Note: nfs server and permission are fine, I have checked PV and PVC is creating fine only statefulSet is giving me this error.
Error Message: The StatefulSet "auth-mongo-ss" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden (err msg is straightforward but didn't help to solve it! what am I missing here ?)
Kubernetes(minkube) version:
Client Version: v1.20.2 Server Version: v1.20.2
OS:
Linux mint - 20
apiVersion: v1
kind: PersistentVolume
metadata:
name: auth-pv
spec:
capacity:
storage: 250Mi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: manual
nfs:
path: /nfs/auth
server: 192.168.10.104
---
apiVersion: v1
kind: Service
metadata:
name: auth-mongo-serv
labels:
app: auth-mongo-serv
spec:
ports:
- name: db
protocol: TCP
port: 27017
targetPort: 27017
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: auth-mongo-ss
spec:
selector:
matchLabels:
app: auth-mongo-serv # has to match .spec.template.metadata.labels
serviceName: auth-mongo-ss
replicas: 1 # by default is 1
template:
metadata:
labels:
app: auth-mongo-serv # has to match .spec.selector.matchLabels
spec:
terminationGracePeriodSeconds: 10
containers:
- name: auth-mongo-docker
image: mongo
ports:
- containerPort: 27017
resources:
limits:
memory: "250Mi"
cpu: "250m"
volumeMounts:
- name: auth-mongo-data
mountPath: /data/db
volumeClaimTemplates:
- metadata:
name: auth-mongo-data
spec:
storageClassName: manual
accessModes: ["ReadWriteMany"]
resources:
requests:
storage: 250Mi
```The error spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden saying it all.
In StatefultSet only mutable (you can change/update) is replicas, template, and updateStrategy. Other than these fields in Spec you cannot change others fields during updates.
You have multiple issues:
in the StatefuleSet Spec you used serviceName: auth-mongo-ss, do you have this headless service?
In this service spec you did not give selector
apiVersion: v1
kind: Service
metadata:
name: auth-mongo-serv
labels:
app: auth-mongo-serv
spec:
ports:
- name: db
protocol: TCP
port: 27017
targetPort: 27017An example of StatefulSet from k8s doc is given below, for statefulset you need one headless service.
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: None
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
selector:
matchLabels:
app: nginx # has to match .spec.template.metadata.labels
serviceName: "nginx"
replicas: 3 # by default is 1
template:
metadata:
labels:
app: nginx # has to match .spec.selector.matchLabels
spec:
terminationGracePeriodSeconds: 10
containers:
- name: nginx
image: k8s.gcr.io/nginx-slim:0.8
ports:
- containerPort: 80
name: web
volumeMounts:
- name: www
mountPath: /usr/share/nginx/html
volumeClaimTemplates:
- metadata:
name: www
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "my-storage-class"
resources:
requests:
storage: 1Gi