From 285b5f7f5228a81f9c2f402a094609f1e1b8ef22 Mon Sep 17 00:00:00 2001
From: Thomas Kosiewski <thomas.kosiewski@loft.sh>
Date: Tue, 26 Mar 2024 14:09:49 +0100
Subject: [PATCH] feat(k8s): Added Kubernetes ConfigMap storage backend

---
 file.go           |   2 +
 go.mod            |  37 +++++
 go.sum            | 100 ++++++++++++-
 kube-configmap.go | 365 ++++++++++++++++++++++++++++++++++++++++++++++
 prefix.go         |   1 -
 prefix_test.go    |  17 ++-
 testing_test.go   |  70 ++++++++-
 7 files changed, 574 insertions(+), 18 deletions(-)
 create mode 100644 kube-configmap.go

diff --git a/file.go b/file.go
index fceaadb..89995c8 100644
--- a/file.go
+++ b/file.go
@@ -185,6 +185,7 @@ func (f *file) persist(ctx context.Context) (err error) {
 	f.modTime = f.getModTime()
 	return err
 }
+
 func (f *file) Name() string {
 	return "file"
 }
@@ -258,6 +259,7 @@ func (f *file) UpdatePrefix(ctx context.Context, prefix Prefix, namespace string
 	}
 	return p, f.persist(ctx)
 }
+
 func (f *file) DeletePrefix(ctx context.Context, prefix Prefix, namespace string) (p Prefix, err error) {
 	f.lock.Lock()
 	defer f.lock.Unlock()
diff --git a/go.mod b/go.mod
index 0f270be..6111ff9 100644
--- a/go.mod
+++ b/go.mod
@@ -25,6 +25,9 @@ require (
 	golang.org/x/net v0.26.0
 	golang.org/x/sync v0.7.0
 	google.golang.org/protobuf v1.34.1
+	k8s.io/api v0.30.1
+	k8s.io/apimachinery v0.30.1
+	sigs.k8s.io/controller-runtime v0.18.4
 )
 
 require (
@@ -48,24 +51,42 @@ require (
 	github.com/docker/docker v26.1.3+incompatible // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
+	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.17.8 // indirect
 	github.com/lufia/plan9stats v0.0.0-20240513124658-fba389f38bae // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/patternmatcher v0.6.0 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/sys/user v0.1.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/montanaflynn/stats v0.7.1 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
@@ -78,6 +99,7 @@ require (
 	github.com/shirou/gopsutil/v3 v3.24.5 // indirect
 	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/tklauser/go-sysconf v0.3.14 // indirect
 	github.com/tklauser/numcpus v0.8.0 // indirect
 	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
@@ -96,10 +118,25 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.24.0 // indirect
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
+	golang.org/x/oauth2 v0.19.0 // indirect
 	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/term v0.21.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect
 	google.golang.org/grpc v1.64.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/apiextensions-apiserver v0.30.1 // indirect
+	k8s.io/client-go v0.30.1 // indirect
+	k8s.io/klog/v2 v2.120.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )
diff --git a/go.sum b/go.sum
index cff9f64..d529249 100644
--- a/go.sum
+++ b/go.sum
@@ -44,6 +44,7 @@ github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoY
 github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -59,42 +60,79 @@ github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj
 github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
+github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
+github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
+github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
+github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
 github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
+github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
+github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
+github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
+github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
+github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
 github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
+github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
+github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
+github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
 github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
 github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/klauspost/connect-compress/v2 v2.0.0 h1:L7TVsLa6Oo9Hkkb6r3DwSrhBbcWlXjneqBj7fCRXviU=
 github.com/klauspost/connect-compress/v2 v2.0.0/go.mod h1:604CD9JSAjGqtVzCM4SRgM/9TFTkWBcp+2wlQfGyJ6c=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
@@ -103,6 +141,8 @@ github.com/lufia/plan9stats v0.0.0-20240513124658-fba389f38bae h1:dIZY4ULFcto4tA
 github.com/lufia/plan9stats v0.0.0-20240513124658-fba389f38bae/go.mod h1:ilwx/Dta8jXAgpFYFvSWEMwxmbWXyiUHkd5FwyKhb5k=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/metal-stack/v v1.0.3 h1:Sh2oBlnxrCUD+mVpzfC8HiqL045YWkxs0gpTvkjppqs=
@@ -117,10 +157,21 @@ github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg=
 github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU=
 github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
 github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/montanaflynn/stats v0.7.1 h1:etflOAAHORrCC44V+aR6Ftzort912ZU+YLiSTuV8eaE=
 github.com/montanaflynn/stats v0.7.1/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
+github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
+github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
+github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
@@ -135,8 +186,6 @@ github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQ
 github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
 github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
-github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE=
-github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U=
 github.com/prometheus/common v0.54.0 h1:ZlZy0BgJhTwVZUn7dLOkwCZHUkrAqd3WYtcFCWnM1D8=
 github.com/prometheus/common v0.54.0/go.mod h1:/TQgMJP5CuVYveyT7n/0Ix8yLNNXy9yRSkhnLTHPDIQ=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
@@ -155,8 +204,16 @@ github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU=
 github.com/shoenig/test v0.6.4/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/testcontainers/testcontainers-go v0.31.0 h1:W0VwIhcEVhRflwL9as3dhY6jXjVCA27AkmbnZ+UTh3U=
@@ -224,6 +281,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
 golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
@@ -235,6 +294,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
 golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg=
+golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -272,16 +333,16 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw=
-google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU=
+gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
+gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
 google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU=
 google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 h1:Zy9XzmMEflZ/MAaA7vNcoebnRAld7FsPW1EeBB7V0m8=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
 google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
@@ -291,8 +352,35 @@ google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHh
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
