Can you please check the yaml file below from the lightning labs for CKAD practi . . .

Zahit Usta:
Can you please check the yaml file below from the lightning labs for CKAD practice? Why do we need tolerations after using the nodeselector?

apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: my-busybox
name: my-busybox
namespace: dev2406
spec:
volumes:
- name: secret-volume
secret:
secretName: dotfile-secret
nodeSelector:
<http://kubernetes.io/hostname|kubernetes.io/hostname>: controlplane
tolerations:
- key: "<http://node-role.kubernetes.io/master|node-role.kubernetes.io/master>"
operator: "Exists"
effect: "NoSchedule"
containers:
- command:
- sleep
args:
- "3600"
image: busybox
name: secret
volumeMounts:
- name: secret-volume
readOnly: true
mountPath: "/etc/secret-volume"

Shwetha Shenoy:
In case the node has taints, the pod needs to have a toleration for the taint (in your case, <http://node-role.kubernetes.io/master|node-role.kubernetes.io/master> along with the nodeSelector to actually be placed on controlplane and start/run.

Shwetha Shenoy:
Best way to learn is to remove the tolerations and check if the pod actually starts. The events from the pod will tell you more.

Zahit Usta:
Thanks Shwetha Looks like the node is tainted but it is not mentioned in the question

unnivkn:
Hi @Zahit Usta please don’t confuse with nodeSelector and nodeName. nodeSelector is controlled by k8s scheduler, where as nodeName is a manual scheduler & k8s scheduler doesn’t have any role there. So if you use nodeName, then using toleration is meaningless. fyi:

image.png1013×368 32.3 KB

image.png995×486 57.2 KB