...
1apiVersion: external-secrets.io/v1beta1
2kind: ExternalSecret
3metadata:
4 name: remote-agent-configuration
5spec:
6 data:
7 - remoteRef:
8 key: remotecli-${cluster_uuid}-gcp-api-key
9 secretKey: adcKey
10 refreshInterval: 1m
11 secretStoreRef:
12 name: gcp-provider
13 kind: ClusterSecretStore
14 target:
15 template:
16 engineVersion: v2
17 templateFrom:
18 - configMap:
19 name: remote-agent-configuration
20 items:
21 - key: key.json
22 - key: config.yaml.tpl
23 creationPolicy: Owner
24---
25apiVersion: iam.cnrm.cloud.google.com/v1beta1
26kind: IAMPolicyMember
27metadata:
28 name: essa-remotecli-${cluster_uuid}-gcp-api-key
29spec:
30 member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
31 resourceRef:
32 apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
33 kind: SecretManagerSecret
34 external: projects/${gcp_project_id}/secrets/remotecli-${cluster_uuid}-gcp-api-key
35 role: roles/secretmanager.secretAccessor
View as plain text