Kubernetes - Taints and Toleration

Taints and Toleration are the very important property in Kubernetes which is opposite to node affinity(allowing you to constrain which nodes your Pod can be scheduled), or its a mechanish that allows you to ensure that pods are not placed/Scheduled on inappropriate nodes.

Fundamental concept:
# Taints applied on nodes
# Toleration applied on pods

Each Taint consists of three elements which defines the characteristic and behavior of the taint.

1. Key : Represent the name of the taint(arbitrary string)

2. Value : this is the value of key that we provided(arbitrary string)

3. Effect: This defines how the Tainted node will react to the POD without appropriate Toleration.

The Effect having following characteristic.

1. Effect=NoSchedule : It define the respective PODs will not scheduled to the Node without Matching Toleration.

2. Effect=NoExecute : This will Immediately evict all the PODs which are non Matching toleration

3. Effect=PerferNoSchedule : This similar as NoSchedule in which Kubernetes Controller tries to avoid placing new pods on the tainted node unless necessary.

Example of Taint:

• On the Kubernetes MasterNode some taints are by default define with certain taint properties such that MasterNode will delicately doing its Important work without being got overload with different pods.

• Suppose there are certain groups of microservice's Pods which are responsible to serving very critical component of ,an application name Billing, so here we should Ensuring Dedicated Nodes/Resources for this critical Billing microservice to get best performance and security. To achieve this we'll use Kubernetes taints and tolerations, to restrict certain nodes to run only the Billing microservice pods

•   kubectl taint nodes site app=billing:NoSchedule
    node/site tainted
  

So, Now This taint would prevent any new pods from being scheduled on this site node unless they tolerate the "app=billing" taint.

Example of toleration:

• Lets consider the above Taint example of the site node tainted by app=billing value, and now we need to deploy some new pods for the billing application on the site node, the pod's YAML definition would include toleration as mentioned below.

apiVersion: v1
kind: Pod
metadata:
  name: billing
  containers:
  - name: my-billing-app
    image: my-billing-app-image
  tolerations:
  - key: "app"
    operator: "Equal"
    value: "billing"
    effect: "NoSchedule"

In this way the pod has a toleration for the "billing" taint with "NoSchedule" effect. This means the pod can be scheduled on site node with the taint "app=billing:NoSchedule," allowing it to utilize the site node resources.

In summary, taint applied on node and toleration applied on pod, in this way we allowing pods to be scheduled on tainted nodes, This taint and toleration combination provides flexible way to control pod placement based on specific requirements and constraints in a Kubernetes cluster

Reference links:

• https://www.udemy.com/course/certified-kubernetes-administrator-with-practice-tests/

• https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

• https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands

• https://www.densify.com/kubernetes-autoscaling/kubernetes-taints/

• https://blog.kubecost.com/blog/kubernetes-taints/

• https://docs.openshift.com/container-platform/3.11/admin_guide/scheduling/taints_tolerations.html