Question

由于上游istio自动边车注入配置还将边车容器部署到构建器和部署者吊舱（对于openshift，当您使用S2I时），我们必须修补ConfigMap（istio-sidecar-injector），但有例外将sidercar容器注入到构建者和部署者容器中。

例如，我们必须在ConfigMap中手动添加以下异常。

apiVersion: v1
kind: ConfigMap
metadata:
  name: istio-sidecar-injector
data:
  config: |-
    policy: enabled
    neverInjectSelector:
      - matchExpressions:
        - {key: openshift.io/build.name, operator: Exists}
      - matchExpressions:
        - {key: openshift.io/deployer-pod-for.name, operator: Exists}
    template: |-
      initContainers:

问题：我正在尝试使用shell脚本自动执行此操作，并在以编程方式更新以下参数时面临挑战。

neverInjectSelector:
      - matchExpressions:
        - {key: openshift.io/build.name, operator: Exists}
      - matchExpressions:
        - {key: openshift.io/deployer-pod-for.name, operator: Exists}

是否可以使用oc patch命令在configmap下更新

apiVersion: v1
kind: ConfigMap
metadata:
  name: istio-sidecar-injector
data:
  config: |-
    policy: enabled
neverInjectSelector:
[ ]

到

apiVersion: v1
kind: ConfigMap
metadata:
  name: istio-sidecar-injector
data:
  config: |-
    policy: enabled
    neverInjectSelector:
      - matchExpressions:
        - {key: openshift.io/build.name, operator: Exists}
      - matchExpressions:
        - {key: openshift.io/deployer-pod-for.name, operator: Exists}
    template: |-
      initContainers:

Answer 1

不是oc patch命令...我想我们可以通过下面的代码实现相同的效果，这可能不是一个很好的解决方案。

oc project istio-system #change to the project

oc export cm istio-sidecar-injector >> exception.yaml #export the existing cm

sed -i '8s/.*/      - matchExpressions:\n        - {key: openshift.io\/build.name, operator: Exists}\n      - matchExpressions:\n        - {key: openshift.io\/deployer-pod-for.name, operator: Exists}/' exception.yaml
kubectl apply -f exception.yaml

是否可以使用oc patch命令修补“ istio-sidecar-injector” ConfigMap？

1 个答案: