Updating annotations on Pod

Hi everyone,

I was designing a solution that relies on pod annotations for metadata. Several places in docs, such as:

1. Kubectl Reference Docs
2. https://v1-15.docs.kubernetes.io/docs/reference/kubectl/cheatsheet/
   show that, using kubectl, the operator can change the annotations on a single pod. In other words, API server UPDATE requests for pods can contain changes to the annotations field.
   However, running this in practice gives:

Forbidden: pod updates may not change fields other than spec.containers[*].image, spec.initContainers[*].image, spec.activeDeadlineSeconds or spec.tolerations (only additions to existing tolerations)

Looking at the code over at https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/core/validation/validation.go#L3807 this is clearly intentional.

Can someone help me understand why updating an annotation on pod in-place is forbidden? Or is this just something that people haven’t felt the need to implement? Thanks!

Thanks and have a good day!

The line of code you linked is for pod specs. Annotations live in metadata, and should be mutable.

I just tested against my (slightly back-rev) cluster:

$ k get pod two-containers -o jsonpath='{.metadata.annotations}' | jq | grep foo
$ k annotate pod two-containers foo=bar
pod/two-containers annotated
$ k get pod two-containers -o jsonpath='{.metadata.annotations}' | jq | grep foo
"foo": "bar",