init container needs access to secrets for /scripts/wait-for-deps to be successful in some configurations

Summary

While testing sidekiq on gitlab.com we found that /scripts/wait-for-deps in the init container was failing due to a missing secrets mount. In most configurations this works but if asset proxy is enabled, secrets are needed to decrypt the key in the database. gitlab-com/gl-infra/delivery#607 (comment 272563646)

The init container for dependencies has the following mounts:

    Mounts:
      /etc/gitlab from sidekiq-secrets (ro)
      /srv/gitlab/shared from sidekiq-shared (rw)
      /var/opt/gitlab/templates from sidekiq-config (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-48q4s (ro)

We will need to add /srv/gitlab/config/secrets.yml as well.

While we only observed this failure on sidekiq, this will also be an issue for any pod that calls /scripts/wait-for-deps for rails.

Versions

• Chart: 2.6.3
• Platform:
  • Cloud: GKE