Add binary configmap

[dims]

Reviving code from #33549 submitted by @zreigz

What this PR does / why we need it:
Add support for binary files in ConfigMap

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #32432

Special notes for your reviewer:

Sample API data:

apiVersion: v1
kind: ConfigMap
data:
  foo: text value
binaryData:
  bar: jmjKxUGNs/WqDQ==

Release note:

ConfigMap objects now support binary data via a new `binaryData` field. When using `kubectl create configmap --from-file`, files containing non-UTF8 data will be placed in this new field in order to preserve the non-UTF8 data. Use of this feature requires 1.10+ apiserver and kubelets.

[dims]

New variation based on discussion in #57899

[dims]

/assign @liggitt
/assign @thockin

[liggitt]

binaryData

[dims]

Fixed!

[liggitt]

also need to ensure there is no key duplication between data and binarydata maps

[dims]

Please see note from @smarterclayton here, there was an ask to remove that validation i believe:
9ba0da8#r100961600

[liggitt]

hmm... allowing the same key in both data and binaryData seems buggy and undefined...

also, from #33549 (comment):

Needs a much more descriptive comment, including a description of the validation rules (must not overlap with data)

[dims]

@smarterclayton can you please chime in?

[thockin]

Did you think or write about the options for design? Would we want to make a parallel change to Secret so they both feel the same?

…

On Jan 6, 2018 3:11 PM, "Davanum Srinivas" ***@***.***> wrote: New variation based on discussion in #57899 <#57899> — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#57938 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AFVgVPKOS-AkTNi5rNxTo7yQhJLq_6aaks5tH_2cgaJpZM4RVeO7> .

[dims]

/test pull-kubernetes-verify
/test pull-kubernetes-bazel-test

[dims]

What we have today is as follows

• staging/src/k8s.io/api/core/v1/types.go:

  1. type ConfigMap struct
     • has field Data - which is a map of string to string
  2. type Secret struct
     • has field Data - which is a map of string to byte array
     • has write-only convenience field StringData - which is a map of string to string
     • has optional field Type - only possible value is "Opaque"

• pkg/apis/core/types.go:

  1. type ConfigMap struct
     • has field Data - which is a map of string to string
  2. type Secret struct
     • has field Data - which is a map of string to byte array
     • has optional field Type

Proposal is to:

• proposed field BinaryData to type ConfigMap (both spots) - which is a map of string to byte array, this will enable to functionality needed to save binary files using ConfigMap.

Problems still that need to be thought about:

• Data field is different between Secret and ConfigMap, one takes map with byte array values and another takes string values. This is an existing problem, not introduced by this PR
• with this PR we will have BinaryData in ConfigMap and StringData in ConfigMap (and Data in both!) which seems bad.
  1. Do we make sure both have BinaryData and StringData?
  2. In ConfigMap, we will have two buckets stored in etcd (Data and BinaryData), while in Secret, we have only one. Does it matter to the end user as long as we have validation rules that the buckets cannot have duplicate items?
• Do we need a Type in ConfigMap to be consistent with Secret's Type?

Suggestions welcome!

( cc @thockin @liggitt @smarterclayton )

[liggitt]

Do we make sure both have BinaryData and StringData?

I don't think so. The existing data field in Secret objects can express both binary and text content. I don't think the improved usability of representing text as text outweighs the loss of compatibility with old clients that wouldn't know about any new field.

In ConfigMap, we will have two buckets stored in etcd (Data and BinaryData), while in Secret, we have only one. Does it matter to the end user as long as we have validation rules that the buckets cannot have duplicate items?

the objects are fundamentally different today, and ConfigMap is less expressive than Secret. duplicating the same data in multiple fields won't work (see https://github.com/kubernetes/community/blob/master/contributors/devel/api_changes.md#backward-compatibility-gotchas - "A single feature/property cannot be represented using multiple spec fields in the same API version simultaneously")

I probably wouldn't try to harmonize the two types here. This change makes ConfigMap as expressive as Secret.

[dims]

+1 @liggitt. i agree.

[dims]

/assign @smarterclayton

[smarterclayton]

Better description here, and improve the existing data description. binaryData contains configuration data that is not required to be UTF-8 and .... Describe how the two fields validate together. Describe why I would use one or the other.

[dims]

Done

[smarterclayton]

I agree with Jordan's position - V2 can pick up the pieces, as long as validation is crisp, this is the best way I can see to add the feature without breaking old clients. The minor ugliness seems outweighed by the value in the config map.

I'd like to see the api description significantly improved so users understand when to use each, and understand that keys are exclusive. Improve both. Otherwise makes sense to do this change.

[dims]

@smarterclayton @liggitt thanks for the guidance, looks like we are on the right track. will add validation, update description, add some tests over the next few days.

[dims]

/hold

[liggitt]

must not overlap

[dims]

Done

[liggitt]

values with non-UTF-8 byte sequences must use the binaryData field

[dims]

Done

[dims]

/retest

[dims]

thanks @thockin i've added a comment and rebased the PR to latest master as well.

[liggitt]

/lgtm

[dims]

/test pull-kubernetes-e2e-kops-aws

[dims]

/test pull-kubernetes-e2e-kops-aws

[dims]

@pmorie @saad-ali @thockin @matchstick - Can one of you please approve for "pkg/volume/configmap"? thanks!

[saad-ali]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cblecker, dims, liggitt, saad-ali

Associated issue: #32432

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

• api/OWNERS [liggitt]
• docs/api-reference/OWNERS [liggitt]
• hack/OWNERS [cblecker,liggitt]
• pkg/apis/core/OWNERS [liggitt]
• pkg/kubectl/OWNERS [liggitt]
• pkg/volume/configmap/OWNERS [saad-ali]
• staging/src/k8s.io/api/OWNERS [liggitt]
• test/OWNERS [liggitt,saad-ali]

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

[k8s-github-robot]

/test all [submit-queue is verifying that this PR is safe to merge]

[dims]

/test pull-kubernetes-unit

[k8s-github-robot]

/test all [submit-queue is verifying that this PR is safe to merge]

[k8s-github-robot]

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here.

[mtaufen]

Shouldn't you have also updated the hash function to include the new binary data field in the hash? @liggitt @dims