nodeSelector: validation failed: must not set the field(s): spec.template.spec.nodeSelector

[springCozyRock]

hi, I really need you guys help. I need to use nodeSelector to place my service on specific node following https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-host-aliases. But it failed with following error messages.

beatles@kmaster:~$ sudo kubectl apply -f helloworld-go.yaml 
[sudo] password for beatles: 
Warning: Kubernetes default value is insecure, Knative may default this to secure in a future release: spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation, spec.template.spec.containers[0].securityContext.capabilities, spec.template.spec.containers[0].securityContext.runAsNonRoot, spec.template.spec.containers[0].securityContext.seccompProfile
Error from server (BadRequest): error when creating "helloworld-go.yaml": admission webhook "validation.webhook.serving.knative.dev" denied the request: validation failed: must not set the field(s): spec.template.spec.nodeSelector
beatles@kmaster:~$ 

My yaml file

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: helloworld-go
  namespace: example
spec:
  template:
    spec:
      nodeSelector:
        kubernetes.io/hostname: kmaster
      containers:
      - image: registry.cn-hangzhou.aliyuncs.com/knative-sample/helloworld-go:160e4dc8
        env:
        - name: TARGET
          value: "Go Sample v1"

[ReToCode]

You probably want https://knative.dev/docs/serving/configuration/feature-flags/#kubernetes-node-selector?

[springCozyRock]

hi @ReToCode , thx a lot. I was actually refering to this url. Is there anything else I have to do?

[ReToCode]

No that should work. Are you sure you set kubernetes.podspec-nodeselector at the correct place (not in the _example section)?

[springCozyRock]

I didnot know I should edit Config Map before. Pretty stupid. Let me try and I willclose the issue. Thanks a lot!

    # Indicates whether Kubernetes nodeSelector support is enabled
    #
    # WARNING: Cannot safely be disabled once enabled.
    # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-node-selector
    kubernetes.podspec-nodeselector: "disabled"

[springCozyRock]

I failed to edit this.

beatles@kmaster:~$ sudo kubectl edit configmap config-features -n knative-serving
error: configmaps "config-features" could not be patched: admission webhook "config.webhook.serving.knative.dev" denied the request: validation failed: the update modifies a key in "_example" which is probably not what you want. Instead, copy the respective setting to the top-level of the ConfigMap, directly below "data"
You can run `kubectl replace -f /tmp/kubectl-edit-3003085152.yaml` to try this update again.

[springCozyRock]

I failed to edit this.

No that should work. Are you sure you set kubernetes.podspec-nodeselector at the correct place (not in the _example section)?

oh! I didn't notice it before!

[springCozyRock]

  kubernetes.podspec-nodeselector: enabled
kind: ConfigMap
metadata:
  annotations:
    knative.dev/example-checksum: f2fc138e
    kubectl.kubernetes.io/last-applied-configuration: |

yes I should put it in the right place and beatles@kmaster:~$ sudo kubectl edit configmap config-features -n knative-serving configmap/config-features edited

[springCozyRock]

Yes. It totally worked now. I am so excited! Thanks!

[shauryagoel]

@ReToCode Was this changed recently? I have a cluster in which I installed knative a few months back and in its config-map config-features, I have this set-

  kubernetes.podspec-nodeselector: enabled
  kubernetes.podspec-volumes-emptydir: enabled

However, when I installed knative today in a new cluster (same knative version), the config-map does not have those fields.

[dprotaso]

@shauryagoel someone must have edited the config map by default we don't set anything

[shauryagoel]

That seems improbable to me, but, I use kserve (which uses knative), and maybe that is modifying some things. I will check there.