 gotest.tools/v3 v3.5.0/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
+k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY=
+k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM=
+k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws=
+k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4=
+k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U=
+k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
+k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q=
+k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc=
+k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
+k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw=
+sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/kube-configmap.go b/kube-configmap.go
new file mode 100644
index 0000000..29e059f
--- /dev/null
+++ b/kube-configmap.go
@@ -0,0 +1,365 @@
+package ipam
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"sync"
+
+	corev1 "k8s.io/api/core/v1"
+	kerrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+type kubeConfigMap struct {
+	client       client.Client
+	configMapKey types.NamespacedName
+	lock         sync.Mutex
+}
+
+func NewKubeConfigMap(ctx context.Context, client client.Client, namespacedName types.NamespacedName) (Storage, error) {
+	kcm := &kubeConfigMap{
+		client:       client,
+		configMapKey: namespacedName,
+	}
+
+	if err := kcm.CreateNamespace(ctx, defaultNamespace); err != nil {
+		return nil, fmt.Errorf("failed to create namespace: %w", err)
+	}
+
+	return kcm, nil
+}
+
+// loadConfigMap loads the configmap from the kubernetes API.
+// If the configmap does not exist, it returns an empty configmap
+// with the correct name and namespace.
+func (k *kubeConfigMap) loadConfigMap(ctx context.Context) (corev1.ConfigMap, error) {
+	cm := corev1.ConfigMap{}
+
+	if err := k.client.Get(ctx, k.configMapKey, &cm); err != nil {
+		if kerrors.IsNotFound(err) {
+			cm.Name = k.configMapKey.Name
+			cm.Namespace = k.configMapKey.Namespace
+		} else {
+			return cm, fmt.Errorf("get configmap: %w", err)
+		}
+	}
+
+	if cm.Data == nil {
+		cm.Data = make(map[string]string)
+	}
+
+	return cm, nil
+}
+
+// storeConfigMap stores the configmap in the kubernetes API.
+// If the configmap does not exist, it creates it.
+func (k *kubeConfigMap) storeConfigMap(ctx context.Context, cm *corev1.ConfigMap) error {
+	if err := k.client.Update(ctx, cm); err != nil {
+		if kerrors.IsNotFound(err) {
+			if err := k.client.Create(ctx, cm); err != nil {
+				return fmt.Errorf("create configmap: %w", err)
+			}
+		} else {
+			return fmt.Errorf("update configmap: %w", err)
+		}
+	}
+
+	return nil
+}
+
+func (k *kubeConfigMap) checkIpamNamespaceExists(cm *corev1.ConfigMap, namespace string) error {
+	if cm.Data == nil {
+		cm.Data = make(map[string]string)
+	}
+
+	for key := range cm.Data {
+		if key == namespace {
+			return nil
+		}
+	}
+
+	return ErrNamespaceDoesNotExist
+}
+
+// CreateNamespace implements Storage.
+func (k *kubeConfigMap) CreateNamespace(ctx context.Context, namespace string) error {
+	k.lock.Lock()
+	defer k.lock.Unlock()
+
+	cm, err := k.loadConfigMap(ctx)
+	if err != nil {
+		return fmt.Errorf("load configmap: %w", err)
+	}
+
+	if _, ok := cm.Data[namespace]; ok {
+		return nil
+	}
+
+	cm.Data[namespace] = "{}"
+
+	if err := k.storeConfigMap(ctx, &cm); err != nil {
+		return fmt.Errorf("store configmap: %w", err)
+	}
+
+	return nil
+}
+
+// CreatePrefix implements Storage.
+func (k *kubeConfigMap) CreatePrefix(ctx context.Context, prefix Prefix, namespace string) (Prefix, error) {
+	k.lock.Lock()
+	defer k.lock.Unlock()
+
+	cm, err := k.loadConfigMap(ctx)
+	if err != nil {
+		return Prefix{}, fmt.Errorf("load configmap: %w", err)
+	}
+
+	if err := k.checkIpamNamespaceExists(&cm, namespace); err != nil {
+		return Prefix{}, fmt.Errorf("check ipam namespace exists: %w", err)
+	}
+
+	prefixMap := make(map[string]prefixJSON)
+	if err := json.Unmarshal([]byte(cm.Data[namespace]), &prefixMap); err != nil {
+		return Prefix{}, fmt.Errorf("unmarshal namespace: %w", err)
+	}
+
+	if _, ok := prefixMap[prefix.Cidr]; ok {
+		return Prefix{}, ErrAlreadyAllocated
+	}
+
+	prefixMap[prefix.Cidr] = prefix.toPrefixJSON()
+
+	marshalledPrefixes, err := json.Marshal(prefixMap)
+	if err != nil {
+		return Prefix{}, fmt.Errorf("marshal namespace: %w", err)
+	}
+
+	cm.Data[namespace] = string(marshalledPrefixes)
+
+	if err := k.storeConfigMap(ctx, &cm); err != nil {
+		return Prefix{}, fmt.Errorf("store configmap: %w", err)
+	}
+
+	return prefix, nil
+}
+
+// DeleteAllPrefixes implements Storage.
+func (k *kubeConfigMap) DeleteAllPrefixes(ctx context.Context, namespace string) error {
+	k.lock.Lock()
+	defer k.lock.Unlock()
+
+	cm, err := k.loadConfigMap(ctx)
+	if err != nil {
+		return fmt.Errorf("load configmap: %w", err)
+	}
+
+	if err := k.checkIpamNamespaceExists(&cm, namespace); err != nil {
+		return fmt.Errorf("check ipam namespace exists: %w", err)
+	}
+
+	cm.Data[namespace] = "{}"
+
+	if err := k.storeConfigMap(ctx, &cm); err != nil {
+		return fmt.Errorf("store configmap: %w", err)
+	}
+
+	return nil
+}
+
+// DeleteNamespace implements Storage.
+func (k *kubeConfigMap) DeleteNamespace(ctx context.Context, namespace string) error {
+	k.lock.Lock()
+	defer k.lock.Unlock()
+
+	cm, err := k.loadConfigMap(ctx)
+	if err != nil {
+		return fmt.Errorf("load configmap: %w", err)
+	}
+
+	delete(cm.Data, namespace)
+
+	if err := k.storeConfigMap(ctx, &cm); err != nil {
+		return fmt.Errorf("store configmap: %w", err)
+	}
+
+	return nil
+}
+
+// DeletePrefix implements Storage.
+func (k *kubeConfigMap) DeletePrefix(ctx context.Context, prefix Prefix, namespace string) (Prefix, error) {
+	k.lock.Lock()
+	defer k.lock.Unlock()
+
+	cm, err := k.loadConfigMap(ctx)
+	if err != nil {
