This scenario shows:
- how to taint/untaint the node,
- how to see the node details,
- the pod that does not tolerate the taint is not running the node.
- Run minikube (in this scenario, K8s runs on WSL2- Ubuntu 20.04) ("minikube start")
- Create Yaml file (podtoleration.yaml) in your directory and copy the below definition into the file:
apiVersion: v1
kind: Pod
metadata:
name: toleratedpod1
labels:
env: test
spec:
containers:
- name: toleratedcontainer1
image: nginx:latest
tolerations: # pod tolerates "app=production:NoSchedule"
- key: "app"
operator: "Equal"
value: "production"
effect: "NoSchedule"
---
apiVersion: v1
kind: Pod
metadata:
name: toleratedpod2
labels:
env: test
spec:
containers:
- name: toleratedcontainer2
image: nginx:latest
tolerations:
- key: "app" # pod tolerates "app:NoSchedule", value is not important in this pod
operator: "Exists" # pod can run on the nodes which has "app=test:NoSchedule" or "app=production:NoSchedule"
effect: "NoSchedule"
- When we look at the node details, there is not any taint on the node (minikube):
kubectl describe node minikube
- Add taint to the node (minikube):
kubectl taint node minikube platform=production:NoSchedule
- Create pod that does not tolerate the taint:
kubectl run test --image=nginx --restart=Never
- This pod always waits as pending, because it is not tolerated the taints:
- In the yaml file above (podtoleration.yaml), we have 2 pods that tolerates this taint => "app=production:NoSchedule"
- Create these 2 pods:
- These pods tolerate the taint and they are running on the node, but "test" does not tolerate the taint, it still waits:
- But if we define another taint with "NoExecute", running pods are terminated:
kubectl taint node minikube version=new:NoExecute
- Delete taint from the node:
kubectl taint node minikube version-
- Delete minikube: