apiVersion: v1
kind: Secret
metadata:
  name: service-account
  namespace: test-pods
stringData:
  service-account.json: |
    {
      "universe_domain": "googleapis.com",
      "type": "external_account",
      "audience": "//iam.googleapis.com/projects/16065310909/locations/global/workloadIdentityPools/ibm-clusters/providers/s390x",
      "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
      "token_url": "https://sts.googleapis.com/v1/token",
      "credential_source": {
        "file": "/var/run/secrets/google-iam-token/serviceaccount/token",
        "format": {
          "type": "text"
        }
      }
    }

---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: prow-job-api-key
  namespace: test-pods
spec:
  refreshInterval: 30m
  secretStoreRef:
    name: secretstore-ibm-k8s
    kind: ClusterSecretStore
  target:
    name: prow-job-api-key
    creationPolicy: Owner
  data:
    - secretKey: key
      remoteRef:
        key: iam_credentials/8d0c5130-2b8e-68f7-45b1-eeb54d36fe47
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: prow-job-ssh-private-key
  namespace: test-pods
spec:
  refreshInterval: 60m
  secretStoreRef:
    name: secretstore-ibm-k8s
    kind: ClusterSecretStore
  target:
    name: prow-job-ssh-private-key
    creationPolicy: Owner
  data:
    - secretKey: ssh-privatekey
      remoteRef:
        key: 9bf7242a-f493-7a86-61f3-4c75a1b73022
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: boskos-janitor-api-key
  namespace: test-pods
spec:
  refreshInterval: 60m
  secretStoreRef:
    name: secretstore-ibm-k8s
    kind: ClusterSecretStore
  target:
    name: boskos-janitor-api-key
    creationPolicy: Owner
  data:
    - secretKey: api-key
      remoteRef:
        key: iam_credentials/7e61f6ee-3d8d-f53b-70e7-c274e0dde72d