I was designing a solution that relies on pod annotations for metadata. Several places in docs, such as:
- Kubectl Reference Docs
show that, using kubectl, the operator can change the annotations on a single pod. In other words, API server UPDATE requests for pods can contain changes to the annotations field.
However, running this in practice gives:
Forbidden: pod updates may not change fields other than spec.containers[*].image, spec.initContainers[*].image, spec.activeDeadlineSeconds or spec.tolerations (only additions to existing tolerations)
Looking at the code over at https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/core/validation/validation.go#L3807 this is clearly intentional.
Can someone help me understand why updating an annotation on pod in-place is forbidden? Or is this just something that people haven’t felt the need to implement? Thanks!
Thanks and have a good day!