Taints and Tolerances
Default Scheduler assigns pods to the available nodes with ample resources. However, we can restrict what pods can be assigned to what nodes using taints.
Taints are labels applied to nodes which repels the nodes. If some nodes tainted then only pods with those matching tolerances can be assigned to them.
Tolerances are applied to pods which enables pods to be assigned to tainted nodes.
Taint a node
We can taint a node using command,
kubectl taint node <node-name> <key>=<value>:<effect>
where key is the taint key and value is taint value which can be anything. effect can only have three values NoSchedule, PreferNoSchedule and NoExecute.
NoSchedule defines that no new pods will be assigned to node.
PreferNoSchedule means that no new pods may be assigned. If there are no other node, then only pod can be assigned to the node.
If NoExecute is applied to the node, already running assigned pods will be terminated.
➤ kubectl taint node kube-m02 type=worker:NoSchedule
node/kube-m02 tainted
We can define multiple taints in the single command.
Taint can be removed by adding - at the end of taint.
➤ k taint node kube-m02 type=worker:NoSchedule- ssd=true:NoExecute-
node/kube-m02 untainted
Tolerations in Pod
To make pod assignable to tainted node, we need to add tolerations in pod.
apiVersion: v1
kind: Pod
metadata:
name: nginx-tolerated
labels:
type: router
namespace: learning
spec:
containers:
- name: nginx-con
image: nginx
tolerations:
- key: "ssd"
value: "true"
effect: "NoSchedule"
operator: "Equal"
- key: "type"
value: "worker"
effect: "NoSchedule"
operator: "Equal"operator can be Exists when there is no value for taint and Equal when there is a value for taint.
For example,
➤ k taint node kube-m02 type:NoSchedule
node/kube-m02 tainted
And then we can use Exists operator for pod,
tolerations:
- key: "ssd"
value: "true"
effect: "NoSchedule"
operator: "Equal"
- key: "type"
effect: "NoSchedule"
operator: "Exists"