关于如何通过 Kustomize 替换变量的任何想法?我只是想为每个覆盖层使用不同的 ACCOUNT_ID 和 IAM_ROLE_NAME。
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::${ACCOUNT_ID}:role/${IAM_ROLE_NAME}
提前致谢!
最佳答案
Kustomize 不使用“变量”。通常处理此问题的方法是在叠加层中修补注释。也就是说,您可以从如下所示的基本目录开始:
base
├── kustomization.yaml
└── serviceaccount.yaml
serviceaccount.yaml 包含您的 ServiceAccount list :
apiVersion: v1
kind: ServiceAccount
metadata:
name: my-service-account
annotions:
eks.amazonaws.com/role-arn: "THIS VALUE DOESN'T MATTER"
kustomization.yaml 看起来像:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: my-namespace
resources:
- serviceaccount.yaml
然后在您的叠加层中,您将使用补丁替换 eks.amazonaws.com/role-arn 注释。例如,如果您有一个名为 production 的叠加层,您最终可能会得到以下布局:
.
├── base
│ ├── kustomization.yaml
│ └── serviceaccount.yaml
└── overlay
└── production
├── kustomization.yaml
└── patch_aws_creds.yaml
overlay/production/patch_aws_creds.yaml 看起来像:
apiVersion: v1
kind: ServiceAccount
metadata:
name: my-service-account
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::1234:role/production-role
overlay/production/kustomization.yaml 看起来像:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
patches:
- patch_aws_creds.yaml
有了这个,运行...
kustomize build overlay/production
...将使用您的生产角色信息生成输出,对于您选择创建的任何其他叠加层等等。
如果你不喜欢策略合并补丁的格式,可以改用json补丁文件。这是内嵌在您的 kustomization.yaml 中的样子:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
patches:
- target:
version: v1
kind: ServiceAccount
name: my-service-account
patch: |-
- op: replace
path: /metadata/annotations/eks.amazonaws.com~1role-arn
value: arn:aws:iam::1234:role/production-role
不过,我认为这不会给您带来任何好处。
关于kubernetes - 如何通过 Kustomize 替换注释中的变量?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/69276260/