+		return Prefix{}, fmt.Errorf("load configmap: %w", err)
+	}
+
+	if err := k.checkIpamNamespaceExists(&cm, namespace); err != nil {
+		return Prefix{}, fmt.Errorf("check ipam namespace exists: %w", err)
+	}
+
+	prefixMap := make(map[string]Prefix)
+	if err := json.Unmarshal([]byte(cm.Data[namespace]), &prefixMap); err != nil {
+		return Prefix{}, fmt.Errorf("unmarshal namespace: %w", err)
+	}
+
+	if _, ok := prefixMap[prefix.Cidr]; !ok {
+		return Prefix{}, ErrNotFound
+	}
+
+	delete(prefixMap, prefix.Cidr)
+
+	marshalledPrefixes, err := json.Marshal(prefixMap)
+	if err != nil {
+		return Prefix{}, fmt.Errorf("marshal namespace: %w", err)
+	}
+
+	cm.Data[namespace] = string(marshalledPrefixes)
+
+	if err := k.storeConfigMap(ctx, &cm); err != nil {
+		return Prefix{}, fmt.Errorf("store configmap: %w", err)
+	}
+
+	return prefix, nil
+}
+
+// ListNamespaces implements Storage.
+func (k *kubeConfigMap) ListNamespaces(ctx context.Context) ([]string, error) {
+	k.lock.Lock()
+	defer k.lock.Unlock()
+
+	cm, err := k.loadConfigMap(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("load configmap: %w", err)
+	}
+
+	namespaces := make([]string, 0, len(cm.Data))
+	for namespace := range cm.Data {
+		namespaces = append(namespaces, namespace)
+	}
+
+	return namespaces, nil
+}
+
+// Name implements Storage.
+func (k *kubeConfigMap) Name() string {
+	return "kube-configmap"
+}
+
+// ReadAllPrefixCidrs implements Storage.
+func (k *kubeConfigMap) ReadAllPrefixCidrs(ctx context.Context, namespace string) ([]string, error) {
+	prefixes, err := k.ReadAllPrefixes(ctx, namespace)
+	if err != nil {
+		return nil, fmt.Errorf("read all prefixes: %w", err)
+	}
+
+	cidrs := make([]string, 0, len(prefixes))
+	for _, prefix := range prefixes {
+		cidrs = append(cidrs, prefix.Cidr)
+	}
+
+	return cidrs, nil
+}
+
+// ReadAllPrefixes implements Storage.
+func (k *kubeConfigMap) ReadAllPrefixes(ctx context.Context, namespace string) (Prefixes, error) {
+	k.lock.Lock()
+	defer k.lock.Unlock()
+
+	cm, err := k.loadConfigMap(ctx)
+	if err != nil {
+		return Prefixes{}, fmt.Errorf("load configmap: %w", err)
+	}
+
+	if err := k.checkIpamNamespaceExists(&cm, namespace); err != nil {
+		return Prefixes{}, fmt.Errorf("check ipam namespace exists: %w", err)
+	}
+
+	prefixMap := make(map[string]prefixJSON)
+	if err := json.Unmarshal([]byte(cm.Data[namespace]), &prefixMap); err != nil {
+		return Prefixes{}, fmt.Errorf("unmarshal namespace: %w", err)
+	}
+
+	prefixes := make(Prefixes, 0)
+	for _, pfx := range prefixMap {
+		prefixes = append(prefixes, pfx.toPrefix())
+	}
+
+	return prefixes, nil
+}
+
+// ReadPrefix implements Storage.
+func (k *kubeConfigMap) ReadPrefix(ctx context.Context, prefix string, namespace string) (Prefix, error) {
+	k.lock.Lock()
+	defer k.lock.Unlock()
+
+	cm, err := k.loadConfigMap(ctx)
+	if err != nil {
+		return Prefix{}, fmt.Errorf("load configmap: %w", err)
+	}
+
+	if err := k.checkIpamNamespaceExists(&cm, namespace); err != nil {
+		return Prefix{}, fmt.Errorf("check ipam namespace exists: %w", err)
+	}
+
+	prefixMap := make(map[string]prefixJSON)
+	if err := json.Unmarshal([]byte(cm.Data[namespace]), &prefixMap); err != nil {
+		return Prefix{}, fmt.Errorf("unmarshal namespace: %w", err)
+	}
+
+	pfx, ok := prefixMap[prefix]
+	if !ok {
+		return Prefix{}, fmt.Errorf("%w: prefix %v not found", ErrNotFound, prefix)
+	}
+
+	return pfx.toPrefix(), nil
+}
+
+// UpdatePrefix implements Storage.
+func (k *kubeConfigMap) UpdatePrefix(ctx context.Context, prefix Prefix, namespace string) (Prefix, error) {
+	k.lock.Lock()
+	defer k.lock.Unlock()
+
+	cm, err := k.loadConfigMap(ctx)
+	if err != nil {
+		return Prefix{}, fmt.Errorf("load configmap: %w", err)
+	}
+
+	if err := k.checkIpamNamespaceExists(&cm, namespace); err != nil {
+		return Prefix{}, fmt.Errorf("check ipam namespace exists: %w", err)
+	}
+
+	prefixMap := make(map[string]prefixJSON)
+	if err := json.Unmarshal([]byte(cm.Data[namespace]), &prefixMap); err != nil {
+		return Prefix{}, fmt.Errorf("unmarshal namespace: %w", err)
+	}
+
+	if _, ok := prefixMap[prefix.Cidr]; !ok {
+		return Prefix{}, ErrNotFound
+	}
+
+	storedPrefix := prefixMap[prefix.Cidr].toPrefix()
+
+	if storedPrefix.version > prefix.version {
+		return Prefix{}, fmt.Errorf("%w: unable to update prefix:%s", ErrOptimisticLockError, prefix.Cidr)
+	}
+
+	prefix.version++
+	prefixMap[prefix.Cidr] = prefix.toPrefixJSON()
+
+	marshalledPrefixes, err := json.Marshal(prefixMap)
+	if err != nil {
+		return Prefix{}, fmt.Errorf("marshal namespace: %w", err)
+	}
+
+	cm.Data[namespace] = string(marshalledPrefixes)
+
+	if err := k.storeConfigMap(ctx, &cm); err != nil {
+		return Prefix{}, fmt.Errorf("store configmap: %w", err)
+	}
+
+	return prefix, nil
+}
diff --git a/prefix.go b/prefix.go
index db41620..242f8bb 100644
--- a/prefix.go
+++ b/prefix.go
@@ -699,7 +699,6 @@ func (p *Prefix) Usage() Usage {
 // with ten attempts and jitter delay ~100ms
 // returns only error of last failed attempt
 func retryOnOptimisticLock(retryableFunc retry.RetryableFunc) error {
-
 	return retry.Do(
 		retryableFunc,
 		retry.RetryIf(func(err error) bool {
diff --git a/prefix_test.go b/prefix_test.go
index 2ed5730..32b79f2 100644
--- a/prefix_test.go
+++ b/prefix_test.go
@@ -219,6 +219,7 @@ func TestIpamer_ReleaseIPFromPrefixIPv6(t *testing.T) {
 		require.Contains(t, err.Error(), "NotFound: unable to find prefix for cidr:1001:0db8:85a3::/120")
 	})
 }
+
 func TestIpamer_AcquireSpecificIP(t *testing.T) {
 	ctx := context.Background()
 	testWithBackends(t, func(t *testing.T, ipam *ipamer) {
@@ -466,7 +467,6 @@ func TestIpamer_AcquireChildPrefixFragmented(t *testing.T) {
 		require.NoError(t, err)
 		require.NotNil(t, c4)
 		require.Equal(t, "192.168.12.0/22", c4.String())
-
 	})
 }
 
