在使用kubectl apply操作workload产生的非预期行为
来自三线的随记
简述
- kubectl apply 对于之前本身就是apply或者create --save-config产生的resources,可能存在非预期行为(kubectl.kubernetes.io/last-applied-configuration),例如修改原有的workload probe settings(bug at 1.18.x), 或者修改hostAlias(修改原有的hostalias的ip)
hostalias复现:
先创建一个普通的deployment
apiVersion: apps/v1 kind: Deployment metadata: labels: sit.k8s.io/app: yaml-test name: yaml-test spec: replicas: 1 selector: matchLabels: sit.k8s.io/app: yaml-test strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: sit.k8s.io/app: yaml-test sit.k8s.io/app: yaml-test name: yaml-test spec: hostAliases: - hostnames: - testaaaa.com - testbbb.com ip: 1.1.1.7 containers: - image: 192.168.150.181/test/nginx-2048:latest imagePullPolicy: IfNotPresent name: yaml-test readinessProbe: httpGet: path: / port: 80 scheme: HTTP initialDelaySeconds: 10 timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 resources: limits: cpu: "1" memory: "64Mi" requests: cpu: 64m memory: "64Mi" dnsPolicy: ClusterFirst restartPolicy: Always
然后修改一下hostAliases的值,执行kubectl apply -f xxx.yaml --dry-run=server -oyaml
apiVersion: apps/v1 kind: Deployment metadata: labels: sit.k8s.io/app: yaml-test name: yaml-test spec: replicas: 1 selector: matchLabels: sit.k8s.io/app: yaml-test strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: sit.k8s.io/app: yaml-test sit.k8s.io/app: yaml-test name: yaml-test spec: hostAliases: - hostnames: - testaaaa.com - testbbb.com ip: 1.1.1.8 containers: - image: 192.168.150.181/test/nginx-2048:latest imagePullPolicy: IfNotPresent name: yaml-test readinessProbe: httpGet: path: / port: 80 scheme: HTTP initialDelaySeconds: 10 timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 resources: limits: cpu: "1" memory: "64Mi" requests: cpu: 64m memory: "64Mi" dnsPolicy: ClusterFirst restartPolicy: Always
会发现apply以后的结果hostAliases字段非预期(1.1.1.8直接被追加了进去,而不是替换)
或者一开始使用apply创建资源,然后删除kubectl.kubernetes.io/last-applied-configuration: ,再修改ip,再apply
如果一开始是用kubectl apply -f xxxx创建资源,然后用apply -f更新资源,则不会复现
这个也是跟k8s apply的实现方式有关系
How apply calculates differences and merges changes
Related article: K8s的一些小坑或者bug简要记录