecret
    65metadata:
    66  name: edge-bsl
    67  labels:
    68    platform.edge.ncr.com/component: clusterctl
    69spec:
    70  data:
    71  - remoteRef:
    72      key: edge-bsl-prod-admin
    73      property: secret-key
    74    secretKey: EDGE_BSL_SECRET_KEY
    75  - remoteRef:
    76      key: edge-bsl-prod-admin
    77      property: shared-key
    78    secretKey: EDGE_BSL_SHARED_KEY
    79  refreshInterval: 1m
    80  secretStoreRef:
    81    name: gcp-foreman-provider
    82    kind: ClusterSecretStore
    83  target:
    84    name: edge-bsl
    85    creationPolicy: Owner
    86---
    87apiVersion: iam.cnrm.cloud.google.com/v1beta1
    88kind: IAMPolicyMember
    89metadata:
    90  name: essa-edge-bsl-prod-admin
    91spec:
    92  member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    93  resourceRef:
    94    apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
    95    kind: SecretManagerSecret
    96    external: projects/${foreman_gcp_project_id}/secrets/edge-bsl-prod-admin
    97  role: roles/secretmanager.secretAccessor

View as plain text