apiVersion: apps/v1
kind: Deployment
metadata:
  name: credentials-sync-eventhub
  namespace: flux-system
spec:
  template:
    spec:
      initContainers:
        - image: bitnami/kubectl
          securityContext:
            privileged: false
            readOnlyRootFilesystem: true
            allowPrivilegeEscalation: false
          name: copy-kubectl
          # it's okay to do this because kubectl is a statically linked binary
          command:
            - sh
            - -ceu
            - cp $(which kubectl) /kbin/
          resources: {}
          volumeMounts:
            - name: kbin
              mountPath: /kbin
      containers:
        - name: sync
          volumeMounts:
            - name: kbin
              mountPath: /kbin
      volumes:
        - name: kbin
          emptyDir: {}