| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2024-07-24 |
openshift, kubernetes, affinity, taint, edge node, edge |
openshift |
{{site.data.keyword.attribute-definition-list}}
{: #edge-workload-prevent}
A benefit of edge worker nodes is that they can be specified to run networking services only. {: shortdesc}
You can prevent workloads from running on edge worker nodes and consuming worker node resources by using Kubernetes taints{: external}.
Before you begin
- Ensure that you have the following IAM roles:
- Any platform access role for the cluster
- Manager service access role for all namespaces
- Access your {{site.data.keyword.redhat_openshift_notm}} cluster.
-
Create a worker pool with the label
dedicated=edgeor add the label to one of your existing worker pools.-
To create a Classic worker pool, you can use the
worker-pool create classiccommand.ibmcloud oc worker-pool create classic --name POOL_NAME --cluster CLUSTER --flavor FLAVOR --size-per-zone WORKERS_PER_ZONE --hardware ISOLATION --label dedicated=edge
{: pre}
-
To create a VPC worker pool, you can use the
worker-pool create vpc-gen2command.ibmcloud oc worker-pool create vpc-gen2 --name POOL_NAME --cluster CLUSTER --flavor FLAVOR --size-per-zone WORKERS_PER_ZONE --hardware ISOLATION --label dedicated=edge
{: pre}
-
To label an existing worker pool, you can use the
worker-pool label setcommand.ibmcloud oc worker-pool label set --cluster CLUSTER --worker-pool POOL --label dedicated=edge{: pre}
-
-
Verify that the worker pool and worker nodes have the
dedicated=edgelabel.-
To check the worker pool, use the
getcommand.ibmcloud oc worker-pool get --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID>
{: pre}
-
To check individual worker nodes, review the Labels field of the output of the following command.
oc describe node <worker_node_private_IP>
{: pre}
-
-
Apply a taint to the worker nodes with the
dedicated=edgelabel. The taint prevents pods from running on the worker node and removes pods that don't have thededicated=edgelabel from the worker node. The pods that are removed are redeployed to other worker nodes with capacity.To apply a taint to all existing and future worker nodes in a worker pool:
ibmcloud oc worker-pool taint set -c <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID> --taint dedicated=edge:NoExecute
{: pre}
To apply a taint to individual worker nodes:
oc adm taint node -l dedicated=edge dedicated=edge:NoExecute
{: pre}
Now, only pods with the
dedicated=edgetoleration are deployed to your edge worker nodes. -
Verify that your edge nodes are tainted.
oc describe nodes -l dedicated=edge | egrep "Taints|Hostname"
{: pre}
Example output
Taints: dedicated=edge:NoExecute Hostname: 10.176.48.83 Taints: dedicated=edge:NoExecute Hostname: 10.184.58.7{: screen}