Merge pull request #7910 from EduardoVega/7567-podman-configmaps

Enable k8s configmaps as flags for play kube
2020-10-09 06:01:50 -04:00 · 2020-10-09 06:01:50 -04:00 · 953e16f31a
parent db684f970f 39dde9bcb7
commit 953e16f31a
6 changed files with 547 additions and 47 deletions
--- a/cmd/podman/play/kube.go
+++ b/cmd/podman/play/kube.go
@ -60,6 +60,7 @@ func init() {
 		flags.BoolVar(&kubeOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
 		flags.StringVar(&kubeOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
 		flags.StringVar(&kubeOptions.SeccompProfileRoot, "seccomp-profile-root", defaultSeccompRoot, "Directory path for seccomp profiles")
+		flags.StringSliceVar(&kubeOptions.ConfigMaps, "configmap", []string{}, "`Pathname` of a YAML file containing a kubernetes configmap")
 	}
 	_ = flags.MarkHidden("signature-policy")
 }
--- a/docs/source/markdown/podman-play-kube.1.md
+++ b/docs/source/markdown/podman-play-kube.1.md
@ -30,6 +30,12 @@ environment variable. `export REGISTRY_AUTH_FILE=path`
 Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
 Default certificates directory is _/etc/containers/certs.d_. (Not available for remote commands)

+**--configmap**=*path*
+
+Use Kubernetes configmap YAML at path to provide a source for environment variable values within the containers of the pod.
+
+Note: The *--configmap* option can be used multiple times or a comma-separated list of paths can be used to pass multiple Kubernetes configmap YAMLs.
+
 **--creds**

 The [username[:password]] to use to authenticate with the registry if required.
@ -66,6 +72,15 @@ $ podman play kube demo.yml
 52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
 ```

+Provide `configmap-foo.yml` and `configmap-bar.yml` as sources for environment variables within the containers.
+```
+$ podman play kube demo.yml --configmap configmap-foo.yml,configmap-bar.yml
+52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
+
+$ podman play kube demo.yml --configmap configmap-foo.yml --configmap configmap-bar.yml
+52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6
+```
+
 CNI network(s) can be specified as comma-separated list using ``--network``
 ```
 $ podman play kube demo.yml --network cni1,cni2
--- a/pkg/domain/entities/play.go
+++ b/pkg/domain/entities/play.go
@ -24,6 +24,8 @@ type PlayKubeOptions struct {
 	// SeccompProfileRoot - path to a directory containing seccomp
 	// profiles.
 	SeccompProfileRoot string
+	// ConfigMaps - slice of pathnames to kubernetes configmap YAMLs.
+	ConfigMaps []string
 }

 // PlayKubePod represents a single pod and associated containers created by play kube
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@ -311,6 +311,22 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 		ctrRestartPolicy = libpod.RestartPolicyAlways
 	}

+	configMaps := []v1.ConfigMap{}
+	for _, p := range options.ConfigMaps {
+		f, err := os.Open(p)
+		if err != nil {
+			return nil, err
+		}
+		defer f.Close()
+
+		cm, err := readConfigMapFromFile(f)
+		if err != nil {
+			return nil, errors.Wrapf(err, "%q", p)
+		}
+
+		configMaps = append(configMaps, cm)
+	}
+
 	containers := make([]*libpod.Container, 0, len(podYAML.Spec.Containers))
 	for _, container := range podYAML.Spec.Containers {
 		pullPolicy := util.PullImageMissing
@ -334,7 +350,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
 		if err != nil {
 			return nil, err
 		}
-		conf, err := kubeContainerToCreateConfig(ctx, container, newImage, namespaces, volumes, pod.ID(), podName, podInfraID, seccompPaths)
+		conf, err := kubeContainerToCreateConfig(ctx, container, newImage, namespaces, volumes, pod.ID(), podName, podInfraID, configMaps, seccompPaths)
 		if err != nil {
 			return nil, err
 		}
@ -447,7 +463,7 @@ func setupSecurityContext(securityConfig *createconfig.SecurityConfig, userConfi
 }

