apiVersion: v1
kind: Secret
metadata:
  name: service-account
  namespace: test-pods
stringData:
  service-account.json: |
    {
      "universe_domain": "googleapis.com",
      "type": "external_account",
      "audience": "//iam.googleapis.com/projects/16065310909/locations/global/workloadIdentityPools/ibm-clusters/providers/ppc64le",
      "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
      "token_url": "https://sts.googleapis.com/v1/token",
      "credential_source": {
        "file": "/var/run/secrets/google-iam-token/serviceaccount/token",
        "format": {
          "type": "text"
        }
      }
    }
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: prow-job-api-key
  namespace: test-pods
spec:
  refreshInterval: 30m
  secretStoreRef:
    name: secretstore-ibm-k8s
    kind: ClusterSecretStore
  target:
    name: prow-job-api-key
    creationPolicy: Owner
  data:
    - secretKey: key
      remoteRef:
        key: iam_credentials/32412dc3-aa99-d54d-4b9b-7b33a8c741a3
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: prow-job-ssh-private-key
  namespace: test-pods
spec:
  refreshInterval: 60m
  secretStoreRef:
    name: secretstore-ibm-k8s
    kind: ClusterSecretStore
  target:
    name: prow-job-ssh-private-key
    creationPolicy: Owner
  data:
    - secretKey: ssh-privatekey
      remoteRef:
        key: 72d8039f-6cfc-1bbf-ba8e-d85985b42ee0
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: boskos-janitor-api-key
  namespace: test-pods
spec:
  refreshInterval: 60m
  secretStoreRef:
    name: secretstore-ibm-k8s
    kind: ClusterSecretStore
  target:
    name: boskos-janitor-api-key
    creationPolicy: Owner
  data:
    - secretKey: api-key
      remoteRef:
        key: iam_credentials/51518fbd-1667-f811-99ba-72688fd6c703