cannot updated metadata on pods: Pod "postgres-cluster-example-1" is invalid: spec: Forbidden: pod updates may not change fields other than `spec.containers[*].image`,`spec.initContainers[*].image`,`spec.activeDeadlineSeconds`,`spec.tolerations` (only additions to existing tolerations),`spec.terminationGracePeriodSeconds` (allow it to be set to 1 if it was previously negative)
core.PodSpec{
Volumes: {{Name: "eks-pod-identity-token", VolumeSource: {Projected: &{Sources: {{ServiceAccountToken: &{Audience: "pods.eks.amazonaws.com", ExpirationSeconds: 80277, Path: "eks-pod-identity-token"}}}, DefaultMode: &420}}}, {Name: "pgdata", VolumeSource: {PersistentVolumeClaim: &{ClaimName: "postgres-cluster-example-1"}}}, {Name: "scratch-data", VolumeSource: {EmptyDir: &{}}}, {Name: "shm", VolumeSource: {EmptyDir: &{Medium: "Memory"}}}, ...},
InitContainers: []core.Container{
{Name: "bootstrap-controller", Image: "ghcr.io/cloudnative-pg/cloudnative-pg:1.26.0", Command: {"/manager", "bootstrap", "/controller/manager", "--log-level=info"}, Env: {{Name: "AWS_STS_REGIONAL_ENDPOINTS", Value: "regional"}, {Name: "AWS_DEFAULT_REGION", Value: "us-east-1"}, {Name: "AWS_REGION", Value: "us-east-1"}, {Name: "AWS_CONTAINER_CREDENTIALS_FULL_URI", Value: "http://169.254.170.23/v1/credentials"}, ...}, ...},
{
... // 5 identical fields
Ports: nil,
EnvFrom: nil,
Env: []core.EnvVar{
... // 6 identical elements
{Name: "PGHOST", Value: "/controller/run"},
{Name: "TMPDIR", Value: "/controller/tmp"},
- {Name: "SPOOL_DIRECTORY", Value: "/controller/wal-restore-spool"},
- {Name: "CUSTOM_CNPG_GROUP", Value: "postgresql.cnpg.io"},
- {Name: "CUSTOM_CNPG_VERSION", Value: "v1"},
{Name: "AWS_STS_REGIONAL_ENDPOINTS", Value: "regional"},
{Name: "AWS_DEFAULT_REGION", Value: "us-east-1"},
{Name: "AWS_REGION", Value: "us-east-1"},
{Name: "AWS_CONTAINER_CREDENTIALS_FULL_URI", Value: "http://169.254.170.23/v1/credentials"},
{Name: "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE", Value: "/var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-i"...},
+ {Name: "SPOOL_DIRECTORY", Value: "/controller/wal-restore-spool"},
+ {Name: "CUSTOM_CNPG_GROUP", Value: "postgresql.cnpg.io"},
+ {Name: "CUSTOM_CNPG_VERSION", Value: "v1"},
},
Resources: {},
ResizePolicy: nil,
... // 14 identical fields
},
},
Containers: {{Name: "postgres", Image: "ghcr.io/cloudnative-pg/postgresql:17.5-standard-bookworm", Command: {"/controller/manager", "instance", "run", "--status-port-tls", ...}, Ports: {{Name: "postgresql", ContainerPort: 5432, Protocol: "TCP"}, {Name: "metrics", ContainerPort: 9187, Protocol: "TCP"}, {Name: "status", ContainerPort: 8000, Protocol: "TCP"}}, ...}},
EphemeralContainers: nil,
... // 30 identical fields
}
When creating the sidecar configuration, we should refrain from altering the order of environment variables if all required variables are already included in the configuration.
After #354, released in version 0.4.1, the sidecar injection conflicts with any MutatingWebhookConfiguration that adds environment variables to all containers. This issue is affecting all EKS users.
This is the error returned by the API server:
When creating the sidecar configuration, we should refrain from altering the order of environment variables if all required variables are already included in the configuration.