 // kubeContainerToCreateConfig takes a v1.Container and returns a createconfig describing a container
-func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container, newImage *image.Image, namespaces map[string]string, volumes map[string]string, podID, podName, infraID string, seccompPaths *kubeSeccompPaths) (*createconfig.CreateConfig, error) {
+func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container, newImage *image.Image, namespaces map[string]string, volumes map[string]string, podID, podName, infraID string, configMaps []v1.ConfigMap, seccompPaths *kubeSeccompPaths) (*createconfig.CreateConfig, error) {
 	var (
 		containerConfig createconfig.CreateConfig
 		pidConfig       createconfig.PidConfig
@ -572,8 +588,17 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
 		}
 		envs = imageEnv
 	}
-	for _, e := range containerYAML.Env {
-		envs[e.Name] = e.Value
+	for _, env := range containerYAML.Env {
+		value := envVarValue(env, configMaps)
+
+		envs[env.Name] = value
+	}
+	for _, envFrom := range containerYAML.EnvFrom {
+		cmEnvs := envVarsFromConfigMap(envFrom, configMaps)
+
+		for k, v := range cmEnvs {
+			envs[k] = v
+		}
 	}
 	containerConfig.Env = envs

@ -594,6 +619,62 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
 	return &containerConfig, nil
 }

+// readConfigMapFromFile returns a kubernetes configMap obtained from --configmap flag
+func readConfigMapFromFile(r io.Reader) (v1.ConfigMap, error) {
+	var cm v1.ConfigMap
+
+	content, err := ioutil.ReadAll(r)
+	if err != nil {
+		return cm, errors.Wrapf(err, "unable to read ConfigMap YAML content")
+	}
+
+	if err := yaml.Unmarshal(content, &cm); err != nil {
+		return cm, errors.Wrapf(err, "unable to read YAML as Kube ConfigMap")
+	}
+
+	if cm.Kind != "ConfigMap" {
+		return cm, errors.Errorf("invalid YAML kind: %q. [ConfigMap] is the only supported by --configmap", cm.Kind)
+	}
+
+	return cm, nil
+}
+
+// envVarsFromConfigMap returns all key-value pairs as env vars from a configMap that matches the envFrom setting of a container
+func envVarsFromConfigMap(envFrom v1.EnvFromSource, configMaps []v1.ConfigMap) map[string]string {
+	envs := map[string]string{}
+
+	if envFrom.ConfigMapRef != nil {
+		cmName := envFrom.ConfigMapRef.Name
+
+		for _, c := range configMaps {
+			if cmName == c.Name {
+				envs = c.Data
+				break
+			}
+		}
+	}
+
+	return envs
+}
+
+// envVarValue returns the environment variable value configured within the container's env setting.
+// It gets the value from a configMap if specified, otherwise returns env.Value
+func envVarValue(env v1.EnvVar, configMaps []v1.ConfigMap) string {
+	for _, c := range configMaps {
+		if env.ValueFrom != nil {
+			if env.ValueFrom.ConfigMapKeyRef != nil {
+				if env.ValueFrom.ConfigMapKeyRef.Name == c.Name {
+					if value, ok := c.Data[env.ValueFrom.ConfigMapKeyRef.Key]; ok {
+						return value
+					}
+				}
+			}
+		}
+	}
+
+	return env.Value
+}
+
 // kubeSeccompPaths holds information about a pod YAML's seccomp configuration
 // it holds both container and pod seccomp paths
 type kubeSeccompPaths struct {
--- a/pkg/domain/infra/abi/play_test.go
+++ b/pkg/domain/infra/abi/play_test.go
@ -0,0 +1,254 @@
+package abi
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+var configMapList = []v1.ConfigMap{
+	{
+		TypeMeta: metav1.TypeMeta{
+			Kind: "ConfigMap",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "bar",
+		},
+		Data: map[string]string{
+			"myvar": "bar",
+		},
+	},
+	{
+		TypeMeta: metav1.TypeMeta{
+			Kind: "ConfigMap",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "foo",
+		},
+		Data: map[string]string{
+			"myvar": "foo",
+		},
+	},
+}
+
+func TestReadConfigMapFromFile(t *testing.T) {
+	tests := []struct {
+		name             string
+		configMapContent string
+		expectError      bool
+		expectedErrorMsg string
+		expected         v1.ConfigMap
+	}{
+		{
+			"ValidConfigMap",
+			`
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: foo
+data:
+  myvar: foo
+`,
+			false,
+			"",
+			v1.ConfigMap{
+				TypeMeta: metav1.TypeMeta{
+					Kind:       "ConfigMap",
+					APIVersion: "v1",
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "foo",
+				},
+				Data: map[string]string{
+					"myvar": "foo",
+				},
+			},
+		},
+		{
+			"InvalidYAML",
+			`
+Invalid YAML
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: foo
+data:
+  myvar: foo
+`,
+			true,
+			"unable to read YAML as Kube ConfigMap",
+			v1.ConfigMap{},
+		},
+		{
+			"InvalidKind",
+			`
+apiVersion: v1
+kind: InvalidKind
+metadata:
+  name: foo
+data:
+  myvar: foo
+`,
+			true,
+			"invalid YAML kind",
+			v1.ConfigMap{},
+		},
+	}
+
+	for _, test := range tests {
+		test := test
+		t.Run(test.name, func(t *testing.T) {
+			buf := bytes.NewBufferString(test.configMapContent)
+			cm, err := readConfigMapFromFile(buf)
+
+			if test.expectError {
+				assert.Error(t, err)
+				assert.Contains(t, err.Error(), test.expectedErrorMsg)
+			} else {
+				assert.NoError(t, err)
+				assert.Equal(t, test.expected, cm)
+			}
+		})
+	}
+}
+
+func TestEnvVarsFromConfigMap(t *testing.T) {
+	tests := []struct {
+		name          string
+		envFrom       v1.EnvFromSource
+		configMapList []v1.ConfigMap
+		expected      map[string]string
+	}{
+		{
+			"ConfigMapExists",
+			v1.EnvFromSource{
+				ConfigMapRef: &v1.ConfigMapEnvSource{
+					LocalObjectReference: v1.LocalObjectReference{
+						Name: "foo",
+					},
+				},
+			},
+			configMapList,
+			map[string]string{
+				"myvar": "foo",
+			},
+		},
+		{
+			"ConfigMapDoesNotExist",
+			v1.EnvFromSource{
+				ConfigMapRef: &v1.ConfigMapEnvSource{
+					LocalObjectReference: v1.LocalObjectReference{
+						Name: "doesnotexist",
+					},
+				},
+			},
+			configMapList,
+			map[string]string{},
+		},
+		{
+			"EmptyConfigMapList",
+			v1.EnvFromSource{
+				ConfigMapRef: &v1.ConfigMapEnvSource{
+					LocalObjectReference: v1.LocalObjectReference{
+						Name: "foo",
+					},
+				},
+			},
+			[]v1.ConfigMap{},
+			map[string]string{},
+		},
+	}
+
+	for _, test := range tests {
+		test := test
+		t.Run(test.name, func(t *testing.T) {
+			result := envVarsFromConfigMap(test.envFrom, test.configMapList)
+			assert.Equal(t, test.expected, result)
+		})
+	}
+}
+
+func TestEnvVarValue(t *testing.T) {
+	tests := []struct {
+		name          string
+		envVar        v1.EnvVar
+		configMapList []v1.ConfigMap
+		expected      string
+	}{
+		{
+			"ConfigMapExists",
+			v1.EnvVar{
+				Name: "FOO",
+				ValueFrom: &v1.EnvVarSource{
+					ConfigMapKeyRef: &v1.ConfigMapKeySelector{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: "foo",
+						},
+						Key: "myvar",
+					},
+				},
+			},
+			configMapList,
+			"foo",
+		},
+		{
+			"ContainerKeyDoesNotExistInConfigMap",
+			v1.EnvVar{
+				Name: "FOO",
+				ValueFrom: &v1.EnvVarSource{
+					ConfigMapKeyRef: &v1.ConfigMapKeySelector{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: "foo",
+						},
+						Key: "doesnotexist",
+					},
+				},
+			},
+			configMapList,
+			"",
+		},
+		{
+			"ConfigMapDoesNotExist",
+			v1.EnvVar{
+				Name: "FOO",
+				ValueFrom: &v1.EnvVarSource{
+					ConfigMapKeyRef: &v1.ConfigMapKeySelector{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: "doesnotexist",
+						},
+						Key: "myvar",
+					},
+				},
+			},
+			configMapList,
+			"",
+		},
+		{
+			"EmptyConfigMapList",
+			v1.EnvVar{
+				Name: "FOO",
+				ValueFrom: &v1.EnvVarSource{
+					ConfigMapKeyRef: &v1.ConfigMapKeySelector{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: "foo",
+						},
+						Key: "myvar",
+					},
+				},
+			},
+			[]v1.ConfigMap{},
+			"",
+		},
+	}
+
+	for _, test := range tests {
+		test := test
+		t.Run(test.name, func(t *testing.T) {
+			result := envVarValue(test.envVar, test.configMapList)
+			assert.Equal(t, test.expected, result)
+		})
+	}
+}
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@ -25,6 +25,19 @@ spec:
  hostname: unknown
 `

+var configMapYamlTemplate = `
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Name }}
+data:
+{{ with .Data }}
+  {{ range $key, $value := . }}
+    {{ $key }}: {{ $value }}
+  {{ end }}
+{{ end }}
+`
+
 var podYamlTemplate = `
 apiVersion: v1
 kind: Pod
@ -75,6 +88,26 @@ spec:
    - name: HOSTNAME
    - name: container
      value: podman
+    {{ range .Env }}
+    - name: {{ .Name }}
+    {{ if (eq .ValueFrom "configmap") }}
+      valueFrom:
+        configMapKeyRef:
+          name: {{ .RefName }}
+          key: {{ .RefKey }}
+    {{ else }}
+      value: {{ .Value }}
+    {{ end }}
+    {{ end }}
+    {{ with .EnvFrom}}
+    envFrom:
+    {{ range . }}
+    {{ if (eq .From "configmap") }}
+    - configMapRef:
+        name: {{ .Name }}
+    {{ end }}
+    {{ end }}
+    {{ end }}
    image: {{ .Image }}
    name: {{ .Name }}
    imagePullPolicy: {{ .PullPolicy }}
@ -226,6 +259,7 @@ var (
 	defaultPodName        = "testPod"
 	defaultVolName        = "testVol"
 	defaultDeploymentName = "testDeployment"
+	defaultConfigMapName  = "testConfigMap"
 	seccompPwdEPERM       = []byte(`{"defaultAction":"SCMP_ACT_ALLOW","syscalls":[{"name":"getcwd","action":"SCMP_ACT_ERRNO"}]}`)
 )

@ -244,34 +278,64 @@ func writeYaml(content string, fileName string) error {
 	return nil
 }

-func generatePodKubeYaml(pod *Pod, fileName string) error {
+func generateKubeYaml(kind string, object interface{}, pathname string) error {
+	var yamlTemplate string
 	templateBytes := &bytes.Buffer{}

-	t, err := template.New("pod").Parse(podYamlTemplate)
+	switch kind {
+	case "configmap":
+		yamlTemplate = configMapYamlTemplate
+	case "pod":
+		yamlTemplate = podYamlTemplate
+	case "deployment":
+		yamlTemplate = deploymentYamlTemplate
+	default:
+		return fmt.Errorf("unsupported kubernetes kind")
+	}
+
+	t, err := template.New(kind).Parse(yamlTemplate)
 	if err != nil {
 		return err
 	}

-	if err := t.Execute(templateBytes, pod); err != nil {
+	if err := t.Execute(templateBytes, object); err != nil {
 		return err
 	}

-	return writeYaml(templateBytes.String(), fileName)
+	return writeYaml(templateBytes.String(), pathname)
 }

-func generateDeploymentKubeYaml(deployment *Deployment, fileName string) error {
-	templateBytes := &bytes.Buffer{}
+// ConfigMap describes the options a kube yaml can be configured at configmap level
+type ConfigMap struct {
+	Name string
+	Data map[string]string
+}

-	t, err := template.New("deployment").Parse(deploymentYamlTemplate)
-	if err != nil {
-		return err
+func getConfigMap(options ...configMapOption) *ConfigMap {
+	cm := ConfigMap{
+		Name: defaultConfigMapName,
+		Data: map[string]string{},
 	}

-	if err := t.Execute(templateBytes, deployment); err != nil {
-		return err
+	for _, option := range options {
+		option(&cm)
 	}

-	return writeYaml(templateBytes.String(), fileName)
+	return &cm
+}
+
+type configMapOption func(*ConfigMap)
+
+func withConfigMapName(name string) configMapOption {
+	return func(configmap *ConfigMap) {
+		configmap.Name = name
+	}
+}
+
+func withConfigMapData(k, v string) configMapOption {
+	return func(configmap *ConfigMap) {
+		configmap.Data[k] = v
+	}
 }

 // Pod describes the options a kube yaml can be configured at pod level
@ -450,12 +514,14 @@ type Ctr struct {
 	VolumeMountPath string
 	VolumeName      string
 	VolumeReadOnly  bool
+	Env             []Env
+	EnvFrom         []EnvFrom
 }

 // getCtr takes a list of ctrOptions and returns a Ctr with sane defaults
 // and the configured options
 func getCtr(options ...ctrOption) *Ctr {
-	c := Ctr{defaultCtrName, defaultCtrImage, defaultCtrCmd, defaultCtrArg, true, false, nil, nil, "", "", "", false, "", "", false}
+	c := Ctr{defaultCtrName, defaultCtrImage, defaultCtrCmd, defaultCtrArg, true, false, nil, nil, "", "", "", false, "", "", false, []Env{}, []EnvFrom{}}
 	for _, option := range options {
 		option(&c)
 	}
@ -524,6 +590,31 @@ func withVolumeMount(mountPath string, readonly bool) ctrOption {
 	}
 }

+func withEnv(name, value, valueFrom, refName, refKey string) ctrOption {
+	return func(c *Ctr) {
+		e := Env{
+			Name:      name,
+			Value:     value,
+			ValueFrom: valueFrom,
+			RefName:   refName,
+			RefKey:    refKey,
+		}
+
+		c.Env = append(c.Env, e)
+	}
+}
+
+func withEnvFrom(name, from string) ctrOption {
+	return func(c *Ctr) {
+		e := EnvFrom{
+			Name: name,
+			From: from,
+		}
+
+		c.EnvFrom = append(c.EnvFrom, e)
+	}
+}
+
 func getCtrNameInPod(pod *Pod) string {
 	return fmt.Sprintf("%s-%s", pod.Name, defaultCtrName)
 }
@ -544,6 +635,19 @@ func getVolume(vType, vPath string) *Volume {
 	}
 }

+type Env struct {
+	Name      string
+	Value     string
+	ValueFrom string
+	RefName   string
+	RefKey    string
+}
+
+type EnvFrom struct {
+	Name string
+	From string
+}
+
 var _ = Describe("Podman generate kube", func() {
 	var (
 		tempdir    string
@ -581,7 +685,7 @@ var _ = Describe("Podman generate kube", func() {
 	})

 	It("podman play kube fail with nonexist authfile", func() {
-		err := generatePodKubeYaml(getPod(), kubeYaml)
+		err := generateKubeYaml("pod", getPod(), kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", "--authfile", "/tmp/nonexist", kubeYaml})
@ -592,7 +696,7 @@ var _ = Describe("Podman generate kube", func() {

 	It("podman play kube test correct command", func() {
 		pod := getPod()
-		err := generatePodKubeYaml(pod, kubeYaml)
+		err := generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -609,7 +713,7 @@ var _ = Describe("Podman generate kube", func() {

 	It("podman play kube test correct command with only set command in yaml file", func() {
 		pod := getPod(withCtr(getCtr(withCmd([]string{"echo", "hello"}), withArg(nil))))
-		err := generatePodKubeYaml(pod, kubeYaml)
+		err := generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -626,7 +730,7 @@ var _ = Describe("Podman generate kube", func() {

 	It("podman play kube test correct command with only set args in yaml file", func() {
 		pod := getPod(withCtr(getCtr(withImage(redis), withCmd(nil), withArg([]string{"echo", "hello"}))))
-		err := generatePodKubeYaml(pod, kubeYaml)
+		err := generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -644,7 +748,7 @@ var _ = Describe("Podman generate kube", func() {
 	It("podman play kube test correct output", func() {
 		p := getPod(withCtr(getCtr(withCmd([]string{"echo", "hello"}), withArg([]string{"world"}))))

-		err := generatePodKubeYaml(p, kubeYaml)
+		err := generateKubeYaml("pod", p, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -672,7 +776,7 @@ var _ = Describe("Podman generate kube", func() {
 		}
 		for _, v := range testSli {
 			pod := getPod(withPodName(v[0]), withRestartPolicy(v[1]))
-			err := generatePodKubeYaml(pod, kubeYaml)
+			err := generateKubeYaml("pod", pod, kubeYaml)
 			Expect(err).To(BeNil())

 			kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -686,9 +790,52 @@ var _ = Describe("Podman generate kube", func() {
 		}
 	})

+	It("podman play kube test env value from configmap", func() {
+		SkipIfRemote("configmap list is not supported as a param")
+		cmYamlPathname := filepath.Join(podmanTest.TempDir, "foo-cm.yaml")
+		cm := getConfigMap(withConfigMapName("foo"), withConfigMapData("FOO", "foo"))
+		err := generateKubeYaml("configmap", cm, cmYamlPathname)
+		Expect(err).To(BeNil())
+
+		pod := getPod(withCtr(getCtr(withEnv("FOO", "", "configmap", "foo", "FOO"))))
+		err = generateKubeYaml("pod", pod, kubeYaml)
+		Expect(err).To(BeNil())
+
+		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml, "--configmap", cmYamlPathname})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube.ExitCode()).To(Equal(0))
+
+		inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ .Config.Env }}'"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.ExitCode()).To(Equal(0))
+		Expect(inspect.OutputToString()).To(ContainSubstring(`FOO=foo`))
+	})
+
+	It("podman play kube test get all key-value pairs from configmap as envs", func() {
+		SkipIfRemote("configmap list is not supported as a param")
+		cmYamlPathname := filepath.Join(podmanTest.TempDir, "foo-cm.yaml")
+		cm := getConfigMap(withConfigMapName("foo"), withConfigMapData("FOO1", "foo1"), withConfigMapData("FOO2", "foo2"))
+		err := generateKubeYaml("configmap", cm, cmYamlPathname)
+		Expect(err).To(BeNil())
+
+		pod := getPod(withCtr(getCtr(withEnvFrom("foo", "configmap"))))
+		err = generateKubeYaml("pod", pod, kubeYaml)
+		Expect(err).To(BeNil())
+
+		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml, "--configmap", cmYamlPathname})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube.ExitCode()).To(Equal(0))
+
+		inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ .Config.Env }}'"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.ExitCode()).To(Equal(0))
+		Expect(inspect.OutputToString()).To(ContainSubstring(`FOO1=foo1`))
+		Expect(inspect.OutputToString()).To(ContainSubstring(`FOO2=foo2`))
+	})
+
 	It("podman play kube test hostname", func() {
 		pod := getPod()
-		err := generatePodKubeYaml(pod, kubeYaml)
+		err := generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -704,7 +851,7 @@ var _ = Describe("Podman generate kube", func() {
 	It("podman play kube test with customized hostname", func() {
 		hostname := "myhostname"
 		pod := getPod(withHostname(hostname))
-		err := generatePodKubeYaml(getPod(withHostname(hostname)), kubeYaml)
+		err := generateKubeYaml("pod", getPod(withHostname(hostname)), kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -727,7 +874,7 @@ var _ = Describe("Podman generate kube", func() {
 				"test4.podman.io",
 			}),
 		)
-		err := generatePodKubeYaml(pod, kubeYaml)
+		err := generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -746,7 +893,7 @@ var _ = Describe("Podman generate kube", func() {
 		ctr := getCtr(withCapAdd([]string{capAdd}), withCmd([]string{"cat", "/proc/self/status"}), withArg(nil))

 		pod := getPod(withCtr(ctr))
-		err := generatePodKubeYaml(pod, kubeYaml)
+		err := generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -764,7 +911,7 @@ var _ = Describe("Podman generate kube", func() {
 		ctr := getCtr(withCapDrop([]string{capDrop}))

 		pod := getPod(withCtr(ctr))
-		err := generatePodKubeYaml(pod, kubeYaml)
+		err := generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -780,7 +927,7 @@ var _ = Describe("Podman generate kube", func() {
 	It("podman play kube no security context", func() {
 		// expect play kube to not fail if no security context is specified
 		pod := getPod(withCtr(getCtr(withSecurityContext(false))))
-		err := generatePodKubeYaml(pod, kubeYaml)
+		err := generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -805,7 +952,7 @@ var _ = Describe("Podman generate kube", func() {
 		ctr := getCtr(withCmd([]string{"pwd"}), withArg(nil))

 		pod := getPod(withCtr(ctr), withAnnotation(ctrAnnotation, "localhost/"+filepath.Base(jsonFile)))
-		err = generatePodKubeYaml(pod, kubeYaml)
+		err = generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		// CreateSeccompJson will put the profile into podmanTest.TempDir. Use --seccomp-profile-root to tell play kube where to look
@ -832,7 +979,7 @@ var _ = Describe("Podman generate kube", func() {
 		ctr := getCtr(withCmd([]string{"pwd"}), withArg(nil))

 		pod := getPod(withCtr(ctr), withAnnotation("seccomp.security.alpha.kubernetes.io/pod", "localhost/"+filepath.Base(jsonFile)))
-		err = generatePodKubeYaml(pod, kubeYaml)
+		err = generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		// CreateSeccompJson will put the profile into podmanTest.TempDir. Use --seccomp-profile-root to tell play kube where to look
@ -848,7 +995,7 @@ var _ = Describe("Podman generate kube", func() {

 	It("podman play kube with pull policy of never should be 125", func() {
 		ctr := getCtr(withPullPolicy("never"), withImage(BB_GLIBC))
-		err := generatePodKubeYaml(getPod(withCtr(ctr)), kubeYaml)
+		err := generateKubeYaml("pod", getPod(withCtr(ctr)), kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -858,7 +1005,7 @@ var _ = Describe("Podman generate kube", func() {

 	It("podman play kube with pull policy of missing", func() {
 		ctr := getCtr(withPullPolicy("missing"), withImage(BB))
-		err := generatePodKubeYaml(getPod(withCtr(ctr)), kubeYaml)
+		err := generateKubeYaml("pod", getPod(withCtr(ctr)), kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -884,7 +1031,7 @@ var _ = Describe("Podman generate kube", func() {
 		oldBBinspect := inspect.InspectImageJSON()

 		ctr := getCtr(withPullPolicy("always"), withImage(BB))
-		err := generatePodKubeYaml(getPod(withCtr(ctr)), kubeYaml)
+		err := generateKubeYaml("pod", getPod(withCtr(ctr)), kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -915,7 +1062,7 @@ var _ = Describe("Podman generate kube", func() {
 		oldBBinspect := inspect.InspectImageJSON()

 		ctr := getCtr(withImage(BB))
-		err := generatePodKubeYaml(getPod(withCtr(ctr)), kubeYaml)
+		err := generateKubeYaml("pod", getPod(withCtr(ctr)), kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -973,7 +1120,7 @@ spec:
 	// Deployment related tests
 	It("podman play kube deployment 1 replica test correct command", func() {
 		deployment := getDeployment()
-		err := generateDeploymentKubeYaml(deployment, kubeYaml)
+		err := generateKubeYaml("deployment", deployment, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -993,7 +1140,7 @@ spec:
 		var i, numReplicas int32
 		numReplicas = 5
 		deployment := getDeployment(withReplicas(numReplicas))
-		err := generateDeploymentKubeYaml(deployment, kubeYaml)
+		err := generateKubeYaml("deployment", deployment, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -1016,7 +1163,7 @@ spec:
 		ctr := getCtr(withHostIP(ip, port), withImage(BB))

 		pod := getPod(withCtr(ctr))
-		err := generatePodKubeYaml(pod, kubeYaml)
+		err := generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -1033,7 +1180,7 @@ spec:
 		hostPathLocation := filepath.Join(tempdir, "file")

 		pod := getPod(withVolume(getVolume(`""`, hostPathLocation)))
-		err := generatePodKubeYaml(pod, kubeYaml)
+		err := generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -1048,7 +1195,7 @@ spec:
 		f.Close()

 		pod := getPod(withVolume(getVolume(`""`, hostPathLocation)))
-		err = generatePodKubeYaml(pod, kubeYaml)
+		err = generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -1060,7 +1207,7 @@ spec:
 		hostPathLocation := filepath.Join(tempdir, "file")

 		pod := getPod(withVolume(getVolume("File", hostPathLocation)))
-		err := generatePodKubeYaml(pod, kubeYaml)
+		err := generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -1075,7 +1222,7 @@ spec:
 		f.Close()

 		pod := getPod(withVolume(getVolume("File", hostPathLocation)))
-		err = generatePodKubeYaml(pod, kubeYaml)
+		err = generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -1087,7 +1234,7 @@ spec:
 		hostPathLocation := filepath.Join(tempdir, "file")

 		pod := getPod(withVolume(getVolume("FileOrCreate", hostPathLocation)))
-		err := generatePodKubeYaml(pod, kubeYaml)
+		err := generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -1103,7 +1250,7 @@ spec:
 		hostPathLocation := filepath.Join(tempdir, "file")

 		pod := getPod(withVolume(getVolume("DirectoryOrCreate", hostPathLocation)))
-		err := generatePodKubeYaml(pod, kubeYaml)
+		err := generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -1123,7 +1270,7 @@ spec:
 		f.Close()

 		pod := getPod(withVolume(getVolume("Socket", hostPathLocation)))
-		err = generatePodKubeYaml(pod, kubeYaml)
+		err = generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -1139,7 +1286,7 @@ spec:

 		ctr := getCtr(withVolumeMount(hostPathLocation, true), withImage(BB))
 		pod := getPod(withVolume(getVolume("File", hostPathLocation)), withCtr(ctr))
-		err = generatePodKubeYaml(pod, kubeYaml)
+		err = generateKubeYaml("pod", pod, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
@ -1162,7 +1309,7 @@ spec:
 			withReplicas(numReplicas),
 			withPod(getPod(withLabel(expectedLabelKey, expectedLabelValue))),
 		)
-		err := generateDeploymentKubeYaml(deployment, kubeYaml)
+		err := generateKubeYaml("deployment", deployment, kubeYaml)
 		Expect(err).To(BeNil())

 		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})