Docker 1.7 cannot mount secrets #3072
Description
When we started using secrets for deployments, we noticed that containers are not able to read mounted secrets.
The pod definitions contain Volume and VolumeMount definintions, and docker inspect shows the volumes as expected, but the container cannot read files from the mount point.
This surfaces (in the case of the deployer pod) as this error:
F0610 18:32:48.935073 1 deployer.go:65] User "system:anonymous" cannot get replicationcontrollers in project "myproject"
docker inspect <container> shows the volume mount:
...
"Env": [
...
"BEARER_TOKEN_FILE=/var/run/secrets/kubernetes.io/serviceaccount/token",
...
"HostConfig": {
"Binds": [
"/openshift.local.volumes/pods/12f168c2-0fad-11e5-a1f9-525400553cbb/volumes/kubernetes.io~secret/deployer-token-2jxjw:/var/run/secrets/kubernetes.io/serviceaccount:ro",
...
],
...
"Volumes": {
...
"/var/run/secrets/kubernetes.io/serviceaccount": "/openshift.local.volumes/pods/12f168c2-0fad-11e5-a1f9-525400553cbb/volumes/kubernetes.io~secret/deployer-token-2jxjw"
},
"VolumesRW": {
...
"/var/run/secrets/kubernetes.io/serviceaccount": false
},
"VolumesRelabel": {
...
"/var/run/secrets/kubernetes.io/serviceaccount": "ro"
}
...