# This example demonstrates how to mount secrets onto a workload
# with a SecretProviderClass. The example assumes that the required
# ping-secret-provider-class resource has already been deployed in
# the same namespace as the Helm release.
#
# CSI volumes are generic and can be used for many different storage
# systems, including AWS secrets manager.
#
# This example also uses the container.env field to pull in certain
# environment values from secrets.
#
# See https://kubernetes.io/blog/2019/01/15/container-storage-interface-ga/
# for information about CSI volumes, and
# https://www.eksworkshop.com/beginner/194_secrets_manager/ for details
# specific to AWS Secrets Manager.

pingdirectory:
  enabled: true
  container:
    env:
    - name: ROOT_USER_DN
      valueFrom:
        secretKeyRef:
          name: my-secret-01
          key: root_user_dn_01
    - name: ROOT_USER_PASSWORD
      valueFrom:
        secretKeyRef:
          name: my-secret-01
          key: root_user_password_01
  volumeMounts:
  - name: secret-files
    mountPath: "/run/secrets"
    readOnly: true
  volumes:
  - name: secret-files
    csi:
      driver: secrets-store.csi.k8s.io
      readOnly: true
      volumeAttributes:
        secretProviderClass: ping-secret-provider-class