Node in the Kubernetes cluster are schedule the pods as per the Node level Taints will control the Pod creation on the Node.
- A taint consists of a key, value, and effect. As an argument here, it is expressed as key=value:effect.
- The key must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 253 characters.
- Optionally, the key can begin with a DNS subdomain prefix and a single '/', like example.com/my-app.
- The value is optional. If given, it must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters.
- The effect must be NoSchedule, PreferNoSchedule or NoExecute.
- Currently taint can only apply to node.
How does Taint - Tolerance works in Kubernetes?
- Taints allow a node to repel a set of pods.
- Tolerations are applied to pods, and allow the pods to schedule onto nodes with matching taints.
- Taints and tolerations work together to ensure that pods are not scheduled onto inappropriate nodes.
- One or more taints are applied to a node; this marks that the node should not accept any pods that do not tolerate the taints.
How do you know how many worker nodes participating in the Kubernetes cluster?
kubectl get noThis list may includes the controlplane as well.
How to check do any taints exist on a particular node say node01?
kubectl describe nodes/node01 |grep -i taint
kubectl taint nodes node01 spray=mortein:NoSchedule # Verify the above kubectl describe nodes/node01 |grep -i taint
kubectl run mosquito --image=nginx kubectl get po -wObserve that pod name mosquito status is in "Pending" continuously when pod trying to get inside, unable to enter into the node01 due to its spray taint. Here you can taint with any name that will stop pod to schedule it on a particular node.
What is the reason Pod is in pending state?
The main reason here is Pod mosquito connot tolerate taint 'Mortein' spray.Let's create another pod named 'bamblebee' with the nginx image, which has a toleration set to the taint 'mortein'.
apiVersion: v1 kind: Pod metadata: name: bamblebee spec: containers: - image: nginx name: bee tolerations: - key: spray value: mortein effect: NoSchedule operator: EqualCreate with
kubectl apply -f toleration.yaml kubectl get po -wNoticed that the bee pod was scheduled on node node01 despite the taint.
How do you check the ControlPlane is having any taints on it?
It is simple, You can run the describe sub-command on the node/controlPlane
kubectl describe node controlplanedeafult following taint was used Taints: node-role.kubernetes.io/master:NoSchedule
Remove from node 'controlplane' the taint with key 'node-role.kubernetes.io/master' and effect 'NoSchedule' if one of these key-value pair exists we can control the scheduling the pods.
kubectl taint nodes controlplane node-role.kubernetes.io/master:NoSchedule-
Most of the Pods in the real-time will be created under 'deployment' to have replication controllers the pods creation on the nodes. So most of the toleration declared in a section will be helpful.
Best practice is to take a back up of the original $HOME/.kube/config file then go for the overwrite the