Load key "/etc/git-secret/ssh": Permission denied

[dohnto]

Hello,

I am using this version of git sync 1a9138765af75007d88f77c985f4f2af200b1227
I build a docker image using make container REGISTRY=X TAG=Y

And I am using following setup:

apiVersion: v1
kind: Pod
metadata:
  name: server
spec:
  containers:
  - image: nginx
    name: nginx
    volumeMounts:
    - mountPath: /mypath
      name: git-volume
  - image: MY_IMAGE:git-sync-amd64:v2.0.4-6-g1a91387
    name: git-sync
    env:
    - name: GIT_SYNC_REPO
      value: "git@MY_REPO"
    - name: GIT_SYNC_SSH
      value: "true"
    #command:
    #- tail
    #- -f
    #- /dev/null
    args:
    - -dest
    - foo
    - --v=9
    volumeMounts:
    - mountPath: /etc/git-secret
      name: git-secret
    - name: git-volume
      mountPath: /git
  volumes:
  - name: git-secret
    secret:
      secretName: creds
      defaultMode: 256
  - name: git-volume
    emptyDir: {}

But I cannot clone the repository.

When I use the commend version with tail -f /dev/null and execute into the container and I run manually:

# export GIT_SSH_COMMAND="ssh -vv -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i/etc/git-secret/ssh"
# git clone git@MY_REPO
...
Load key "/etc/git-secret/ssh": Permission denied
...
# ls -l /etc/git-secret/ssh
lrwxrwxrwx 1 root root 10 Feb  2 16:21 /etc/git-secret/ssh -> ..data/ssh
# -l /etc/git-secret/..data/ssh 
-r-------- 1 root root 1675 Feb  2 16:21 /etc/git-secret/..data/ssh
# whoami 
nobody

[sjernigan]

We had the same issue. Eventually worked around it by running the container as root :-(

    securityContext:
      runAsUser: 0

[stp-ip]

Fixed via #37.