Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pushing pod with spec errors if it already exists on cluster #561

Closed
adietish opened this issue Feb 13, 2023 · 1 comment · Fixed by #580
Closed

Pushing pod with spec errors if it already exists on cluster #561

adietish opened this issue Feb 13, 2023 · 1 comment · Fixed by #580
Assignees
@adietish
Labels
kind/bug Something isn't working severity/major
Milestone
0.8.0

Comments

@adietish
Copy link
Collaborator

adietish commented Feb 13, 2023
edited

This was found in #551 (comment)

Steps:

  1. ASSERT: make sure that you dont have a pod apple-app on your cluster.
  2. EXEC: edit the following in an editor
kind: Pod
apiVersion: v1
metadata:
  name: apple-app
  labels:
    app: apple
spec:
  containers:
    - name: apple-app
      image: hashicorp/http-echo
      args:
        - "-text=apple"
  1. EXEC: Push the editor to the cluster
  2. EXEC: add a label
  labels:
      app: apple
--> jedi: yoda

Result:
The push errors with the following details:

Failure executing: PUT at: https://192.168.64.4:8443/api/v1/namespaces/default/pods/apple-app. Message: Pod "apple-app" is invalid: spec: Forbidden: pod updates may not change fields other than `spec.containers[*].image`, `spec.initContainers[*].image`, `spec.activeDeadlineSeconds`, `spec.tolerations` (only additions to existing tolerations) or `spec.terminationGracePeriodSeconds` (allow it to be set to 1 if it was previously negative)
  core.PodSpec{
- 	Volumes: []core.Volume{
- 		{
- 			Name:         "kube-api-access-6rxh6",
- 			VolumeSource: core.VolumeSource{Projected: &core.ProjectedVolumeSource{...}},
- 		},
- 	},
+ 	Volumes:        nil,
  	InitContainers: nil,
  	Containers: []core.Container{
  		{
  			... // 7 identical fields
  			Env:       nil,
  			Resources: {},
- 			VolumeMounts: []core.VolumeMount{
- 				{
- 					Name:      "kube-api-access-6rxh6",
- 					ReadOnly:  true,
- 					MountPath: "/var/run/secrets/kubernetes.io/serviceaccount",
- 				},
- 			},
+ 			VolumeMounts:  nil,
  			VolumeDevices: nil,
  			LivenessProbe: nil,
  			... // 10 identical fields
  		},
  	},
  	EphemeralContainers: nil,
  	RestartPolicy:       "Always",
  	... // 2 identical fields
  	DNSPolicy:                    "ClusterFirst",
  	NodeSelector:                 nil,
- 	ServiceAccountName:           "default",
+ 	ServiceAccountName:           "",
  	AutomountServiceAccountToken: nil,
- 	NodeName:                     "quarkus",
+ 	NodeName:                     "",
  	SecurityContext:              &{},
  	ImagePullSecrets:             nil,
  	... // 17 identical fields
  }
. Received status: Status(apiVersion=v1, code=422, details=StatusDetails(causes=[StatusCause(field=spec, message=Forbidden: pod updates may not change fields other than `spec.containers[*].image`, `spec.initContainers[*].image`, `spec.activeDeadlineSeconds`, `spec.tolerations` (only additions to existing tolerations) or `spec.terminationGracePeriodSeconds` (allow it to be set to 1 if it was previously negative)
  core.PodSpec{
- 	Volumes: []core.Volume{
- 		{
- 			Name:         "kube-api-access-6rxh6",
- 			VolumeSource: core.VolumeSource{Projected: &core.ProjectedVolumeSource{...}},
- 		},
- 	},
+ 	Volumes:        nil,
  	InitContainers: nil,
  	Containers: []core.Container{
  		{
  			... // 7 identical fields
  			Env:       nil,
  			Resources: {},
- 			VolumeMounts: []core.VolumeMount{
- 				{
- 					Name:      "kube-api-access-6rxh6",
- 					ReadOnly:  true,
- 					MountPath: "/var/run/secrets/kubernetes.io/serviceaccount",
- 				},
- 			},
+ 			VolumeMounts:  nil,
  			VolumeDevices: nil,
  			LivenessProbe: nil,
  			... // 10 identical fields
  		},
  	},
  	EphemeralContainers: nil,
  	RestartPolicy:       "Always",
  	... // 2 identical fields
  	DNSPolicy:                    "ClusterFirst",
  	NodeSelector:                 nil,
- 	ServiceAccountName:           "default",
+ 	ServiceAccountName:           "",
  	AutomountServiceAccountToken: nil,
- 	NodeName:                     "quarkus",
+ 	NodeName:                     "",
  	SecurityContext:              &{},
  	ImagePullSecrets:             nil,
  	... // 17 identical fields
  }
, reason=FieldValueForbidden, additionalProperties={})], group=null, kind=Pod, name=apple-app, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=Pod "apple-app" is invalid: spec: Forbidden: pod updates may not change fields other than `spec.containers[*].image`, `spec.initContainers[*].image`, `spec.activeDeadlineSeconds`, `spec.tolerations` (only additions to existing tolerations) or `spec.terminationGracePeriodSeconds` (allow it to be set to 1 if it was previously negative)
  core.PodSpec{
- 	Volumes: []core.Volume{
- 		{
- 			Name:         "kube-api-access-6rxh6",
- 			VolumeSource: core.VolumeSource{Projected: &core.ProjectedVolumeSource{...}},
- 		},
- 	},
+ 	Volumes:        nil,
  	InitContainers: nil,
  	Containers: []core.Container{
  		{
  			... // 7 identical fields
  			Env:       nil,
  			Resources: {},
- 			VolumeMounts: []core.VolumeMount{
- 				{
- 					Name:      "kube-api-access-6rxh6",
- 					ReadOnly:  true,
- 					MountPath: "/var/run/secrets/kubernetes.io/serviceaccount",
- 				},
- 			},
+ 			VolumeMounts:  nil,
  			VolumeDevices: nil,
  			LivenessProbe: nil,
  			... // 10 identical fields
  		},
  	},
  	EphemeralContainers: nil,
  	RestartPolicy:       "Always",
  	... // 2 identical fields
  	DNSPolicy:                    "ClusterFirst",
  	NodeSelector:                 nil,
- 	ServiceAccountName:           "default",
+ 	ServiceAccountName:           "",
  	AutomountServiceAccountToken: nil,
- 	NodeName:                     "quarkus",
+ 	NodeName:                     "",
  	SecurityContext:              &{},
  	ImagePullSecrets:             nil,
  	... // 17 identical fields
  }
, metadata=ListMeta(_continue=null, remainingItemCount=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=Invalid, status=Failure, additionalProperties={}).

Interestingly kubectl apply works fine here.
@adietish adietish assigned adietish and unassigned adietish Feb 13, 2023
@adietish adietish added kind/bug Something isn't working severity/major labels Feb 13, 2023
@adietish adietish mentioned this issue Feb 13, 2023
Merged
@adietish
Copy link
Collaborator Author

adietish commented Feb 13, 2023
edited

This error seems related to the spec object in the pod. The error complains about prohibited changes in spec.
Pushing results in replacing the existing spec properties by empty values (nil or ""):

  • Volumes
  • VolumeMount
  • ServiceAccountName
  • NodeName

Digging into this I found plenty of issues and longs threads in the kubernetes-client where differences in their #createOrReplace method and kubectls apply lead to introduction of #serverSideApply (fabric8io/kubernetes-client#3334).

fabric8io/kubernetes-client#3896
fabric8io/kubernetes-client#2454
fabric8io/kubernetes-client#3334
fabric8io/kubernetes-client#3999

@adietish adietish changed the title Editing a pod errors with prohibited change in spec Editing a pod with spec section errors Feb 14, 2023
@adietish adietish changed the title Editing a pod with spec section errors Editing a pod with spec errors Feb 14, 2023
@adietish adietish changed the title Editing a pod with spec errors Pushing pod with spec errors if it already exists on cluster Feb 14, 2023
@adietish adietish added this to the 0.8.0 milestone Feb 15, 2023
@adietish adietish self-assigned this Feb 15, 2023
adietish added a commit to adietish/intellij-kubernetes that referenced this issue Mar 2, 2023
@adietish
use client#patch instead of #createOrReplace (redhat-developer#561)
d9be7fe 
Signed-off-by: Andre Dietisheim <adietish@redhat.com>
adietish added a commit to adietish/intellij-kubernetes that referenced this issue Mar 13, 2023
@adietish
use client#patch instead of #createOrReplace (redhat-developer#561)
c3df59b 
Signed-off-by: Andre Dietisheim <adietish@redhat.com>
@adietish adietish mentioned this issue Mar 13, 2023
Merged
adietish added a commit to adietish/intellij-kubernetes that referenced this issue Mar 13, 2023
@adietish
use client#patch instead of #createOrReplace (redhat-developer#561)
d37442c 
Signed-off-by: Andre Dietisheim <adietish@redhat.com>
adietish added a commit to adietish/intellij-kubernetes that referenced this issue Mar 13, 2023
@adietish
use client#patch instead of #createOrReplace (redhat-developer#561)
c727083 
Signed-off-by: Andre Dietisheim <adietish@redhat.com>
adietish added a commit to adietish/intellij-kubernetes that referenced this issue Mar 13, 2023
@adietish
use client#patch instead of #createOrReplace (redhat-developer#561)
bb69266 
Signed-off-by: Andre Dietisheim <adietish@redhat.com>
adietish added a commit to adietish/intellij-kubernetes that referenced this issue Mar 13, 2023
@adietish
use client#patch instead of #createOrReplace (redhat-developer#561)
ee635ef 
Signed-off-by: Andre Dietisheim <adietish@redhat.com>
adietish added a commit to adietish/intellij-kubernetes that referenced this issue Mar 14, 2023
@adietish
use client#patch instead of #createOrReplace (redhat-developer#561)
efdbc8f 
Signed-off-by: Andre Dietisheim <adietish@redhat.com>
adietish added a commit that referenced this issue Mar 14, 2023
@adietish
use client#patch instead of #createOrReplace (#561) (#580)
67cb78f 
Signed-off-by: Andre Dietisheim <adietish@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adietish adietish

Labels
kind/bug Something isn't working severity/major
Projects
IDE Raptors
Archived in project
Milestone
0.8.0
Development

Successfully merging a pull request may close this issue.

use client#patch instead of #createOrReplace (#561) adietish/intellij-kubernetes
1 participant
@adietish