So trying to figure how tainting in k8s will work , i have following setting at kubelet yaml spec, i am slightly confused what will be value at register-with-taints given that i want to only allow certain pod's to be placed on this node....rest all POD's should drop or or for any other pod then specific pod node should behave unschedulable.
--container-runtime=docker \
--register-node=true \
--allow-privileged=true \
--register-schedulable=false \
--register-with-taints=
--pod-manifest-path=/etc/kubernetes/manifests \The --register-with-taints argument to kubelet is a node-level argument and registers the node with the given list of taints.
Here is the documentation about --register-with-taints:
--register-with-taints []api.Taint
Register the node with the given list of taints (comma separated "=:").
No-op if register-node is false.If --register-with-taints is set, it should be of the form <key>=<value>:<effect> (or comma separated like <key1>=<value1>:<effect1>,<key2>=<value2>:<effect2>).
i want to only allow certain pods to be placed on this node
To do this:
--register-with-taints=key=value:NoSchedule to kubelet. This means that no pod will be able to schedule onto this node unless it has a matching toleration.Now, to allow a certain pod to be placed on this node, specify a toleration matching the above taint for the pod in the PodSpec yaml. Both of the following tolerations "match" the above taint, and thus a pod with either toleration below would be able to schedule onto the node:
tolerations:
- key: "key"
operator: "Equal"
value: "value"
effect: "NoSchedule"
---- OR ----
tolerations:
- key: "key"
operator: "Exists"
effect: "NoSchedule"More information about taints and tolerations in Kubernetes is here.