From f679d67aa4cffb36dc6651b78dd403fec67817eb Mon Sep 17 00:00:00 2001
From: Martyn Ranyard <m@rtyn.berlin>
Date: Thu, 26 Oct 2023 21:49:40 +0200
Subject: [PATCH] fixups and mount the secret!

Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
---
 apps-helm/sshtunnel/templates/deployment.yaml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/apps-helm/sshtunnel/templates/deployment.yaml b/apps-helm/sshtunnel/templates/deployment.yaml
index 5e210f0..30eb6b9 100644
--- a/apps-helm/sshtunnel/templates/deployment.yaml
+++ b/apps-helm/sshtunnel/templates/deployment.yaml
@@ -17,7 +17,6 @@ spec:
       {{- with .Values.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
-        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
       labels:
         {{- include "sshtunnel.selectorLabels" . | nindent 8 }}
     spec:
@@ -46,13 +45,15 @@ spec:
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           volumeMounts:
-          - mountPath: /keyfile
+          - mountPath: "/keyfile"
             name: keyfile
       volumes:
       - name: keyfile
-        secret:
-          defaultMode: 256
-          secretName: {{ .Chart.Name }}-keyfile
+        csi:
+          driver: secrets-store.csi.k8s.io
+          readOnly: true
+          volumeAttributes:
+            secretsProviderClass: app-secrets
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}