💻 Tech
Have you ever tried modifying a pod spec only to see it’s not taking effect after you apply the changes? For example, you modified a pod’s spec by adding a securityContext:
kubectl edit po poname
After making the changes, you did kubectl replace -f po.yaml.
However, pod-level securityContext didn’t change at all after checking the pod details via kubectl describe po poname. Since you just added a securityContext, you may have not noticed there’s securityContext: {} at the latter portion of the spec. In that case, it overrides whatever you entered earlier in the spec. The empty securityContext exists because kubectl edit sometimes can’t allow you to edit a running pod directly, so it provides you a YAML file containing your changes that you can apply later. When a pod without security context is exported into YAML, it includes an empty securityContext.
The lesson is here is to first search if a spec property already exists before adding a new one.