Assign pod to workers without using deployment specific content like nodeSelector. Security constraints

5/29/2018

Is there any way to assign automatically pods to workers without relaying in the deployment configuration? May be using the "dedicated" taint and the deployment namespace?

https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

I'm looking for a secure way to do this. An option is to use labels, node selectors and other type of taints but an error on the deployment configuration could cause a pod to be executed in the wrong workers.

I'm thinking about using "dedicated" taint to assign namespaces to workers, but I couldn't find detailed documentation or examples. Is it possible to use this taint for this requirement? how?

Or is a custom "admission controller" the only way to do this?

https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/

Thank you.

-- Jxadro
kubernetes

0 Answers