cyberark/secrets-provider-for-k8s

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: test-app
  name: test-app
  namespace: test-app-namespace
spec:
  selector:
    matchLabels:
      app: test-app
  replicas: 1
  template:
    metadata:
      labels:
        app: test-app
    spec:
      serviceAccountName: test-app-sa
      containers:
      - name: test-app
        image: ubuntu:latest
        command: [ "sleep" ]
        args: [ "infinity" ]
        env:
          - name: DB_USERNAME
            valueFrom:
              secretKeyRef:
                name: test-app-secrets-provider-k8s-secret
                key: DB_USERNAME
          - name: DB_PASSWORD
            valueFrom:
              secretKeyRef:
                name: test-app-secrets-provider-k8s-secret
                key: DB_PASSWORD
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
              - all
      initContainers:
      - image: cyberark/secrets-provider-for-k8s
        imagePullPolicy: Always
        name: cyberark-secrets-provider-for-k8s
        env:
          - name: CONJUR_AUTHN_LOGIN
            value: host/conjur/authn-k8s/my-authenticator-id/apps/test-app
          - name: CONTAINER_MODE
            value: init
          - name: MY_POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: MY_POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: K8S_SECRETS
            value: test-app-secrets-provider-k8s-secret
          - name: SECRETS_DESTINATION
            value: k8s_secrets
        envFrom:
          - configMapRef:
              name: conjur-connect
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
              - all