5.2.4.1. Node marking

This section covers marking and restricting control plane nodes. It describes how to assign the control-plane role to a node and apply a taint that prevents scheduling workload pods on master nodes. These actions are necessary to ensure isolation of control plane components and to comply with the cluster architecture model.

Init

Node marking and restriction

● Required

Note

This section describes the cluster configuration that allows you to set the container scheduling policy in advance and ensure isolation of the control plane from unplanned workloads.

master-1

export HOST_NAME=master-1

Environment variables

export CLUSTER_NAME=my-first-cluster
export BASE_DOMAIN=example.com
export FULL_HOST_NAME=${HOST_NAME}.${CLUSTER_NAME}.${BASE_DOMAIN}

HardWay

Node labeling

kubectl label node ${FULL_HOST_NAME} node-role.kubernetes.io/control-plane="" \
  --kubeconfig=/etc/kubernetes/super-admin.conf

note

node/master-1.my-first-cluster.example.com labeled

Node tainting

kubectl taint node ${FULL_HOST_NAME} node-role.kubernetes.io/control-plane="":NoSchedule \
  --overwrite \
  --kubeconfig=/etc/kubernetes/super-admin.conf

note

node/master-1.my-first-cluster.example.com modified

Kubeadm

kubeadm init phase mark-control-plane \
  --config=/var/run/kubeadm/kubeadm.yaml

note

[mark-control-plane] Marking the node master-1.my-first-cluster.example.com as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node master-1.my-first-cluster.example.com as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]

Join

Node marking and restriction

● Required

Note

This section describes the cluster configuration that allows you to set the container scheduling policy in advance and protect the control plane from unplanned workloads.

master-2

export HOST_NAME=master-2

master-3

export HOST_NAME=master-3

Environment variables

export CLUSTER_NAME=my-first-cluster
export BASE_DOMAIN=example.com
export FULL_HOST_NAME=${HOST_NAME}.${CLUSTER_NAME}.${BASE_DOMAIN}

HardWay

Node labeling

kubectl label node ${FULL_HOST_NAME} node-role.kubernetes.io/control-plane="" \
  --kubeconfig=/etc/kubernetes/super-admin.conf

note

node/master-<n>.my-first-cluster.example.com labeled

Node tainting

kubectl taint node ${FULL_HOST_NAME} node-role.kubernetes.io/control-plane="":NoSchedule \
  --overwrite \
  --kubeconfig=/etc/kubernetes/super-admin.conf

note

node/master-<n>.my-first-cluster.example.com modified

Kubeadm

kubeadm join phase control-plane-join mark-control-plane \
  --config=/var/run/kubeadm/kubeadm.yaml

note

[mark-control-plane] Marking the node master-<n>.my-first-cluster.example.com as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node master-<n>.my-first-cluster.example.com as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]