This document describes the fields in a Secrets configuration file. You use a Secrets configuration file when you create prepared Secrets.
A Secrets configuration file holds a set of Secret groups. Each group has the name of a Kubernetes namespace and credentials for one or more of the following:
- vCenter Server
- F5 BIG-IP
- A component access service account
- A connect-register service account
- A logging-monitoring service account
- An audit logging service account
- A usage metering service account
- Private registry
You provide a Secrets configuration file as input to the gkectl create secrets
command. For each Secret group, the command creates Kubernetes Secrets: one
Secret for each of the credentials in the group. The command creates the Secrets
in an admin cluster in the specified Kubernetes namespace.
To get started, create a template for your Secrets configuration file:
gkectl create-config secrets
Template
Filling in the fields in a Secrets configuration file
secretGroups
An array of objects. Each object has the name of a Kubernetes namespace and a set of credentials.
secretGroups[i].namespace
A name of your choice for a Kubernetes namespace that will hold a set of
Secrets. The name must begin with gke-onprem-secrets-.
Example:
secretGroups:
- namespace: "gke-onprem-secrets-bob"
secrets:
...
- namespace: "gke-onprem-secrets-alice"
secrets:
...
secretGroups[i].secrets.vCenter
The username and password of a vCenter account.
Example:
secretGroups:
- namespace: "gke-onprem-secrets-bob"
secrets:
vCenter:
username: "vc-bob"
password: "U$icUKEW#INE"
secretGroups[i].secrets.f5BigIP
The username and password of an F5 BIG-IP account.
Example:
secretGroups:
- namespace: "gke-onprem-secrets-bob"
secrets:
f5BigIP:
username: "f5-bob"
password: "exvQVx^@L%F1"
secretGroups[i].secrets.componentAccessServiceAccount.serviceAccountKeyPath
The path of a JSON key file for a component access service account.
secretGroups:
- namespace: "gke-onprem-secrets-bob"
secrets:
componentAccessServiceAccount:
serviceAccountKeyPath: "my-folder/component-access-key.json"
secretGroups[i].secrets.registerServiceAccount.serviceAccountKeyPath
The path of a JSON key file for a connect-register service account.
secretGroups:
- namespace: "gke-onprem-secrets-bob"
secrets:
registerServiceAccount:
serviceAccountKeyPath: "my-folder/connect-register-key.json"
secretGroups[i].secrets.stackdriverServiceAccount.serviceAccountKeyPath
The path of a JSON key file for a logging-monitoring service account.
Example:
secretGroups:
- namespace: "gke-onprem-secrets-bob"
secrets:
stackdriverServiceAccount:
serviceAccountKeyPath: "my-folder/log-mon-key.json"
secretGroups[i].secrets.cloudAuditLoggingServiceAccount.serviceAccountKeyPath
The path of a JSON key file for an audit logging service account.
secretGroups:
- namespace: "gke-onprem-secrets-bob"
secrets:
cloudAuditLoggingServiceAccount:
serviceAccountKeyPath: "my-folder/audit-log-key.json"
secretGroups[i].secrets.usageMeteringServiceAccount.serviceAccountKeyPath
The path of a JSON key file for a usage metering service account.
secretGroups:
- namespace: "gke-onprem-secrets-bob"
secrets:
usageMeteringServiceAccount:
serviceAccountKeyPath: "my-folder/usage-metering-key.json"
secretGroups[i].secrets.privateRegistry
The username and password of the private registry if using the private registry.
Example:
secretGroups:
- namespace: "gke-onprem-secrets-bob"
secrets:
privateRegistry:
username: "registry-user-bob"
password: "f[vuV3^@L*4g"