Ana Sayfa Keşfet Yardım
Giriş Yap
logic855
/
helm-external-secrets
şunun yansıması https://github.com/external-secrets/external-secrets
1
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Kaynağa Gözat

Adding snippets to GCP-sm Store

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
Gustavo Carvalho 4 yıl önce
ebeveyn
c3e8830ec8
işleme
34a45cc095
3 değiştirilmiş dosya ile 28 ekleme ve 26 silme
Birleşik Görünüm Farklılık Durumunu Göster
  1. 2 26
      docs/provider-google-secrets-manager.md
  2. 8 0
      docs/snippets/gcpsm-pod-wi-secret-store.yaml
  3. 18 0
      docs/snippets/gcpsm-wi-secret-store.yaml

+ 2 - 26
docs/provider-google-secrets-manager.md
Dosyayı Görüntüle 

@@ -38,24 +38,7 @@ metadata:
 
 You can reference this particular ServiceAccount in a `SecretStore` or `ClusterSecretStore`. It's important that you also set the `projectID`, `clusterLocation` and `clusterName`. The Namespace on the `serviceAccountRef` is ignored when using a `SecretStore` resource. This is needed to isolate the namespaces properly.
 
 You can reference this particular ServiceAccount in a `SecretStore` or `ClusterSecretStore`. It's important that you also set the `projectID`, `clusterLocation` and `clusterName`. The Namespace on the `serviceAccountRef` is ignored when using a `SecretStore` resource. This is needed to isolate the namespaces properly.
 
 
 
 ```yaml
 
 ```yaml
 
-apiVersion: external-secrets.io/v1alpha1
 
-kind: ClusterSecretStore
 
-metadata:
 
-  name: gcp-wi
 
-spec:
 
-  provider:
 
-    gcpsm:
 
-      projectID: my-project
 
-      auth:
 
-        workloadIdentity:
 
-          # name of the cluster region
 
-          clusterLocation: europe-central2
 
-          # name of the GKE cluster
 
-          clusterName: example-workload-identity
 
-          # reference the sa from above
 
-          serviceAccountRef:
 
-            name: team-a
 
-            namespace: team-a
 
+{% include 'gcpsm-wi-secret-store.yaml' %}
 
 ```
 
 ```
 
 
 
 *You need to give the Google service account the `roles/iam.serviceAccountTokenCreator` role so it can generate a service account token for you (not necessary in the Pod-based Workload Identity bellow)*
 
 *You need to give the Google service account the `roles/iam.serviceAccountTokenCreator` role so it can generate a service account token for you (not necessary in the Pod-based Workload Identity bellow)*
 
@@ -90,14 +73,7 @@ The pod now has the identity. Now you need to configure the `SecretStore`.
 
 You just need to set the `projectID`, all other fields can be omitted.
 
 You just need to set the `projectID`, all other fields can be omitted.
 
 
 
 ```yaml
 
 ```yaml
 
-apiVersion: external-secrets.io/v1alpha1
 
-kind: SecretStore
 
-metadata:
 
-  name: example
 
-spec:
 
-  provider:
 
-    gcpsm:
 
-      projectID: pid
 
+{% include 'gcpsm-pod-wi-secret-store.yaml' %}
 
 ```
 
 ```
 
 
 
 ### GCP Service Account authentication
 
 ### GCP Service Account authentication

+ 8 - 0
docs/snippets/gcpsm-pod-wi-secret-store.yaml
Dosyayı Görüntüle 

@@ -0,0 +1,8 @@
 
+apiVersion: external-secrets.io/v1alpha1
 
+kind: SecretStore
 
+metadata:
 
+  name: example
 
+spec:
 
+  provider:
 
+    gcpsm:
 
+      projectID: pid

+ 18 - 0
docs/snippets/gcpsm-wi-secret-store.yaml
Dosyayı Görüntüle 

@@ -0,0 +1,18 @@
 
+apiVersion: external-secrets.io/v1alpha1
 
+kind: ClusterSecretStore
 
+metadata:
 
+  name: example
 
+spec:
 
+  provider:
 
+    gcpsm:
 
+      projectID: my-project
 
+      auth:
 
+        workloadIdentity:
 
+          # name of the cluster region
 
+          clusterLocation: europe-central2
 
+          # name of the GKE cluster
 
+          clusterName: example-workload-identity
 
+          # reference the sa from above
 
+          serviceAccountRef:
 
+            name: team-a
 
+            namespace: team-a