I followed kubernetes documentation to manage secrets of my applications.
http://kubernetes.io/v1.1/docs/user-guide/secrets.html
When pod starts it kubernetes mounts secret at the right place, but application is unable to read secret data as it described in documentation.
root@quoter-controller-whw7k:/etc/quoter# whoami
root
root@quoter-controller-whw7k:/etc/quoter# ls -l
ls: cannot access local.py: Permission denied
total 0
-????????? ? ? ? ? ? local.py
root@quoter-controller-whw7k:/etc/quoter# cat local.py
cat: local.py: Permission denied
What is wrong with that?
SELinux configured with enforcing mode
SELINUX=enforcing
Docker started with the following command
/usr/bin/docker daemon --registry-mirror=http://mirror.internal:5000 --selinux-enabled --insecure-registry registry.internal:5555 --storage-driver devicemapper --storage-opt dm.fs=xfs --storage-opt dm.thinpooldev=/dev/mapper/atomicos-docker--pool --bip=10.16.16.1/24 --mtu=8951
There is a known issue with SELinux and Kubernetes Secrets as per the Atomic issue tracker, see ISSUE-117.