由于上游istio自动边车注入配置还将边车容器部署到构建器和部署者吊舱(对于openshift,当您使用S2I时),我们必须修补ConfigMap(istio-sidecar-injector),但有例外将sidercar容器注入到构建者和部署者容器中。
例如,我们必须在ConfigMap中手动添加以下异常。
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-sidecar-injector
data:
config: |-
policy: enabled
neverInjectSelector:
- matchExpressions:
- {key: openshift.io/build.name, operator: Exists}
- matchExpressions:
- {key: openshift.io/deployer-pod-for.name, operator: Exists}
template: |-
initContainers:
问题:我正在尝试使用shell脚本自动执行此操作,并在以编程方式更新以下参数时面临挑战。
neverInjectSelector:
- matchExpressions:
- {key: openshift.io/build.name, operator: Exists}
- matchExpressions:
- {key: openshift.io/deployer-pod-for.name, operator: Exists}
是否可以使用oc patch命令在configmap下更新
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-sidecar-injector
data:
config: |-
policy: enabled
neverInjectSelector:
[ ]
到
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-sidecar-injector
data:
config: |-
policy: enabled
neverInjectSelector:
- matchExpressions:
- {key: openshift.io/build.name, operator: Exists}
- matchExpressions:
- {key: openshift.io/deployer-pod-for.name, operator: Exists}
template: |-
initContainers:
答案 0 :(得分:0)
不是oc patch命令...我想我们可以通过下面的代码实现相同的效果,这可能不是一个很好的解决方案。
oc project istio-system #change to the project
oc export cm istio-sidecar-injector >> exception.yaml #export the existing cm
sed -i '8s/.*/ - matchExpressions:\n - {key: openshift.io\/build.name, operator: Exists}\n - matchExpressions:\n - {key: openshift.io\/deployer-pod-for.name, operator: Exists}/' exception.yaml
kubectl apply -f exception.yaml