Taints and Tolaration
# cat replica-definition-1.yaml
apiVersion: v1
kind: ReplicaSet
metadata:
name: replicaset-1
sepc:
replicas: 2
selector:
matchLabels:
tier: frontend
template:
metadata:
labels:
tier: frontend
spec:
containers:
- name: nginx
image: nginx
---------------------------------------------
How to restrict?
taint - to protect
tolerant - can't tolerate
bug and person
pod can be scheduled on node?
- scheduler try to put pod on all nodes equally.
- We can prevent certain nodes from creating any pods.
- if you place taint then none of the pods can be created.
for eg,
- We can set tolerant db pods to be place on node1 so all db servers are allowed
to be created on node1.but we can't create any web servers on node1. since node1
is taint to be created webserver.(can't create webserver)
taints are set on node and toleration are set to POD.
# kc taint nodes node-name key=value:taint-effect
If POD do not tolerate the taint, there are three effects happens,
- NoSchedule # POD will not be scheduled on the node
- preferNoSchedule # system will try to avoid placing pod on the node but not gurantee
- NoExecute # new pod will not be schedules on the node and existing POD will be
# invicted if they do not tolerate the taint.
# kc taint nodes node1 app=blue:Noschedule
tolerations are added to the pod
# kc taint nodes
# cat replica-definition-1.yaml
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
sepc:
containers:
- name: nginx-container
image: nginx
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
spec:
containers:
- name: nginx-container
image: nginx
tolerations: # all values need to encoded in double quotes
- key: "app"
operator: "Equal"
value: "blue" # hostname
effect: NoSchedule
Taint - NoExecute
master node: runs management services
taints is set automatically on master node. Best practice - not to create POD on master
# kc describe node kubemaster | grep taint
=============================================
1. How many Nodes exist on the system?
including the master/controlplane node
-> Run the command 'kubectl get nodes' and count the number of nodes.
# kc get nodes
2. Do any taints exist on node01?
-> Run the command 'kubectl describe node node01' and see the taint property
# kc describe node node01 | grep -i taint
none
3. Create a taint on node01 with key of 'spray', value of 'mortein' and effect of 'NoSchedule'
Key = spray
Value = mortein
Effect = NoSchedule
-> Run the command 'kubectl taint nodes node01 spray=mortein:NoSchedule'.
# kc taint node node01
add the key-value
# kc taint node node01 spray=mortein:NoSchedule
# kc describe node node1 | grep -i taint
4. Create a new pod with the NGINX image, and Pod name as 'mosquito'
Image name: nginx
->
# kc run mosquito --image=nginx --restart=Never
# kc get pod
or
# cat mosquito.yaml
apiVersion: v1
kind: Pod
metadata:
name: mosquito
spec:
containers:
- image: nginx
name: mosquito
# kc apply -f mosquito.yaml
5. What is the state of the POD?
-> Run the command 'kubectl get pods' and see the state
its on pending state
6. Why do you think the pod is in a pending state?
# kc describe pod mosquito
pod mosquito can not tolerate taint moretein.
6. Create another pod named 'bee' with the NGINX image, which has a toleration set to the taint Mortein
Image name: nginx
Key: spray
Value: mortein
Effect: NoSchedule
Status: Running
->
# kc run bee --imagenginx --restart=Never --dry-run -o yaml > bee.yaml
# kc explain pod --recursive | more
review the toleration value - effect, key and operation
# kubectl explain pod --recursive | grep -A5 toleration # print 5 lines under tolerations
copy these output and put it under bee.yaml file
# cat bee.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: bee
spec:
containers:
- image: nginx
name: bee
tolerations:
- key: spray
value: mortein
effect: NoSchedule
operator: Equal
# kc apply -f bee.yaml
# kc get pods -o wide
7. Notice the 'bee' pod was scheduled on node node01 despite the taint.
# kc describe pod bee
8. Do you see any taints on master/controlplane node?
-> Run the command 'kubectl describe node master/controlplane' and see the taint property
# kc describe node controlplane | grep -i taint
it does have taint.
9. Remove the taint on master/controlplane, which currently has the taint effect of NoSchedule
Node name: master/controlplane
-> Run the command 'kubectl taint nodes master/controlplane node-role.kubernetes.io/master:NoSchedule-'.
note the taints value and run the command below,
# kc taint node controlplane
now, copy the taint output from step 8.
# kc taint controlplane node-role.kubernetes.io/master:NoSchedule-
Add - at the end to remove.
# kc describe mode kubemaster | grep -i taint
10. What is the state of the pod 'mosquito' now?
-> check the state kc get pod -o wide
running
11. Which node is the POD 'mosquito' on now?
-> Run the command 'kubectl get pods -o wide' and look at the Node column
# kc get pods -o wide
@controlplane
No comments:
Post a Comment