apiVersion: v1
kind: Namespace
metadata:
  name: vault-test
---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: vault
  namespace: vault-test
---

apiVersion: v1
kind: Secret
metadata:
  name: test-key-secret
  namespace: vault-test
  annotations:
    vault.security.banzaicloud.io/vault-addr: "http://vault.vault.svc:8200"
    vault.security.banzaicloud.io/vault-skip-verify: "true"
    vault.security.banzaicloud.io/vault-path: "kubernetes"
stringData:
  APPLE: vault:kv/data/myenvs#APPLE
type: Opaque
---

apiVersion: v1
kind: ConfigMap
metadata:
  name: test-key-configmap
  namespace: vault-test
  annotations:
    vault.security.banzaicloud.io/vault-addr: "http://vault.vault.svc:8200"
    vault.security.banzaicloud.io/vault-skip-verify: "true"
    vault.security.banzaicloud.io/vault-path: "kubernetes"
data:
  BANANA: vault:kv/data/myenvs#BANANA
---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: vault-test
  namespace: vault-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: vault
  template:
    metadata:
      labels:
        app.kubernetes.io/name: vault
      annotations:
        vault.security.banzaicloud.io/vault-addr: "http://vault.vault.svc:8200"
        vault.security.banzaicloud.io/vault-role: "vault-test"
        vault.security.banzaicloud.io/vault-skip-verify: "true"
        vault.security.banzaicloud.io/vault-path: "kubernetes"
        vault.security.banzaicloud.io/vault-env-from-path: "kv/data/myenvs"
    spec:
      serviceAccountName: vault
      containers:
      - name: alpine
        image: alpine
        command: ["sh", "-c", "echo $BLUEBERRY && echo going to sleep... && sleep 10000"]
        env:
        - name: BLUEBERRY
          value: vault:kv/data/myenvs#BLUEBERRY
        - name: CARROT
          value: vault:kv/data/myenvs#CARROT
        - name: CUCUMBER
          value: vault:kv/data/myenvs#CUCUMBER