Forcing specific deployments pods to deploy on master

0 votes

I have cluster with three master nodes. Because master nodes have a NoSchedule taint by default, I added tolerations to my deployments. Kubernetes version is 1.5:

Deployment.yaml:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
spec:
  replicas: 3
  template:
    metadata:
      labels:
        k8s-app: nginx-ingress-lb
        name: nginx-ingress-lb
      annotations:
        scheduler.alpha.kubernetes.io/tolerations: |
          [
            {
              "key": "dedicated",
              "operator": "Equal",
              "value": "master",
              "effect": "NoSchedule"
            }
          ]
    spec:
    […]

Even after adding the tolerations the pods are deploying on the worker nodes only. I want to deploy these only on Master. Any help is appreciated. thanks

Oct 13, 2018 in Kubernetes by DragonLord999
• 8,450 points
4,742 views

1 answer to this question.

0 votes

Tolerations do not guarantee that a pod will be scheduled an a node with that taint. It just means that it can tolerate such taints and schedule on those nodes. If you specifically want to deploy your pod on a specific node, use labels. Example, give your master node a label say dedicated=master and set nodeSelector for your pod to look for this label.

to add the label to you node:

kubectl label nodes name_of_your_node dedicated=master

Kubernetes 1.6 and above syntax

nodeSelector for your pod:

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
spec:
  replicas: 3
  template:
    metadata:
      labels:
        k8s-app: nginx-ingress-lb
        name: nginx-ingress-lb
      annotations:
    spec:
      nodeSelector:
        dedicated: master
      tolerations:
      - key: dedicated
        operator: Equal
        value: master
        effect: NoSchedule
    […]

You can also use affinity under spec:

affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        matchExpressions:
        - key: dedicated
          operator: Equal
          values: ["master"]

Pre 1.6 syntax

nodeSelector for your pod:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
spec:
  replicas: 3
  template:
    metadata:
      labels:
        k8s-app: nginx-ingress-lb
        name: nginx-ingress-lb
      annotations:
        scheduler.alpha.kubernetes.io/tolerations: |
          [
            {
              "key": "dedicated",
              "operator": "Equal",
              "value": "master",
              "effect": "NoSchedule"
            }
          ]
    spec:
      nodeSelector:
        dedicated: master
    […]

Annotations instead of nodeSelector:

scheduler.alpha.kubernetes.io/affinity: >
  {
    "nodeAffinity": {
      "requiredDuringSchedulingIgnoredDuringExecution": {
        "nodeSelectorTerms": [
          {
            "matchExpressions": [
              {
                "key": "dedicated",
                "operator": "Equal",
                "values": ["master"]
              }
            ]
          }
        ]
      }
    }
  }

NoSchedule does not stop already scheduled pods. Check https://kubernetes.io/docs/user-guide/node-selection/ for more info.

answered Oct 13, 2018 by ajs3033
• 7,300 points

Related Questions In Kubernetes

0 votes
1 answer

Unable to deploy nginx ingress on kubernetes

The nginix ingress controller uses hostPort to ...READ MORE

answered Oct 1, 2018 in Kubernetes by Kalgi
• 52,350 points
833 views
0 votes
1 answer

Is it possible to force the pod to run on a specific node?

By default, anti-affinity is not attempted by ...READ MORE

answered Jul 15, 2019 in Kubernetes by Sirajul
• 59,230 points
1,327 views
0 votes
2 answers

How do I force a pod to run on a specific node?

By default, anti-affinity is not attempted by Kubernetes as ...READ MORE

answered Aug 6, 2019 in Kubernetes by Sirajul
• 59,230 points
5,033 views
0 votes
0 answers

How to access the configmap created on a worker node, in the pod.yaml in Master?

1. Configmap is created on the node1. ...READ MORE

Apr 5, 2020 in Kubernetes by jayabmaguluri
• 140 points
1,008 views
+1 vote
1 answer
0 votes
3 answers

Error while joining cluster with node

Hi Kalgi after following above steps it ...READ MORE

answered Jan 17, 2019 in Others by anonymous
15,484 views
0 votes
1 answer

Kubernetes nginx-ingress TLS issue

You have to create a secret named test-secret. ➜ ...READ MORE

answered Sep 11, 2018 in Kubernetes by Kalgi
• 52,350 points
1,973 views
0 votes
1 answer

Forcing ssl for Kubernetes Ingress on GKE

https://github.com/kubernetes/ingress-gce#frontend-https If you want to block http, you ...READ MORE

answered Sep 6, 2018 in Kubernetes by ajs3033
• 7,300 points
4,228 views
0 votes
1 answer
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP