Open
Description
Description
When creating a new container app or updating an existing container app, mounting a secret as a volume does not appear to work as expected. Using the "New-AzContainerAppVolumeObject" command using the -Secret parameter
The created volume is of type "Ephemeral" and not "Secret"
Issue script & Debug output
Given the following powershell:
$rgName = {{{ Hidden }}}
$location = "westcentralus"
$cae = {{{ Hidden }}}
$secretRef = New-AzContainerAppSecretObject -Name "registration" -Value "registration-value"
$configurationObject = New-AzContainerAppConfigurationObject -Secret $secretRef
$secretVolumeItem = New-AzContainerAppSecretVolumeItemObject -SecretRef "registration"
$volume = New-AzContainerAppVolumeObject -Name "registation-vol" -Secret $secretVolumeItem
$volumeMount = New-AzContainerAppVolumeMountObject -MountPath "/usr/local/share/mulesoft/flex-gateway/conf.d" -VolumeName "registation-vol"
$probe = New-AzContainerAppProbeObject -Type "Liveness" -HttpGetPath "/health" -HttpGetPort 8080 -InitialDelaySecond 3 -PeriodSecond 3 -HttpGetHttpHeader $probeHttpGetHttpHeader
$containerDefinition = New-AzContainerAppTemplateObject -Image "registry.hub.docker.com/mulesoft/flex-gateway:1.9.1" -Name "test" -Probe $probe -VolumeMount $volumeMount
$EnvId = (Get-AzContainerAppManagedEnv -ResourceGroupName $rgName -Name $cae).Id
New-AzContainerApp -Name "test" -Location $location -EnvironmentId $EnvId -TemplateContainer $containerDefinition -ResourceGroupName $rgName -TemplateVolume $volume -Configuration $configurationObject
This results in the following container app configuration:
Configuration : {
"secrets": [
{
"name": "registration"
}
],
"activeRevisionsMode": "Single",
"maxInactiveRevisions": 100
}
CustomDomainVerificationId : 420231918D0418A4CE35B887A57347E7EEADF0DA85445258BCE0D70DF7C6B304
EnvironmentId : {{{hidden}}}
EventStreamEndpoint : {{{hidden}}}
ExtendedLocationName :
ExtendedLocationType :
Id : {{{hidden}}}
IdentityPrincipalId :
IdentityTenantId :
IdentityType : None
IdentityUserAssignedIdentity : {
}
LatestReadyRevisionName : test--066t5bw
LatestRevisionFqdn :
LatestRevisionName : test--066t5bw
Location : West Central US
ManagedBy :
ManagedEnvironmentId : {{{hidden}}}
Name : test
OutboundIPAddress :
ProvisioningState : Succeeded
ResourceGroupName : {{{hidden}}}
ScaleMaxReplica : 10
ScaleMinReplica :
ScaleRule :
SystemDataCreatedAt : 5/15/2025 9:17:09 PM
SystemDataCreatedBy : {{{hidden}}}
SystemDataCreatedByType : User
SystemDataLastModifiedAt : 5/15/2025 9:17:09 PM
SystemDataLastModifiedBy : {{{hidden}}}
SystemDataLastModifiedByType : User
Tag : {
}
TemplateContainer : {{
"resources": {
"cpu": 0.5,
"memory": "1Gi",
"ephemeralStorage": "2Gi"
},
"image": "registry.hub.docker.com/mulesoft/flex-gateway:1.9.1",
"name": "test",
"volumeMounts": [
{
"volumeName": "registation-vol",
"mountPath": "/usr/local/share/mulesoft/flex-gateway/conf.d"
}
],
"probes": [
{
"httpGet": {
"path": "/health",
"port": 8080
},
"initialDelaySeconds": 3,
"periodSeconds": 3,
"type": "Liveness"
}
]
}}
TemplateInitContainer :
TemplateRevisionSuffix :
TemplateServiceBind :
TemplateTerminationGracePeriodSecond :
TemplateVolume : {{
"name": "registation-vol",
"storageType": "EmptyDir"
}}
Type : Microsoft.App/containerApps
WorkloadProfileName : ConsumptionEnvironment data
Name Value
---- -----
PSVersion 7.5.0
PSEdition Core
GitCommitId 7.5.0
OS Microsoft Windows 10.0.26100
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0Module versions
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 4.0.2 Az.Accounts {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script 2.0.1 Az.App {Disable-AzContainerAppRevision, Enable-AzContainerAppRevision, Get-AzContainerApp, Get-AzContainerAppAuthConfig…}Error output
In this case there is no error, a container app is created (or updated) just with a ephemeral volume mount not a secret mountMetadata
Metadata
Assignees
Labels
Type
Projects
Milestone
Relationships
Development
No branches or pull requests
Participants
Activity
microsoft-github-policy-service commentedon May 16, 2025
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @howang-ms, @Greedygre.