Bootstrap FreeKB - OpenShift - Annotate a resource using the oc annotate command
OpenShift - Annotate a resource using the oc annotate command
Updated:   |  OpenShift articles

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

Annotations and Labels are similar, but have important differences.

  • Labels are used by OpenShift/Kubernetes, are limited by RFC 1123 to a maximum of 63 characters, and are used so that resource "a" can select resource "b" via the label. Check out my article on Understanding Labels.
  • Annotations are NOT limited by RFC 1123 to a maximum of 63 characters, and contain metadata about a resource
    • Some annotations are for humans (NOT OpenShift/Kuberneters), to displays some sort of metadata about a resource (e.g. app owner: John Doe)
    • Some annotations are used by OpenShift/Kubernetes (e.g. deployment.kubernetes.io/revision: "2")

The oc annotate command can be used to annotate a resource. For example, as a totally arbitrary example, here is how you could annotate a deployment with key "owner" and value "john.doe".

~]$ oc annotate deployment my-app owner="John Doe"
deployment.apps/my-app annotated

 

Then the oc get deployment command with the --output yaml option can be used to see that the deployment now has the annotation.

~]$ oc get deployment my-app --output yaml
metadata:
  annotations:
    owner: John Doe

 

If you attempt to annotate a resource that already contains the annotation key ("owner" in this example), the following should be returned.

~]$ oc annotate deployment my-app owner="Jane Doe"
error: --overwrite is false but found the following declared annotation(s): 'owner' already has a value (John Doe)

 

As the output states, --overwrite can be used to update an annotation that already exists.

~]$ oc annotate deployment my-app owner="Jane Doe" --overwrite
deployment.apps/my-app annotated

 

However, there are some annotations that are not arbitrary. For example, the oc annotate command can be used to update the "rbac.authorization.kubernetes.io/autoupdate" annotation in the self-provisioners Cluster Role Binding from "true" to "false" so that if the OpenShift master nodes are restarted, the self-provisioners Cluster Role Binding will not be updated. This is typically done when updating OpenShift so that authenticated users are not allowed to create new projects.

oc annotate clusterrolebinding self-provisioners rbac.authorization.kubernetes.io/autoupdate=false --overwrite=true

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 9b57a3 in the box below so that we can be sure you are a human.