The kubectl cordon command in Kubernetes is used to mark a node as unschedulable. This prevents new pods from being scheduled onto the node, although existing pods continue to run on it. This can be useful during maintenance or when you want to prevent new deployments on a node temporarily.
Example 1: Cordon a specific node named “node-1”:
kubectl cordon node-1
This command will mark the node “node-1” as unschedulable. To verify, you can check the node’s status using:
kubectl get nodes node-1 -o jsonpath='{.spec.taints}'
If the node is cordoned, the output will include a taint indicating it’s unschedulable.
Example 2: Cordon all nodes labeled with a specific label, such as “environment=production”:
kubectl cordon $(kubectl get nodes -l environment=production -o jsonpath='{.items[*].metadata.name}')
This command uses a label selector to cordon all nodes matching the label “environment=production”.
Example 3: Cordon nodes based on a node condition, for instance, nodes with disk pressure:
kubectl get nodes --field-selector='status.conditions[?type==DiskPressure].status==True' -o jsonpath='{.items[*].metadata.name}' | xargs kubectl cordon
This command finds nodes with disk pressure conditions and cordon them. Verification can be done by checking the taints on those nodes.
Example 4: Cordon a node with an eviction grace period (e.g., 30 seconds):
kubectl cordon --grace-period=30 node-1
This command marks “node-1” as unschedulable with a specific eviction grace period.
Example 5: Cordon all nodes except those labeled with “critical=false”:
kubectl get nodes -l 'critical!=false' -o jsonpath='{.items[*].metadata.name}' | xargs -I {} kubectl cordon {}
This command cordon all nodes except those labeled with “critical=false”.
Example 6: Cordon nodes in a specific availability zone, for instance, “us-west-1a”:
kubectl get nodes -o jsonpath='{.items[?(@.metadata.labels.failure-domain\.beta\.kubernetes\.io/zone=="us-west-1a")].metadata.name}' | xargs -I {} kubectl cordon {}
This command targets nodes in the specified availability zone for cordoning.
Example 7: Cordon nodes based on specific resource utilization thresholds:
kubectl top nodes | awk '$2 > 80 {print $1}' | xargs -I {} kubectl cordon {}
This command uses the Kubernetes metrics server to identify nodes with CPU or memory utilization over 80% and cordon them accordingly.
Example 8: Cordon nodes during node draining to prevent new pods from being scheduled:
kubectl drain --ignore-daemonsets node-1 && kubectl cordon node-1
This sequence drains “node-1” and then marks it as unschedulable to ensure no new pods are scheduled during the drain operation.
Example 9: Cordon nodes with specific hardware configurations, such as GPU nodes:
kubectl get nodes -l 'accelerator=nvidia-tesla-v100' -o jsonpath='{.items[*].metadata.name}' | xargs -I {} kubectl cordon {}
This command targets nodes equipped with NVIDIA Tesla V100 GPUs for cordoning.
Example 10: Cordon nodes based on network conditions or issues:
kubectl get nodes --field-selector='status.conditions[?type==NetworkUnavailable].status==True' -o jsonpath='{.items[*].metadata.name}' | xargs -I {} kubectl cordon {}
This command identifies nodes with network issues and marks them as unschedulable.
Also check similar articles.
Monitor Resource Usage with kubectl top
Access Cluster Information Using kubectl cluster-info
Managing Kubernetes Certificates with kubectl certificate
Implement Auto-Scaling in Kubernetes with kubectl autoscale
Scaling Kubernetes Deployments with kubectl scale
Discussion about this post