run: $ICS_APP_NAME
autotest: ICS
spec:
+ securityContext:
+ runAsUser: 0
+# Need to run as root to be able to store files in dir mounted as a hostPath volume
containers:
- name: $ICS_APP_NAME
image: $ICS_IMAGE
- name: https
containerPort: $ICS_INTERNAL_SECURE_PORT
volumeMounts:
- - mountPath: $ICS_CONFIG_MOUNT_PATH
+ - mountPath: $ICS_CONFIG_MOUNT_PATH/$ICS_CONFIG_FILE
+ subPath: $ICS_CONFIG_FILE
name: ics-conf-name
- volumeMounts:
- mountPath: $ICS_CONTAINER_MNT_DIR
name: ics-data-name
+#ICS_JWT_START
+ - mountPath: $ICS_SIDECAR_MOUNT
+ name: token-cache-volume
+#ICS_JWT_STOP
+#ICS_JWT_START
+ - name: $AUTHSIDECAR_APP_NAME
+ image: $AUTHSIDECAR_IMAGE
+ imagePullPolicy: $KUBE_IMAGE_PULL_POLICY
+ env:
+ - name: CREDS_GRANT_TYPE
+ value: $ICS_CREDS_GRANT_TYPE
+ - name: CREDS_CLIENT_SECRET
+ value: $ICS_CREDS_CLIENT_SECRET
+ - name: CREDS_CLIENT_ID
+ value: $ICS_CREDS_CLIENT_ID
+ - name: OUTPUT_FILE
+ value: $ICS_SIDECAR_JWT_FILE
+ - name: AUTH_SERVICE_URL
+ value: $ICS_AUTH_SERVICE_URL
+ volumeMounts:
+ - mountPath: $ICS_SIDECAR_MOUNT
+ name: token-cache-volume
+#ICS_JWT_STOP
volumes:
- configMap:
defaultMode: 420
- persistentVolumeClaim:
claimName: $ICS_DATA_PVC_NAME
name: ics-data-name
+#ICS_JWT_START
+ - name: token-cache-volume
+ emptyDir: {}
+#ICS_JWT_STOP
+
# Selector will be set when pod is started first time
nodeSelector: