init container needs access to secrets for /scripts/wait-for-deps to be successful in some configurations
While testing sidekiq on gitlab.com we found that
/scripts/wait-for-deps in the init container was failing due to a missing secrets mount. In most configurations this works but if asset proxy is enabled, secrets are needed to decrypt the key in the database. gitlab-com/gl-infra/delivery#607 (comment 272563646)
The init container for dependencies has the following mounts:
Mounts: /etc/gitlab from sidekiq-secrets (ro) /srv/gitlab/shared from sidekiq-shared (rw) /var/opt/gitlab/templates from sidekiq-config (ro) /var/run/secrets/kubernetes.io/serviceaccount from default-token-48q4s (ro)
We will need to add
/srv/gitlab/config/secrets.yml as well.
While we only observed this failure on sidekiq, this will also be an issue for any pod that calls
/scripts/wait-for-deps for rails.
- Cloud: GKE