有什么想法可以通过 Kustomize 替换变量吗?我只是想为每个覆盖使用不同的 ACCOUNT_ID 和 IAM_ROLE_NAME。
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::${ACCOUNT_ID}:role/${IAM_ROLE_NAME}
提前致谢!
Kustomize 不使用“变量”。通常处理此问题的方法是在覆盖层中修补注释。也就是说,您可以从如下所示的基本目录开始:
base
├── kustomization.yaml
└── serviceaccount.yaml
其中
serviceaccount.yamlServiceAccountapiVersion: v1
kind: ServiceAccount
metadata:
name: my-service-account
annotations:
eks.amazonaws.com/role-arn: "THIS VALUE DOESN'T MATTER"
并且
kustomization.yamlapiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: my-namespace
resources:
- serviceaccount.yaml
然后在叠加层中,您可以使用补丁替换
eks.amazonaws.com/role-arnproduction.
├── base
│ ├── kustomization.yaml
│ └── serviceaccount.yaml
└── overlay
└── production
├── kustomization.yaml
└── patch_aws_creds.yaml
overlay/production/patch_aws_creds.yamlapiVersion: v1
kind: ServiceAccount
metadata:
name: my-service-account
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::1234:role/production-role
并且
overlay/production/kustomization.yamlapiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
patches:
- patch_aws_creds.yaml
安装完毕后,运行...
kustomize build overlay/production
...将使用您的制作角色信息生成输出,等等,以用于您选择创建的任何其他覆盖。
如果您不喜欢策略合并补丁的格式,可以使用json补丁文档代替。这是您的
kustomization.yamlapiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
patches:
- target:
version: v1
kind: ServiceAccount
name: my-service-account
patch: |-
- op: replace
path: /metadata/annotations/eks.amazonaws.com~1role-arn
value: arn:aws:iam::1234:role/production-role
不过,我认为这并不能真正给你带来任何好处。
您可以使用 json-pointer: ~1 来解决这种情况
将路径中的 / 更改为 ~1:
路径:/metadata/annotations/eks.amazonaws.com~1role-arn