# Copyright (c) 2023 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
  name: secret-test-pod-cc
spec:
  runtimeClassName: kata
  containers:
  - name: busybox
    image: quay.io/prometheus/busybox:latest
    imagePullPolicy: Always
    command:
    - sh
    - -c
    - |
      unseal_data=$(cat /sealed/secret-value/secret)
      not_sealed_data=$(cat /sealed/not-sealed-secret-value/secret)
      echo "PROTECTED_SECRET = $unseal_data"
      echo "UNPROTECTED_SECRET = $not_sealed_data"
      sleep 1000
    volumeMounts:
        - name: sealed-secret-volume
          mountPath: "/sealed/secret-value"
        - name: not-sealed-secret-volume
          mountPath: "/sealed/not-sealed-secret-value"
  volumes:
    - name: sealed-secret-volume
      secret:
        secretName: sealed-secret
    - name: not-sealed-secret-volume
      secret:
        secretName: not-sealed-secret