I'm facing this weird issue where the files I added to OpenShift secret and mounted on a volume gets corrupted or base64decoded wrong and doesn't work.
Did anyone ever encounter this kind of issue?
What I've tried is to create a secret using cli and add two files to it, and then mount the secret so that my app would see it. The files got uploaded. I compared my local base64encoded strings of the files with the ones in the secrets (encoded by OpenShift during upload) and they are identical. When I go to terminal and navigate to the folder where I mounted the files I can see them in correct location, but app doesn't work. Tried downloading the files from pod and testing them locally, and they still don't work.
volumeMounts:
- name: db2-ssl-connection
readOnly: true
mountPath: /opt/app-root/app/secrets/db2
volumes:
- name: db2-ssl-connection
secret:
secretName: db2-cert-secret
defaultMode: 420
What I've noticed is that the files downloaded from OpenShift are almost 2x bigger than the originals on my pc (the .kdb file went up from 59kB to 108.1kB and .sth file went up from 129 Bytes to 264 Bytes).
I also tried adding the base64Encoded strings of these files to HashiCorp Vault and load them from there but the result in openshift is identical like when mounting from secrets (the files size is the same, just the filenames gets converted to lowercase).
vault.hashicorp.com/agent-inject-secret-db2-ssl-secret_Test.kdb: secrets-engine/data/prefix/group/secrets/db2
vault.hashicorp.com/secret-volume-path-db2-ssl-secret_Test.kdb: /opt/app-root/app/secrets/
vault.hashicorp.com/agent-inject-template-db2-ssl-secret_Test.kdb: >
{{ with secret "secrets-engine/data/prefix/group/secrets/db2" -}}
{{ index .Data.data "db2-ssl-secret_Test.kdb" | base64Decode }}
{{- end }}
vault.hashicorp.com/agent-inject-secret-db2-ssl-secret_Test.sth: secrets-engine/data/prefix/group/secrets/db2
vault.hashicorp.com/secret-volume-path-db2-ssl-secret_Test.sth: /opt/app-root/app/secrets/
vault.hashicorp.com/agent-inject-template-db2-ssl-secret_Test.sth: >
{{ with secret "secrets-engine/data/prefix/group/secrets/db2" -}}
{{ index .Data.data "db2-ssl-secret_Test.sth" | base64Decode }}
{{- end }}