I am trying to use Kustomize to do a Patch Strategic merge on the following yaml.
y1:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicy
metadata:
name: storage-admin-policy
namespace: cnrm-system
spec:
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: storage-admin
namespace: cnrm-system
bindings:
- role: roles/iam.workloadIdentityUser
members:
- serviceAccount:mysten-sui.svc.id.goog[monitoring/thanos-compactor]
y2:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicy
metadata:
name: storage-admin-policy
namespace: cnrm-system
spec:
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: storage-admin
namespace: cnrm-system
bindings:
- role: roles/iam.workloadIdentityUser
members:
- serviceAccount:mysten-sui.svc.id.goog[monitoring/test-compactor]
I am using the following kustoomization file:
resources:
- y1.yaml
patchesStrategicMerge:
- y2.yaml
My requirement is that, I want the YAML to be clubbed something like this:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicy
metadata:
name: storage-admin-policy
namespace: cnrm-system
spec:
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: storage-admin
namespace: cnrm-system
bindings:
- role: roles/iam.workloadIdentityUser
members:
- serviceAccount:mysten-sui.svc.id.goog[monitoring/test-compactor]
- role: roles/iam.workloadIdentityUser
members:
- serviceAccount:mysten-sui.svc.id.goog[monitoring/thanos-compactor]
CodePudding user response:
StrategicMerge cannot append to arbitrary lists as per https://github.com/kubernetes-sigs/kustomize/issues/3265#issuecomment-733335803.
You could instead try a json6902 patch as shown here: Patching list in kubernetes manifest with Kustomize.
CodePudding user response:
This blog post will give you some more insight as well https://blog.argoproj.io/argo-crds-and-kustomize-the-problem-of-patching-lists-5cfc43da288c I would look into json6902 patches.