4.2.2. Admin credentials root secret format
Each cloud provider uses a credentials root secret in the
kube-system namespace by convention, which is then used to satisfy all credentials requests and create their respective secrets. This is done either by minting new credentials, Mint Mode, or by copying the credentials root secret, Passthrough Mode.
The format for the secret varies by cloud, and is also used for each
Google Cloud Platform (GCP) secret format
apiVersion: v1 kind: Secret metadata: namespace: kube-system name: gcp-credentials stringData: service_account.json: <ServiceAccount>
In a future release, improvements to the Cloud Credential Operator will prevent situations where a user might enter an upgrade that will fail because their manually maintained credentials have not been updated to match the
CredentialsRequest objects in the upcoming release image.