Unresolved Secret reference in container volume mount

You can mount Secrets to Pods as volumes. This validator detects a condition when a Secret mounted as a volume in PodTemplateSpec is not found. That can happen if the Secret was deleted or renamed, or there was a typo in the volume mount spec. Note that this check is skipped for volume mounts marked as optional.

Affected Resources: Deployment, DaemonSet, StatefulSet, CronJob, Job, ReplicaSet, Pod

Example

kind: Deployment
spec:
  template:
  spec:
    volumes:
      - name: my-secret-volume
        secret:
          secretName: my-secret # This Secret is not present
          optional: false

Resolution

Check if the Secret is present in the same namespace.

Check if the Secret is present in a different namespace. Kubevious Search can be a very handy tool to find Secrets across namespaces. You cannot mount a Secret from a different namespaces. In that case you would need to create a Secret in namespace where the Pod resides.

Did you make a typo in the volume spec? Kubevious Search uses fuzzy logic to return results and can help with finding the correct Secret.

Learn More

https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/volume/#projections

Unresolved Secret reference in container environment variables

Compute

Need other validation rules?

Please let us know if there are other built-in validation rules you would like to see in Kubevious to detect misconfigurations and violations to best practices. Optionally, you can provide your details so we can reach out to you with follow-up questions.

Share this article on: