1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
# ------------------------------------
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# ------------------------------------
apiVersion: batch/v1
kind: Job
metadata:
name: test
labels:
app: pod-identity-test
spec:
backoffLimit: 12 # give up after this many attempts
ttlSecondsAfterFinished: 3600 # delete the job and its sub-resources after this many seconds
template:
metadata:
labels:
app: pod-identity-test
aadpodidbinding: pod-identity-test
spec:
restartPolicy: OnFailure # ensure we have only one pod, whose logs reflect the last test run
initContainers:
- name: wait-for-imds # this container exits successfully when the IMDS endpoint returns 200 when asked for a
image: busybox:1.31 # Key Vault token, guaranteeing IMDS is configured and ready before the test runs
command: ['sh', '-c', 'wget "http://169.254.169.254/metadata/identity/oauth2/token?resource=https://vault.azure.net&api-version=2018-02-01" --header "Metadata: true" -S --spider -T 6']
containers:
- name: test-pod-identity
image: "{{ .Values.image.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}"
imagePullPolicy: Always
env:
- name: AZURE_IDENTITY_TEST_VAULT_URL
value: "{{ .Values.vaultUrl }}"
- name: AZURE_TEST_RUN_LIVE
value: "true"
- name: AZURE_SKIP_LIVE_RECORDING
value: "true"
- name: AZURE_IDENTITY_TEST_MANAGED_IDENTITY_CLIENT_ID
value: {{ index .Values "aad-pod-identity" "azureIdentities" "pod-identity-test-identity" "clientID" | quote }}
|
