How to add a new ClusterRoleBinding with Kustomize in k8s without removing existing bindings?

Question

When I type kubectl edit clusterrolebinding foo-role, I can see something like:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: foo-role
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: edit
subjects:
- kind: ServiceAccount
  name: foo-user
  namespace: ns1
- kind: ServiceAccount
  name: foo-user
  namespace: ns2

I can add a new ClusterRoleBinding for namespace ns3 by appending the following config to above file:

- kind: ServiceAccount
  name: foo-user
  namespace: ns3

However, I want to use Kustomize to add new bindings instead of manually modifying the above file.

I tried to apply the .yaml file below:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: foo-role
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/foo-role
  uid: 64a4a787-d5ab-4c83-be2b-476c1bcb6c96
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: edit
subjects:
- kind: ServiceAccount
  name: foo-user
  namespace: ns3

It did add a new ClusterRoleBinding in the namespace ns3, but it will remove existing ClusterRoleBindings for ns1 and ns2.

Is there a way to add new ClusterRoleBinding with Kustomize without removing existing ones?

Answer 1

Give them different names in the metadata. You didn't make a new one, you just overwrote the same one.