Created
June 14, 2021 09:32
-
-
Save sireza/6e71b021fb847395f15c830170fb22b1 to your computer and use it in GitHub Desktop.
Pod Definition with Secret CSI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a sample pod definition for using SecretProviderClass and service-principal to access Keyvault | |
| kind: Pod | |
| apiVersion: v1 | |
| metadata: | |
| name: busybox-secrets-store-inline | |
| spec: | |
| containers: | |
| - name: busybox | |
| image: busybox | |
| command: | |
| - "/bin/sleep" | |
| - "10000" | |
| volumeMounts: | |
| - name: secrets-store-inline | |
| mountPath: "/mnt/secrets-store" | |
| readOnly: true | |
| env: | |
| - name: APP_USERNAME | |
| valueFrom: | |
| secretKeyRef: | |
| key: username | |
| name: csi-secrets | |
| - name: APP_PASSWORD | |
| valueFrom: | |
| secretKeyRef: | |
| key: password | |
| name: csi-secrets | |
| volumes: | |
| - name: secrets-store-inline | |
| csi: | |
| driver: secrets-store.csi.k8s.io | |
| readOnly: true | |
| volumeAttributes: | |
| secretProviderClass: "azure-kvname" | |
| nodePublishSecretRef: | |
| name: secrets-store-creds |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment