`kustomize` should leave all ConfigMap values as quoted strings, since no other type is legal.

[spkane]

What happened?

We have a YAML string in a ConfigMap that contains a variable (e.g. ${TEST}) which will be replaced with a string AFTER running kustomize --build .

The problem is that the quotes are removed from the string by kustomize and then if that variable is replaced with something like true, the ConfigMap will be invalid since true is interpreted as a boolean value instead of a string and that is not allowed in a ConfigMap.

What did you expect to happen?

I expect kustomize to leave a quoted string quoted.

How can we reproduce it (as minimally and precisely as possible)?

# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - "configmap.yaml"

# resources.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: test-object
data:
  pci: '${TEST}'

Expected output

apiVersion: v1
data:
  pci: '${TEST}'
kind: ConfigMap
metadata:
  name: test-object

Actual output

apiVersion: v1
data:
  pci: ${TEST}
kind: ConfigMap
metadata:
  name: test-object

• Note the missing quotes. If that variable is then templated with a boolean or integer, this is a significant problem.

Kustomize version

v5.3.0

Operating system

MacOS

[spkane]

Potentially related to: https://github.com/kubernetes-sigs/kustomize/issues/5124

[spkane]

cc/ @akbar-mohammad @sibucan

[sibucan]

This problem kinda sucks because the original YAML will have quotes that are not preserved between the conversion of kustomize template->JSON->YAML, and if we desire to keep them, there's no way to indicate to kustomize that they shouldn't be removed. Suppose we start with this YAML kustomize template:

apiVersion: v1
kind: ConfigMap
data:
  test1: "${TEMPLATE_VAR1}"
  test2: "{TEMPLATE_VAR2}"
  test3: "true"
  test4: "test4"
metadata:
  name: config

When executing kustomize build, it'll read the kustomization.yaml file and render the manifest. I've narrowed the path down to the JSONToYAML() function used by the build command here: https://github.com/kubernetes-sigs/kustomize/blob/33caee50cb25954e1889cea30e3a5b6283e0bfef/api/resource/resource.go#L371

This function is supposed to take a JSON byte array and turns it into valid YAML:

JSON:

{"apiVersion":"v1","data":{"test1":"${TEMPLATE_VAR1}","test2":"{TEMPLATE_VAR2}","test3":"true","test4":"test4"},"kind":"ConfigMap","metadata":{"name":"config"}}

FINAL RESULT

apiVersion: v1
data:
  test1: ${TEMPLATE_VAR1}
  test2: '{TEMPLATE_VAR2}'
  test3: "true"
  test4: test4
kind: ConfigMap
metadata:
  name: config

My assumption is that any string that isn’t already a valid JSON type (such as a sub structure with {} or a boolean true) gets its quotes stripped (You can test the code out in this playground link: https://go.dev/play/p/rFUUlFjPk5f):

[stormqueen1990]

This may be related to #5432 /assign

[spkane]

Our investigation suggests that the YAML parser is doing the right thing, but the fact that quotes are removed when we explicitly need them, and there appears to be no way to force them to be kept, is very problematic in our use case.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[stormqueen1990]

/remove-lifecycle stale /lifecycle frozen

[stormqueen1990]

/triage accepted