Empty Secret used in container environment variables

You can use Secrets as values for container environment variables. This validator detects when a Secret used as a source for environment variables is empty. Because of that, no environment variables will be sources from the Secret.

Affected Resources: Deployment, DaemonSet, StatefulSet, CronJob, Job, ReplicaSet, Pod

Examples

kind: Deployment
spec:
  template:
    spec:
      containers:
        - name: my-container
          envFrom:
            - secretRef:
                name: my-secret   # This Secret is empty

kind: Secret
metadata:
    name: my-secret
data: {}                          # Empty data or no data at all

Resolution

Populate data in the Secret so it is mapped as environment variables.

Delete the empty Secret if indeed no environment variables are supposed to be sourced from that Secret.

Learn More

https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables

Empty ConfigMap used in container environment variables

Unresolved Application reference in HorizontalPodAutoscaler

Need other validation rules?

Please let us know if there are other built-in validation rules you would like to see in Kubevious to detect misconfigurations and violations to best practices. Optionally, you can provide your details so we can reach out to you with follow-up questions.

Share this article on: