Object patching architecture
By default, the
adhoc-configurations component creates a service account and clusterrolebinding to use with the patches managed by the component.
Users can choose to bring their own ServiceAccount or ClusterRoleBinding, by setting component parameters
The input format for object patches are
To remove some of the more tedious bits of writing
ResourceLocker objects, the component provides some extra plumbing to ensure provided
ResourceLocker objects work smoothly with the resource-locker-operator deployed in the cluster.
The next section provides a detailed description of the processing that the component does for
Using a Commodore postprocessing filter, the
adhoc-configurations component will ensure that:
The name of each
ResourceLockerobject is prefixed with
ResourceLockerresources matches the version of resource-locker-operator which is deployed on the cluster.
The namespace of all
ResourceLockerresources is set to the namespace in which the resource-locker-operator runs.
ResourceLockerresources is set to the ServiceAccount managed by (or provided to) the component.