Openshift: how to edit scc non-interactively?

房东的猫 提交于 2020-01-04 09:35:09

问题


I am experimenting with openshift/minishift, I find myself having to run:

oc edit scc privileged

and add:

- system:serviceaccount:default:router

So I can expose the pods. Is there a way to do it in a script?

I know oc adm have some command for policy manipulation but I can't figure out how to add this line.


回答1:


You can achieve it using oc patch command and with type json. The snippet below will add a new item to array before 0th element. You can try it out with a fake "bla" value etc.

oc patch scc privileged --type=json -p '[{"op": "add", "path": "/users/0", "value":"system:serviceaccount:default:router"}]'

The --type=json will interpret the provided patch as jsonpatch operation. Unfortunately oc patch --help doesn't provide any example for json patch type. Luckily example usage can be found in kubernetes docs: kubectl patch




回答2:


I have found an example piping to sed Here and adapted it to ruby so I can easily edit the data structure.

oc get scc privileged -o json |\ 
ruby -rjson -e 'i = JSON.load(STDIN.read); i["users"].push "system:serviceaccount:default:router"; puts i.to_json ' |\
oc replace scc -f -

Here is quick and dirty script to get started with minishift




回答3:


The easiest way to add and remove users to SCCs from the command line is using the oc adm policy commands:

oc adm policy add-scc-to-user <scc_name> <user_name>

For more info, see this section.


So for your specific use-case, it would be:

oc adm policy add-scc-to-user privileged system:serviceaccount:default:router

I'm surprised its needed though. I use "oc cluster up" normally, but testing with recent minishift, its already added out of the box:

$ minishift start
$ eval $(minishift oc-env)
$ oc login -u system:admin
$ oc get scc privileged -o yaml | grep system:serviceaccount:default:router
- system:serviceaccount:default:router

$ minishift version
minishift v1.14.0+1ec5877
$ oc version
openshift v3.7.1+a8deba5-34


来源:https://stackoverflow.com/questions/42310262/openshift-how-to-edit-scc-non-interactively

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!