How to add a taint to a Kubernetes node?

KubernetesKubernetesBeginner
Practice Now

Introduction

Kubernetes, the popular container orchestration platform, provides a versatile feature called "taints" that allows you to control the scheduling of pods on specific nodes. In this tutorial, we will explore how to add a taint to a Kubernetes node, enabling you to effectively manage your cluster's workload placement and ensure optimal resource utilization.


Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL kubernetes(("`Kubernetes`")) -.-> kubernetes/TroubleshootingandDebuggingCommandsGroup(["`Troubleshooting and Debugging Commands`"]) kubernetes(("`Kubernetes`")) -.-> kubernetes/BasicCommandsGroup(["`Basic Commands`"]) kubernetes/TroubleshootingandDebuggingCommandsGroup -.-> kubernetes/describe("`Describe`") kubernetes/BasicCommandsGroup -.-> kubernetes/get("`Get`") kubernetes/BasicCommandsGroup -.-> kubernetes/cordon("`Cordon`") kubernetes/BasicCommandsGroup -.-> kubernetes/uncordon("`Uncordon`") kubernetes/BasicCommandsGroup -.-> kubernetes/taint("`Taint`") subgraph Lab Skills kubernetes/describe -.-> lab-414817{{"`How to add a taint to a Kubernetes node?`"}} kubernetes/get -.-> lab-414817{{"`How to add a taint to a Kubernetes node?`"}} kubernetes/cordon -.-> lab-414817{{"`How to add a taint to a Kubernetes node?`"}} kubernetes/uncordon -.-> lab-414817{{"`How to add a taint to a Kubernetes node?`"}} kubernetes/taint -.-> lab-414817{{"`How to add a taint to a Kubernetes node?`"}} end

Understanding Kubernetes Taints

In Kubernetes, a taint is a property applied to a node that indicates that a pod should not be scheduled on the node unless the pod has a matching toleration. Taints are used to repel pods from nodes, ensuring that pods are only scheduled on nodes where they are explicitly tolerated.

Taints are expressed as key-value pairs, with three possible operations: NoSchedule, PreferNoSchedule, and NoExecute. These operations determine how the Kubernetes scheduler will handle pods that do not tolerate the taint.

  • NoSchedule: Pods that do not tolerate this taint will not be scheduled on the node.
  • PreferNoSchedule: The scheduler will try to avoid placing a pod on the node, but it is not a hard requirement.
  • NoExecute: Pods that do not tolerate this taint will be evicted from the node if they are already running on it.

Taints can be used to create dedicated nodes for specific workloads, enforce node-level policies, and improve resource utilization by ensuring that pods are only scheduled on appropriate nodes.

graph TD A[Node] --> B[Taint] B --> C[NoSchedule] B --> D[PreferNoSchedule] B --> E[NoExecute] A --> F[Pods] F --> G[Toleration]

Taints and tolerations work together to ensure that pods are scheduled on the right nodes. Pods can specify tolerations that match the taints on a node, allowing them to be scheduled on that node.

Taint Operation Description
NoSchedule Pods that do not tolerate this taint will not be scheduled on the node.
PreferNoSchedule The scheduler will try to avoid placing a pod on the node, but it is not a hard requirement.
NoExecute Pods that do not tolerate this taint will be evicted from the node if they are already running on it.

Adding a Taint to a Node

Kubectl Command

You can add a taint to a node using the kubectl taint command. The basic syntax is:

kubectl taint nodes <node-name> <taint-key>=<taint-value>:<taint-effect>

Here's an example of adding a taint with the NoSchedule effect to a node named node1:

kubectl taint nodes node1 app=backend:NoSchedule

This will add the taint app=backend:NoSchedule to the node node1.

Taint Operations

As mentioned earlier, there are three taint operations:

  • NoSchedule: Pods that do not tolerate this taint will not be scheduled on the node.
  • PreferNoSchedule: The scheduler will try to avoid placing a pod on the node, but it is not a hard requirement.
  • NoExecute: Pods that do not tolerate this taint will be evicted from the node if they are already running on it.

You can specify the taint operation by using the appropriate suffix in the kubectl taint command.

For example, to add a taint with the PreferNoSchedule effect:

kubectl taint nodes node1 app=backend:PreferNoSchedule

Taint Example

Let's say you have a node dedicated for running backend services. You can add a taint to this node to ensure that only pods with a matching toleration are scheduled on it.

kubectl taint nodes node1 app=backend:NoSchedule

Now, any pod that does not have a toleration for the app=backend:NoSchedule taint will not be scheduled on node1.

apiVersion: v1
kind: Pod
metadata:
  name: backend-pod
spec:
  containers:
  - name: backend-container
    image: backend:v1
  tolerations:
  - key: "app"
    operator: "Equal"
    value: "backend"
    effect: "NoSchedule"

The backend-pod in the example above has a toleration that matches the taint on node1, so it can be scheduled on that node.

Verifying and Managing Taints

Verifying Taints

You can use the kubectl get nodes command to view the taints applied to a node. The output will show the taints in the TAINTS column.

kubectl get nodes
NAME     STATUS   ROLES           AGE   VERSION   TAINTS
node1    Ready    <none>          5d    v1.21.0   app=backend:NoSchedule
node2    Ready    <none>          5d    v1.21.0   <none>

In the example above, node1 has a taint with the key app, value backend, and effect NoSchedule.

You can also use the kubectl describe node command to get more detailed information about the taints on a node.

kubectl describe node node1 | grep Taints
Taints:             app=backend:NoSchedule

Managing Taints

Adding a Taint

You can add a taint to a node using the kubectl taint command, as shown in the previous section.

kubectl taint nodes node1 app=backend:NoSchedule

Removing a Taint

To remove a taint from a node, you can use the same kubectl taint command, but prefix the taint key with a - to indicate removal.

kubectl taint nodes node1 app=backend:NoSchedule-

This will remove the app=backend:NoSchedule taint from node1.

Updating a Taint

To update a taint, you can simply add a new taint with the same key but a different value or effect.

kubectl taint nodes node1 app=frontend:NoSchedule

This will update the taint on node1 to app=frontend:NoSchedule, overwriting the previous taint.

Taint and Toleration Example

Here's an example of a pod that tolerates the app=backend:NoSchedule taint:

apiVersion: v1
kind: Pod
metadata:
  name: backend-pod
spec:
  containers:
  - name: backend-container
    image: backend:v1
  tolerations:
  - key: "app"
    operator: "Equal"
    value: "backend"
    effect: "NoSchedule"

This pod can be scheduled on the node1 node, which has the app=backend:NoSchedule taint.

Summary

By the end of this tutorial, you will have a solid understanding of Kubernetes taints and how to apply them to your nodes. You'll learn the steps to add a taint, verify its presence, and manage taints effectively. This knowledge will empower you to fine-tune your Kubernetes cluster's behavior, ensuring that your workloads are scheduled and executed in alignment with your specific requirements.

Other Kubernetes Tutorials you may like