CODEWITHSUNDEEP
kuberneteskubectlkube-controller-managerserver-side-apply
subtleseeker
subtleseeker

Reputation: 5243

No field manager for service account with kubectl create, but there with kubectl apply

I create an empty service account on a CAPI cluster

apiVersion: v1
kind: ServiceAccount
metadata:
  name: build-robot

with kubectl create and kubectl apply.

kubectl create

$ k get sa -oyaml --show-managed-fields
apiVersion: v1
items:
- apiVersion: v1
  kind: ServiceAccount
  metadata:
    creationTimestamp: "2024-01-24T15:11:24Z"
    name: build-robot
    namespace: default
    resourceVersion: "7337504"
    uid: e2414d28-d897-4099-ac5d-699c89835615
  secrets:
  - name: build-robot-token-77p6d

kubectl apply

$ k get sa -oyaml --show-managed-fields
apiVersion: v1
items:
- apiVersion: v1
  kind: ServiceAccount
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"build-robot","namespace":"default"}}
    creationTimestamp: "2024-01-24T15:10:55Z"
    managedFields:
    - apiVersion: v1
      fieldsType: FieldsV1
      fieldsV1:
        f:secrets:
          .: {}
          k:{"name":"build-robot-token-8rqgq"}: {}
      manager: kube-controller-manager
      operation: Update
      time: "2024-01-24T15:10:55Z"
    - apiVersion: v1
      fieldsType: FieldsV1
      fieldsV1:
        f:metadata:
          f:annotations:
            .: {}
            f:kubectl.kubernetes.io/last-applied-configuration: {}
      manager: kubectl-client-side-apply
      operation: Update
      time: "2024-01-24T15:10:55Z"
    name: build-robot
    namespace: default
    resourceVersion: "7337399"
    uid: 0bac2513-844f-4526-b374-3642bdf26838
  secrets:
  - name: build-robot-token-8rqgq

The “kubectl apply” service account gets a managed field (secrets) by kube-controller-manager while the one with “kubectl create” is unmanaged. I don’t understand this.

I tried the same experiment with a pod. All the managed fields in either case were same (except the ones that I expect to be different like last-applied-configuration).

UPDATE: As per "kubectl create" without --save-config: why field managers present for Service but not for ServiceAccount, it seems that the field manager "kube-controller-manager" in "kubectl apply" is not there in later versions of kubernetes. It seems to be a bug in the version I tried.

Upvotes: 0

Views: 205

Answers (1)

Nataraj Medayhal
Nataraj Medayhal

Reputation: 1221

The default value of "save-config" is false for kubectl create command because of which the configuration of object is not shown. To view configuration of object please pass "save-config" as true for kubectl create for ex:

kubectl create sa build-robot --save-config=true

More details of "save-config" are in k8s documentation

After creating object you can view the object configuration with "managedFields"

Upvotes: 0

Related Questions