OpenSHift Kubernetes ; Taint and Tolerations - unix1998/technical_notes GitHub Wiki

In Kubernetes and OpenShift, "taints" and "tolerations" are mechanisms used to control the scheduling of pods onto nodes. They are applied to nodes to ensure that pods are not scheduled onto inappropriate nodes unless explicitly allowed.

Taints

  • Definition: Taints are applied to nodes and they mark a node as having a specific property that affects which pods can be scheduled onto it.
  • Purpose: Taints prevent certain pods from being scheduled on nodes by default. Only pods that have matching tolerations can be scheduled onto tainted nodes.
  • Usage: Taints are useful for dedicated workloads, resource isolation, or to keep certain nodes free for specific tasks (e.g., high-performance nodes, GPU nodes, etc.).

Example of Tainting a Node

kubectl taint nodes <node-name> key=value:NoSchedule

In this example, the node <node-name> is tainted with key=value:NoSchedule, meaning no pod without a matching toleration can be scheduled on this node.

Tolerations

  • Definition: Tolerations are applied to pods. They allow pods to be scheduled on nodes with matching taints.
  • Purpose: Tolerations specify that a pod can tolerate a node's taint and thus be scheduled onto that node.
  • Usage: Tolerations enable the scheduling of specific pods onto nodes with particular taints.

Example of Adding a Toleration to a Pod

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  tolerations:
  - key: "key"
    operator: "Equal"
    value: "value"
    effect: "NoSchedule"
  containers:
  - name: my-container
    image: my-image

In this example, the pod my-pod has a toleration that matches the taint key=value:NoSchedule, allowing it to be scheduled on nodes with that taint.

Taints and Tolerations for Worker and Master Nodes

  • Worker Nodes: Taints and tolerations are commonly used for worker nodes to control where application pods are scheduled. For example, you might taint a node with a special hardware feature (e.g., GPU) and only allow pods that require GPUs to be scheduled there.
  • Master Nodes: In many Kubernetes and OpenShift clusters, master nodes (which run the control plane components) are tainted to prevent application pods from being scheduled on them. This ensures that the resources of master nodes are dedicated to managing the cluster.

Example of Master Node Taint (Common in Kubernetes)

kubectl taint nodes <master-node-name> node-role.kubernetes.io/master=:NoSchedule

In this example, the master node is tainted with node-role.kubernetes.io/master=:NoSchedule, which means no application pods will be scheduled on the master node unless they have a toleration for this taint.

Summary

  • Taints are applied to nodes to repel certain pods.
  • Tolerations are applied to pods to allow them to be scheduled onto nodes with matching taints.
  • They are used for both worker and master nodes, but typically, taints are used on master nodes to prevent application pods from running there and on worker nodes to control pod placement based on node characteristics.

Understanding and using taints and tolerations effectively helps in managing the placement of pods, maintaining node isolation, and ensuring optimal resource usage in your OpenShift cluster.

⚠️ **GitHub.com Fallback** ⚠️