Create Taints and Tolerations in Kubernetes

Taints and tolerations work together to make sure that pods are not scheduled onto inappropriate nodes. One or more taints can be applied to a node, this means that the node should not accept any pods that do not tolerate the taints. The pods that have toleration can only be deployed on those nodes with the taints.

For example, if you want to dedicate some nodes for exclusive use by a particular set of pods, you can add a taint to those nodes and then add respective toleration to the pods. The pods with the tolerations will then be allowed to use the tainted nodes as well as any other nodes in the cluster. This makes sure that the pods that do not have toleration can never be deployed on the nodes with taints.

Node taints are key-value pairs associated with an effect. Here are the available effects:

  • NoSchedule: Pods that do not tolerate this taint are not scheduled on the node but the existing Pods are not removed from the node.
  • PreferNoSchedule: Kubernetes avoids scheduling Pods that do not tolerate this taint onto the node.
  • NoExecute: Pod is removed from the node if it is already running on the node, and is not scheduled onto the node if it is not yet running on the node.

In this article, we will create a taint on a worker node and add toleration to pods. This will help us understand the pod that does not have toleration will not get deployed on the worked node with the taint on it.

Pre-requisites

  1. Kubernetes Cluster with at least 1 worker node.
    If you want to learn to create a Kubernetes Cluster, click here. This guide will help you create a Kubernetes cluster with 1 Master and 2 Nodes on AWS Ubuntu 18.04 EC2 Instances. 

What we will do

  1. Create Taints and Tolerations

Create Taints and Tolerations

First, let's check nodes available in the cluster.

kubectl  get nodes #Get current pods in the cluster.

get-nodes

Use "describe" command to check Taints to the node01

kubectl describe node node01 #Describe node01 node to extract more details.

describe-node1

In the above screenshot, it can be seen that the node does not have any Taint.

Let's add "app=fronend:NoSchedule" Taint to the Node01

kubectl taint nodes node01 app=fronend:NoSchedule #Add taint to the node01 node.
kubectl describe node node01 #Extract details of the node01 node.

add-a-taint-on-node1

In the above screenshot, it can be seen that the Node01 has a Taint now.

Create a file and add the following pod definition to it.

vim my-pod.yml #Create a pod definition.
apiVersion: v1
kind: Pod
metadata:
  name: frontend
spec:
  containers:
  - image: nginx
    name: frontend-nginx

pod-with-no-toleration

This pod definition does not have any Toleration in it.

To create a pod which does not have any Toleration, execute the following command.

kubectl create -f my-pod.yml #Create a pod.
kubectl get pods #Get details of the pod.

create-a-pod

Use the "describe" command to get more details of the pod.

kubectl get pods #Get details of the pod.
kubectl describe pod frontend #Extract more details of the Pod.

describe-the-pod

In the above screenshot, it can be seen that the Pod did not get scheduled. The reason for this is the Node01 has a Taint but there is no Toleration in the Pod. \

To create another file with the following pod definition. This Pod has a Toleration in it.

vim my-mysql-pod.yml #Create a pod definition.
apiVersion: v1
kind: Pod
metadata:
  name: backend
spec:
  containers:
    - name: mysql
      image: mysql:latest
      env:
        - name: "MYSQL_USER"
          value: "mysql"
        - name: "MYSQL_PASSWORD"
          value: "mysql"
        - name: "MYSQL_DATABASE"
          value: "sample"
        - name: "MYSQL_ROOT_PASSWORD"
          value: "supersecret"
      ports:
        - containerPort: 3306
  tolerations:
  - key: app
    value: fronend
    effect: NoSchedule
    operator: Equal

pod-with-toleration

Now, create a Pod using "my-mysql-pod.yml".

kubectl get pods #Get current pods in the cluster.
kubectl create -f my-mysql-pod.yml #Create a pod.
kubectl get pods #Get current pods in the cluster.

get-pods

In the above screenshot, it can be seen that a new Pod "backend" got created and is in running state.

The reason for this is, the Pod has Toleration in it which lets it get deployed on the Node with a Taint.

Use the "describe" command to see more details of the Pod.

kubectl  describe  pod backend #Describe the pod to get more details of it.

describe-the-pod

Conclusion

In this article, we first created a Taint on the node and then tried to deploy a Pod which does not have Toleration. We saw the pod does not get deployed. We later created a Pod added which has a Toleration in it. This Toleration lets the Pod get deployed on the Node node01 with Taint on it.

Share this page:

0 Comment(s)