Unresolved Secret reference in container environment variables

You can use Secrets as values for container environment variables. This validator detects a condition when a Secret used as a source for environment variables in the container spec is not found. That can happen if the Secret was deleted or renamed, or there was a typo in the envFrom.secretRef. Note that this check is skipped when the reference is marked as optional.

Affected Resources: Deployment, DaemonSet, StatefulSet, CronJob, Job, ReplicaSet, Pod

Example

kind: Deployment
spec:
  template:
    spec:
      containers:
        - name: my-container
          env:
            - name: MY_ENV_VAR
              valueFrom:
                secretKeyRef:
                  name: my-secret  # This Secret is not present
                  key: key-in-my-secret
                  optional: false
          envFrom:
            - secretRef:
                name: my-other-secret # This Secret is not present
                optional: false

Resolution

Check if the Secret is present in the same namespace.

Check if the Secret is present in a different namespace. Kubevious Search can be a very handy tool to find Secrets across namespaces. You cannot mount a Secret from a different namespaces. In that case you would need to create a Secret in namespace where the Pod resides.

Did you make a typo in the container environment variables spec? Kubevious Search uses fuzzy logic to return results and can help with finding the correct Secret.

Learn More

https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables

Unresolved Secret Key reference in container environment variables

Unresolved Secret reference in container volume mount

Need other validation rules?

Please let us know if there are other built-in validation rules you would like to see in Kubevious to detect misconfigurations and violations to best practices. Optionally, you can provide your details so we can reach out to you with follow-up questions.

Share this article on: