Configuring a Tolerance Policy of a Component Instance

For container-deployed components, tolerations allow the scheduler to schedule pods to nodes with target taints. Tolerances work with node taints. Each node allows one or more taints. If no tolerance is configured for a pod, the scheduler will schedule the pod based on node taint policies to prevent the pod from being scheduled to an inappropriate node.

As shown in Table 1, you can specify multiple effects for taints.

**Table 1** Taint effects
Taint Effect	No Taint Tolerance Policy Configured	Taint Tolerance Policy Configured
NoExecute	Pods running on the node will be evicted immediately. Inactive pods will not be scheduled to the node.	If the toleration time window is not specified, pods can always run on this node. If the toleration time window is specified, pods still run on the node with taints within the time window. After the time expires, the pods will be evicted.
PreferNoSchedule	Pods running on the node will not be evicted. Inactive pods will not be scheduled to the node to the best extend.	Pods can always run on this node.
NoSchedule	Pods running on the node will not be evicted. Inactive pods will not be scheduled to the node.	Pods can always run on this node.

Kubernetes automatically adds tolerances for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints to pods, and sets the toleration time window to 300s. These default tolerance policies indicate that when either of the preceding taint is added to the node where pods are running, the pods can still run on the node for 5 minutes.

When a DaemonSet pod is created, no toleration time window will be specified for the tolerations automatically added for the preceding taints. When either of the preceding taints is added to the node where the DaemonSet pod is running, the DaemonSet pod will never be evicted.

For details about common taints, see Table 2.

**Table 2** Common taints
Taint	Description
node.kubernetes.io/not-ready	Node not ready.
node.kubernetes.io/unreachable	Node controller cannot access node.
node.kubernetes.io/memory-pressure	Node has insufficient memory.
node.kubernetes.io/network-unavailable	Node network unavailable.
node.kubernetes.io/unschedulable	Node not schedulable.

Prerequisites

You have added taints to the target cluster node. For details, see Managing Node Taints.

Configuring a Tolerance Policy of a Component Instance

Choose Advanced Settings > Tolerance Policy.

Click Add Policy to add a taint tolerance policy by referring to the following table.

Parameter	Description
Taint Key	Enter the taint key of the node.
Operators	Equal: matches the nodes with the specified taint key (mandatory) and value. If the taint value is left blank, all taints with the same key will be matched. Exists: matches nodes with the specified taint key. In this case, the taint value cannot be specified. Not specifying any taint key means all taints are tolerated.
Taint Value	This parameter is mandatory when Operators is set to Equal.
Taint Policy	All: All taint policies are matched. NoSchedule: Only the NoSchedule taint is matched. PreferNoSchedule: Only the PreferNoSchedule taint is matched. NoExecute: Only the NoExecute taint is matched.
Toleration Time Window (s)	This parameter can be set only when Taint Policy is set to NoExecute. Within the tolerance time window, pods still run on the node with taints. After the time expires, the pods will be evicted.