【发布时间】:2019-11-08 00:00:43
【问题描述】:
由于上游 istio 自动 sidecar 注入配置还将 sidecar 容器部署到 builder 和 deployer pod(对于 openshift .. 当您使用 S2I 时),我们必须修补 ConfigMap (istio-sidecar-injector) 并且有一个例外是不将 sidercar 容器注入到 builder 和 deployer pod。
例如,我们必须在 ConfigMap 中手动添加以下异常。
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-sidecar-injector
data:
config: |-
policy: enabled
neverInjectSelector:
- matchExpressions:
- {key: openshift.io/build.name, operator: Exists}
- matchExpressions:
- {key: openshift.io/deployer-pod-for.name, operator: Exists}
template: |-
initContainers:
问题:我正在尝试使用 shell 脚本自动执行此操作,并在以编程方式更新以下参数时面临挑战。
neverInjectSelector:
- matchExpressions:
- {key: openshift.io/build.name, operator: Exists}
- matchExpressions:
- {key: openshift.io/deployer-pod-for.name, operator: Exists}
configmap下面是否可以使用oc patch命令更新
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-sidecar-injector
data:
config: |-
policy: enabled
neverInjectSelector:
[ ]
到
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-sidecar-injector
data:
config: |-
policy: enabled
neverInjectSelector:
- matchExpressions:
- {key: openshift.io/build.name, operator: Exists}
- matchExpressions:
- {key: openshift.io/deployer-pod-for.name, operator: Exists}
template: |-
initContainers:
【问题讨论】:
标签: istio