# HG changeset patch
# User Philippe Pepiot <philippe.pepiot@logilab.fr>
# Date 1558023333 -7200
#      Thu May 16 18:15:33 2019 +0200
# Node ID c5f6e769051cf4007a7a2f88fd37a4363c8acfff
# Parent  c8e6db0a7613782cd5144124efa255c0de4c5978
[kubernetes] Fix owner and mode of cwclientlibrc

Kubernetes can set a mode using "defaultMode" but cannot mount the file with
other uid than root.
So we have to mount the secret and copy it with good mode and ower in
/etc/cubicweb.d/fresh/cwclientlibrc...

diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml
--- a/deploy/deployment.yaml
+++ b/deploy/deployment.yaml
@@ -64,8 +64,11 @@
             - name: static
               mountPath: /etc/cubicweb.d/fresh/data
             - name: cwclientlibrc
-              mountPath: /etc/cubicweb.d/fresh/cwclientlibrc
-              subPath: cwclientlibrc
+              mountPath: /secret
+          command: [
+            "/bin/sh", "-c",
+            "install -m 400 /secret/cwclientlibrc /etc/cubicweb.d/fresh/cwclientlibrc && exec /entrypoint.sh start"
+          ]
           resources:
             requests:
               cpu: 500m
@@ -128,9 +131,11 @@
                 name: fresh-env
           volumeMounts:
             - name: cwclientlibrc
-              mountPath: /etc/cubicweb.d/fresh/cwclientlibrc
-              subPath: cwclientlibrc
-          command: ["cubicweb-ctl", "scheduler", "fresh"]
+              mountPath: /secret
+          command: [
+            "/bin/sh", "-c",
+            "install -m 400 /secret/cwclientlibrc /etc/cubicweb.d/fresh/cwclientlibrc && exec cubicweb-ctl sheduler fresh"
+          ]
           resources:
             requests:
               cpu: 100m