Traefik Kubernetes with persistent volume for ssl and initContainer


I'm trying to implement ssl certs on persistent volume in Traefik (it is intalled in the traefik namespace).
Added the persitence, ge the following error:
"unable to get ACME account: open /ssl-certs/acme-cloudflare.json: permission denied"

I try to enable an initContainer for managing the certs permisisons, but it keeps staying in the "Back-off restarting failed container"

Pertinent values.yaml parts:

  additionalContainers: []
  additionalVolumes: []
  annotations: {}
  enabled: true
  imagePullSecrets: []
    - name: volume-permissions
      image: busybox:1.31.1
      command: ["sh", "-c", "chmod -Rv 600 /ssl-certs/*"]
        - name: ssl-certs
          mountPath: /ssl-certs
  kind: Deployment
  labels: {}
  minReadySeconds: 0
  podAnnotations: {}
  podLabels: {}
  replicas: 1
  shareProcessNamespace: true
  terminationGracePeriodSeconds: 60

  accessMode: ReadWriteMany
  annotations: {}
  enabled: true
  name: ssl-certs
  path: /ssl-certs
  size: 128Mi
  existingClaim: traefik-ssl-claim

How can I properly set the initContainer to run?

Have you tried a describe on the deployment, or events to see if it offers you more info on what the underlying error is?

Does your certs file already exist? One issue I had encountered previously was that the file does not initially exist within the volume and so the chmod command fails. See k3s-traefik-v2-kubernetes-crd/005-deployment.yaml at master · sleighzy/k3s-traefik-v2-kubernetes-crd · GitHub for a solution to this.


Sorry for being late, don't remember if it was due to a permission problem on the shared gluster cluster I was using for PVs or anything, I was able to run it without the init pod without any flaws, so kept it without the init pod.
Will try your solution, thank you very much!