0

I'm testing Node Affinity with Taints such that the below pod will be scheduled exactly in the expected node. I have added a Label to the Node and a Taint.

Label: node=testvm
Taint: node=testvm:NoSchedule

The pod manifest looks like below

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: node
            operator: In
            values:
            - testvm 
  containers:
  - name: nginx
    image: nginx
    imagePullPolicy: IfNotPresent

But when I apply it gives the below error

* spec.tolerations: Forbidden: existing toleration can not be modified except its tolerationSeconds
* spec: Forbidden: pod updates may not change fields other than `spec.containers[*].image`, `spec.initContainers[*].image`, `spec.activeDeadlineSeconds`, `spec.tolerations` (only additions to existing tolerations) or `spec.terminationGracePeriodSeconds` (allow it to be set to 1 if it was previously negative)
  core.PodSpec{
    ... // 15 identical fields
    Subdomain:         "",
    SetHostnameAsFQDN: nil,
-   Affinity: &core.Affinity{
-       NodeAffinity: &core.NodeAffinity{
-           RequiredDuringSchedulingIgnoredDuringExecution: &core.NodeSelector{NodeSelectorTerms: []core.NodeSelectorTerm{...}},
-       },
-   },

New

Warning  FailedScheduling   8s (x1 over 68s)  default-scheduler   0/4 nodes are available: 1 node(s) didn't match Pod's node affinity/selector, 1 node(s) had taint {nodepool: monitoring}, that the pod didn't tolerate, 1 node(s) had taint {nodepool: stage}, that the pod didn't tolerate, 1 node(s) had taint {nodepool: system}, that the pod didn't tolerate.
  Normal   NotTriggerScaleUp  2m23s             cluster-autoscaler  pod didn't trigger scale-up: 1 max node group size reached
Container-Man
  • 434
  • 1
  • 6
  • 17
  • It looks like you're trying to modify an existing pod. You can't do that; there are only a limited number of fields (listed in the error message in your question) that can be modified. To change anything else, you need to destroy and re-create the pod. That's why we generally use a Deployment instead of a Pod (because you can modify everything in the Deployment, it Kubernetes will take care of tearing down and re-creating pods automatically). – larsks Feb 03 '23 at 18:54
  • @larsks Yes I didn't notice that. I recreated the pod with a different name but now the Pod is in Pending state. I have added the error message above – Container-Man Feb 04 '23 at 08:48
  • Should the Label and the Taint be same? For example if the Label given for the Node is mynode=myval the Taint for the Node also should be same as mynode=myval:NoSchedule? – Container-Man Feb 04 '23 at 08:52
  • Labels and taints aren't directly related. See "[Taints and Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)" for more documentation on this topic. – larsks Feb 04 '23 at 12:27
  • If a pod is in state Pending, often `kubectl get events` for that namespace (or `kubectl describe pod`, which includes events) will have some details. – larsks Feb 04 '23 at 12:28

0 Answers0