feat: propagate podTemplate annotations from Sandbox to Pod#517
feat: propagate podTemplate annotations from Sandbox to Pod#517noeljackson wants to merge 1 commit intokubernetes-sigs:mainfrom
Conversation
When a Sandbox CR's PodTemplate carries annotations, the sandbox controller now syncs them to the running Pod — the same way it already syncs labels. This is a no-restart, in-place metadata update. Sandbox manages a 1:1 relationship (one CR → one Pod), not a replica set. Unlike Deployments/StatefulSets where podTemplate changes trigger rolling replacements, Sandbox has no rollout concept — in-place mutation of mutable Pod fields (labels, annotations, and with InPlacePodVerticalScaling, resources) is the natural propagation model for a single-pod controller. This does not change behavior for Deployments or any other workload controller. It simply extends the existing label-sync loop in reconcilePod to also cover annotations.
✅ Deploy Preview for agent-sandbox canceled.
|
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: noeljackson The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @noeljackson. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
size/S
|
Thanks for opening / splitting out @noeljackson I think this is a great place to have the discussion about how the apps controllers should behave here, and whether it's OK to deviate for sandbox. The point about Sandbox:Pod being a tighter coupling than Daemonset/Deployment/Statefulset is a good one! |
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
|
/hold for discussion though (that's why we're splitting it out) |
k8s-ci-robot
added
do-not-merge/hold
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
4 participants
Summary
Extend the existing label-sync loop in
reconcilePodto also propagate annotations fromSandbox.Spec.PodTemplate.ObjectMeta.Annotationsto the running Pod. This is a no-restart, in-place metadata update.Split out from #459 per maintainer request to keep the annotation propagation discussion separate from the workspaceResources feature.
Why in-place propagation is the right model for Sandbox
justinsb raised a good question in #459 about whether in-place propagation sets a precedent for Deployments/StatefulSets. It doesn't, because the lifecycle models are fundamentally different:
Kubernetes already supports this:
InPlacePodVerticalScaling(GA path since KEP-1287) makes container resources mutable tooThe existing
reconcilePodalready syncs labels this way. This PR adds annotations to the same loop — no new pattern, just extending existing behavior to another mutable field.This does not change behavior for Deployments, StatefulSets, or any other workload controller.
Test plan
Files
controllers/sandbox_controller.go— extend reconcilePod annotation synccontrollers/sandbox_controller_test.go— test coverage