I deployed an agent using OpenAI as the model provider, then redeployed using a custom model endpoint (vLLM). After redeployment, the gateway container entered CrashLoopBackOff with:
[SECRETS_RELOADER_DEGRADED] SecretRefResolutionError: Environment variable "OPENAI_API_KEY" is missing or empty.
Gateway failed to start: Error: Startup failed: required secrets are unavailable.
The Deployment manifest unconditionally injects secretKeyRef env vars for all providers (OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY, etc.) at k8s-manifests.ts:343-365, but the Secret is rebuilt with only the selected provider's keys (k8s-manifests.ts:152-173). Kubernetes starts the pod fine (optional: true), but OpenClaw's secrets reloader treats the referenced-but-empty OPENAI_API_KEY as fatal.
The env var injection in deploymentManifest() should be conditional on which provider is configured, matching secretManifest().
I deployed an agent using OpenAI as the model provider, then redeployed using a custom model endpoint (vLLM). After redeployment, the gateway container entered
CrashLoopBackOffwith:The Deployment manifest unconditionally injects
secretKeyRefenv vars for all providers (OPENAI_API_KEY,ANTHROPIC_API_KEY,GEMINI_API_KEY, etc.) atk8s-manifests.ts:343-365, but the Secret is rebuilt with only the selected provider's keys (k8s-manifests.ts:152-173). Kubernetes starts the pod fine (optional: true), but OpenClaw's secrets reloader treats the referenced-but-emptyOPENAI_API_KEYas fatal.The env var injection in
deploymentManifest()should be conditional on which provider is configured, matchingsecretManifest().