[release-4.20] OCPBUGS-74177: lib/resourcemerge/core: Reconcile ConfigMap binaryData too

[openshift-cherrypick-robot]

This is an automated cherry-pick of #1295

/assign openshift-cherrypick-robot

[openshift-ci-robot]

@openshift-cherrypick-robot: Jira Issue OCPBUGS-74009 has been cloned as Jira Issue OCPBUGS-74177. Will retitle bug to link to clone.
/retitle [release-4.20] OCPBUGS-74177: lib/resourcemerge/core: Reconcile ConfigMap binaryData too

Details

In response to this:

This is an automated cherry-pick of #1295

/assign openshift-cherrypick-robot

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (1)

• do-not-merge/work-in-progress

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 28ab1161-42d5-468c-a86f-fe1a83225e8a

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@openshift-cherrypick-robot: This pull request references Jira Issue OCPBUGS-74177, which is invalid:

• expected dependent Jira Issue OCPBUGS-74009 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is MODIFIED instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

This is an automated cherry-pick of #1295

/assign openshift-cherrypick-robot

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[damdo]

/assign @hongkailiu @wking

[damdo]

/lgtm

[jiajliu]

1. Verify CVO can reconcile binaryData configmap

// Check original value of binaryData.components-zstd
# ./oc -n openshift-cluster-api get configmap aws -ojson|jq -r '.binaryData."components-zstd"' > original

// Manually patch binaryData to a different value
# ./oc -n openshift-cluster-api patch configmap aws --type json -p '[{"op": "add", "path": "/binaryData/components-zstd", "value": "dGVzdGluZwo="}]'
configmap/aws patched
# ./oc -n openshift-cluster-api get configmap aws -ojson|jq -r '.binaryData."components-zstd"'
dGVzdGluZwo=

//Wait for 3min and check CVO restored the original value
# ./oc -n openshift-cluster-api get configmap aws -ojson|jq -r '.binaryData."components-zstd"' > new
# diff original new
#

2. Verify CVO can update binaryData when upgrade the cluster without the fix to the version with the fix

//Start with 4.20.1 cluster
# ./oc -n openshift-cluster-api get configmap aws -ojson|jq -r '.binaryData."components-zstd"' > 4.20.1_bd

// Upgrade the cluster to 4.20.11, the binaryData was not updated to align with the 4.20.11 manifest(the issue) 
# ./oc -n openshift-cluster-api get configmap aws -ojson|jq -r '.binaryData."components-zstd"' > 4.20.11_bd
# diff 4.20.1_bd 4.20.11_bd
# cat 4.20.11_bd |cut -b -50
KLUv/QRoHBwC2g5KWDOwTIpqDvrxwE7Zsik53iQiaXutSpsNKG 

# yaml2json <4.20.11/0000_30_cluster-api_04_cm.infrastructure-aws.yaml | jq -r '.binaryData["components-zstd"]'|cut -b -50
KLUv/QRoJB0Ceg5GWDOwDKo4B/pjGCSzZVNys0lE0i7SswnPBR <---expected one

// Continue upgrade the cluster to the payload with the fix, check the binaryData updated successfully
# ./oc get clusterversion version -ojson|jq -r '.status.history[]| .image + "|" +.state + "|" + .version'
registry.build10.ci.openshift.org/ci-ln-tnhnfrk/release:latest|Completed|4.20.0-0-2026-01-22-061831-test-ci-ln-tnhnfrk-latest
quay.io/openshift-release-dev/ocp-release@sha256:bbe1ffd9b28cbe6814cb6cecef844733f38aba1a3d400b1bc5aff5865cfe665e|Completed|4.20.11
quay.io/openshift-release-dev/ocp-release@sha256:cbde13fe6ed4db88796be201fbdb2bbb63df5763ae038a9eb20bc793d5740416|Completed|4.20.1

# ./oc -n openshift-cluster-api get configmap aws -ojson|jq -r '.binaryData."components-zstd"' > 4.20.fix_bd
#
# diff 4.20.11_bd 4.20.fix_bd|head -n1
1c1
# cat 4.20.fix_bd| cut -b -50
KLUv/QRoJB0Ceg5GWDOwDKo4B/pjGCSzZVNys0lE0i7SswnPBR

pre-merge test pass.

/verified by @jiajliu

[openshift-ci-robot]

@jiajliu: This PR has been marked as verified by @jiajliu.

