...

Text file src/edge-infra.dev/config/pallets/edge/db/external-secrets.yaml

Documentation: edge-infra.dev/config/pallets/edge/db

     1apiVersion: v1
     2kind: Namespace
     3metadata:
     4  name: edge-system
     5---
     6apiVersion: external-secrets.io/v1beta1
     7kind: ExternalSecret
     8metadata:
     9  name: edge-sql-password
    10  namespace: edge-system
    11spec:
    12  data:
    13  - remoteRef:
    14      key: edge-sql-password
    15    secretKey: password
    16  secretStoreRef:
    17    name: gcp-provider
    18    kind: ClusterSecretStore
    19  target:
    20    name: edge-sql-password
    21    creationPolicy: Owner
    22---
    23apiVersion: iam.cnrm.cloud.google.com/v1beta1
    24kind: IAMPolicyMember
    25metadata:
    26  name: essa-edge-sql-password
    27  namespace: edge-system
    28spec:
    29  member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    30  resourceRef:
    31    apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
    32    kind: SecretManagerSecret
    33    external: projects/${gcp_project_id}/secrets/edge-sql-password
    34  role: roles/secretmanager.secretAccessor
    35---
    36apiVersion: external-secrets.io/v1beta1
    37kind: ExternalSecret
    38metadata:
    39  name: edge-db-read-only-user-pass
    40  namespace: edge-system
    41spec:
    42  data:
    43  - remoteRef:
    44      key: edge-db-read-only-user-pass
    45    secretKey: password
    46  secretStoreRef:
    47    name: gcp-provider
    48    kind: ClusterSecretStore
    49  target:
    50    name: edge-db-read-only-user-pass
    51    creationPolicy: Owner
    52---
    53apiVersion: iam.cnrm.cloud.google.com/v1beta1
    54kind: IAMPolicyMember
    55metadata:
    56  name: essa-edge-db-read-only-user-pass
    57spec:
    58  member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    59  resourceRef:
    60    apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
    61    kind: SecretManagerSecret
    62    external: projects/${gcp_project_id}/secrets/edge-db-read-only-user-pass
    63  role: roles/secretmanager.secretAccessor

View as plain text