Security Context: Pod edit changes are omitted

selvakumar · December 8, 2020, 11:48pm

Hi,
In security context practice tests, we have Pod Ubuntu-sleeper running.

Edited the pod to add securityContext, but the changes is omitted.
Command : kubectl edit pod ubuntu-sleeper
It is said in forums that certain sections in spec of pod is not editable while pod is running, so i got the yaml of running pod, deleted the running pod and added securitycontext changes, but still the changes are omitted.
Commands : kubectl get pod ubuntu-sleeper -o yaml > ubuntu-sleeper.yaml
kubectl delete pod ubuntu-sleeper
kubectl create -f ubuntu-sleeper.yaml
However, the pod definition provided in /var/answers is working as expected.

So, when the pod is already running and to make the securitycontext changes, do we need to delete the running pod and create a new definition file. Which i think is not the right way.

How do we handle this.

Thanks.

Tej-Singh-Rana · December 9, 2020, 6:01am

Hello, @selvakumar

You cannot add extra new fields. In case, if pod is in the running state.

You have to check the securityContext field. In your manifest file, there one more securityContext which replaced your newly added securityContext field.

Tej-Singh-Rana · December 9, 2020, 6:05am

spec.containers[*].image
spec.initContainers[*].image
spec.activeDeadlineSeconds
spec.tolerations

When pod is in running phase, Only above fields are editable.

selvakumar · December 12, 2020, 9:04am

Okay, i got that. Thanks.