@@ -878,9 +878,9 @@ func TestIpamer_AcquireChildPrefixNoDuplicatesUntilFullIPv6(t *testing.T) {
 		s, _ = prefix.availablePrefixes()
 		require.Equal(t, uint64(0), s)
 		require.Equal(t, uint64(256), prefix.acquiredPrefixes())
-
 	})
 }
+
 func TestIpamer_AcquireChildPrefixNoDuplicatesUntilFullIPv4(t *testing.T) {
 	ctx := context.Background()
 
@@ -910,12 +910,10 @@ func TestIpamer_AcquireChildPrefixNoDuplicatesUntilFullIPv4(t *testing.T) {
 		s, _ = prefix.availablePrefixes()
 		require.Equal(t, uint64(0), s)
 		require.Equal(t, uint64(256), prefix.acquiredPrefixes())
-
 	})
 }
 
 func TestPrefix_Availableips(t *testing.T) {
-
 	tests := []struct {
 		name string
 		Cidr string
@@ -1254,7 +1252,8 @@ func TestIpamerAcquireIPv6(t *testing.T) {
 		require.NoError(t, err, "error deleting prefix:%v", err)
 	})
 }
-func TestIpamerAcquireAlreadyAcquiredIPv4(t *testing.T) {
+
+func TestIpamerAcquireAlreadyAquiredIPv4(t *testing.T) {
 	ctx := context.Background()
 
