TLS certs only readable by root

[nyxi]

Please, answer some short questions which should help us to understand your problem / question better?

• Which image of the operator are you using? e.g. registry.opensource.zalan.do/acid/postgres-operator:v1.6.1
• Where do you run it - cloud or metal? Kubernetes or OpenShift? Bare Metal K8s
• Are you running Postgres Operator in production? no
• Type of issue? Bug report

PostgreSQL can't read the TLS certificate and key provided by cluster configuration:

tls:
  secretName: my-tls-secret

# ls -l /tls
total 0
lrwxrwxrwx 1 root root 14 Mar 16 09:18 tls.crt -> ..data/tls.crt
lrwxrwxrwx 1 root root 14 Mar 16 09:18 tls.key -> ..data/tls.key

# ls -l /tls/..data/
total 8
-rw-r----- 1 root root 1135 Mar 16 09:18 tls.crt
-rw-r----- 1 root root 1704 Mar 16 09:18 tls.key

FATAL:  could not load server certificate file "/tls/tls.crt": Permission denied

[FxKu]

Maybe setting spilo_fsgroup can help you? See user docs.

[nyxi]

Ah okay, I will give this a try. It would really be helpful to have a mention of this in the reference documentation for the cluster spec also.