Lable and Taint

Lable

Labels are an important feature in Kubernetes, used to organize and manage objects effectively. You can assign key-value pairs to Kubernetes objects such as Pod, Node, Service, Deployment, etc. Specifically:

  • Each Lable is a key-value pair: Key is a string of characters used to identify the name of the label. Value is an optional character string that provides detailed information about the label.

  • Keys and values ​​must follow the naming rules: Keys and values ​​must not contain spaces or special characters other than (-, _,.).

  • Lable can be used for a variety of purposes, including:

    • Classify objects based on criteria such as environment, version, status, etc

    • Monitor and manage objects in a Kubernetes cluster.

For example:

  • app: nginx- This label indicates the object is related to the Nginx application.

  • environment: production- This label indicates that the object belongs to the production environment.

  • version: 1.7.2- This label indicates the object is related to version 1.7.2.

Create Label

To create a Lable for a Node Group, follow these instructions:

Step 1: Visit https://vks.console.vngcloud.vn/overview

Step 2: At the previously created Cluster, select Create a Node group.

Step 3: At the Node Group initialization screen, we have set up information for your Node Group. You can keep these default values ​​or adjust the desired parameters for your Node Group. In the Node Group Metadata Setting section, you need:

  • Enter the key for your label. The key must begin and end with letters or numbers and include the characters az, AZ, 0-9, -, _, . Maximum 253 characters. Alternatively, you can enter the key as a DNS subdomain, for example: example.com/my-app

  • Enter the value for this corresponding key.

Step 5: Select Create Node Group. Please wait a few minutes for us to initialize your Node Group. The status of the Node Group is currently Creating .

Step 6: When the Node Group status is Active , you can view Node Group information by selecting Node Group Name on the main screen.

Or you can create Lable through kubectl with the command:

kubectl label nodes my-node1 disktype=ssd

You can check the newly created label again with the command:

kubectl get nodes --show-labels

For example the result for this command would be as follows:

NAME      STATUS    ROLES    AGE     VERSION        LABELS
worker0   Ready     <none>   1d      v1.13.0        ...,disktype=ssd,kubernetes.io/hostname=worker0
worker1   Ready     <none>   1d      v1.13.0        ...,kubernetes.io/hostname=worker1
worker2   Ready     <none>   1d      v1.13.0        ...,kubernetes.io/hostname=worker2

Use Lable with nodeSelector

nodeSelector is a parameter used in PodSpec to specify that Pods should only be scheduled on Nodes with a specific label. This is useful when you want to run Pods on Nodes with specific resources or properties.

  • Create a my-pod.yaml file containing the following content:

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  nodeSelector:
    disktype: ssd
    region: hcm03

In this example, the Pod my-podis scheduled only on Nodes with label disktype: ssdand region: hcm03.

  • Deploy Pod on your Cluster:

kubectl -f apply my-pod.yaml

Taint

Taint is an important feature in Kubernetes, serving as a mechanism to tag Nodes and control Pod scheduling on those Nodes. Different from regular Label, Taint is used to specify special properties of Node and execute specific actions when Pod does not meet the conditions defined by Taint. Specifically:

Specifically:

  • Each Taint includes:

    • Key is a string of characters used to identify the name of the taint.

    • Value is an optional character string that provides detailed information about the taint.

    • Effect:

      • NoSchedule: Prevent Pods from having a corresponding Toleration scheduled on the Node.

      • NoExecute: Allows the Pod to be scheduled on the Node but the Pod will not be executed.

      • PreferNoSchedule: Kubernetes will try to prioritize not scheduling the Pod to the Node with this Taint.

  • Keys and values ​​must follow the naming rules: Keys and values ​​must not contain spaces or special characters other than (-, _,.).

  • Toleration: In order for a Pod to be scheduled and run on a Node with Taint, the Pod needs to have a corresponding Toleration. Toleration is declared in PodSpec using tolerationsfield. For example:

tolerations: - key: node.role.kubernetes.io/master effect: NoSchedule
  • Relationship between Taint and Toleration: When Kubernetes schedules a Pod, Kubernetes matches the Node's Taints with the Pod's Tolerations. Pods are only scheduled on a Node if there is Toleration for all Taints of that Node.

For example:

  • node.role.kubernetes.io/master:NoSchedule - prevents regular Pods from being run on this Node.

Create Taints

To create a Taint for a Node Group, follow these instructions:

Step 1: Visit https://vks.console.vngcloud.vn/overview

Step 2: At the previously created Cluster, select Create a Node group.

Step 3: At the Node Group initialization screen, we have set up information for your Node Group. You can keep these default values ​​or adjust the desired parameters for your Node Group. In the Node Group Metadata Setting section, you need:

  • Enter the key for your taint. The key must begin and end with letters or numbers and include the characters az, AZ, 0-9, -, _, . Maximum 253 characters. Alternatively, you can enter the key as a DNS subdomain, for example: example.com/my-app

  • Enter the value for this corresponding key.

  • Choose 1 of 3 effect types: NoSchedule, NoExecute, PreferNoSchedule.

Step 5: Select Create Node Group. Please wait a few minutes for us to initialize your Node Group. The status of the Node Group is currently Creating .

Step 6: When the Node Group status is Active , you can view Node Group information by selecting Node Group Name on the main screen.

Or you can create Taint through kubectl with the command:

kubectl taint node my-node node.role.kubernetes.io/master:NoSchedule.

Taint usage example:

Suppose you have a Node masterused for management purposes and you want to prevent regular Pods from being run on this Node. You can use Taint as follows:

kubectl taint node my-master node.role.kubernetes.io/master:NoSchedule

In order for Pod to run on Node master, the Pod needs to have the corresponding Toleration:

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  tolerations:
  - key: node.role.kubernetes.io/master
    effect: NoSchedule

Last updated