secret for a service account

Question

secret for a service account

Closed this issue 2 years ago · 3 comments

balagurrr commented 2 years ago

please do the secret creation for the service account like this

yc iam key create iamkey \ --service-account-id=<your service account ID> --format=json \ --output=iamkey.json

Answer 1 · 2022-06-10T07:31:45.000Z

Do you mean that you need static key resource that renders json key in crossplane? @balagurrr

Answer 2 · 2022-06-10T08:21:08.000Z

I need like this

apiVersion: iam.yandex-cloud.jet.crossplane.io/v1alpha1
kind: ServiceAccountKey
metadata:
  name: example-sa-key
spec:
  forProvider:
    description: "service account key"
    serviceAccountIdRef:
      name: example-sa
  providerConfigRef:
    name: example
  writeConnectionSecretToRef:
    name: sa-key
    namespace: crossplane-system

but write to secret json iamkey
this secret need for https://github.com/yandex-cloud/cert-manager-webhook-yandex, for example

Answer 3 · 2022-06-14T09:09:04.000Z

Hi!
I've add json with ServiceAccountKey as connection details in v0.1.24 tag.

Try:

Add connection details section in resource spec

writeConnectionSecretToRef:
    name: sa-key-conn
    namespace: crossplane-system

Create resource
Find json with key in: kubectl get secret -n crossplane-system sa-key-conn -o json | jq -r .data.service_account_key | base64 -d