I'm trying to deploy ping devops on my local machine but get the following error message when I try to set up the server profiles:

error validating "lab05-local-profile-deploy.yaml": error validating data: ValidationError(PersistentVolume): unknown field "nodeAffinity" in io.k8s.api.core.v1.PersistentVolume; if you choose to ignore these errors, turn validation off with --validate=false Error from server (Invalid): error when applying patch:

{"metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{"apiVersion":"v1","kind":"PersistentVolume","metadata":{"annotations":{},"name":"pd-profile-volume"},"spec":{"accessModes":["ReadOnlyMany"],"capacity":{"storage":"10Gi"},"local":{"path":"/home/alice/projects/devops/lab05/pingidentity-server-profiles/getting-started/pingdirectory"},"nodeAffinity":{"required":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/hostname","operator":"In","values":["docker-desktop"]}]}]}},"storageClassName":"pd-local-in-storage","volumeMode":"Filesystem"}}\n"}},"spec":{"local":{"path":"/home/alice/projects/devops/lab05/pingidentity-server-profiles/getting-started/pingdirectory"}}}

to: Resource: "/v1, Resource=persistentvolumes", GroupVersionKind: "/v1, Kind=PersistentVolume" Name: "pd-profile-volume", Namespace: "" for: "lab05-local-profile-deploy.yaml": PersistentVolume "pd-profile-volume" is invalid: spec.persistentvolumesource: Forbidden: is immutable after creation

Does anyone know how to resolve this issue?

The yaml file looks like this:

apiVersion: v1
data:
  PING_IDENTITY_ACCEPT_EULA: "YES"
kind: ConfigMap
metadata:
  labels:
    role: pingdirectory
  name: pingdirectory-environment-variables
---
apiVersion: v1
data:
  PING_IDENTITY_ACCEPT_EULA: "YES"
kind: ConfigMap
metadata:
  labels:
    role: pingfederate
  name: pingfederate-environment-variables
---
apiVersion: v1
kind: Service
metadata:
  labels:
    role: pingdataconsole
  name: pingdataconsole
spec:
  ports:
  - name: https
    port: 8443
  selector:
    role: pingdataconsole
  type: NodePort
---
apiVersion: v1
kind: Service
metadata:
  labels:
    role: pingdirectory
  name: pingdirectory
spec:
  ports:
  - name: ldaps
    port: 636
  - name: ssl
    port: 443
  - name: ldap
    port: 389
  selector:
    role: pingdirectory
  type: NodePort
---
apiVersion: v1
kind: Service
metadata:
  labels:
    role: pingfederate
  name: pingfederate
spec:
  ports:
  - name: pf-console
    port: 9999
  - name: pf-runtime
    port: 9031
  selector:
    role: pingfederate
  type: NodePort
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pd-profile-volume
spec:
  accessModes:
  - ReadOnlyMany
  capacity:
    storage: 10Gi
  local:
    path: /home/alice/projects/devops/lab05/pingidentity-server-profiles/getting-started/pingdirectory
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - docker-desktop
  storageClassName: pd-local-in-storage
  volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pf-profile-volume
nodeAffinity:
  required:
    nodeSelectorTerms:
    - matchExpressions:
      - key: kubernetes.io/hostname
        operator: In
        values:
        - docker-desktop
spec:
  accessModes:
  - ReadOnlyMany
  capacity:
    storage: 10Gi
  local:
    path: /home/alice/projects/devops/lab05/pingidentity-server-profiles/getting-started/pingfederate
  storageClassName: pf-local-in-storage
  volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pd-profile-claim
spec:
  accessModes:
  - ReadOnlyMany
  resources:
    requests:
      storage: 10Gi
  storageClassName: pd-local-in-storage
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pf-profile-claim
spec:
  accessModes:
  - ReadOnlyMany
  resources:
    requests:
      storage: 10Gi
  storageClassName: pf-local-in-storage
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    role: pingdataconsole
  name: pingdataconsole
spec:
  replicas: 1
  selector:
    matchLabels:
      role: pingdataconsole
  template:
    metadata:
      labels:
        role: pingdataconsole
      name: pingdataconsole
    spec:
      containers:
      - image: pingidentity/pingdataconsole:edge
        name: pingdataconsole
        ports:
        - containerPort: 8443
        resources:
          limits:
            cpu: 200m
            memory: 1.5Gi
          requests:
            cpu: 200m
            memory: 1.5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    role: pingfederate
  name: pingfederate
spec:
  replicas: 1
  selector:
    matchLabels:
      role: pingfederate
  template:
    metadata:
      labels:
        role: pingfederate
      name: pingfederate
    spec:
      containers:
      - envFrom:
        - configMapRef:
            name: pingfederate-environment-variables
        - secretRef:
            name: devops-secret
            optional: true
        image: pingidentity/pingfederate:edge
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 1
          httpGet:
            path: /pingfederate/app
            port: 9999
            scheme: HTTPS
          initialDelaySeconds: 100
          periodSeconds: 1
        name: pingfederate
        ports:
        - containerPort: 9999
        - containerPort: 9031
        readinessProbe:
          httpGet:
            path: /pingfederate/app
            port: 9999
            scheme: HTTPS
          periodSeconds: 10
        resources:
          limits:
            cpu: "1"
            memory: 1.5Gi
          requests:
            cpu: "1"
            memory: 1.5Gi
        volumeMounts:
        - mountPath: /opt/in
          name: pf-profile-storage
      volumes:
      - name: pf-profile-storage
        persistentVolumeClaim:
          claimName: pf-profile-claim
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    role: pingdirectory
  name: pingdirectory
spec:
  replicas: 1
  selector:
    matchLabels:
      role: pingdirectory
  serviceName: pingdirectory
  template:
    metadata:
      labels:
        role: pingdirectory
      name: pingdirectory
    spec:
      containers:
      - envFrom:
        - configMapRef:
            name: pingdirectory-environment-variables
        - secretRef:
            name: devops-secret
            optional: true
        image: pingidentity/pingdirectory:edge
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh
              - -c
              - /preStop.sh
        livenessProbe:
          exec:
            command:
            - /bin/sh
            - -c
            - /opt/liveness.sh
          initialDelaySeconds: 300
          periodSeconds: 30
        name: pingdirectory
        ports:
        - containerPort: 636
        - containerPort: 443
        - containerPort: 389
        readinessProbe:
          exec:
            command:
            - /bin/sh
            - -c
            - /opt/liveness.sh
        resources:
          limits:
            cpu: "2"
            memory: 2Gi
          requests:
            cpu: "2"
            memory: 2Gi
        volumeMounts:
        - mountPath: /opt/in
          name: pd-profile-storage
      terminationGracePeriodSeconds: 300
      volumes:
      - name: pd-profile-storage
        persistentVolumeClaim:
          claimName: pd-profile-claim
2

There are 2 answers

0
user3475116 On

You might need to check what you have deployed previously. Do a kubectl get pv and pvc and check if there are any existing resources with the same name. If so delete them from your namespace and try deploying again.

0
Matt On

According to k8s api reference, nodeAffinity section have to be under spec field.

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pf-profile-volume
spec:
  nodeAffinity:       # <<< LOOK HERE >>>
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - docker-desktop
  accessModes:
  - ReadOnlyMany
  capacity:
    storage: 10Gi
  local:
    path: /home/alice/projects/devops/lab05/pingidentity-server-profiles/getting-started/pingfederate
  storageClassName: pf-local-in-storage
  volumeMode: Filesystem

You can also run:

kubectl explain pv.spec.nodeAffinity

to get field description.