如何使用 OPA Gatekeeper 更改 GKE 部署?
[英]How to use OPA Gatekeeper to change GKE deployments?
问题描述
I am trying to use OPA Gatekeeper to modify certain Kubernetes deployments.
我正在尝试使用 OPA Gatekeeper 来修改某些 Kubernetes 部署。 In this example I want to change the display name of service accounts, regardless of what the user provided.在此示例中,我想更改服务帐户的显示名称,而不管用户提供什么。 So far I was following the documentation here: https://open-policy-agent.github.io/gatekeeper/website/docs/mutation/到目前为止,我一直在关注这里的文档: https://open-policy-agent.github.io/gatekeeper/website/docs/mutation/
I have created the following yaml file:我创建了以下 yaml 文件:
apiVersion: mutations.gatekeeper.sh/v1alpha1
kind: Assign
metadata:
name: change-sa-name
spec:
applyTo:
- groups: [""]
kinds: ["IAMServiceAccount"]
versions: ["v1beta1"]
location: "spec.displayName"
parameters:
assign:
value: "New Name"
and used the following to deploy a service account:并使用以下内容部署服务帐户:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
labels:
label-one: "value-one"
name: iamserviceaccount-sample
spec:
displayName: Example Service Account
However, upon deploying it the display name still shows up as Example Service Account and not New Name.但是,在部署它时,显示名称仍显示为示例服务帐户,而不是新名称。 What exactly am I doing wrong or what should I be looking at?我到底做错了什么或者我应该看什么?
1 个解决方案
解决方案1
0 2022-09-23 12:20:07
As per the official docs you need to give the display name as you are wishing to give at row displayName.根据官方文档,您需要在显示名称行提供您希望提供的显示名称。 Find below yaml and try it, if you get errors paste it here.在下面找到 yaml 并尝试一下,如果出现错误,请将其粘贴在这里。
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
labels:
label-one: "value-one"
name: iamserviceaccount-sample
spec:
displayName: <Give the display name that you are looking for>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.