将服务帐户修补到 k8s 中的角色绑定无法正常工作
Patch service account to rolebinding in k8s dosen't work correctly
我试图将服务帐户修补到角色绑定,但是当我 运行 命令修补时,它替换了角色绑定 yml 中的整个主题字段。在这里,我展示了我为预期输出执行的现有配置和命令
补丁命令:
kubectl patch rolebinding test-team-binding --patch "$(cat patch-file.yml)"
补丁-file.yml:
subjects:
- kind: ServiceAccount
name: user3
namespace: test-namespace
rolebinding.yml:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: "2020-09-08T11:24:54Z"
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:roleRef:
f:apiGroup: {}
f:kind: {}
f:name: {}
f:subjects: {}
manager: kubectl
operation: Update
time: "2020-10-06T07:37:58Z"
name: test-team-binding
namespace: test-namespace
resourceVersion: "45697451"
selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/test-namespace/rolebindings/test-team-binding
uid: b602b333-4ee8-4601-8c75-f3707bb19d68
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: test-team
subjects:
- kind: ServiceAccount
name: user1
namespace: test-namespace
- kind: ServiceAccount
name: user2
namespace: test-namespace
预期输出:
subjects:
- kind: ServiceAccount
name: user1
namespace: test-namespace
- kind: ServiceAccount
name: user2
namespace: test-namespace
- kind: ServiceAccount
name: user3
namespace: test-namespace
结果输出:
subjects:
- kind: ServiceAccount
name: user3
namespace: test-namespace
您可以add/replace/remove通过在json类型的patch命令中指定操作,默认情况下patch命令会替换该值。以下命令应该可以满足您的要求。
kubectl patch rolebinding test-team-binding --type=json -p='[{"op": "add", "path": "/subjects/3", "value": {"kind": "ServiceAccount","name":"user3","namespace":"test-namespace" } }]'
谢谢,
基鲁巴
我试图将服务帐户修补到角色绑定,但是当我 运行 命令修补时,它替换了角色绑定 yml 中的整个主题字段。在这里,我展示了我为预期输出执行的现有配置和命令
补丁命令:
kubectl patch rolebinding test-team-binding --patch "$(cat patch-file.yml)"
补丁-file.yml:
subjects:
- kind: ServiceAccount
name: user3
namespace: test-namespace
rolebinding.yml:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: "2020-09-08T11:24:54Z"
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:roleRef:
f:apiGroup: {}
f:kind: {}
f:name: {}
f:subjects: {}
manager: kubectl
operation: Update
time: "2020-10-06T07:37:58Z"
name: test-team-binding
namespace: test-namespace
resourceVersion: "45697451"
selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/test-namespace/rolebindings/test-team-binding
uid: b602b333-4ee8-4601-8c75-f3707bb19d68
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: test-team
subjects:
- kind: ServiceAccount
name: user1
namespace: test-namespace
- kind: ServiceAccount
name: user2
namespace: test-namespace
预期输出:
subjects:
- kind: ServiceAccount
name: user1
namespace: test-namespace
- kind: ServiceAccount
name: user2
namespace: test-namespace
- kind: ServiceAccount
name: user3
namespace: test-namespace
结果输出:
subjects:
- kind: ServiceAccount
name: user3
namespace: test-namespace
您可以add/replace/remove通过在json类型的patch命令中指定操作,默认情况下patch命令会替换该值。以下命令应该可以满足您的要求。
kubectl patch rolebinding test-team-binding --type=json -p='[{"op": "add", "path": "/subjects/3", "value": {"kind": "ServiceAccount","name":"user3","namespace":"test-namespace" } }]'
谢谢, 基鲁巴