由于上游istio自动边车注入配置还将边车容器部署到构建器和部署者吊舱中(对于openshift,当您使用S2I时,我们必须修补ConfigMap(istio-sidecar-injector),但有例外sidercar容器注入到构建者和部署者容器中。
例如,我们必须在ConfigMap中手动添加以下异常。
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-sidecar-injector
data:
config: |-
policy: enabled
neverInjectSelector:
- matchExpressions:
- {key: openshift.io/build.name, operator: Exists}
- matchExpressions:
- {key: openshift.io/deployer-pod-for.name, operator: Exists}
template: |-
initContainers:
问题:我正在尝试使用Shell脚本来实现此目的,并在通过编程方式更新以下参数时面临挑战。
neverInjectSelector:
- matchExpressions:
- {key: openshift.io/build.name, operator: Exists}
- matchExpressions:
- {key: openshift.io/deployer-pod-for.name, operator: Exists}
是否可以使用oc patch命令在configmap下进行更新
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-sidecar-injector
data:
config: |-
policy: enabled
neverInjectSelector:
[ ]
to
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-sidecar-injector
data:
config: |-
policy: enabled
neverInjectSelector:
- matchExpressions:
- {key: openshift.io/build.name, operator: Exists}
- matchExpressions:
- {key: openshift.io/deployer-pod-for.name, operator: Exists}
template: |-
initContainers: