Prevent Pods from being scheduled on specific nodes
Nodes with specialized processors, such as GPUs, can be more expensive to run than nodes running on more standard machines. For that reason, you may want to protect those nodes from having workloads that don’t require special hardware from being deployed to those nodes. One way to do that is with taints.
Amazon EKS supports configuring Kubernetes taints through managed node groups. Taints and tolerations work together to ensure that Pods aren’t scheduled onto inappropriate nodes. One or more taints can be applied to a node. This marks that the node shouldn’t accept any Pods that don’t tolerate the taints. Tolerations are applied to Pods and allow, but don’t require, the Pods to schedule onto nodes with matching taints. For more information, see Taints and Tolerations
Kubernetes node taints can be applied to new and existing managed node groups using the Amazon Web Services Management Console or through the Amazon EKS API.
-
For information on creating a node group with a taint using the Amazon Web Services Management Console, see Create a managed node group for your cluster.
-
The following is an example of creating a node group with a taint using the Amazon CLI:
aws eks create-nodegroup \ --cli-input-json ' { "clusterName": "my-cluster", "nodegroupName": "node-taints-example", "subnets": [ "subnet-1234567890abcdef0", "subnet-abcdef01234567890", "subnet-021345abcdef67890" ], "nodeRole": "arn:aws-cn:iam::111122223333:role/AmazonEKSNodeRole", "taints": [ { "key": "dedicated", "value": "gpuGroup", "effect": "NO_SCHEDULE" } ] }'
For more information and examples of usage, see taint
Note
-
Taints can be updated after you create the node group using the
UpdateNodegroupConfig
API. -
The taint key must begin with a letter or number. It can contain letters, numbers, hyphens (
-
), periods (.
), and underscores (_
). It can be up to 63 characters long. -
Optionally, the taint key can begin with a DNS subdomain prefix and a single
/
. If it begins with a DNS subdomain prefix, it can be 253 characters long. -
The value is optional and must begin with a letter or number. It can contain letters, numbers, hyphens (
-
), periods (.
), and underscores (_
). It can be up to 63 characters long. -
When using Kubernetes directly or the Amazon Web Services Management Console, the taint effect must be
NoSchedule
,PreferNoSchedule
, orNoExecute
. However, when using the Amazon CLI or API, the taint effect must beNO_SCHEDULE
,PREFER_NO_SCHEDULE
, orNO_EXECUTE
. -
A maximum of 50 taints are allowed per node group.
-
If taints that were created using a managed node group are removed manually from a node, then Amazon EKS doesn’t add the taints back to the node. This is true even if the taints are specified in the managed node group configuration.
You can use the aws eks update-nodegroup-config Amazon CLI command to add, remove, or replace taints for managed node groups.