Taints and Tolerations
Used to set restrictions on what pods can be shceduled on which nodes
Default there are none and the schedule will schedule pods in a balanced way across the nodes
Taints
Set on Nodes
Lets say there are 3 nodes with a taints
| Node | Taint |
|---|---|
| node-1 | Red |
| node-2 | Green |
| node-3 | Blue |
Tolerations
Set on Pods
Lets say there are pods with tolerations
| Pod | Toleration |
|---|---|
| pod-1 | Blue |
| pod-2 | Green |
| pod-3 | Red |
| pod-4 | Red |
| pod-5 | Red |
| pod-7 | Blue |
Kube scheduler will now deploy the pods and add them to the resulting nodes
| Node-1 RED |
|---|
| pod-3 |
| pod-4 |
| pod-5 |
| Node-2 GREEN |
|---|
| pod-2 |
| Node-3 BLUE |
|---|
| pod-1 |
| pod-7 |
How to Taint a node
1kubectl taint nodes node-name key=value:taint-effect
rm taint
1kubectl taint nodes node-name key=value:taint-effect-
Taint effect
This is what will happen if the Pod DOES NOT TOLERATE the taint
- NoSchedule - will not be scheduled on node
- PreferNoSchedule - will try to prevent scheduling on node
- NoExecute - new pods wont be sheduled and existing bods will be removed that do not tolerate the taint
Add Tolerations to Pod
1spec:
2 tolerations: # Must be in " quotes "
3 - key: "app"
4 operator: "Equal"
5 value: "blue"
6 effect: Taint Effect
Example
1apiVersion:
2kind: Pod
3metadata:
4 name: simple-webapp-color
5spec:
6 tolerations: # Must be in " quotes "
7 - key: "app"
8 operator: "Equal"
9 value: "blue"
10 effect: "NoSchedule"
11
12 containers:
13 - name: simple-webapp-color
14 image: simple-webapp-color
15 ports:
16 - containerPort: 8080
17 envFrom:
18 - configMapRef:
19 name: app-config
Master Node
Master node has a default taint
Best practice to not deploy application workloads on master node
1kubectl describe node kubemaster | grep Taint
output
1Taints: node-role.kubernetes.io/master:NoShcedule