We have a collection of services deployed on a GKE cluster. All is fine and runs like a charm for years now, but we have noticed that all the environment variables created from configmaps or secrets are visible from all the pods running on the same node, regardless if these env vars have been defined in the related deployment YAML or not.

It is quite simple to reproduce :

• create deployments for several different service (using different images of course)
• create distinct configmaps and secrets for each of them
• define environments for each deployment, referencing its own configmap and secrets
• deploy all
• start a shell in one of the running pods
• issue the "printenv" command

In our case, we can see all the environment variables, including the ones coming from the other deployments. The expected behaviour would be to see only those defined in the related deployment. In the case of env vars names identically in different deployments, they seem to have the right value, as if some precedence rule existed.

We have obviously done something wrong somewhere, but we can't find what, even after having studied the documentation and browsed the net to no avail.

Any suggestion will be more than welcomed. Thanks in advance.