-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecret.yaml
More file actions
43 lines (41 loc) · 1.3 KB
/
secret.yaml
File metadata and controls
43 lines (41 loc) · 1.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
apiVersion: v1
kind: Secret
metadata:
name: test-secret
namespace: default
type: Opaque
stringData:
# STACKIT project ID (UUID format)
project-id: "12345678-1234-1234-1234-123456789012"
# STACKIT Service Account Key (JSON format)
#
# How to obtain:
# 1. Login to STACKIT Portal (https://portal.stackit.cloud)
# 2. Navigate to your project
# 3. Go to: Project Settings → Service Accounts
# 4. Click "Create Service Account" (or use existing one)
# 5. Click "Create Key" on the service account
# 6. Download the JSON key file
# 7. Copy the entire JSON content here (including credentials and privateKey)
#
# The JSON contains:
# - credentials: JWT claims (iss, sub, aud) for token generation
# - privateKey: RSA private key for signing JWT tokens
#
# Security: Never commit this secret to source control!
# Use Kubernetes secrets management or external secret stores.
serviceaccount.json: |
{
"credentials": {
"iss": "service-account-email@sa.stackit.cloud",
"sub": "uuid-of-service-account",
"aud": "stackit"
},
"privateKey": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
}
# Cloud-init user data for VM bootstrapping
# optional
userData: |
# cloud-config
runcmd:
- echo "Machine bootstrapped"