Secrets configuration file

This document describes the fields in a Secrets configuration file. You use a Secrets configuration file when you create prepared Secrets.

A Secrets configuration file holds a set of Secret groups. Each group has the name of a Kubernetes namespace and credentials for one or more of the following:

You provide a Secrets configuration file as input to the gkectl create secrets command. For each Secret group, the command creates Kubernetes Secrets: one Secret for each of the credentials in the group. The command creates the Secrets in an admin cluster in the specified Kubernetes namespace.

To get started, create a template for your Secrets configuration file:

gkectl create-config secrets

Template

Filling in the fields in a Secrets configuration file

secretGroups

An array of objects. Each object has the name of a Kubernetes namespace and a set of credentials.

secretGroups[i].namespace

A name of your choice for a Kubernetes namespace that will hold a set of Secrets. The name must begin with gke-onprem-secrets-.

Example:

secretGroups:
- namespace: "gke-onprem-secrets-bob"
  secrets:
    ...
- namespace: "gke-onprem-secrets-alice"
  secrets:
    ...

secretGroups[i].secrets.vCenter

The username and password of a vCenter account.

Example:

secretGroups:
- namespace: "gke-onprem-secrets-bob"
  secrets:
    vCenter:
      username: "vc-bob"
      password: "U$icUKEW#INE"

secretGroups[i].secrets.f5BigIP

The username and password of an F5 BIG-IP account.

Example:

secretGroups:
- namespace: "gke-onprem-secrets-bob"
  secrets:
    f5BigIP:
      username: "f5-bob"
      password: "exvQVx^@L%F1"

secretGroups[i].secrets.componentAccessServiceAccount.serviceAccountKeyPath

The path of a JSON key file for a component access service account.

secretGroups:
- namespace: "gke-onprem-secrets-bob"
  secrets:
    componentAccessServiceAccount:
      serviceAccountKeyPath: "my-folder/component-access-key.json"

secretGroups[i].secrets.registerServiceAccount.serviceAccountKeyPath

The path of a JSON key file for a connect-register service account.

secretGroups:
- namespace: "gke-onprem-secrets-bob"
  secrets:
    registerServiceAccount:
      serviceAccountKeyPath: "my-folder/connect-register-key.json"

secretGroups[i].secrets.stackdriverServiceAccount.serviceAccountKeyPath

The path of a JSON key file for a logging-monitoring service account.

Example:

secretGroups:
- namespace: "gke-onprem-secrets-bob"
  secrets:
    stackdriverServiceAccount:
      serviceAccountKeyPath: "my-folder/log-mon-key.json"

secretGroups[i].secrets.cloudAuditLoggingServiceAccount.serviceAccountKeyPath

The path of a JSON key file for an audit logging service account.

secretGroups:
- namespace: "gke-onprem-secrets-bob"
  secrets:
    cloudAuditLoggingServiceAccount:
      serviceAccountKeyPath: "my-folder/audit-log-key.json"

secretGroups[i].secrets.usageMeteringServiceAccount.serviceAccountKeyPath

The path of a JSON key file for a usage metering service account.

secretGroups:
- namespace: "gke-onprem-secrets-bob"
  secrets:
    usageMeteringServiceAccount:
      serviceAccountKeyPath: "my-folder/usage-metering-key.json"

secretGroups[i].secrets.privateRegistry

The username and password of the private registry if using the private registry.

Example:

secretGroups:
- namespace: "gke-onprem-secrets-bob"
  secrets:
    privateRegistry:
      username: "registry-user-bob"
      password: "f[vuV3^@L*4g"