Node affinity is a concept where pods are attracted to a set of nodes either through hard or soft requirement. On the other hand, Taints work quite the opposite to node affinity. Taints allow nodes to repel a set of pods, the ones which do not tolerate the taints.
Tolerations are applied to pods. It allows the pods to schedule onto the nodes with matching taints. You might be thinking this is similar to nodeAffinity. But there is a difference between both. Node affinity ensures that all the pods are running on a particular node. Whereas, Taints ensure that the pods without tolerations are not allowed to run on the nodes with given taints. This can be understood in a better way with the following example.
1)For example, let’s say you have 2 different pods nginx, kafka. There are 2 nodes of different instance types, node1(t3.small), node2(t3.medium). If your requirement is for node1 to allow only nginx pods, then you need to add one taint to the node.
Syntax to add the taint to node is,
kubectl taint nodes <node-name> key=value:<TaintEffect>
Run the following command to add the taint.
kubectl taint nodes node1 environment=nginx:NoSchedule
This command taints the node1 with key value pair ‘environment: nginx’. Now, the pods can run on this node only if they have the toleration for this taint. If the pod doesn’t have the toleration, then the pod can’t run on that particular node. Toleration to the pod can be added as follows.
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
env: test
spec:
containers:
– name: nginx
image: nginx
imagePullPolicy: IfNotPresent
tolerations:
– key: “environment”
operator: “Equal”
value: “nginx”
effect: “NoSchedule”
There is a section called ‘tolerations’. Under that, you need to give the key, value, operator and the effect which you want to use to taint the node. In this case, since the toleration is applied only to nginx pod, node1 will let only nginx pod run in it and repel all other pods. However, this doesn’t guarantee that nginx pod runs in node1. There is a chance that it runs on other 2 nodes also. So, taints and tolerations do not guarantee scheduling a pod on to a particular node. It guarantees only repulsion of pods without tolerations. If you want to restrict the ‘nginx’ pod to run only on node1, then we need to use node affinity also along with taints and tolerations. Hence, in real world scenarios, node affinity, taints and tolerations are often used together.
Conclusion:
In this blog, you have learnt how to use taints and tolerations and how the nodes repel a set of pods. Using taints and tolerations is useful in many cases and it can also be used along with nodeaffinity based on your requirements.
Thanks for reading the article! I hope you liked it.