Bug 1383408

Summary: Cannot add labels and annotations to running POD
Product: OpenShift Container Platform Reporter: Miheer Salunke <misalunk>
Component: NodeAssignee: Jan Chaloupka <jchaloup>
Status: CLOSED DUPLICATE QA Contact: DeShuai Ma <dma>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.2.1CC: aos-bugs, decarr, jliggitt, jokerman, misalunk, mmccomas, wmeng
Target Milestone: ---Keywords: UpcomingRelease
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-28 21:10:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Miheer Salunke 2016-10-10 14:28:36 UTC 
Description of problem:

When I try to add a label to an existing POD created through a deployment config the operation is rejected with the following message:

The Pod "deployment-example-1-2uiqx" is invalid.
spec: Forbidden: pod updates may not change fields other than `containers[*].image` or `spec.activeDeadlineSeconds`
(Interestingly enough I was not able to update `containers[*].image` too, despite the message I am getting the same error)

I tried with following approaches and the outcome is always the same:
oc annotate pod deployment-example-1-2uiqx foo=bar
oc label pod deployment-example-1-2uiqx foo=bar
 kubectl label pod consul-registry-1-j78l8 foo=bar
oc edit pod consul-registry-1-j78l8

I expect to be able to add labels and annotations to pods even when they have been created through deployment configs (I do not observe this behavior on individual PODs), consistently with what I observed on Openshift Origin and Kubernetes.

Where are you experiencing the behavior?  What environment?

Openshift enterprise version:
oc v3.2.1.4-1-g1864c8f
kubernetes v1.2.0-36-g4a3f9c5
On VMs running:
Red Hat Enterprise Linux Server release 7.2


Note that I do not observe the same behavior on Openshift Origin (see below the tested version), where I' m able to add labels and annotations to PODs created by deployment configs.
oc v1.2.1
kubernetes v1.2.0-36-g4a3f9c5




How reproducible:
Always on customer side

Steps to Reproduce:
1.mentioned in the description
2.
3.

Actual results:


Expected results:


Additional info:
Comment 10 Jordan Liggitt 2016-11-01 14:17:54 UTC 
what user are you trying to annotate it with? what are the annotations on the pod? what SCC admitted the pod?
Comment 11 Jordan Liggitt 2016-11-01 14:18:45 UTC 
likely the same root cause as https://bugzilla.redhat.com/show_bug.cgi?id=1383707
Comment 12 Derek Carr 2016-11-01 14:42:53 UTC 
Miheer, can you provide pod yaml, the user name that is attempting to perform the action, and the list of sccs so we can understand if its the same root issue that Jordan linked against?
Comment 18 Derek Carr 2016-11-28 21:10:42 UTC 

*** This bug has been marked as a duplicate of bug 1383707 ***