 	testWithBackends(t, func(t *testing.T, ipam *ipamer) {
@@ -1275,7 +1274,8 @@ func TestIpamerAcquireAlreadyAcquiredIPv4(t *testing.T) {
 		require.NoError(t, err)
 	})
 }
-func TestIpamerAcquireAlreadyAcquiredIPv6(t *testing.T) {
+
+func TestIpamerAcquireAlreadyAquiredIPv6(t *testing.T) {
 	ctx := context.Background()
 
 	testWithBackends(t, func(t *testing.T, ipam *ipamer) {
@@ -1296,6 +1296,7 @@ func TestIpamerAcquireAlreadyAcquiredIPv6(t *testing.T) {
 		require.NoError(t, err)
 	})
 }
+
 func TestGetHostAddresses(t *testing.T) {
 	ctx := context.Background()
 	testWithBackends(t, func(t *testing.T, ipam *ipamer) {
@@ -1353,8 +1354,8 @@ func TestGetHostAddressesIPv6(t *testing.T) {
 		require.Nil(t, ip)
 	})
 }
-func TestPrefixDeepCopy(t *testing.T) {
 
+func TestPrefixDeepCopy(t *testing.T) {
 	p1 := &Prefix{
 		Cidr:                   "4.1.1.0/24",
 		ParentCidr:             "4.1.0.0/16",
@@ -1538,6 +1539,7 @@ func Test_ipamer_DumpAndLoad(t *testing.T) {
 		require.Equal(t, prefix, newPrefix)
 	})
 }
+
 func TestIpamer_ReadAllPrefixCidrs(t *testing.T) {
 	ctx := context.Background()
 
@@ -1675,6 +1677,7 @@ func TestNamespaceFromContext(t *testing.T) {
 		})
 	}
 }
+
 func TestAvailablePrefixes(t *testing.T) {
 	testCases := []struct {
 		name                 string
diff --git a/testing_test.go b/testing_test.go
index 212fdbb..09b7deb 100644
--- a/testing_test.go
+++ b/testing_test.go
@@ -12,6 +12,11 @@ import (
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/wait"
 	"go.mongodb.org/mongo-driver/mongo/options"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 )
 
