Specify a secret in YML WITH a namespace

Question

The example has:

apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
spec:
  containers:
  - name: mycontainer
    image: redis
    env:
      - name: SECRET_USERNAME
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: usernamekey
      - name: SECRET_PASSWORD
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: passwordkey
  restartPolicy: Never

the above from:

https://kubernetes.io/docs/concepts/configuration/secret/

I've created a secret like this:

kubectl --namespace=mycustomnamespace create secret generic mysecret --from-literal=passwordkey="abc123" --from-literal=usernamekey="mememe"

I understand that the above secrets exist under the namespace.

But if I try this:

apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
  namespace: mycustomnamespace
spec:
  containers:
  - name: mycontainer
    image: redis
    env:
      - name: SECRET_USERNAME
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: usernamekey
            namespace: mycustomnamespace
      - name: SECRET_PASSWORD
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: passwordkey
            namespace: mycustomnamespace
  restartPolicy: Never

(note that I added a namespace declaration under metadata)

I get this error:

Error validating data: [ValidationError(Pod.spec.containers[1].env[2].valueFrom.secretKeyRef): unknown field "namespace" in io.k8s.api.core.v1.SecretKeySelector, ValidationError(Pod.spec.containers[1].env[6].valueFrom.secretKeyRef): unknown field "namespace" in io.k8s.api.core.v1.SecretKeySelector];

If I take out the namespace(s) (under the secretKeyRef(s))....the pod fails..with

Warning Failed 2s (x8 over 1m) kubelet, minikube Error: secret "mysecret" not found

Yes, my secrets are in the namespace:

kubectl get secrets --namespace mycustomnamespace

NAME                  TYPE                                  DATA      AGE
default-token-55bzp   kubernetes.io/service-account-token   3         10m
mysecret              Opaque                                2         10m

APPEND : (resolution)

It was an error on my part. Check my comment under Vasily's answer.

But basically, the magic-sauce is that the below yml....

metadata:
  name: secret-env-pod
  namespace: mycustomnamespace

the above yml should "drive" the namespaces (aka, set the scope of the namespace) for the rest of the configuration (yml) ....

(if you are a future reader of this question, double and triple check that you have everything under the correct namespace. ALL of your normal "get" statements need to use -n (aka --namespace) as a part.

example

kubectl get pods

the above will only get pods under "default".

you have to do

kubectl get pods --namespace mycustomnamespace

Answer 1

Simply remove namespace: mycustomnamespace from pod secretKeyRef definitions.

Also your secret create command should be like that:

kubectl --namespace=mycustomnamespace create secret generic mysecret --from-literal=passwordkey="abc123" --from-literal=usernamekey="mememe"

Answer 2

Try this You can run your pod

kubectl apply -f podconfigfile.yaml -n mycustomnamespace

This will run pod in the same namespace and find secret if the secret is created

If any error will be there then check for the namespace having secrets and proper name of the namespace.

Check secret in namespace :

kubectl get secret -n mycustomnamespace