Check env vars for secret key references

digitalocean / clusterlint

A best practices checker for Kubernetes clusters. 🤠

Apache License 2.0

547 stars 45 forks source link

Check env vars for secret key references #103

Closed stephenpaulger closed 3 years ago

stephenpaulger commented 3 years ago

Clusterlint has a bug where secrets that are referenced only by a secretKeyRef are listed as unused.

    spec:
      containers:
          env:
            - name: APP_ENV_VAR_NAME
              valueFrom:
                secretKeyRef:
                  key: SECRET_KEY_NAME
                  name: secret-shown-as-unused

This bug isn't present for config maps so I have added a test based on the equivalent config map test and extended the function that finds which secrets are used to also identify secrets based on secretKeyRefs.

varshavaradarajan commented 3 years ago

Thanks @stephenpaulger! We'll release this sometime in January.