test-deployment after deploy

after-deploy.yaml

apiVersion: v1
kind: Pod
metadata:
  annotations:
    vault.security.banzaicloud.io/vault-addr: https://vault:8200
    vault.security.banzaicloud.io/vault-tls-secret: vault-tls
  labels:
    app.kubernetes.io/name: hello-secrets
    pod-template-hash: 66757f644f
  name: hello-secrets-66757f644f-25rv7
  namespace: default
spec:
  containers:
  - args:
    - sh
    - -c
    - echo $AWS_SECRET_ACCESS_KEY && echo going to sleep... && sleep 10000
    command:
    - /vault/vault-env
    env:
    - name: AWS_SECRET_ACCESS_KEY
      value: vault:secret/data/accounts/aws#AWS_SECRET_ACCESS_KEY
    - name: VAULT_ADDR
      value: https://vault:8200
    - name: VAULT_SKIP_VERIFY
      value: "false"
    - name: VAULT_AUTH_METHOD
      value: jwt
    - name: VAULT_PATH
      value: kubernetes
    - name: VAULT_ROLE
      value: default
    - name: VAULT_IGNORE_MISSING_SECRETS
      value: "false"
    - name: VAULT_ENV_PASSTHROUGH
    - name: VAULT_JSON_LOG
      value: "false"
    - name: VAULT_CLIENT_TIMEOUT
      value: 10s
    - name: VAULT_LOG_LEVEL
      value: info
    - name: VAULT_CACERT
      value: /vault/tls/ca.crt
    image: alpine
    name: alpine
    resources:
      limits:
        cpu: 100m
        memory: 128Mi
    volumeMounts:
    - mountPath: /vault/
      name: vault-env
    - mountPath: /vault/tls/
      name: vault-tls
  initContainers:
  - command:
    - sh
    - -c
    - cp /usr/local/bin/vault-env /vault/
    image: ghcr.io/banzaicloud/vault-env:1.11.3
    name: copy-vault-env
    resources:
      limits:
        cpu: 250m
        memory: 64Mi
      requests:
        cpu: 50m
    securityContext:
      allowPrivilegeEscalation: false
    volumeMounts:
    - mountPath: /vault/
      name: vault-env
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-g4dfq
      readOnly: true
  - args:
    - sh
    - -c
    - echo $AWS_SECRET_ACCESS_KEY && echo initContainers ready
    command:
    - /vault/vault-env
    env:
    - name: AWS_SECRET_ACCESS_KEY
      value: vault:secret/data/accounts/aws#${.AWS_SECRET_ACCESS_KEY}
    - name: VAULT_ADDR
      value: https://vault:8200
    - name: VAULT_SKIP_VERIFY
      value: "false"
    - name: VAULT_AUTH_METHOD
      value: jwt
    - name: VAULT_PATH
      value: kubernetes
    - name: VAULT_ROLE
      value: default
    - name: VAULT_IGNORE_MISSING_SECRETS
      value: "false"
    - name: VAULT_ENV_PASSTHROUGH
    - name: VAULT_JSON_LOG
      value: "false"
    - name: VAULT_CLIENT_TIMEOUT
      value: 10s
    - name: VAULT_LOG_LEVEL
      value: info
    - name: VAULT_CACERT
      value: /vault/tls/ca.crt
    image: ubuntu
    name: init-ubuntu
    resources:
      limits:
        cpu: 100m
        memory: 128Mi
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-g4dfq
      readOnly: true
    - mountPath: /vault/
      name: vault-env
    - mountPath: /vault/tls/
      name: vault-tls
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  serviceAccountName: default
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - emptyDir:
      medium: Memory
    name: vault-env
  - name: vault-tls
    projected:
      sources:
      - secret:
          items:
          - key: ca.crt
            path: ca.crt
          name: vault-tls