In order to guarantee which pod goes to which node in a Kubernetes cluster, the concept of Taints/Tolerations and Node Affinity is used. With Taints/Tolerations, we taint a node with a specific label, and then add those labels as toleration in the pod manifest to ensure that if a pod doesn't have that toleration, it won't be scheduled on that tainted node. In order to ensure that, this tolerated pod only goes to tainted node, we also add an affinity within the pod manifest.
So in other words, Taints/Tolerations are used to repel undesired pods, whereas Node Affinity is used to guide Kubernetes scheduler to use a node for a specific pod.
So why we need both Taints/Tolerations and Node Affinity? It is to guarantee that a pod goes to an intended node. Because Taints/Tolerations ensures that undesired pod stay away from a node but it doesn't ensure that desired pod will actually be placed on that node. In order to guarantee that, we use node affinity.
Following is a complete example of 4 deployments: red, blue, green, other. We have 4 worker nodes node01, node02, node03, node04.
We have labelled nodes to their respective colors, and we also have added a taint with same key value pair. Then we added a toleration in deployments for the respective key value pair. For example, this ensures that For node01 , the label is red, taint is also red and any pod which doesn't have label red won't be scheduled on this node. Then we added a node affinity which ensures that red pods will only be placed on node with label red. Same logic is being used for other deployments.
For Node red:
Kubectl label node node01 color=red
Kubectl taint node node01 color=red:NoSchedule
For Deployment red:
apiVersion: apps/v1
kind: Deployment
metadata:
name: red
spec:
replicas: 1
selector:
matchLabels:
color: red
template:
metadata:
labels:
color: red
spec:
containers:
- name: nginx
image: nginx
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: color
operator: In
values:
- red
tolerations:
- key: "color"
operator: "Equal"
value: "red"
effect: "NoSchedule"
For Node blue:
Kubectl label node node02 color=blue
Kubectl taint node node02 color=blue:NoSchedule
For Deployment blue:
apiVersion: apps/v1
kind: Deployment
metadata:
name: blue
spec:
replicas: 1
selector:
matchLabels:
color: blue
template:
metadata:
labels:
color: blue
spec:
containers:
- name: nginx
image: nginx
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: color
operator: In
values:
- blue
tolerations:
- key: "color"
operator: "Equal"
value: "blue"
effect: "NoSchedule"
For Node green:
Kubectl label node node03 color=green
Kubectl taint node node03 color=green:NoSchedule
For Deployment green:
apiVersion: apps/v1
kind: Deployment
metadata:
name: green
spec:
replicas: 1
selector:
matchLabels:
color: green
template:
metadata:
labels:
color: green
spec:
containers:
- name: nginx
image: nginx
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: color
operator: In
values:
- green
tolerations:
- key: "color"
operator: "Equal"
value: "green"
effect: "NoSchedule"
For Node Other:
Kubectl label node node04 color=other
For Deployment other:
apiVersion: apps/v1
kind: Deployment
metadata:
name: other
spec:
replicas: 2
selector:
matchLabels:
color: other
template:
metadata:
labels:
color: other
spec:
containers:
- name: nginx
image: nginx
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: color
operator: In
values:
- other
tolerations:
- key: "color"
operator: "Equal"
value: "other"
effect: "NoSchedule"
Hope this helps!!!
No comments:
Post a Comment