Skip to content

Secrets injection would not work, if secret name includes dots #3028

New issue
New issue
Open
Open
Secrets injection would not work, if secret name includes dots#3028
Labels
kind/bugSomething isn't working
@faust64

Description

@faust64
faust64
opened on Nov 7, 2025

What happened?

I'm told some DevWorkspace used to work, but no longer starts.
I do not know if this is completely true. But right now, DevWorkspace refuses to start, its status complaining about some secret:

status:
  conditions:
  - lastTransitionTime: "2025-11-07T06:44:59Z"
    message: 'Error creating DevWorkspace deployment: Deployment.apps "workspaceee7c20aec4b54159"
      is invalid: [spec.template.spec.volumes[6].name: Invalid value: "foo.artifactory-dockerconfigjson":
      must not contain dots, spec.template.spec.containers[0].volumeMounts[11].name:
      Not found: "foo.artifactory-dockerconfigjson", spec.template.spec.initContainers[0].volumeMounts[10].name:
      Not found: "foo.artifactory-dockerconfigjson", spec.template.spec.initContainers[1].volumeMounts[11].name:
      Not found: "foo.artifactory-dockerconfigjson"]'
    reason: InfrastructureFailure
    status: "True"
    type: FailedStart

The secret name indeed includes a dot. And this is valid, for a Secret.
However it may not be, naming volumes within a Pod, which looks like what's being refused here.

What did you expect to happen instead?

Deployment should be generated with valid volumes[].name and volumeMounts[].name, which may not be exact matches for secret/configs names in Kubernetes

How can we reproduce the bug? (as minimally and precisely as possible)

empty devspace/can re-use any you may have already.

Just create a Secret that should be attached to your workspace, then start workspace:

kind: Secret
apiVersion: v1
metadata:
  name: foo.artifactory-dockerconfigjson
  labels:
    controller.devfile.io/devworkspace_pullsecret: 'true'
    controller.devfile.io/mount-to-devworkspace: 'true'
    controller.devfile.io/watch-secret: 'true'
  annotations:
    controller.devfile.io/mount-path: '/home/user/.dockerconfig/'
stringData:
  .dockerconfigjson: |
    [...]
type: kubernetes.io/dockerconfigjson

Local Environment:

  • DevSpace Version, managed by OpenShift OLM
devspacesoperator.v3.24.0                 Red Hat OpenShift Dev Spaces                     3.24.0
devworkspace-operator.v0.37.0             DevWorkspace Operator                            0.37.0
  • Operating System: all
  • ARCH of the OS: AMD64 + ARM64
    Kubernetes Cluster:
  • Cloud Provider: aws + azure + other
  • Kubernetes Version: 1.29.14

Anything else we need to know?

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions