This message was deleted.

I'm using the

configMapGenerator

and

secretGenerator

to create them:

configMapGenerator:
- name: haproxy-config-configmap
  namespace: default
  files: 
    - configs/haproxy.cfg

secretGenerator:
- name: haproxy-[REDACTED]-cert-pem-secret
  namespace: default
  files:
    - certs/[REDACTED].pem

volumeMounts:
          - name: haproxy-config # Defined in kustomization.yml
            mountPath: /usr/local/etc/haproxy/haproxy.cfg
          - name: [REDACTED]-cert-pem
            mountPath: /etc/ssl/[REDACTED]/
      volumes:
        - name: haproxy-config 
          configMap:
            name: haproxy-config-configmap # Defined in kustomization.yml
        - name: [REDACTED]-cert-pem
          secret:
            secretName: haproxy-[REDACTED]-cert-pem-secret # Defined in kustomization.yml
            items:
              - key: [REDACTED].pem
                path: [REDACTED].no.pem

permissions != mount flags. They are MOUNTED read-only, even if the permissions would allow for writing to them.

I see, but is there a way for me to modify what permissions are used in the container for the file? Specifically have an issue with rabbitmq where one of the config files I create from secret needs to be 0600 or the container filesystem, otherwise it won't start

I don’t think so, as the filesystem is readonly, that would also prevent changing permissions. Why is it so fussy about permissions?

Who knows, I've seen in the past some other tools also being picky about config file permissions.

I guess you can change the permissions, but not the ownership? I’ve not actually used this much. https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#set-posix-permissions-for-secret-keys