mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity
external-secrets/docs/api/generator/gcr.md
Sebastián Gómez fc7281a39b
Added examples for all the Generators in the docs. Fixes #2260 (#2261) 
Also, some generators's examples didn't have the `.metadata.name` property.

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>
2023-04-26 17:00:14 -03:00

1.4 KiB
Raw Blame History

GCRAccessToken creates a GCP Access token that can be used to authenticate with GCR in order to pull OCI images. You won't need any extra permissions to request for a token, but the token would only work against a GCR if the token requester (service Account or WI) has the appropriate access

You must specify the spec.projectID in which GCR is located.

Output Keys and Values

Key Description
username username for the docker login command.
password password for the docker login command.
expiry time when token expires in UNIX time (seconds since January 1, 1970 UTC).

Authentication

Workload Identity

Use spec.auth.workloadIdentity to point to a Service Account that has Workload Identity enabled. For details see GCP Secret Manager.

GCP Service Account

Use spec.auth.secretRef to point to a Secret that contains a GCP Service Account. For details see GCP Secret Manager.

Example Manifest

{% include 'generator-gcr.yaml' %}

Example ExternalSecret that references the GCR generator:

{% include 'generator-gcr-example.yaml' %}