K8s configuration for mounting application config.

This adds an additional volume mount for Flask application secrets.
These will be mounted into the ATST container so that their values can
be read in as config.

deploy/azure/crls-sync.yaml

@@ -10,6 +10,11 @@ spec:
   jobTemplate:
     spec:
       template:
+        metadata:
+          labels:
+            app: atst
+            role: crl-sync
+            aadpodidbinding: atat-kv-id-binding
         spec:
           restartPolicy: OnFailure
           containers:
@@ -32,6 +37,8 @@ spec:
                 subPath: atst-overrides.ini
               - name: crls-vol
                 mountPath: "/opt/atat/atst/crls"
+              - name: flask-secret
+                mountPath: "/config"
           volumes:
             - name: atst-config
               secret:
@@ -43,3 +50,13 @@ spec:
             - name: crls-vol
               persistentVolumeClaim:
                 claimName: crls-vol-claim
+            - name: flask-secret
+              flexVolume:
+                driver: "azure/kv"
+                options:
+                  usepodidentity: "true"
+                  keyvaultname: "atat-vault-test"
+                  keyvaultobjectnames: "master-AZURE-STORAGE-KEY;master-MAIL-PASSWORD;master-PGPASSWORD;master-REDIS-PASSWORD;master-SECRET-KEY"
+                  keyvaultobjectaliases: "AZURE_STORAGE_KEY;MAIL_PASSWORD;PGPASSWORD;REDIS_PASSWORD;SECRET_KEY"
+                  keyvaultobjecttypes: "secret;secret;secret;secret;key"
+                  tenantid: $TENANT_ID