So, if you're following along, you might notice I'm experimenting with the format of these posts (sorry, lol). In this one, we'll tackle all the exercises Piyush has asked for right at the beginning. This way, if anyone needs help or gets stuck, they can find guidance here without having to go through a lot of details first.
Before you answer the first question, you need to have the cluster up and running. You should be really REALLY familiar with this by now, but just in case you're here randomly, here’s the contents of my config.yml
:
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: cka-cluster
nodes:
- role: control-plane
extraPortMappings:
- containerPort: 30001
hostPort: 30001
listenAddress: "0.0.0.0"
protocol: tcp
- role: worker
- role: worker
Now, you need to run the following command to create the cluster:
kind create cluster --name kind-cka-cluster --config config.yml
Exercises
1. Taint both Worker Nodes
To apply taints to the worker nodes, use the following kubectl taint
commands:
kubectl taint nodes kind-cka-cluster-worker gpu=true:NoSchedule
kubectl taint nodes kind-cka-cluster-worker2 gpu=false:NoSchedule
2. Create a new pod with the image nginx and see why it's not getting scheduled on worker nodes and control plane nodes.
To create a new pod with the nginx
image, run the following command:
kubectl run nginx --image=nginx
This will create the pod, but since it doesn't have a toleration for the taints applied to the worker nodes (gpu=true:NoSchedule
and gpu=false:NoSchedule
), the pod won't be scheduled on them.
To verify that the pod is not scheduled, use:
kubectl get pods
You should see that the pod is stuck in a Pending
state due to the lack of tolerations for the taints.
3. Add Toleration to the Pod to Match the Taint on worker01
To add a toleration to the pod for the taint, we're going to take a bit of a roundabout approach. The reason is that I tried to update the YAML directly, but it got tricky with indentation. So, for that reason, I am deleting the pod and creating a new one.
First, delete the existing pod with the following command:
kubectl delete pod nginx
Then, create a new pod with the updated toleration by applying a YAML file. Below is the YAML configuration for the pod:
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx
tolerations:
- key: "gpu"
operator: "Equal"
value: "true"
effect: "NoSchedule"
This configuration ensures that the pod will tolerate the taint gpu=true:NoSchedule
and should be scheduled on worker01
.
Finally, apply the YAML file:
kubectl apply -f pod.yml
To verify that the pod is scheduled on the correct worker node, you can check the pod’s status and the node it is running on:
kubectl get pods -o wide
4. Remove Taint from Control Plane Node
First, we need to check the taints applied to the control plane node. To do this, run the following command:
kubectl describe node kind-cka-cluster-control-plane
If you search (command + F on Mac) for the word taint, you'll see output similar to this:
Taints:node-role.kubernetes.io/control-plane:NoSchedule
This indicates that the control plane node currently has the taint node-role.kubernetes.io/control-plane:NoSchedule
.
To remove this taint, use the following command:
kubectl taint nodes kind-cka-cluster-control-plane node-role.kubernetes.io/control-plane:NoSchedule-
The -
at the end of the taint command signifies that you're removing the taint, not adding a new one.
After running the command, you can verify that the taint has been successfully removed by describing the node again:
kubectl describe node kind-cka-cluster-control-plane
You should see that the Taints
section is now empty or no longer includes the node-role.kubernetes.io/control-plane:NoSchedule
taint.
This chunk of code and the explanation are directly "borrowed" from the docs. I won't lie, sometimes I find it better to do the exercises without watching the video. I find I am retaining more info.
Create a New Pod Without Toleration
Create a new file named redis.yml
, and add the following configuration:
apiVersion: v1
kind: Pod
metadata:
name: redis
spec:
containers:
- name: redis
image: redis
This configuration defines a simple pod named redis
with a container running the redis
image.
Deploy the Pod:
To deploy the pod using the YAML file, run:
kubectl apply -f redis.yml
Verify Pod Placement:
Once the pod is created, let’s verify that it’s running on the control plane node. Use the following command:
kubectl get pods -o wide
The output will show which node the redis
pod is running on. Under the "NODE" column, you should see that it’s been scheduled on the control plane node, as it lacks the required tolerations to run on the tainted worker nodes.
Reapply Taint to Control Plane Node
To reapply the previously removed taint on the control plane node, run the following command:
kubectl taint nodes kind-cka-cluster-control-plane node-role.kubernetes.io/control-plane:NoSchedule
This command re-establishes the NoSchedule
taint on the control plane node, preventing pods without a matching toleration from being scheduled on it.
Tags and Mentions
- @piyushsachdeva
- Day 14: Video Tutorial
Top comments (0)