Saturday, September 24, 2022

Scheduling Pods 1: Taint and Tolerance

 Node in the Kubernetes cluster are schedule the pods as per the Node level Taints will control the Pod creation on the Node. 


We can update the taints on one or more nodes with single command. The following are instructions from the kubectl label --help
  • A taint consists of a key, value, and effect. As an argument here, it is expressed as key=value:effect. 
  • The key must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 253 characters. 
  • Optionally, the key can begin with a DNS subdomain prefix and a single '/', like example.com/my-app. 
  • The value is optional. If given, it must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters.  
  • The effect must be NoSchedule, PreferNoSchedule or NoExecute. 
  • Currently taint can only apply to node.

How does Taint - Tolerance works in Kubernetes?

  • Taints allow a node to repel a set of pods.
  • Tolerations are applied to pods, and allow the pods to schedule onto nodes with matching taints.
  • Taints and tolerations work together to ensure that pods are not scheduled onto inappropriate nodes.
  • One or more taints are applied to a node; this marks that the node should not accept any pods that do not tolerate the taints.

How do you know how many worker nodes participating in the Kubernetes cluster?

kubectl get no
This list may includes the controlplane as well. 

How to check do any taints exist on a particular node say node01?

kubectl describe nodes/node01 |grep -i taint

Creating a taint on node01 with key of 'spray', value of 'mortein'and effect of NoSchedule.
kubectl taint nodes node01 spray=mortein:NoSchedule
# Verify the above
kubectl describe nodes/node01 |grep -i taint

Let's create a new pod with the nginx image and pod name as mosquito.
kubectl run mosquito --image=nginx
kubectl get po -w
Observe that pod name  mosquito status is in "Pending" continuously when pod trying to get inside, unable to enter into the node01 due to its spray taint. Here you can taint with any name that will stop pod to schedule it on a particular node.

What is the reason Pod is in pending state?

The main reason here is Pod mosquito connot tolerate taint 'Mortein' spray.

Let's create another pod named 'bamblebee' with the nginx image, which has a toleration set to the taint 'mortein'.

apiVersion: v1
kind: Pod
metadata:
  name: bamblebee
spec:
  containers:
  - image: nginx
    name: bee
  tolerations:
  - key: spray
    value: mortein
    effect: NoSchedule
    operator: Equal
  
Create with
kubectl apply -f toleration.yaml
kubectl get po -w
Noticed that the bee pod was scheduled on node node01 despite the taint. 

How do you check the ControlPlane is having any taints on it? 


It is simple, You can run the describe sub-command on the node/controlPlane
kubectl describe node controlplane
deafult following taint was used Taints: node-role.kubernetes.io/master:NoSchedule 

Remove from node 'controlplane' the taint with key 'node-role.kubernetes.io/master' and effect 'NoSchedule' if one of these key-value pair exists we can control the scheduling the pods.
kubectl taint nodes controlplane node-role.kubernetes.io/master:NoSchedule-

Most of the Pods in the real-time will be created under 'deployment' to have replication controllers the pods creation on the nodes. So most of the toleration declared in a section will be helpful.

Best practice is to take a back up of the original $HOME/.kube/config file then go for the overwrite the 

No comments:

Categories

Kubernetes (24) Docker (20) git (13) Jenkins (12) AWS (7) Jenkins CI (5) Vagrant (5) K8s (4) VirtualBox (4) CentOS7 (3) docker registry (3) docker-ee (3) ucp (3) Jenkins Automation (2) Jenkins Master Slave (2) Jenkins Project (2) containers (2) create deployment (2) docker EE (2) docker private registry (2) dockers (2) dtr (2) kubeadm (2) kubectl (2) kubelet (2) openssl (2) Alert Manager CLI (1) AlertManager (1) Apache Maven (1) Best DevOps interview questions (1) CentOS (1) Container as a Service (1) DevOps Interview Questions (1) Docker 19 CE on Ubuntu 19.04 (1) Docker Tutorial (1) Docker UCP (1) Docker installation on Ubunutu (1) Docker interview questions (1) Docker on PowerShell (1) Docker on Windows (1) Docker version (1) Docker-ee installation on CentOS (1) DockerHub (1) Features of DTR (1) Fedora (1) Freestyle Project (1) Git Install on CentOS (1) Git Install on Oracle Linux (1) Git Install on RHEL (1) Git Source based installation (1) Git line ending setup (1) Git migration (1) Grafana on Windows (1) Install DTR (1) Install Docker on Windows Server (1) Install Maven on CentOS (1) Issues (1) Jenkins CI server on AWS instance (1) Jenkins First Job (1) Jenkins Installation on CentOS7 (1) Jenkins Master (1) Jenkins automatic build (1) Jenkins installation on Ubuntu 18.04 (1) Jenkins integration with GitHub server (1) Jenkins on AWS Ubuntu (1) Kubernetes Cluster provisioning (1) Kubernetes interview questions (1) Kuberntes Installation (1) Maven (1) Maven installation on Unix (1) Operations interview Questions (1) Oracle Linux (1) Personal access tokens on GitHub (1) Problem in Docker (1) Prometheus (1) Prometheus CLI (1) RHEL (1) SCM (1) SCM Poll (1) SRE interview questions (1) Troubleshooting (1) Uninstall Git (1) Uninstall Git on CentOS7 (1) Universal Control Plane (1) Vagrantfile (1) amtool (1) aws IAM Role (1) aws policy (1) caas (1) chef installation (1) create organization on UCP (1) create team on UCP (1) docker CE (1) docker UCP console (1) docker command line (1) docker commands (1) docker community edition (1) docker container (1) docker editions (1) docker enterprise edition (1) docker enterprise edition deep dive (1) docker for windows (1) docker hub (1) docker installation (1) docker node (1) docker releases (1) docker secure registry (1) docker service (1) docker swarm init (1) docker swarm join (1) docker trusted registry (1) elasticBeanStalk (1) global configurations (1) helm installation issue (1) mvn (1) namespaces (1) promtool (1) service creation (1) slack (1)