kata-containers/tests/integration/kubernetes/runtimeclass_workloads/pod-sealed-secret.yaml

# Copyright (c) 2023 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
  name: secret-test-pod-cc
spec:
  runtimeClassName: kata
  containers:
  - name: busybox
    image: quay.io/prometheus/busybox:latest
    imagePullPolicy: Always
    command:
    - sh
    - -c
    - |
      env
      echo "PROTECTED_SECRET = $PROTECTED_SECRET"
      echo "UNPROTECTED_SECRET = $UNPROTECTED_SECRET"
      sleep 1000

    # Expose secret data Containers through environment.
    env:
    - name: PROTECTED_SECRET
      valueFrom:
        secretKeyRef:
          name: sealed-secret
          key: secret
    - name: UNPROTECTED_SECRET
      valueFrom:
        secretKeyRef:
          name: not-sealed-secret
          key: secret