K
Q

How to add a new ClusterRoleBinding with Kustomize in k8s without removing existing bindings?

3/13/2020

When I type kubectl edit clusterrolebinding foo-role, I can see something like:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: foo-role
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: edit
subjects:
- kind: ServiceAccount
  name: foo-user
  namespace: ns1
- kind: ServiceAccount
  name: foo-user
  namespace: ns2

I can add a new ClusterRoleBinding for namespace ns3 by appending the following config to above file:

- kind: ServiceAccount
  name: foo-user
  namespace: ns3

However, I want to use Kustomize to add new bindings instead of manually modifying the above file.

I tried to apply the .yaml file below:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: foo-role
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/foo-role
  uid: 64a4a787-d5ab-4c83-be2b-476c1bcb6c96
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: edit
subjects:
- kind: ServiceAccount
  name: foo-user
  namespace: ns3

It did add a new ClusterRoleBinding in the namespace ns3, but it will remove existing ClusterRoleBindings for ns1 and ns2.

Is there a way to add new ClusterRoleBinding with Kustomize without removing existing ones?

-- johnlinp
kubernetes
kustomize

Similar Questions

How to get the output via jsonpath with kubectl
Is it possile to create yaml object from helm from file
pass boolean variable as env, secret or configmap in k8s yaml file
Minishift MySQL service not showing actual database

1 Answer

3/13/2020

Give them different names in the metadata. You didn't make a new one, you just overwrote the same one.

-- coderanger
Source: StackOverflow