Improve taint and toleration documentation #5048
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
Deploy preview ready! Built with commit 82ca38f https://deploy-preview-5048--kubernetes-io-master-staging.netlify.com |
|
@tengqm How much of this is newly written content versus just being moved into a new article? If all of it is new, I will need a little more time to review it. |
| Node affinity is a property of *pods* that *attracts* them to a set of nodes | ||
| (either as a preference or a hard requirement). | ||
| You may want to check [Taints](/docs/concepts/configuration/taint-and-toleration/) | ||
| as well, which allow a *node* to *repel* a set of pods. |
There was a problem hiding this comment.
To reviewers: Line 301-304 are new. Mainly providing an anchor to the taint-and-toleration article.
| Node affinity, described [here](/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature), | ||
| is a property of *pods* that *attracts* them to a set of nodes (either as a | ||
| preference or a hard requirement). Taints are the opposite -- they allow a | ||
| *node* to *repel* a set of pods. |
There was a problem hiding this comment.
To reviewers: line 9-12 are new. They provide an anchor back to the node-affinity feature for comparison.
| Taints and tolerations are a flexible way to steer pods *away* from nodes or evict | ||
| pods that shouldn't be running. A few of the use cases are | ||
|
|
||
| * **Dedicated Nodes**: If you want to dedicate a set of nodes for exclusive use by |
There was a problem hiding this comment.
To reviewers: "Dedicated Nodes" was "dedicated nodes"
| controller should additionally add a node affinity to require that the pods can only schedule | ||
| onto nodes labeled with `dedicated=groupName`. | ||
|
|
||
| * **Nodes with Special Hardware**: In a cluster where a small subset of nodes have specialized |
There was a problem hiding this comment.
To reviewers: "Nodes with Special Hardware" was "nodes with special hardware".
| and request it as a resource in the PodSpec, or you could label the nodes that have | ||
| the special hardware and use node affinity on the pods that need the hardware. | ||
|
|
||
| * **Taint based Evictions (alpha feature)**: A per-pod-configurable eviction behavior |
There was a problem hiding this comment.
To Reviewers: "Taint based Evictions (alpha feature)" was "per-pod-configurable eviction behavior when there are node problems (alpha feature)"
This bullet was rephrased.
| * `node.cloudprovider.kubernetes.io/uninitialized`: When kubelet is started | ||
| with "external" cloud provider, it sets this taint on a node to mark it | ||
| as unusable. When a controller from the cloud-controller-manager initializes | ||
| this node, kubelet removes this taint. |
There was a problem hiding this comment.
To Reviewers: Line 190-205 are new contents, mainly enumerating the various built-in taints supported now.
| tolerationSeconds: 6000 | ||
| ``` | ||
|
|
||
| (For the node not ready case, change the key to `node.alpha.kubernetes.io/notReady`.) |
There was a problem hiding this comment.
To reviewers: this line was too specific in the context of more taints supported, so removed in revision.
| * `node.kubernetes.io/outOfDisk` (*only for critical pods*) | ||
|
|
||
| This ensures that DaemonSet pods are never evicted due to these problems, | ||
| which matches the behavior when this feature is disabled. |
There was a problem hiding this comment.
To reviewers: line 247-257 were revisions based on taints we support now. Only 'unreachable' and 'notReady' were supported before.
|
@tengqm Ok, great! Thanks! |
| `NoExecute` tolerations for `node.alpha.kubernetes.io/unreachable` and `node.alpha.kubernetes.io/notReady` | ||
| with no `tolerationSeconds`. This ensures that DaemonSet pods are never evicted due | ||
| to these problems, which matches the behavior when this feature is disabled. | ||
| Node affinity is a property of *pods* that *attracts* them to a set of nodes |
There was a problem hiding this comment.
Please remove this line and keep the line below ("You may want to check..."). It would confuse users to see it here.
tengqm
force-pushed
the
taint-and-toleration
branch
2 times, most recently
from
dd17c63
to
39a595e
Compare
|
/lgtm Thanks, @tengqm! |
|
/retest |
|
/lgtm |
|
/retest |
tengqm
force-pushed
the
taint-and-toleration
branch
from
39a595e
to
82ca38f
Compare
k8s-ci-robot
added
the
size/XL
This PR separates the taint and toleration subsection into its own article.
Conceptually, it doesn't fit well into the assign-pod-to-node. Instead taints are meant to be "unassign-pod-from-node".
In the new article, the builtin taints that were missing are added.
This fixes #5012
This change is