Bug 1634059 - The content in configmap is hard to read and maintain and is error-prone
Summary: The content in configmap is hard to read and maintain and is error-prone
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: oc
Version: 4.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.3.0
Assignee: Maciej Szulik
QA Contact: Xingxing Xia
Depends On: 1569870
TreeView+ depends on / blocked
Reported: 2018-09-28 15:43 UTC by Bruno Andrade
Modified: 2020-02-26 19:07 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1569870
Last Closed: 2020-02-26 19:07:37 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Bruno Andrade 2018-09-28 15:43:25 UTC
+++ This bug was initially created as a clone of Bug #1569870 +++

Description of problem:
The content in configmap is hard to read and maintain and is error-prone.

Version-Release number of the following components:

How reproducible:

Steps to Reproduce:
In some configmaps i got the control character for '\n' inside the vi editor and for exports

- Example snippet configMap prometheus:

apiVersion: v1
  prometheus.yml: "rule_files": \n
kind: configMap

Inside the web-console everything seems to be fine

Comment 1 Bernhard Scholtes 2018-10-07 12:54:26 UTC
more specific example of "oc export sts prometheus (oc version 3.9.41)

- vi: set lines, set numbers
- end of line is: '$'

Lines 03 - 120 (starting with data:) are corrupt
Lines 26 - 100 are corrupt and cut out 

  1 apiVersion: v1$
  2 data:$
  3   prometheus.yml: "rule_files:\n  - '/etc/prometheus/rules/*.rules'\n\n# A scrape$
  4     configuration for running Prometheus on a Kubernetes cluster.\n# This uses separate$
  5     scrape configs for cluster components (i.e. API server, node)\n# and services$
  6     to allow each to use different authentication configs.\n#\n# Kubernetes labels$
  7     will be added as Prometheus labels on metrics via the\n# `labelmap` relabeling$
  8     action.\n\n# Scrape config for API servers.\n#\n# Kubernetes exposes API servers$
  9     as endpoints to the default/kubernetes\n# service so this uses `endpoints` role$
10     and uses relabelling to only keep\n# the endpoints associated with the default/kubernetes$
11     service using the\n# default named port `https`. This works for single API server$
12     deployments as\n# well as HA API server deployments.\nscrape_configs:\n- job_name:$
13     'etcd'\n  scrape_interval: 15s\n  scrape_timeout: 5s\n\n  static_configs: \n  -$
14     targets: ['host1:2379','host2:2379','host3:2379']\n\n  tls_config: \n$
15     \  cert_file: /etc/etcd/peer.crt  \n   key_file:  /etc/etcd/peer.key\n   insecure_skip_verify:$
16     true\n  scheme: https\n\n- job_name: 'kubernetes-apiservers'\n\n  kubernetes_sd_configs:\n$
17     \ - role: endpoints\n\n  scheme: https\n  tls_config:\n    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n$
18     \ bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token\n\n  #$
19     Keep only the default/kubernetes service endpoints for the https port. This\n$
20     \ # will add targets for each API server which Kubernetes adds an endpoint to\n$
21     \ # the default/kubernetes service.\n  relabel_configs:\n  - source_labels: [__meta_kubernetes_namespace,$
22     __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]\n    action:$
23     keep\n    regex: default;kubernetes;https\n\n# Scrape config for controllers.\n#\n#$
24     Each master node exposes a /metrics endpoint on :8444 that contains operational$
25     metrics for\n# the controllers.\n#\n\n- job_name: 'kubernetes-controllers'\n\n$
101     \   target_label: __name__\n    replacement: renamed_$1\n#  - source_labels: [__name__]\n#$
102     \   action: drop\n#    regex: 'node_(netstat|vmstat|filesystem|network)_.+'\n$
103     \ - source_labels: [__name__]\n    action: replace\n    regex: 'renamed_(.+)'\n$
104     \   target_label: __name__\n    replacement: $1\n  # drop any partial expensive$
105     series\n#  - source_labels: [__name__, device]\n#    action: drop\n#    regex:$
106     'node_network_.+;veth.+'\n#  - source_labels: [__name__, mountpoint]\n#    action:$
107     drop\n#    regex: 'node_filesystem_(free|size|device_error);([^/].*|/.+)'\n\n$
108     \ relabel_configs:\n  - source_labels: [__address__]\n    regex: '(.*):10250'\n$
109     \   replacement: '${1}:9100'\n    target_label: __address__\n  - source_labels:$
110     [__meta_kubernetes_node_label_kubernetes_io_hostname]\n    target_label: __instance__\n$
111     \ - action: labelmap\n    regex: __meta_kubernetes_node_label_(.+)\n\n# Scrape$
112     config for the template service broker\n#- job_name: 'openshift-template-service-broker'\n#$
113     \ scheme: https\n#  tls_config:\n#    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt\n#$
114     \   server_name: apiserver.openshift-template-service-broker.svc\n#  bearer_token_file:$
115     /var/run/secrets/kubernetes.io/serviceaccount/token\n\n#  kubernetes_sd_configs:\n#$
116     \ - role: endpoints\n\n#  relabel_configs:\n#  - source_labels: [__meta_kubernetes_namespace,$
117     __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]\n#    action:$
118     keep\n#    regex: openshift-template-service-broker;apiserver;https\n\n\nalerting:\n$
119     \ alertmanagers:\n  - scheme: http\n    static_configs:\n    - targets:\n      -$
120     \"localhost:9093\""$
121 kind: ConfigMap$
122 metadata:$
123   creationTimestamp: null$
124   name: prometheus$


Comment 3 Maciej Szulik 2019-02-28 15:52:43 UTC
This was discussed some time ago during SIG-CLI meeting, currently we only have oc extract to extract
contents of config maps or secrets, but there's no reasonable way to apply the modified file back.
The proposal from back then is here: https://docs.google.com/document/d/1sw6bpD5Ru7IkTrxZ36sMiBYFlefmyh9XvID-fexPceg/edit
For now nothing is happening on that front, I'm going to remove target release on it, for now.

Comment 4 Maciej Szulik 2020-02-26 19:07:37 UTC
See https://issues.redhat.com/browse/WRKLDS-43

Note You need to log in before you can comment on or make changes to this bug.