apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    run: "secret-inject"
  name: "secret-inject"
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      run: "secret-inject"
  template:
    metadata:
      labels:
        run : "secret-inject"
    spec:
      volumes:
        - name: certs
          secret:
            secretName: "secret-inject-tls"
      containers:
        - name: "secret-inject-init"
          image: "public.ecr.aws/aws-containers/aws-secrets-manager-secret-adm-controller:v0.1.5"
          volumeMounts:
            - name: certs
              mountPath: /tls
              readOnly: true
          args:
          - "--tls-cert-file=/tls/tls.crt"
          - "--tls-private-key-file=/tls/tls.key"
          - "--sidecar-image=public.ecr.aws/aws-containers/aws-secrets-manager-secret-sidecar:v0.1.4"
          ports:
          - containerPort: 443
          imagePullPolicy: Always