为什么 kubectl annotate 有效而 kubectl patch 无效?
[英]Why does kubectl annotate does work and kubectl patch does not?
问题描述
I am trying to use 'kubectl patch' to provide an annotation to a default service account in a namespace.
我正在尝试使用“kubectl patch”为命名空间中的默认服务帐户提供注释。 This is because the JavaScript client does not seem to have a kubectl annotate function.这是因为 JavaScript 客户端似乎没有kubectl annotate function。 So now I wonder: Why does the following patch command not work?所以现在我想知道:为什么下面的补丁命令不起作用?
kubectl patch sa default -n somenamespace -v8 --type=json -p='[{"op": "add", "path": "annotations/http://eks.amazonaws.com~1role-arn", "value": "ueah"}]'
While the following statement using annotate does work?虽然以下使用注释的语句确实有效?
kubectl annotate --overwrite -v8 sa default -n t-werwww2 http://eks.amazonaws.com/role-arn="ueah"
What would be the correct kubectl patch command?什么是正确的kubectl patch命令?
1 个解决方案
解决方案1
0 2022-09-19 02:02:20
@hiroyukik seems to have partially answered your question by pointing out that you have the path wrong and it should be "/metadata/annotations". @hiroyukik 似乎部分回答了您的问题,指出您的路径错误,应该是“/metadata/annotations”。
You used the JSON Merge Patch strategy in your comment.您在评论中使用了 JSON 合并补丁策略。 I don't think you need to find a JSON Patch alternative as you suggested, as the the Javascript Kubernetes client supports JSON Merge Patch. I don't think you need to find a JSON Patch alternative as you suggested, as the the Javascript Kubernetes client supports JSON Merge Patch.
My understanding is that you just add a header in the options to set the strategy you want, like so:我的理解是,您只需在选项中添加一个 header 即可设置您想要的策略,如下所示:
const options = { "headers": { "Content-type": PatchUtils.PATCH_FORMAT_JSON_MERGE_PATCH } }
See the docs for how to add this to the function call:请参阅文档以了解如何将其添加到 function 调用中:
https://kubernetes-client.github.io/javascript/classes/corev1api.corev1api-1.html#patchnamespacedserviceaccount https://kubernetes-client.github.io/javascript/classes/corev1api.corev1api-1.html#patchnamespacedserviceaccount
However, if you do really need to use the JSON Patch strategy, you'll need to check whether the service account has annotations first as that strategy has no way of creating and adding a field in a single operation.但是,如果您确实需要使用 JSON 补丁策略,则需要首先检查服务帐户是否具有注释,因为该策略无法在单个操作中创建和添加字段。 See this Github comment for an explanation:请参阅此 Github 评论以获得解释:
https://github.com/kubernetes/kubernetes/issues/90623#issuecomment-621584160 https://github.com/kubernetes/kubernetes/issues/90623#issuecomment-621584160
So a complete shell script example using the JSON Patch strategy would look like this:因此,使用 JSON 补丁策略的完整 shell 脚本示例如下所示:
kubectl get sa default -n somenamespace -o json \
| jq -e '.metadata | has("annotations")' && \
kubectl patch sa default -n somenamespace --type=json \
-p='[{"op": "add", "path": "/metadata/annotations/eks.amazonaws.com~1role-arn", "value": "ueah"}]' || \
kubectl patch sa default -n somenamespace --type=json \
-p='[{"op":"add","path":"/metadata/annotations","value":{}},{"op":"add","path":"/metadata/annotations/eks.amazonaws.com~1role-arn","value": "ueah"}]'
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.