Details

In response to this:

1. Verify CVO can reconcile binaryData configmap

// Check original value of binaryData.components-zstd
# ./oc -n openshift-cluster-api get configmap aws -ojson|jq -r '.binaryData."components-zstd"' > original

// Manually patch binaryData to a different value
# ./oc -n openshift-cluster-api patch configmap aws --type json -p '[{"op": "add", "path": "/binaryData/components-zstd", "value": "dGVzdGluZwo="}]'
configmap/aws patched
# ./oc -n openshift-cluster-api get configmap aws -ojson|jq -r '.binaryData."components-zstd"'
dGVzdGluZwo=

//Wait for 3min and check CVO restored the original value
# ./oc -n openshift-cluster-api get configmap aws -ojson|jq -r '.binaryData."components-zstd"' > new
# diff original new
#

2. Verify CVO can update binaryData when upgrade the cluster without the fix to the version with the fix

//Start with 4.20.1 cluster
# ./oc -n openshift-cluster-api get configmap aws -ojson|jq -r '.binaryData."components-zstd"' > 4.20.1_bd

// Upgrade the cluster to 4.20.11, the binaryData was not updated to align with the 4.20.11 manifest(the issue) 
# ./oc -n openshift-cluster-api get configmap aws -ojson|jq -r '.binaryData."components-zstd"' > 4.20.11_bd
# diff 4.20.1_bd 4.20.11_bd
# cat 4.20.11_bd |cut -b -50
KLUv/QRoHBwC2g5KWDOwTIpqDvrxwE7Zsik53iQiaXutSpsNKG 

# yaml2json <4.20.11/0000_30_cluster-api_04_cm.infrastructure-aws.yaml | jq -r '.binaryData["components-zstd"]'|cut -b -50
KLUv/QRoJB0Ceg5GWDOwDKo4B/pjGCSzZVNys0lE0i7SswnPBR <---expected one

// Continue upgrade the cluster to the payload with the fix, check the binaryData updated successfully
# ./oc get clusterversion version -ojson|jq -r '.status.history[]| .image + "|" +.state + "|" + .version'
registry.build10.ci.openshift.org/ci-ln-tnhnfrk/release:latest|Completed|4.20.0-0-2026-01-22-061831-test-ci-ln-tnhnfrk-latest
quay.io/openshift-release-dev/ocp-release@sha256:bbe1ffd9b28cbe6814cb6cecef844733f38aba1a3d400b1bc5aff5865cfe665e|Completed|4.20.11
quay.io/openshift-release-dev/ocp-release@sha256:cbde13fe6ed4db88796be201fbdb2bbb63df5763ae038a9eb20bc793d5740416|Completed|4.20.1

# ./oc -n openshift-cluster-api get configmap aws -ojson|jq -r '.binaryData."components-zstd"' > 4.20.fix_bd
#
# diff 4.20.11_bd 4.20.fix_bd|head -n1
1c1
# cat 4.20.fix_bd| cut -b -50
KLUv/QRoJB0Ceg5GWDOwDKo4B/pjGCSzZVNys0lE0i7SswnPBR

pre-merge test pass.

/verified by @jiajliu

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[damdo]

Thanks @jiajliu

Looks like we'll need approved, backport-risk-assessed from @hongkailiu or @wking

[damdo]

/assign @hongkailiu @wking

[wking]

/lgtm
/jira-refresh
/label backport-risk-assessed
/verified by #1303 (comment)

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: damdo, openshift-cherrypick-robot, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [wking]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[wking]

/jira-refresh

[wking]

/jira refresh

[openshift-ci-robot]

@wking: This pull request references Jira Issue OCPBUGS-74177, which is valid. The bug has been moved to the POST state.

7 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.20.z) matches configured target version for branch (4.20.z)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
• release note type set to "Release Note Not Required"
• dependent bug Jira Issue OCPBUGS-74009 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-74009 targets the "4.21.0" version, which is one of the valid target versions: 4.21.0, 4.21.z
• bug has dependents

Requesting review from QA contact:
/cc @jiajliu

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@openshift-ci-robot: GitHub didn't allow me to request PR reviews from the following users: jiajliu.

Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs.

Details

In response to this:

@wking: This pull request references Jira Issue OCPBUGS-74177, which is valid. The bug has been moved to the POST state.

7 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.20.z) matches configured target version for branch (4.20.z)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
• release note type set to "Release Note Not Required"
• dependent bug Jira Issue OCPBUGS-74009 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-74009 targets the "4.21.0" version, which is one of the valid target versions: 4.21.0, 4.21.z
• bug has dependents

Requesting review from QA contact:
/cc @jiajliu

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 3ef3dcb and 2 for PR HEAD 79e0104 in total

[openshift-ci]

@openshift-cherrypick-robot: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci-robot]

@openshift-cherrypick-robot: Jira Issue Verification Checks: Jira Issue OCPBUGS-74177
✔️ This pull request was pre-merge verified.
✔️ All associated pull requests have merged.
✔️ All associated, merged pull requests were pre-merge verified.

Jira Issue OCPBUGS-74177 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓

Details

In response to this:

This is an automated cherry-pick of #1295

/assign openshift-cherrypick-robot

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.