1
00:00:00,120 --> 00:00:07,410
.In this lecture we will discuss about the part to note relationship and how you can restrict what parts

2
00:00:07,500 --> 00:00:15,820
are placed on what notes the concept of teens and toleration can be a bit confusing for beginners.

3
00:00:15,870 --> 00:00:22,710
So we will try to understand what they are using an analogy of a bug approaching a person.

4
00:00:22,710 --> 00:00:29,480
Now my apologies in advance but this is the best I could come up with to prevent the bug from landing

5
00:00:29,570 --> 00:00:30,800
on the person.

6
00:00:31,010 --> 00:00:36,820
We spray the person with a repellent spray or attained as we will call it.

7
00:00:36,860 --> 00:00:41,750
In this lecture the book is intolerant to the smell.

8
00:00:41,750 --> 00:00:50,350
So on approaching the person detained applied on the person throws the bug off however there could be

9
00:00:50,470 --> 00:00:56,920
other books that are tolerant to the smell and so the taint doesn't really affect them.

10
00:00:57,150 --> 00:01:00,370
And so they end up landing on the person.

11
00:01:00,370 --> 00:01:05,330
So there are two things that decide if a bug can land on a person.

12
00:01:05,530 --> 00:01:08,080
First the taint on the person.

13
00:01:08,290 --> 00:01:15,310
And second the bugs toleration level to that particular taint getting back to Cuba.

14
00:01:15,310 --> 00:01:20,420
NET is the person is a node and the bugs are pods.

15
00:01:20,430 --> 00:01:27,230
Now teens and toleration have nothing to do with security or intrusion on the Cluster.

16
00:01:27,560 --> 00:01:33,800
Teens and toleration are used to set restrictions on what parts can be scheduled.

17
00:01:33,860 --> 00:01:41,510
On a note let us start with a simple cluster with three worker notes the notes are named one two and

18
00:01:41,510 --> 00:01:42,390
three.

19
00:01:42,440 --> 00:01:46,420
We also have a set of paths that are to be deployed on these notes.

20
00:01:46,490 --> 00:01:48,710
Let's call them A B C and D.

21
00:01:49,010 --> 00:01:55,410
When the parts are created common it is scheduler tries to place these parts on the available worker

22
00:01:55,430 --> 00:01:56,560
nodes.

23
00:01:56,690 --> 00:02:04,130
As of now there are no restrictions are limitations and as such the scheduler places the parts across

24
00:02:04,220 --> 00:02:06,910
all of the nodes to balance them out equally.

25
00:02:08,120 --> 00:02:15,510
Now let us assume that we have dedicated resources on Node 1 for a particular use case or application

26
00:02:16,520 --> 00:02:23,230
so we would like only those parts that belong to this application to be placed on Node 1.

27
00:02:23,310 --> 00:02:30,300
First we prevent all parts from being placed on the Node by placing a taint on the Node.

28
00:02:30,900 --> 00:02:33,910
Let's call it blue by default.

29
00:02:33,980 --> 00:02:43,510
Paths have no toleration which means unless specified otherwise none of the parts can tolerate any taint.

30
00:02:43,510 --> 00:02:50,260
So in this case none of the parts can be placed on Node 1 as none of them can tolerate the team.

31
00:02:50,270 --> 00:02:59,170
Blue this solves half of our requirement no unwanted parts are going to be placed on this note.

32
00:02:59,360 --> 00:03:04,100
The other half is to enable certain parts to be placed on this note.

33
00:03:05,930 --> 00:03:11,860
For this we must specify which parts are tolerant to this particular attempt.

34
00:03:12,050 --> 00:03:20,840
In our case we would like to allow only Part D to be placed on this note so we add a toleration to Part

35
00:03:20,960 --> 00:03:21,290
D.

36
00:03:22,280 --> 00:03:30,260
Part D is now tolerant to blue so when the scheduler tries to place this part on Node 1 it goes through

37
00:03:30,650 --> 00:03:35,960
Node 1 can now only accept parts that can tolerate the taint.

38
00:03:35,990 --> 00:03:40,740
Blue so with all the teens and toleration is in place.

39
00:03:40,850 --> 00:03:44,100
This is how the parts would be scheduled.

40
00:03:44,180 --> 00:03:50,450
The scheduler tries to place part a on not one but due to the team it is thrown off and it goes to note

41
00:03:50,450 --> 00:03:57,440
to the scheduler then tries to place part B on not one but again due to the taint it is thrown off and

42
00:03:57,440 --> 00:04:01,490
is placed on Node 3 which happens to be the next free node.

43
00:04:01,490 --> 00:04:07,420
The scheduler then tries to place part c to the Node 1 it is thrown off again and ends up on Node 2.

44
00:04:07,460 --> 00:04:14,520
Finally the scheduler tries to place part D on Node 1 since the part is tolerant to Node 1.

45
00:04:14,540 --> 00:04:22,540
It goes through so remember trains are set on nodes and toleration are set on pods.

46
00:04:22,690 --> 00:04:24,330
So how do you do this.

47
00:04:24,430 --> 00:04:31,750
Use the cube control taint nodes command to taint in node specify the name of the node to train followed

48
00:04:31,750 --> 00:04:35,260
by the train itself which is a key value pair.

49
00:04:35,320 --> 00:04:42,550
For example if you would like to dedicate the Node 2 parts in application blue then the key value pair

50
00:04:42,550 --> 00:04:49,820
would be ab equals blue the taint effect defines what would happen to the pods.

