1apiVersion: external-secrets.io/v1beta1
2kind: ClusterExternalSecret
3metadata:
4 name: "edge-helm-secret"
5spec:
6 externalSecretName: "edge-helm-secret"
7 externalSecretSpec:
8 data:
9 - remoteRef:
10 key: platform-helm-read
11 property: helmUrl
12 secretKey: helmUrl
13 - remoteRef:
14 key: platform-helm-read
15 property: helm_repo_name
16 secretKey: helm_repo_name
17 - remoteRef:
18 key: platform-helm-read
19 property: password
20 secretKey: password
21 - remoteRef:
22 key: platform-helm-read
23 property: username
24 secretKey: username
25 refreshInterval: "1m0s"
26 secretStoreRef:
27 name: gcp-provider
28 kind: ClusterSecretStore
29 target:
30 name: edge-helm-secret
31 template:
32 type: opaque
33 namespaceSelector:
34 matchExpressions:
35 - key: workload.edge.ncr.com
36 operator: In
37 values:
38 - "helm"
39 refreshTime: "1m0s"
40---
41apiVersion: iam.cnrm.cloud.google.com/v1beta1
42kind: IAMPolicyMember
43metadata:
44 name: platform-helm-read-${cluster_hash}
45spec:
46 member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
47 resourceRef:
48 apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
49 kind: SecretManagerSecret
50 external: projects/${gcp_project_id}/secrets/platform-helm-read
51 role: roles/secretmanager.secretAccessor
View as plain text