Skip to content

Shared-secrets kubectl container can't read wildcard-key.pem

Summary

Now that we're using the shared-secrets chart, I'm getting an error using it:

+ certname=staging-wildcard-tls
+ kubectl create secret tls staging-wildcard-tls --cert=/output/wildcard.pem --key=/output/wildcard-key.pem
error: Cannot read file /output/wildcard-key.pem, open /output/wildcard-key.pem: permission denied
+ true
++ echo app.kubernetes.io/name=staging
++ sed -E 's/=[^ ]*/-/g'
+ kubectl --namespace= label secret staging-wildcard-tls app.kubernetes.io/name-
Error from server (NotFound): secrets "staging-wildcard-tls" not found

The output folder which is a shared volume between the cfssl-self-sign init container and the kubectl container, contains the wildcard-key.pem file.
This file cannot be read by anyone but the file owner:

-rw------- 1 root root 3243 Mar 23 15:10 wildcard-key.pem
-rw-r--r-- 1 root root 1663 Mar 23 15:10 wildcard.csr
-rw-r--r-- 1 root root 1980 Mar 23 15:12 wildcard.pem

Current workarounds

See #103 (comment 576968194)

Edited by Mitchell Nielsen