我试图将服务帐户修补到角色绑定,但是当我运行修补命令时,它替换了角色绑定yml中的整个主题字段。在这里,我显示了为执行预期输出而执行的现有配置和命令
修补命令:
kubectl patch rolebinding test-team-binding --patch "$(cat patch-file.yml)"
patch-file.yml:
subjects:
- kind: ServiceAccount
name: user3
namespace: test-namespace
rolebinding.yml:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: "2020-09-08T11:24:54Z"
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:roleRef:
f:apiGroup: {}
f:kind: {}
f:name: {}
f:subjects: {}
manager: kubectl
operation: Update
time: "2020-10-06T07:37:58Z"
name: test-team-binding
namespace: test-namespace
resourceVersion: "45697451"
selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/test-namespace/rolebindings/test-team-binding
uid: b602b333-4ee8-4601-8c75-f3707bb19d68
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: test-team
subjects:
- kind: ServiceAccount
name: user1
namespace: test-namespace
- kind: ServiceAccount
name: user2
namespace: test-namespace
预期输出:
subjects:
- kind: ServiceAccount
name: user1
namespace: test-namespace
- kind: ServiceAccount
name: user2
namespace: test-namespace
- kind: ServiceAccount
name: user3
namespace: test-namespace
结果输出:
subjects:
- kind: ServiceAccount
name: user3
namespace: test-namespace
答案 0 :(得分:2)
您可以通过在json类型的patch命令中指定操作来添加/替换/删除,默认情况下patch命令将替换该值。下面的命令应该可以满足您的要求。
kubectl patch rolebinding test-team-binding --type=json -p='[{"op": "add", "path": "/subjects/3", "value": {"kind": "ServiceAccount","name":"user3","namespace":"test-namespace" } }]'
谢谢, 基鲁巴