K
Q

Is it possible/adviseable to turn off the NodeRestriction plugin on EKS?

10/17/2019

I am trying to set up a job scheduler (airflow) on an EKS cluster to replace a scheduler (Jenkins) we're running directly on an ec2. This job scheduler should be able to deploy pods to the EKS cluster it's running on.

However, whenever I try to deploy the pod (with a pod manifest), I get the following error message:

Error from server (Forbidden): error when creating "deployment.yaml": pods "simple-pod" is forbidden: pod does not have "kubernetes.io/config.mirror" annotation, node "ip-xx.ec2.internal" can only create mirror pods

I believe the restriction has to do with the NodeRestriction plugin on the kube-apiserver running on the EKS Control Plane.

I have looked through documentation to see if I can turn this plugin off, however it does not appear to be possible through kubectl, and only possible by modifying the kube-apiserver configuration on control plane itself.

Is it possible to turn off this plugin? Or, is it possible to label a node or pod to mark that it is not subject to this plugin? More broadly, is running a job scheduler on EKS that assigns job on the same cluster a bad design choice?

If we wanted to containerize and deploy our job scheduler, do we need to instantiate a separate EKS cluster/other service to run it on?

-- Omar Chowdhury
amazon-eks
kubectl
kubernetes

Similar Questions

Istio HTTPRedirect Capture Group Support
Slowness starting containers in k8s rancher cluster when scheduled node has >= 60 pods already
How to correctly configure the Kubernetes Dashboard via Ingress-Nginx on GKE
Is it possible to configure spring.cloud.config to use multiple bootstrap.yml files
JMeter Non HTTP response code: java.net.UnknownHostException when running on Kubernetes
Call rest api from different namespace in kubernetes

0 Answers