Text file src/edge-infra.dev/config/pallets/o11y/grafana/base/external-secret.yaml

Documentation: edge-infra.dev/config/pallets/o11y/grafana/base

     1apiVersion: external-secrets.io/v1beta1
     2kind: ExternalSecret
     3metadata:
     4  name: grafana-creds-es
     5spec:
     6  data:
     7  - remoteRef:
     8      key: grafana-creds-pass
     9    secretKey: GF_SECURITY_ADMIN_PASSWORD
    10  - remoteRef:
    11      key: grafana-creds-admin
    12    secretKey: GF_SECURITY_ADMIN_USER
    13  refreshInterval: 5m
    14  secretStoreRef:
    15    name: gcp-provider
    16    kind: ClusterSecretStore
    17  target:
    18    name: grafana-admin-credentials
    19    creationPolicy: Owner
    20---
    21apiVersion: iam.cnrm.cloud.google.com/v1beta1
    22kind: IAMPolicyMember
    23metadata:
    24  name: essa-grafana-creds-admin-${cluster_hash}
    25spec:
    26  member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    27  resourceRef:
    28    apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
    29    kind: SecretManagerSecret
    30    external: projects/${gcp_project_id}/secrets/grafana-creds-admin
    31  role: roles/secretmanager.secretAccessor
    32---
    33apiVersion: iam.cnrm.cloud.google.com/v1beta1
    34kind: IAMPolicyMember
    35metadata:
    36  name: essa-grafana-creds-pass-${cluster_hash}
    37spec:
    38  member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    39  resourceRef:
    40    apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
    41    kind: SecretManagerSecret
    42    external: projects/${gcp_project_id}/secrets/grafana-creds-pass
    43  role: roles/secretmanager.secretAccessor

View as plain text