Using kubectl or the Azure Kubernetes Services portal, how can I check whether a certain config map or secret is used by any resources?
Asked
Active
Viewed 39 times
1 Answers
1
They can appear in (at least) 3 locations that I know of:
- as volumes
- in
env:viavalueFrom: - in
envFrom:
then, they can appear in both currently running pods, as well as "future pod" definitions such as CronJob or scaled down Deployment, StatefulSet, or even DaemonSets that don't match any current Nodes
This answer will focus on just the currently running pods, because it's less text to put into SO, but introspecting the other resource types are similar in concept. This will also only focus on containers[] although initContainers[] are also candidates but share the structure with container[] so are textually similar
Then, the worst possible case are the ones that are referenced via any Custom Resource Definition objects that may be in use in your cluster, and I don't believe it's possible to find those in the general case
volume references
kubectl get po -A -o json | \
jq '.items[].spec.volumes[] as $v | select($v.configMap) | $v.configMap.name'
substituting .secret to find references to Secrets
env values
kubectl get po -A -o json | \
jq '.items[].spec.containers[] as $c
| select($c.env) | $c.env[] as $e
| select($e.valueFrom.configMapKeyRef) | $e.valueFrom.configMapKeyRef.name'
envFrom references
kubectl get po -A -o json | \
jq '.items[].spec.containers[] as $c
| select($c.envFrom) | $c.envFrom[] as $e
| select($e.configMapRef) | $e.configMapRef.name'
I'll leave this as a Community Wiki so others can weigh in if I've overlooked some
mdaniel
- 2,338
- 1
- 8
- 13