...

Text file src/edge-infra.dev/config/pallets/sds/nodeagent/base/remoteagentconfig/external-secret.yaml

Documentation: edge-infra.dev/config/pallets/sds/nodeagent/base/remoteagentconfig

     1apiVersion: external-secrets.io/v1beta1
     2kind: ExternalSecret
     3metadata:
     4  name: remote-agent-configuration
     5spec:
     6  data:
     7  - remoteRef:
     8      key: remotecli-${cluster_uuid}-gcp-api-key
     9    secretKey: adcKey
    10  refreshInterval: 1m
    11  secretStoreRef:
    12    name: gcp-provider
    13    kind: ClusterSecretStore
    14  target:
    15    template:
    16      engineVersion: v2
    17      templateFrom:
    18      - configMap:
    19          name: remote-agent-configuration
    20          items:
    21          - key: key.json
    22          - key: config.yaml.tpl
    23    creationPolicy: Owner
    24---
    25apiVersion: iam.cnrm.cloud.google.com/v1beta1
    26kind: IAMPolicyMember
    27metadata:
    28  name: essa-remotecli-${cluster_uuid}-gcp-api-key
    29spec:
    30  member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    31  resourceRef:
    32    apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
    33    kind: SecretManagerSecret
    34    external: projects/${gcp_project_id}/secrets/remotecli-${cluster_uuid}-gcp-api-key
    35  role: roles/secretmanager.secretAccessor

View as plain text