Monday, December 14, 2020

Kubernetes - Taints and Toleration

Taints and Tolaration


# cat replica-definition-1.yaml
apiVersion: v1
kind: ReplicaSet
metadata:
  name: replicaset-1
 
sepc: 
    replicas: 2
    selector:
      matchLabels:
        tier: frontend
    template:
      metadata:
        labels:
          tier: frontend
      spec:
        containers:
        - name: nginx
          image: nginx

---------------------------------------------

How to restrict?

taint - to protect
tolerant - can't tolerate

bug and person

pod can be scheduled on node?
- scheduler try to put pod on all nodes equally.
- We can prevent certain nodes from creating any pods.
- if you place taint then none of the pods can be created.
for eg,
- We can set tolerant db pods to be place on node1 so all db servers are allowed 
to be created on node1.but we can't create any web servers on node1. since node1 
is taint to be created webserver.(can't create webserver)

taints are set on node and toleration are set to POD.
# kc taint nodes node-name key=value:taint-effect 

If POD do not tolerate the taint, there are three effects happens, 
- NoSchedule  # POD will not be scheduled on the node
- preferNoSchedule # system will try to avoid placing pod on the node but not gurantee
- NoExecute # new pod will not be schedules on the node and existing POD will be 
# invicted if they do not tolerate the taint.


# kc taint nodes node1 app=blue:Noschedule

tolerations are added to the pod
# kc taint nodes


# cat replica-definition-1.yaml
apiVersion: v1
kind: Pod
metadata:
  name: myapp-pod
sepc: 
  containers:
    - name: nginx-container
      image: nginx


apiVersion: v1
kind: Pod
metadata:
  name: myapp-pod
spec:
  containers:
  - name: nginx-container
    image: nginx

  tolerations: # all values need to encoded in double quotes
  - key: "app"
    operator: "Equal"
      value: "blue" # hostname
      effect: NoSchedule



Taint - NoExecute


master node: runs management services

taints is set automatically on master node. Best practice - not to create POD on master

# kc describe node kubemaster | grep taint


=============================================

1. How many Nodes exist on the system?
including the master/controlplane node
-> Run the command 'kubectl get nodes' and count the number of nodes.

# kc get nodes

2. Do any taints exist on node01?
-> Run the command 'kubectl describe node node01' and see the taint property
# kc describe node node01 | grep -i taint
none

3. Create a taint on node01 with key of 'spray', value of 'mortein' and effect of 'NoSchedule'

    Key = spray
    Value = mortein
    Effect = NoSchedule 
-> Run the command 'kubectl taint nodes node01 spray=mortein:NoSchedule'.
# kc taint node node01
add the key-value
# kc taint node node01 spray=mortein:NoSchedule
# kc describe node node1 | grep -i taint

4. Create a new pod with the NGINX image, and Pod name as 'mosquito'
    Image name: nginx 
-> 
# kc run mosquito --image=nginx --restart=Never
# kc get pod
or
# cat mosquito.yaml
apiVersion: v1
kind: Pod
metadata:
  name: mosquito
spec:
  containers:
    - image: nginx
      name: mosquito

# kc apply -f mosquito.yaml

5. What is the state of the POD?
-> Run the command 'kubectl get pods' and see the state
its on pending state

6. Why do you think the pod is in a pending state?
# kc describe pod mosquito 
pod mosquito can not tolerate taint moretein.

6. Create another pod named 'bee' with the NGINX image, which has a toleration set to the taint Mortein

    Image name: nginx
    Key: spray
    Value: mortein
    Effect: NoSchedule
    Status: Running 

-> 
# kc run bee --imagenginx --restart=Never --dry-run -o yaml > bee.yaml
# kc explain pod --recursive | more
review the toleration value - effect, key and operation
# kubectl explain pod --recursive | grep -A5 toleration # print 5 lines under tolerations

copy these output and put it under bee.yaml file



# cat bee.yaml
---
apiVersion: v1
kind: Pod
metadata:
  name: bee
spec:
  containers:
    - image: nginx
      name: bee
  tolerations:
  - key: spray
    value: mortein
    effect: NoSchedule
    operator: Equal

# kc apply -f bee.yaml
# kc get pods -o wide

7. Notice the 'bee' pod was scheduled on node node01 despite the taint.
# kc describe pod bee

8. Do you see any taints on master/controlplane node?
-> Run the command 'kubectl describe node master/controlplane' and see the taint property
# kc describe node controlplane | grep -i taint

it does have taint.

9. Remove the taint on master/controlplane, which currently has the taint effect of NoSchedule
    Node name: master/controlplane 
-> Run the command 'kubectl taint nodes master/controlplane node-role.kubernetes.io/master:NoSchedule-'.

note the taints value and run the command below,

# kc taint node controlplane
now, copy the taint output from step 8.
# kc taint controlplane node-role.kubernetes.io/master:NoSchedule-
Add - at the end to remove.

# kc describe mode kubemaster | grep -i taint

10. What is the state of the pod 'mosquito' now?
-> check the state kc get pod -o wide
running

11. Which node is the POD 'mosquito' on now?
-> Run the command 'kubectl get pods -o wide' and look at the Node column
# kc get pods -o wide
@controlplane





No comments:

Post a Comment

Git branch show detached HEAD

  Git branch show detached HEAD 1. List your branch $ git branch * (HEAD detached at f219e03)   00 2. Run re-set hard $ git reset --hard 3. ...