1apiVersion: v1
2kind: Namespace
3metadata:
4 name: edge-system
5---
6apiVersion: external-secrets.io/v1beta1
7kind: ExternalSecret
8metadata:
9 name: edge-sql-password
10 namespace: edge-system
11spec:
12 data:
13 - remoteRef:
14 key: edge-sql-password
15 secretKey: password
16 secretStoreRef:
17 name: gcp-provider
18 kind: ClusterSecretStore
19 target:
20 name: edge-sql-password
21 creationPolicy: Owner
22---
23apiVersion: iam.cnrm.cloud.google.com/v1beta1
24kind: IAMPolicyMember
25metadata:
26 name: essa-edge-sql-password
27 namespace: edge-system
28spec:
29 member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
30 resourceRef:
31 apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
32 kind: SecretManagerSecret
33 external: projects/${gcp_project_id}/secrets/edge-sql-password
34 role: roles/secretmanager.secretAccessor
35---
36apiVersion: external-secrets.io/v1beta1
37kind: ExternalSecret
38metadata:
39 name: edge-db-read-only-user-pass
40 namespace: edge-system
41spec:
42 data:
43 - remoteRef:
44 key: edge-db-read-only-user-pass
45 secretKey: password
46 secretStoreRef:
47 name: gcp-provider
48 kind: ClusterSecretStore
49 target:
50 name: edge-db-read-only-user-pass
51 creationPolicy: Owner
52---
53apiVersion: iam.cnrm.cloud.google.com/v1beta1
54kind: IAMPolicyMember
55metadata:
56 name: essa-edge-db-read-only-user-pass
57spec:
58 member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
59 resourceRef:
60 apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
61 kind: SecretManagerSecret
62 external: projects/${gcp_project_id}/secrets/edge-db-read-only-user-pass
63 role: roles/secretmanager.secretAccessor
View as plain text