Unresolved Secret Key reference in container environment variables

You can use Secrets as values for container environment variables. This validator detects a condition when a Secret data key used as a source for environment variables in the container spec is not found. That can happen if the Secret data key was deleted or renamed, or there was a typo in the envFrom.secretRef. Note that this check is skipped when the reference is marked as optional.

Affected Resources: Deployment, DaemonSet, StatefulSet, CronJob, Job, ReplicaSet, Pod

Examples

kind: Deployment
spec:
  template:
    spec:
      containers:
        - name: my-container
          env:
            - name: MY_ENV_VAR
              valueFrom:
                secretKeyRef:
                  name: my-secret  
                  key: bar             # Key bar not present in the configMap
                  optional: false

kind: Secret
metadata:
  name: my-secret
data: 
  foo: ....

Resolution

Check the data section of the Secret. Ensure that the key referenced in the valueFrom is present.

Learn More

https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables

Unresolved ConfigMap reference in container volume mount

Unresolved Secret reference in container environment variables

Need other validation rules?

Please let us know if there are other built-in validation rules you would like to see in Kubevious to detect misconfigurations and violations to best practices. Optionally, you can provide your details so we can reach out to you with follow-up questions.

Share this article on: