This repository has been archived by the owner on Feb 22, 2022. It is now read-only.
[stable/grafana] Mounting k8s configmaps (SSL certs) to Grafana and set the right permissions (0600 or less). Private key file has group or world access. #23385
Labels
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
Describe the bug
When deploying the Grafana Helm chart, I want to attach SSL certs for our Google CloudSQL Postgres 12 instance. Mounting succeeds, however the file permissions of these .pem files is not as it should. This then results in this error when adding a the postgres datasource in grafana:
Version of Helm and Kubernetes:
[helm]
[kubernetes]
Which chart:
bitnami/grafana
What happened:
When I deploy the chart, kubernetes mounts the configmap on the right place but sets the standard file permissions (i think this is 0644)
If we then
kubectl get all -n staging
in the namespace, I see that it runs successfully:If we than
kubectl exec -it dashboard-grafana-68ffc58ff9-8bmj6 -n staging
into the container and go to the mounted directory i see the symlinks:and in the ..data folder:
What you expected to happen:
I expected that it will set the contents of the configmaps (the ssl-certs) to read-only for the user (400) and thus not give it Group or World access >> because we pass it the DefaultMode 400
Maybe something like this:
How to reproduce it (as minimally and precisely as possible):
in the values.yaml i've added:
Anything else we need to know:
Someone please help me out, i am slowly becoming crazy.
The text was updated successfully, but these errors were encountered: