Skip to content

Instantly share code, notes, and snippets.

@danehans
Last active October 31, 2018 22:20
Show Gist options
  • Save danehans/e18a1b56eab3cfd06f384884c3e14bca to your computer and use it in GitHub Desktop.
Save danehans/e18a1b56eab3cfd06f384884c3e14bca to your computer and use it in GitHub Desktop.
fedv2-istio-kubectl-patch

Resource patch examples

kubectl patch virtualservice/ \
    --type=merge -p '{"spec":{"clusterNames": ["cluster1"]}}'

Update the placement for all bookinfo placement resources to use only cluster1.

kubectl patch federatedgatewayplacement/bookinfo-gateway --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedvirtualserviceplacement/bookinfo --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedserviceplacement/productpage --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedserviceplacement/details --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedserviceplacement/ratings --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedserviceplacement/reviews --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federateddeploymentplacements.generated/details-v1 --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federateddeploymentplacements.generated/productpage-v1 --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federateddeploymentplacements.generated/ratings-v1 --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federateddeploymentplacements.generated/reviews-v1 --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federateddeploymentplacements.generated/reviews-v2 --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federateddeploymentplacements.generated/reviews-v3 --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'

Update the istio control-plane to run only on cluster1:

Remove the mutatingwebhook

kubectl delete mutatingwebhookconfiguration/istio-sidecar-injector --context cluster2

HPAs

kubectl patch -n istio-system federatedhorizontalpodautoscalerplacements/istio-egressgateway --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedhorizontalpodautoscalerplacements/istio-ingressgateway --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedhorizontalpodautoscalerplacements/istio-ingress --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'

Jobs

kubectl patch -n istio-system federatedjobplacements/istio-cleanup-old-ca --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'

Services

kubectl patch -n istio-system federatedserviceplacements/istio-citadel --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceplacements/istio-egressgateway --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceplacements/istio-ingress --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceplacements/istio-ingressgateway --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceplacements/istio-pilot --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceplacements/istio-policy --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceplacements/istio-sidecar-injector --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceplacements/istio-statsd-prom-bridge --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceplacements/istio-telemetry --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceplacements/prometheus --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'

Role and Role Bindings

kubectl patch -n istio-system federatedroleplacement/istio-cleanup-old-ca-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'

Cluster RoleBindings

kubectl patch federatedclusterrolebindingplacement/istio-ingress-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedclusterrolebindingplacement/istio-mixer-admin-role-binding-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedclusterrolebindingplacement/istio-mixer-post-install-role-binding-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedclusterrolebindingplacement/istio-pilot-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedclusterrolebindingplacement/istio-sidecar-injector-admin-role-binding-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedclusterrolebindingplacement/prometheus-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'

Cluster Roles

kubectl patch federatedclusterroleplacement/istio-citadel-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedclusterroleplacement/istio-cleanup-old-ca-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedclusterroleplacement/istio-ingress-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedclusterroleplacement/istio-mixer-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedclusterroleplacement/istio-mixer-post-install-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedclusterroleplacement/istio-pilot-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedclusterroleplacement/istio-sidecar-injector-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch federatedclusterroleplacement/prometheus-istio-system --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'

Service Accounts

kubectl patch -n istio-system federatedserviceaccountplacements/istio-citadel-service-account --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceaccountplacements/istio-cleanup-old-ca-service-account --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceaccountplacements/istio-egressgateway-service-account --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceaccountplacements/istio-ingressgateway-service-account --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceaccountplacements/istio-ingress-service-account --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceaccountplacements/istio-mixer-post-install-account --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceaccountplacements/istio-mixer-service-account --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceaccountplacements/istio-pilot-service-account --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceaccountplacements/istio-sidecar-injector-service-account --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedserviceaccountplacements/prometheus --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'

ConfigMaps

kubectl patch -n istio-system federatedconfigmapplacements/istio --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedconfigmapplacements/istio-galley-configuration --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedconfigmapplacements/istio-grafana-custom-resources --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedconfigmapplacements/istio-mixer-custom-resources --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedconfigmapplacements/istio-security-custom-resources --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedconfigmapplacements/istio-sidecar-injector --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedconfigmapplacements/istio-statsd-prom-bridge --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federatedconfigmapplacements/prometheus --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'

CRDs Istio v0.8 CRDs

kubectl patch federatedcustomresourcedefinitionplacement/apikeys.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/attributemanifests.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/authorizations.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/checknothings.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/circonuses.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/gateways.networking.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'

kubectl patch federatedcustomresourcedefinitionplacement/deniers.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/destinationpolicies.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/destinationrules.networking.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/egressrules.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/fluentds.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/gateways.networking.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'

kubectl patch federatedcustomresourcedefinitionplacement/httpapispecbindings.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/httpapispecs.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/kubernetesenvs.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/kuberneteses.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'

kubectl patch federatedcustomresourcedefinitionplacement/listcheckers.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/listentries.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/logentries.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/memquotas.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'

kubectl patch federatedcustomresourcedefinitionplacement/metrics.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/noops.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/opas.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/policies.authentication.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'

kubectl patch federatedcustomresourcedefinitionplacement/prometheuses.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/quotas.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/quotaspecbindings.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/quotaspecs.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'

kubectl patch federatedcustomresourcedefinitionplacement/rbacs.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/reportnothings.config.istio.io --type=merge -p '{"spec":{"clusterNames":[cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/routerules.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'

kubectl patch federatedcustomresourcedefinitionplacement/rules.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/servicecontrolreports.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/servicecontrols.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/serviceentries.networking.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/servicerolebindings.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/serviceroles.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/solarwindses.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/stackdrivers.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'

kubectl patch federatedcustomresourcedefinitionplacement/statsds.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/stdios.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/tracespans.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/virtualservices.networking.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster1","cluster2"]}}'

Istio v1.0.3 CRDS

kubectl patch federatedcustomresourcedefinitionplacement/bypasses.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/cloudwatches.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/dogstatsds.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/edges.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster2"]}}'

kubectl patch federatedcustomresourcedefinitionplacement/envoyfilters.networking.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/meshpolicies.authentication.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/redisquotas.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster2"]}}'
kubectl patch federatedcustomresourcedefinitionplacement/signalfxs.config.istio.io --type=merge -p '{"spec":{"clusterNames":["cluster2"]}}'

Deployments

kubectl patch -n istio-system federateddeploymentplacements.generated/istio-citadel --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federateddeploymentplacements.generated/istio-egressgateway --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federateddeploymentplacements.generated/istio-ingressgateway --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federateddeploymentplacements.generated/istio-ingress --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federateddeploymentplacements.generated/istio-pilot --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federateddeploymentplacements.generated/istio-policy --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federateddeploymentplacements.generated/istio-sidecar-injector --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federateddeploymentplacements.generated/istio-statsd-prom-bridge --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federateddeploymentplacements.generated/istio-telemetry --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
kubectl patch -n istio-system federateddeploymentplacements.generated/prometheus --type=merge -p '{"spec":{"clusterNames":["cluster1"]}}'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment