Step 3 - Enable your GKE cluster to access Secrets
    • PDF

    Step 3 - Enable your GKE cluster to access Secrets

    • PDF

    Article summary

    Managed Identity - Create Service Account

    To enable your GKE cluster to access Secrets, you need to create the following Service Account.

    • Create Service Account:
    gcloud iam service-accounts create external-secrets-sa --display-name="External Secrets Service Account"
    • Grant permissions to the newly created Service Account:
    gcloud projects add-iam-policy-binding [project_id] \
      --member="serviceAccount:external-secrets-sa@[project_id].iam.gserviceaccount.com" \
      --role="roles/secretmanager.secretAccessor"
    • Generate a key file from the Service Account created in the previous step above:
    gcloud iam service-accounts keys create keyfile.json \
      --iam-account="external-secrets-sa@[project_id].iam.gserviceaccount.com"

    Note: the Secret below [gcp-secret] will be used during Step 7 to install cdrplatform-external-secrets.

    • Create a Kubernetes Secrets from the contents of the key file created above:
    kubectl create secret generic gcp-secret --from-file=keyfile.json


     


    Was this article helpful?