Taints are applied to Node’s and Tolerations are applied to Pod’s.
They restrict Pod’s to be allocated to Node’s
Check if any taints are already applied to node
kubectl describe controlplane | grep Taints
Apply taint to a node
//kubectl taint nodes <<node name>> <<key>>=<<value>>:<<effect>>
kubectl taint nodes controlplane app=webapp:NoSchedule
Taint types/effects:-
- NoSchedule – The pod will not get scheduled to the node without a matching toleration.
PreferNoSchedule
– This is a softer version of NoSchedule where the controller will not try to schedule a pod with the tainted node. However, it is not a strict requirement- NoExecute – This will immediately evict all the pods without the matching toleration from the node
Add toleration to Pod-
// nginx-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-app
spec:
containers:
- name: nginx
image: nginx
tolerations:
- key: color
value: blue
operator: Equal
effect: NoSchedule
Tolerations Operators-
- Equal – default value. Checks the value of key with the node taint key and value
- Exists – checks if the key ecists in the node taint key
Create a new Pod
kubectl create -f nginx-pod.yaml
Check the POD created on which node-
kubectl get pods -o wide
Untaint the node (note “-” after NoSchedule)
kubectl taint nodes controlplane node-role.kubernetes.io/master: NoSchedule-
Reference- https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/