apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccountKey
metadata:
  name: edge-agent-${cluster_uuid}-gcp-api-key
spec:
  serviceAccountRef:
    name: service-account.${cluster_uuid}.edge-agent
---
apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
kind: SecretManagerSecret
metadata:
  name: edge-agent-${cluster_uuid}-gcp-api-key
spec:
  replication:
    automatic: true
---
apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
kind: SecretManagerSecretVersion
metadata:
  name: secret-manager-secret-version.${cluster_uuid}.edge-agent
spec:
  secretRef:
    name: edge-agent-${cluster_uuid}-gcp-api-key
  enabled: true
  secretData:
    valueFrom:
      secretKeyRef:
        name: edge-agent-${cluster_uuid}-gcp-api-key
        key: key.json