Security Context: Pod edit changes are omitted

In security context practice tests, we have Pod Ubuntu-sleeper running.

  • Edited the pod to add securityContext, but the changes is omitted.
    Command : kubectl edit pod ubuntu-sleeper

  • It is said in forums that certain sections in spec of pod is not editable while pod is running, so i got the yaml of running pod, deleted the running pod and added securitycontext changes, but still the changes are omitted.
    Commands : kubectl get pod ubuntu-sleeper -o yaml > ubuntu-sleeper.yaml
    kubectl delete pod ubuntu-sleeper
    kubectl create -f ubuntu-sleeper.yaml

  • However, the pod definition provided in /var/answers is working as expected.

So, when the pod is already running and to make the securitycontext changes, do we need to delete the running pod and create a new definition file. Which i think is not the right way.

How do we handle this.


Hello, @selvakumar

You cannot add extra new fields. In case, if pod is in the running state.

You have to check the securityContext field. In your manifest file, there one more securityContext which replaced your newly added securityContext field.

  • spec.containers[*].image
  • spec.initContainers[*].image
  • spec.activeDeadlineSeconds
  • spec.tolerations

When pod is in running phase, Only above fields are editable.

Okay, i got that. Thanks.