Merge pull request #39981 from fraenkel/optional_configmaps_secrets

Automatic merge from submit-queue Optional configmaps and secrets Allow configmaps and secrets for environment variables and volume sources to be optional Implements approved proposal c9f881b7bb Release note: ```release-note Volumes and environment variables populated from ConfigMap and Secret objects can now tolerate the named source object or specific keys being missing, by adding `optional: true` to the volume or environment variable source specifications. ```
2026-01-13 11:25:19 +00:00 · 2017-01-23 23:06:35 -08:00
parent f545d6ad47 ca207be4a3
commit 43286a82c6
35 changed files with 3002 additions and 878 deletions
--- a/pkg/kubelet/kubelet_pods_test.go
+++ b/pkg/kubelet/kubelet_pods_test.go
@@ -26,6 +26,7 @@ import (

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -257,6 +258,7 @@ func buildService(name, namespace, clusterIP, protocol string, port int) *v1.Ser
 }

 func TestMakeEnvironmentVariables(t *testing.T) {
+	trueVal := true
 	services := []*v1.Service{
 		buildService("kubernetes", metav1.NamespaceDefault, "1.2.3.1", "TCP", 8081),
 		buildService("test", "test1", "1.2.3.3", "TCP", 8083),
@@ -616,6 +618,106 @@ func TestMakeEnvironmentVariables(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "configmapkeyref_missing_optional",
+			ns:   "test",
+			container: &v1.Container{
+				Env: []v1.EnvVar{
+					{
+						Name: "POD_NAME",
+						ValueFrom: &v1.EnvVarSource{
+							ConfigMapKeyRef: &v1.ConfigMapKeySelector{
+								LocalObjectReference: v1.LocalObjectReference{Name: "missing-config-map"},
+								Key:                  "key",
+								Optional:             &trueVal,
+							},
+						},
+					},
+				},
+			},
+			masterServiceNs: "nothing",
+			expectedEnvs:    nil,
+		},
+		{
+			name: "configmapkeyref_missing_key_optional",
+			ns:   "test",
+			container: &v1.Container{
+				Env: []v1.EnvVar{
+					{
+						Name: "POD_NAME",
+						ValueFrom: &v1.EnvVarSource{
+							ConfigMapKeyRef: &v1.ConfigMapKeySelector{
+								LocalObjectReference: v1.LocalObjectReference{Name: "test-config-map"},
+								Key:                  "key",
+								Optional:             &trueVal,
+							},
+						},
+					},
+				},
+			},
+			masterServiceNs: "nothing",
+			nilLister:       true,
+			configMap: &v1.ConfigMap{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test1",
+					Name:      "test-configmap",
+				},
+				Data: map[string]string{
+					"a": "b",
+				},
+			},
+			expectedEnvs: nil,
+		},
+		{
+			name: "secretkeyref_missing_optional",
+			ns:   "test",
+			container: &v1.Container{
+				Env: []v1.EnvVar{
+					{
+						Name: "POD_NAME",
+						ValueFrom: &v1.EnvVarSource{
+							SecretKeyRef: &v1.SecretKeySelector{
+								LocalObjectReference: v1.LocalObjectReference{Name: "missing-secret"},
+								Key:                  "key",
+								Optional:             &trueVal,
+							},
+						},
+					},
+				},
+			},
+			masterServiceNs: "nothing",
+			expectedEnvs:    nil,
+		},
+		{
+			name: "secretkeyref_missing_key_optional",
+			ns:   "test",
+			container: &v1.Container{
+				Env: []v1.EnvVar{
+					{
+						Name: "POD_NAME",
+						ValueFrom: &v1.EnvVarSource{
+							SecretKeyRef: &v1.SecretKeySelector{
+								LocalObjectReference: v1.LocalObjectReference{Name: "test-secret"},
+								Key:                  "key",
+								Optional:             &trueVal,
+							},
+						},
+					},
+				},
+			},
+			masterServiceNs: "nothing",
+			nilLister:       true,
+			secret: &v1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test1",
+					Name:      "test-secret",
+				},
+				Data: map[string][]byte{
+					"a": []byte("b"),
+				},
+			},
+			expectedEnvs: nil,
+		},
 		{
 			name: "configmap",
 			ns:   "test1",
@@ -722,6 +824,19 @@ func TestMakeEnvironmentVariables(t *testing.T) {
 			masterServiceNs: "nothing",
 			expectedError:   true,
 		},
+		{
+			name: "configmap_missing_optional",
+			ns:   "test",
+			container: &v1.Container{
+				EnvFrom: []v1.EnvFromSource{
+					{ConfigMapRef: &v1.ConfigMapEnvSource{
+						Optional:             &trueVal,
+						LocalObjectReference: v1.LocalObjectReference{Name: "missing-config-map"}}},
+				},
+			},
+			masterServiceNs: "nothing",
+			expectedEnvs:    nil,
+		},
 		{
 			name: "configmap_invalid_keys",
 			ns:   "test1",
@@ -876,6 +991,19 @@ func TestMakeEnvironmentVariables(t *testing.T) {
 			masterServiceNs: "nothing",
 			expectedError:   true,
 		},
+		{
+			name: "secret_missing_optional",
+			ns:   "test",
+			container: &v1.Container{
+				EnvFrom: []v1.EnvFromSource{
+					{SecretRef: &v1.SecretEnvSource{
+						LocalObjectReference: v1.LocalObjectReference{Name: "missing-secret"},
+						Optional:             &trueVal}},
+				},
+			},
+			masterServiceNs: "nothing",
+			expectedEnvs:    nil,
+		},
 		{
 			name: "secret_invalid_keys",
 			ns:   "test1",
@@ -940,10 +1068,17 @@ func TestMakeEnvironmentVariables(t *testing.T) {
 		testKubelet.fakeKubeClient.AddReactor("get", "configmaps", func(action core.Action) (bool, runtime.Object, error) {
 			var err error
 			if tc.configMap == nil {
-				err = errors.New("no configmap defined")
+				err = apierrors.NewNotFound(action.GetResource().GroupResource(), "configmap-name")
 			}
 			return true, tc.configMap, err
 		})
+		testKubelet.fakeKubeClient.AddReactor("get", "secrets", func(action core.Action) (bool, runtime.Object, error) {
+			var err error
+			if tc.secret == nil {
+				err = apierrors.NewNotFound(action.GetResource().GroupResource(), "secret-name")
+			}
+			return true, tc.secret, err
+		})

 		testKubelet.fakeKubeClient.AddReactor("get", "secrets", func(action core.Action) (bool, runtime.Object, error) {
 			var err error