51
00:04:49,840 --> 00:04:58,120
If they do not tolerate the taint there are three taint effects no schedule which means the parts will

52
00:04:58,120 --> 00:05:02,030
not be scheduled on the node which is what we have been discussing.

53
00:05:02,220 --> 00:05:08,950
Prefer No schedule which means the system will try to avoid placing a part on the node but that is not

54
00:05:08,950 --> 00:05:10,520
guaranteed.

55
00:05:10,570 --> 00:05:12,790
And third is no execute.

56
00:05:13,000 --> 00:05:21,010
Which means that new parts will not be scheduled on the node and existing parts on the node if any will

57
00:05:21,010 --> 00:05:24,700
be evicted if they do not tolerate the taint.

58
00:05:24,700 --> 00:05:31,000
These parts may have been scheduled on Node before the 10th was applied to the node.

59
00:05:31,030 --> 00:05:38,200
An example command would be detained Node node one with the key value pair app equals blue and an effect

60
00:05:38,470 --> 00:05:46,440
of no schedule toleration is are added to parts to add a toleration to a pod.

61
00:05:46,450 --> 00:05:52,980
First pull up the pod definition file in the spec section of the pod definition file had a section called

62
00:05:53,010 --> 00:05:59,530
toleration move the same values used to while creating the taint under this section.

63
00:05:59,580 --> 00:06:07,830
The key is app operator is equal value is blue and the effect is no should you.

64
00:06:07,890 --> 00:06:13,810
And remember all of these values need to be encoded in double codes.

65
00:06:14,100 --> 00:06:21,690
When the pods are now created or updated with the new toleration they are either not scheduled on nodes

66
00:06:21,900 --> 00:06:29,780
or evicted from the existing nodes depending on the effect set let us try to understand the No.

67
00:06:29,790 --> 00:06:33,600
Execute takes effect in a bit more depth.

68
00:06:33,960 --> 00:06:37,380
In this example we have three nodes running some workload.

69
00:06:37,380 --> 00:06:43,440
We do not have any teens or toleration at this point so they are scheduled this way.

70
00:06:43,440 --> 00:06:51,420
We then decided to dedicate Node 1 for a special application and as such we obtained the node with the

71
00:06:51,420 --> 00:06:58,380
application name and add a toleration to the part that belongs to the application which happens to be

72
00:06:58,380 --> 00:06:59,280
part D.

73
00:06:59,280 --> 00:07:06,560
In this case while tending the node we set the taint effect to no execute and as such.

74
00:07:06,750 --> 00:07:14,190
Once detained on the Node takes effect it evokes Part C from the node which simply means that the part

75
00:07:14,220 --> 00:07:15,170
is killed.

76
00:07:15,360 --> 00:07:20,930
The Part D continues to run on the node as it has a toleration to the change.

77
00:07:22,030 --> 00:07:26,980
Now going back to our original scenario where we have teens and toleration is configured.

78
00:07:27,070 --> 00:07:35,500
Remember teens and toleration are only meant to restrict nodes from accepting certain parts.

79
00:07:35,500 --> 00:07:45,160
In this case no one can only accept Part D but it does not guarantee that Part D will always be placed

80
00:07:45,220 --> 00:07:46,400
on Node 1.

81
00:07:46,480 --> 00:07:53,800
Since there are no teens or restrictions applied on the other two nodes Part D may very well be placed

82
00:07:53,830 --> 00:08:02,350
on any of the other two nodes so remember teens and toleration does not tell the part to go to a particular

83
00:08:02,440 --> 00:08:03,140
node.

84
00:08:03,160 --> 00:08:09,460
Instead it tells the node to only accept parts with certain toleration.

85
00:08:10,150 --> 00:08:17,950
If your requirement is to restrict a part to certain nodes it is achieved through another concept called

86
00:08:17,980 --> 00:08:23,410
Ask node affinity which we will discuss in the next lecture finally.

87
00:08:23,510 --> 00:08:28,200
While we're on this topic let us also take a look at an interesting fact.

88
00:08:28,460 --> 00:08:32,650
So far we have only been referring to the worker nodes.

89
00:08:32,670 --> 00:08:39,290
But we also have master nodes in the cluster which is technically just another note that has all the

90
00:08:39,290 --> 00:08:41,780
capabilities of hosting a part.

91
00:08:41,790 --> 00:08:45,350
Plus it runs all the management software.

92
00:08:45,470 --> 00:08:52,430
Now I'm not sure if you noticed the scheduler does not schedule any part on the master node.

93
00:08:52,430 --> 00:08:56,590
Why is that when the covenant is cluster is first setup.

94
00:08:56,630 --> 00:09:03,530
It teams is set on the master node automatically that prevents any parts from being schedule on this

95
00:09:03,530 --> 00:09:04,250
note.

96
00:09:04,580 --> 00:09:08,670
You can see this as well as modified his behavior if required.

97
00:09:08,990 --> 00:09:17,330
However a best practice is to not deploy application workloads on a master server to see this taint

98
00:09:17,540 --> 00:09:18,340
run a cube.

99
00:09:18,340 --> 00:09:26,420
Control described node command with Cube master as the node name and look for the tail section.

100
00:09:26,540 --> 00:09:32,200
You will see a taint set to not schedule any parts on the master node.

101
00:09:32,270 --> 00:09:34,310
Well that's it for this lecture.

102
00:09:34,310 --> 00:09:39,320
Head over to the coding exercises section and practice working with teens and toleration is.