Can one store a binary file in a Kubernetes ConfigMap and then later read the same content from a volume that mounts this ConfigMap? For example, if directory /etc/mycompany/myapp/config contains binary file keystore.jks, will
kubectl create configmap myapp-config --from-file=/etc/mycompany/myapp/configinclude file keystore.jks in ConfigMap myapp-config that can later be mapped to a volume, mounted into a container, and read as a binary file?
For example, given the following pod spec, should keystore.jks be available to myapp at /etc/mycompany/myapp/config/keystore.jks?
apiVersion: v1
kind: Pod
metadata:
name: myapp
spec:
containers:
- name: myapp
image: mycompany/myapp
volumeMounts:
- name: myapp-config
mountPath: /etc/mycompany/myapp/config
volumes:
- name: myapp-config
configMap:
name: myapp-configKubernetes version details:
derek@derek-HP-EliteOne-800-G1-AiO:~/Documents/platinum/fix/brvm$ kubectl version
Client Version: version.Info{Major:"1", Minor:"3", GitVersion:"v1.3.6", GitCommit:"ae4550cc9c89a593bcda6678df201db1b208133b", GitTreeState:"clean", BuildDate:"2016-08-26T18:13:23Z", GoVersion:"go1.6.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"3", GitVersion:"v1.3.6+coreos.0", GitCommit:"f6f0055b8e503cbe5fb7b6f1a2ee37d0f160c1cd", GitTreeState:"clean", BuildDate:"2016-08-29T17:01:01Z", GoVersion:"go1.6.2", Compiler:"gc", Platform:"linux/amd64"}I use the secrets for binary files. You can use --from-file
kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txtBinary ConfigMaps are now supported since Kubernetes version 1.10.0. From the readme notes:
ConfigMap objects now support binary data via a new binaryData field. When using kubectl create configmap --from-file, files containing non-UTF8 data will be placed in this new field in order to preserve the non-UTF8 data. Note that kubectl's --append-hash feature doesn't take binaryData into account. Use of this feature requires 1.10+ apiserver and kubelets. (#57938, @dims)
See the changelog for more details: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.10.md#apps
What I would do is encode this file in base64 and then the container that uses decoded to be able to use it
According to Jorgan Liggitt in Kubernetes issue "Enable ConfigMaps to store binary files as well as character files.", Kubernetes 1.3.6 cannot store a binary file in a ConfigMap.
GitHub comment 1:
config maps store data as string, not []byte... not sure I'd expect to be able to put arbitrary binary content in them"
GitHub comment 2:
@liggitt Do ConfigMaps not encode binary content as strings?
they do not, they store strings. base64-encoding could be layered on top with application logic if desired
I subsequently demonstrated that ConfigMaps do not support binary files.
Based on other answers, Base64 works for me (just once)
Steps:
base64 -w 0 cacerts > cacerts.base64
sha256sum.exe cacerts.base64
keytool.exe -list -v -keystore cacertsI connect to openshift and create the config map
oc create configmap cacerts.base64 --from-file=cacerts.base64
...
template:
metadata:
name: mydeployment...
spec:
volumes:
- name: cacerts-volume
configMap:
name: cacerts.base64
containers:
- name: crg-driver
command:
- base64
args:
- '--decode'
- '-w 0'
- '/opt/axatech/openpaas/certificates/cacerts.base64 > /opt/axatech/openpaas/certificates/cacerts' #this does not work yet
env:
- name: SWARM_JVM_ARGS
value: >-
-Djavax.net.ssl.trustStore=/opt/certificates/cacerts.base64
-Djavax.net.ssl.trustStorePassword=changeit
volumeMounts:
- name: cacerts-volume
mountPath: /opt/certificatesThe easiest way to edit/update an existing cacerts is to encode the new cacerts to base64 (with option -w 0) , open it with file editor (ie Notepad), copy the content and paste it via the OpenShift Console UI
https://osconsole.mycloud.something.example/console/project/project-dev/browse/config-maps/cacerts.base64or in command line
oc edit configmap cacerts.base64