 var (
@@ -187,7 +192,8 @@ func startEtcd() (container testcontainers.Container, s *etcd, err error) {
 		req := testcontainers.ContainerRequest{
 			Image:        "quay.io/coreos/etcd:" + etcdVersion,
 			ExposedPorts: []string{"2379:2379", "2380:2380"},
-			Cmd: []string{"etcd",
+			Cmd: []string{
+				"etcd",
 				"--name", "etcd",
 				"--advertise-client-urls", "http://0.0.0.0:2379",
 				"--initial-advertise-peer-urls", "http://0.0.0.0:2380",
@@ -348,7 +354,6 @@ type docStorage struct {
 func newLocalFileWithCleanup() (*file, error) {
 	ctx := context.Background()
 	fp, err := os.CreateTemp("", "go-ipam-*.json")
-
 	if err != nil {
 		return nil, err
 	}
@@ -380,6 +385,7 @@ func newPostgresWithCleanup() (*extendedSQL, error) {
 
 	return ext, nil
 }
+
 func newCockroachWithCleanup() (*extendedSQL, error) {
 	c, s, err := startCockroach()
 	if err != nil {
@@ -393,6 +399,7 @@ func newCockroachWithCleanup() (*extendedSQL, error) {
 
 	return ext, nil
 }
+
 func newRedisWithCleanup() (*kvStorage, error) {
 	c, r, err := startRedis()
 	if err != nil {
@@ -406,6 +413,7 @@ func newRedisWithCleanup() (*kvStorage, error) {
 
 	return kv, nil
 }
+
 func newEtcdWithCleanup() (*kvEtcdStorage, error) {
 	c, r, err := startEtcd()
 	if err != nil {
@@ -495,6 +503,45 @@ func (ds *docStorage) cleanup() error {
 	return ds.mongodb.DeleteAllPrefixes(context.Background(), defaultNamespace)
 }
 
+type kubeConfigMapWithCleanup struct {
+	Storage
+
+	client client.Client
+	ns     corev1.Namespace
+}
+
+func (k *kubeConfigMapWithCleanup) postCleanup() error {
+	if err := k.client.Delete(context.TODO(), &k.ns); err != nil {
+		return fmt.Errorf("error deleting namespace: %w", err)
+	}
+
+	return nil
+}
+
+func newKubeConfigMapWithCleanup() (kubeConfigMapWithCleanup, error) {
+	client := fake.NewClientBuilder().Build()
+
+	ns := corev1.Namespace{
+		ObjectMeta: ctrl.ObjectMeta{
+			Name: "go-ipam-test",
+		},
+	}
+	if err := client.Create(context.TODO(), &ns); err != nil {
+		return kubeConfigMapWithCleanup{}, fmt.Errorf("error creating namespace: %w", err)
+	}
+
+	storage, err := NewKubeConfigMap(context.Background(), client, types.NamespacedName{
+		Name:      "go-ipam-test",
+		Namespace: ns.Name,
+	})
+
+	return kubeConfigMapWithCleanup{
+		Storage: storage,
+		client:  client,
+		ns:      ns,
+	}, err
+}
+
 type benchMethod func(b *testing.B, ipam *ipamer)
 
 func benchWithBackends(b *testing.B, fn benchMethod) {
@@ -590,8 +637,10 @@ func testWithSQLBackends(t *testing.T, fn sqlTestMethod) {
 	}
 }
 
-type provide func() Storage
-type providesql func() *sql
+type (
+	provide    func() Storage
+	providesql func() *sql
+)
 
 // storageProvider provides different storages
 type storageProvider struct {
@@ -710,5 +759,18 @@ func storageProviders() []storageProvider {
 				return nil
 			},
 		},
+		{
+			name: "Kubernetes-ConfigMap",
+			provide: func() Storage {
+				storage, err := newKubeConfigMapWithCleanup()
+				if err != nil {
+					panic(fmt.Sprintf("failed to create new kube configmap storage, error: %v", err))
+				}
+				return storage
+			},
+			providesql: func() *sql {
+				return nil
+			},
+		},
 	}
 }