This document describes the fields in a Secrets configuration file. You use a Secrets configuration file when you create prepared Secrets.
A Secrets configuration file holds a set of Secret groups. Each group has the name of a Kubernetes namespace and credentials for one or more of the following:
- vCenter Server
- F5 BIG-IP
- A component access service account
- A connect-register service account
- A logging-monitoring service account
- An audit logging service account
- A usage metering service account
- Private registry
You provide a Secrets configuration file as input to the gkectl create secrets command. For each Secret group, the command creates Kubernetes Secrets: one Secret for each of the credentials in the group. The command creates the Secrets in an admin cluster in the specified Kubernetes namespace.
To get started, create a template for your Secrets configuration file:
gkectl create-config secrets
Template
Filling in the fields in a Secrets configuration file
secretGroups
An array of objects. Each object has the name of a Kubernetes namespace and a set of credentials.
For an admin cluster, only one Secret group is allowed.
secretGroups[i].namespace
User cluster only.
A name of your choice for a Kubernetes namespace that will hold a set of Secrets. The name must begin with gke-onprem-secrets-.
Example:
secretGroups: - namespace: "gke-onprem-secrets-bob" secrets: ... - namespace: "gke-onprem-secrets-alice" secrets: ...
secretGroups[i].secrets.vCenter
The username and password of a vCenter account.
Example:
secretGroups: - namespace: "gke-onprem-secrets-bob" secrets: vCenter: username: "vc-bob" password: "U$icUKEW#INE"
secretGroups[i].secrets.f5BigIP
The username and password of an F5 BIG-IP account.
Example:
secretGroups: - namespace: "gke-onprem-secrets-bob" secrets: f5BigIP: username: "f5-bob" password: "exvQVx^@L%F1"
secretGroups[i].secrets.componentAccessServiceAccount.serviceAccountKeyPath
The path of a JSON key file for a component access service account.
secretGroups: - namespace: "gke-onprem-secrets-bob" secrets: componentAccessServiceAccount: serviceAccountKeyPath: "my-folder/component-access-key.json"
secretGroups[i].secrets.registerServiceAccount.serviceAccountKeyPath
The path of a JSON key file for a connect-register service account.
secretGroups: - namespace: "gke-onprem-secrets-bob" secrets: registerServiceAccount: serviceAccountKeyPath: "my-folder/connect-register-key.json"
secretGroups[i].secrets.stackdriverServiceAccount.serviceAccountKeyPath
The path of a JSON key file for a logging-monitoring service account.
Example:
secretGroups: - namespace: "gke-onprem-secrets-bob" secrets: stackdriverServiceAccount: serviceAccountKeyPath: "my-folder/log-mon-key.json"
secretGroups[i].secrets.cloudAuditLoggingServiceAccount.serviceAccountKeyPath
The path of a JSON key file for an audit logging service account.
secretGroups: - namespace: "gke-onprem-secrets-bob" secrets: cloudAuditLoggingServiceAccount: serviceAccountKeyPath: "my-folder/audit-log-key.json"
secretGroups[i].secrets.privateRegistry
The username and password of the private registry if using the private registry.
Example:
secretGroups: - namespace: "gke-onprem-secrets-bob" secrets: privateRegistry: username: "registry-user-bob" password: "f[vuV3^@L*4g"