apiVersion: apps/v1 kind: Deployment metadata: labels: app: test-app name: test-app spec: replicas: 1 selector: matchLabels: app: test-app template: metadata: labels: app: test-app spec: serviceAccountName: test-app containers: - image: alpine imagePullPolicy: Always name: test-app ports: - containerPort: 8080 env: - name: CONJUR_APPLIANCE_URL value: "https://conjur.myorg.com" - name: CONJUR_ACCOUNT value: default - name: CONJUR_AUTHN_TOKEN_FILE value: /run/conjur/access-token - name: CONJUR_SSL_CERTIFICATE valueFrom: configMapKeyRef: name: conjur-cert key: ssl-certificate volumeMounts: - mountPath: /run/conjur name: conjur-access-token readOnly: true - image: cyberark/conjur-authn-k8s-client imagePullPolicy: Always name: auth-client-container env: - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: MY_POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: CONJUR_AUTHN_URL value: "https://conjur-oss.conjur-oss.svc.cluster.local/authn-k8s/test" - name: CONJUR_ACCOUNT value: default - name: CONJUR_AUTHN_LOGIN value: host/apps/test-app - name: CONJUR_SSL_CERTIFICATE valueFrom: configMapKeyRef: name: conjur-cert key: ssl-certificate volumeMounts: - mountPath: /run/conjur name: conjur-access-token imagePullSecrets: - name: dockerpullsecret volumes: - name: conjur-access-token emptyDir: medium: Memory