不带--save-config的“kubectl create”:为什么现场经理出现在Service而不是ServiceAccount

问题描述 投票:0回答:1

这是问题的延续没有使用 kubectl create 的服务帐户的现场管理器,但有 kubectl apply
在 CAPI 集群中使用“kubectl apply”和“kubectl create”创建的 

Service
(或 
Pod
)获得所有相同的托管字段(除了像 
last-applied-configuration
这样的预期字段)。但对于上述问题中提到的
ServiceAccount
来说,情况似乎并非如此。

对于服务(或 Pod)

kubectl 创建

$ k get svc my-service -oyaml --show-managed-fields
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2024-01-26T18:40:15Z"
  managedFields:
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:spec:
        f:internalTrafficPolicy: {}
        f:ports:
          .: {}
          k:{"port":80,"protocol":"TCP"}:
            .: {}
            f:port: {}
            f:protocol: {}
            f:targetPort: {}
        f:selector: {}
        f:sessionAffinity: {}
        f:type: {}
    manager: kubectl-create
    operation: Update
    time: "2024-01-26T18:40:15Z"
  name: my-service
  namespace: default
  resourceVersion: "548809"
  uid: 7d57743d-9b8d-4f04-850b-7ca6d5e1347a
spec:
  clusterIP: 172.19.186.161
  clusterIPs:
  - 172.19.186.161
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - port: 80
    protocol: TCP
    targetPort: 9376
  selector:
    app.kubernetes.io/name: MyApp
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

kubectl 应用

$ k get svc my-service -oyaml --show-managed-fields
apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"my-service","namespace":"default"},"spec":{"ports":[{"port":80,"protocol":"TCP","targetPort":9376}],"selector":{"app.kubernetes.io/name":"MyApp"}}}
  creationTimestamp: "2024-01-26T18:41:00Z"
  managedFields:
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .: {}
          f:kubectl.kubernetes.io/last-applied-configuration: {}
      f:spec:
        f:internalTrafficPolicy: {}
        f:ports:
          .: {}
          k:{"port":80,"protocol":"TCP"}:
            .: {}
            f:port: {}
            f:protocol: {}
            f:targetPort: {}
        f:selector: {}
        f:sessionAffinity: {}
        f:type: {}
    manager: kubectl-client-side-apply
    operation: Update
    time: "2024-01-26T18:41:00Z"
  name: my-service
  namespace: default
  resourceVersion: "548931"
  uid: 8a378bcc-b70e-441b-8b55-463f7700e1f3
spec:
  clusterIP: 172.19.141.7
  clusterIPs:
  - 172.19.141.7
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - port: 80
    protocol: TCP
    targetPort: 9376
  selector:
    app.kubernetes.io/name: MyApp
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

结果:托管字段(几乎)相同。

对于服务帐户

kubectl 创建

$ k get sa -oyaml --show-managed-fields
apiVersion: v1
items:
- apiVersion: v1
  kind: ServiceAccount
  metadata:
    creationTimestamp: "2024-01-24T15:11:24Z"
    name: build-robot
    namespace: default
    resourceVersion: "7337504"
    uid: e2414d28-d897-4099-ac5d-699c89835615
  secrets:
  - name: build-robot-token-77p6d

kubectl 应用

$ k get sa -oyaml --show-managed-fields
apiVersion: v1
items:
- apiVersion: v1
  kind: ServiceAccount
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"build-robot","namespace":"default"}}
    creationTimestamp: "2024-01-24T15:10:55Z"
    managedFields:
    - apiVersion: v1
      fieldsType: FieldsV1
      fieldsV1:
        f:secrets:
          .: {}
          k:{"name":"build-robot-token-8rqgq"}: {}
      manager: kube-controller-manager
      operation: Update
      time: "2024-01-24T15:10:55Z"
    - apiVersion: v1
      fieldsType: FieldsV1
      fieldsV1:
        f:metadata:
          f:annotations:
            .: {}
            f:kubectl.kubernetes.io/last-applied-configuration: {}
      manager: kubectl-client-side-apply
      operation: Update
      time: "2024-01-24T15:10:55Z"
    name: build-robot
    namespace: default
    resourceVersion: "7337399"
    uid: 0bac2513-844f-4526-b374-3642bdf26838
  secrets:
  - name: build-robot-token-8rqgq

结果:管理的字段不同;在“kubectl create”的情况下完全不存在。为什么?发生了什么变化?

kubernetes kubectl kube-controller-manager server-side-apply
1个回答
0
投票

我在版本中看到了这个问题:

server: v1.23.10, client: v1.25.13

无法在
server: v1.28.4, client: v1.29.1
中重现它。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.