3

I would like to patch all container templates in a Kubernetes deployment with a single kubectl patch command, without having to know their name. Is that possible?

I know I am able to achieve the replacement through awk, sed, jq and kubectl replace, but I would favour something like a [*] in the expression...

Patch command for a certain container spec

kubectl patch deployment mydeployment -p '{"spec":{"template":{"spec":{"containers":[{"name":"myname","imagePullPolicy":"Always"}]}}}}'

Example Deployment

apiVersion: extensions/v1beta1
kind: Deployment
spec:
  replicas: 1
  template:
    spec:
      containers:
      - image: example.com/my/fancyimage:latest
        imagePullPolicy: Never
        name: myname
      dnsPolicy: ClusterFirst
      restartPolicy: Always
Dennis Stritzke
  • 5,198
  • 1
  • 19
  • 28
  • I am absolutely certain that I will be able to find the answer through the [Kubectl patch.go source code](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/patch.go), [evanphx/json-patch library](https://github.com/evanphx/json-patch), [RFC 6902](https://tools.ietf.org/html/rfc6902) and [RFC 7396](https://tools.ietf.org/html/rfc7396). That will take quite some time that I am not able to invest for that script. Maybe we are able to be good craftsman and find a neat solution here... – Dennis Stritzke Jul 26 '17 at 12:02

2 Answers2

1

It's not exactly what you asked, since i use here command line tools, but if it would appear here, it would save me some time. So i post it for others, who come here from search engines.

kubectl \
  --username=USERNAME \
  --password=PASSWORD \
  --server="https://EXAMPLE.COM" \
  --insecure-skip-tls-verify=true \
  --namespace=MY_NAMESPACE \
  get deployments | \
  grep -v NAME | cut -f1 -d" " | \
  xargs kubectl \
    --username=USERNAME \
    --password=PASSWORD \
    --server="https://EXAMPLE.COM" \
    --insecure-skip-tls-verify=true \
    --namespace=MY_NAMESPACE \
    patch deployment \
      -p='{"spec":{"template":{"spec":{"containers":[{"name":"myname","imagePullPolicy":"Always"}]}}}}'
David Xia
  • 5,075
  • 7
  • 35
  • 52
YuriR
  • 1,251
  • 3
  • 14
  • 26
0

The best practice way of achieving this, assuming you want this to be an ongoing requirement, would be to use the AlwaysPullImages AdmissionController

AlwaysPullImages

This admission controller modifies every new Pod to force the image pull policy to Always...

You would apply this to your api controller by appending it to the --enable-admission-plugins argument

Community
  • 1
  • 1
deedubs
  • 282
  • 1
  • 6