Last active
November 5, 2019 19:07
-
-
Save whip113/627aecec622d086414d32c134e0f2614 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: apps/v1beta1 | |
kind: Deployment | |
metadata: | |
labels: | |
app: cli-app | |
name: cli-app | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app: cli-app | |
template: | |
metadata: | |
labels: | |
app: cli-app | |
spec: | |
serviceAccountName: cli-app-sa #< APP_SERVICE_ACCOUNT_NAME > | |
containers: | |
- image: conjurin/cli:5 #< TEST_APP_DOCKER_IMAGE > | |
imagePullPolicy: Always | |
name: test-app | |
command: "sleep" | |
args: "infinity" | |
env: | |
- name: CONJUR_VERSION | |
value: '5' # Major Version of Conjur deployed | |
- name: CONJUR_APPLIANCE_URL | |
value: "https://conjur-follower.svc.local" #Address to reach the Conjur appliance (follower in k8s) | |
- name: CONJUR_ACCOUNT | |
value: lab #Organization account, aka, default policy namespace in Conjur | |
- name: CONJUR_AUTHN_TOKEN_FILE | |
value: /run/conjur/access-token | |
- name: CONJUR_SSL_CERTIFICATE | |
valueFrom: | |
configMapKeyRef: | |
name: ssl-certificate #< CONFIG_MAP_NAME > | |
key: ssl-certificate | |
volumeMounts: | |
- mountPath: /run/conjur | |
name: conjur-access-token | |
readOnly: true | |
- image: cyberark/conjur-kubernetes-authenticator | |
imagePullPolicy: Always | |
name: authenticator #<AUTHENTICATOR_CLIENT_CONTAINER_NAME> | |
env: | |
- name: CONTAINER_MODE | |
value: init | |
- name: MY_POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: MY_POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- name: MY_POD_IP | |
valueFrom: | |
fieldRef: | |
fieldPath: status.podIP | |
- name: CONJUR_VERSION | |
value: '5' #'< CONJUR_VERSION >' | |
- name: CONJUR_AUTHN_URL | |
value: "https://conjur-follower.svc.local/authn-k8s/" #"< CONJUR_AUTHN_URL >" | |
- name: CONJUR_ACCOUNT | |
value: lab #< CONJUR_ACCOUNT > | |
- name: CONJUR_AUTHN_LOGIN | |
# Authn ID for the "host" defined in DAP with the format | |
# "host/<policy_branch>/apps/<k8s_ns/service_account/k8s_sa" | |
value: "host/my_app/apps/<k8s_namespace>/service_account/<k8s_service_acct>" | |
- name: CONJUR_SSL_CERTIFICATE | |
valueFrom: | |
configMapKeyRef: | |
name: ssl-certificate #< CONFIG_MAP_NAME > | |
key: ssl-certificate | |
volumeMounts: | |
- mountPath: /run/conjur | |
name: conjur-access-token | |
imagePullSecrets: | |
- name: dockerpullsecret | |
volumes: | |
- name: conjur-access-token | |
emptyDir: | |
medium: Memory: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment