SUSE acquires StackState to provide full stack, cloud native observability read now Read now

Mastering Node Affinity in Kubernetes

Dmitry Maximov
Dmitry Maximov
15 min read

In the world of container orchestration, Kubernetes has emerged as the go-to platform for managing and scaling applications. One of the key features that make Kubernetes so powerful is its ability to intelligently schedule pods across nodes in a cluster. Node affinity is a crucial concept in this scheduling process, allowing developers to influence where pods are placed based on node characteristics. In this comprehensive guide, we'll explore node affinity in Kubernetes and how to effectively use it in your deployments.

Understanding Node Affinity in Kubernetes

Node affinity is a set of rules used by the Kubernetes scheduler to determine which nodes are eligible to host a pod. It allows you to constrain which nodes your pod can be scheduled on based on labels on the node. This feature provides more control over pod placement than the simpler nodeSelector field.

Key Concepts

  1. Node affinity: Attracts pods to a set of nodes (either

    as a hard or soft requirement).

  2. Node anti-affinity: Repels pods from a set of nodes.

  3. Required rules: Must be met for a pod to be scheduled on a node.

  4. Preferred rules: The scheduler will try to enforce but will not guarantee.

The Evolution of Pod Scheduling in Kubernetes

To fully appreciate node affinity, it's essential to understand its evolution in Kubernetes:

  1. Node Selectors: The original method for pod-to-node assignment, using simple key-value pairs.

  2. Node Affinity: Introduced more expressive language for pod scheduling rules.

  3. Pod Affinity/Anti-Affinity: Extended the concept to consider the placement of pods relative to each other.

This progression demonstrates Kubernetes' commitment to providing fine-grained control over workload placement.

Node Affinity vs. Other Scheduling Mechanisms

Node Affinity vs. Taints and Tolerations

While node affinity attracts pods to nodes, taints and tolerations work in the opposite direction. Taints are applied to nodes to repel pods, while tolerations are applied to pods to allow (but not require) them to be scheduled on nodes with matching taints.

# Node Affinity Example
affinity:
 nodeAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
   nodeSelectorTerms:
    - matchExpressions:
     - key: kubernetes.io/e2e-az-name
      operator: In
      values:
      - e2e-az1
      - e2e-az2

# Taint Example
kubectl taint nodes node1 key=value:NoSchedule

# Toleration Example
tolerations:
- key: "key"
 operator: "Equal"
 value: "value"
 effect: "NoSchedule"

The main difference lies in their approach:

  • Node affinity is proactive, specifying where pods should go.

  • Taints and tolerations are reactive, specifying where pods shouldn't go unless they have a specific toleration.

Pod Affinity vs. Node Affinity

While node affinity is about attracting pods to nodes, pod affinity is about attracting pods to each other. Pod affinity allows you to define rules for how pods should be scheduled relative to other pods.

# Pod Affinity Example
affinity:
 podAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
  - labelSelector:
    matchExpressions:
    - key: security
     operator: In
     values:
     - S1
  topologyKey: topology.kubernetes.io/zone

Key differences:

  • Node affinity considers node attributes.

  • Pod affinity considers the placement of other pods.

  • Pod affinity can be used for co-location or separation of pods.

Implementing Node Affinity in Kubernetes

Basic Node Affinity

To implement node affinity, you'll need to add an affinity section to your pod or deployment specification. Here's a basic example:

apiVersion: apps/v1
kind: Deployment
metadata:
 name: nginx-deployment
spec:
 replicas: 3
 selector:
  matchLabels:
   app: nginx
 template:
  metadata:
   labels:
    app: nginx
  spec:
   affinity:
    nodeAffinity:
     requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
      - matchExpressions:
       - key: disktype
        operator: In
        values:
        - ssd
   containers:
   - name: nginx
    image: nginx:1.14.2
    ports:
    - containerPort: 80

In this example, the pods will only be scheduled on nodes with the label disktype=ssd.

Node Affinity Operators

Kubernetes supports several operators for node affinity rules:

  • In: The label value must be in the specified list.

  • NotIn: The label value must not be in the specified list.

  • Exists: The label key must exist (no value needed).

  • DoesNotExist: The label key must not exist.

  • Gt: The label value must be greater than the specified value (for numeric values).

  • Lt: The label value must be less than the specified value (for numeric values).

These operators provide flexibility in defining your affinity rules. For example:

affinity:
 nodeAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
   nodeSelectorTerms:
   - matchExpressions:
    - key: kubernetes.io/e2e-az-name
     operator: In
     values:
     - e2e-az1
     - e2e-az2
    - key: another-node-label-key
      operator: Exists

This rule requires nodes to be in either e2e-az1 or e2e-az2 AND have the label another-node-label-key (regardless of its value).

Combining Required and Preferred Rules

You can combine both required and preferred rules in your node affinity specification:

affinity:
 nodeAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
   nodeSelectorTerms:
    - matchExpressions:
     - key: kubernetes.io/e2e-az-name
      operator: In
      values:
      - e2e-az1
      - e2e-az2
  preferredDuringSchedulingIgnoredDuringExecution:
  - weight: 1
   preference:
    matchExpressions:
    - key: another-node-label-key
     operator: In
     values:
     - another-node-label-value

In this example:

  • The pod must be scheduled on a node in either e2e-az1 or e2e-az2.

  • If possible, the scheduler will try to place it on a node with another-node-label-key=another-node-label-value.

The weight field allows you to specify the relative importance of each preference. Higher weights are given priority when multiple preferences are specified.

Node Anti-Affinity

Node anti-affinity is achieved by using the NotIn or DoesNotExist operators in your node affinity rules. This allows you to keep pods away from certain nodes:

affinity:
 nodeAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
   nodeSelectorTerms:
   - matchExpressions:
    - key: node-role
     operator: NotIn
     values:
     - control-plane

This example ensures that pods are not scheduled on control plane nodes.

Use cases for node anti-affinity include:

  1. Separating workloads from system-critical nodes.

  2. Implementing multi-tenancy by keeping different customers' workloads on separate nodes.

  3. Spreading pods across failure domains for high availability.

Node Affinity in Different Kubernetes Objects

DaemonSet Node Affinity

DaemonSets ensure that all (or some) nodes run a copy of a pod. When combined with node affinity, you can target specific nodes:

apiVersion: apps/v1
kind: DaemonSet
metadata:
 name: monitoring-agent
spec:
 selector:
  matchLabels:
   name: monitoring-agent
 template:
  metadata:
   labels:
    name: monitoring-agent
  spec:
   affinity:
    nodeAffinity:
     requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
      - matchExpressions:
        - key: monitoring
        operator: In
        values:
        - "true"
  containers:
  - name: monitoring-agent
    image: monitoring-agent:v1

This DaemonSet will only deploy the monitoring agent on nodes labeled with monitoring=true. This is particularly useful for:

  • Deploying monitoring or logging agents only on specific node types.

  • Running specialized workloads on nodes with particular hardware characteristics.

Deployment Node Affinity

We've already seen an example of node affinity in a Deployment. Here's another example that targets nodes in a specific region:

apiVersion: apps/v1
kind: Deployment
metadata:
 name: webapp
spec:
 replicas: 5
 selector:
  matchLabels:
   app: webapp
template:
 metadata:
  labels:
   app: webapp
 spec:
  affinity:
   nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
     nodeSelectorTerms:
     - matchExpressions:
      - key: topology.kubernetes.io/region
        operator: In
        values:
        - us-west-2
  containers:
  - name: webapp
    image: webapp:v1

This deployment ensures that all pods are scheduled in the us-west-2 region. This can be useful for:

  • Compliance with data residency requirements.

  • Optimizing for network latency by placing pods close to users or data sources.

  • Balancing workloads across different geographical locations.

Node Affinity in Managed Kubernetes Services

AKS Node Affinity

Azure Kubernetes Service (AKS) supports node affinity out of the box. You can use it to schedule pods on specific node pools:

affinity:
 nodeAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
   nodeSelectorTerms:
   - matchExpressions:
    - key: agentpool
     operator: In
     values:
     - highperf

This example schedules pods only on nodes in the "highperf" agent pool. AKS-specific considerations include:

  • Using node affinity to target GPU-enabled node pools for machine learning workloads.

  • Leveraging node affinity to separate dev/test workloads from production on shared clusters.

  • Combining node affinity with AKS availability zones for high availability.

EKS Node Affinity

Amazon Elastic Kubernetes Service (EKS) also supports node affinity. You might use it to schedule pods on specific instance types:

affinity:
 nodeAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
   nodeSelectorTerms:
   - matchExpressions:
    - key: beta.kubernetes.io/instance-type
     operator: In
     values:
     - c5.large
     - c5.xlarge

EKS-specific use cases include:

  • Targeting Fargate profiles for serverless workloads.

  • Utilizing node affinity with EKS managed node groups for easier cluster management.

  • Combining node affinity with EC2 Spot Instances for cost optimization.

GKE Node Affinity

Google Kubernetes Engine (GKE) supports node affinity as well. You can use it to schedule pods on nodes with specific characteristics:

affinity:
 nodeAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
   nodeSelectorTerms:
   - matchExpressions:
    - key: cloud.google.com/gke-nodepool
     operator: In
     values:
     - pool-1

GKE-specific strategies include:

  • Using node affinity with GKE's node auto-provisioning feature.

  • Leveraging node affinity in combination with GKE's multi-zonal clusters for high availability.

  • Applying node affinity rules to target nodes with specific CPU platforms for performance-critical workloads.

Advanced Topics

Volume Node Affinity Conflict

Sometimes, you may encounter a "volume node affinity conflict" error. This occurs when a pod's node affinity rules conflict with the node affinity rules of a persistent volume it's trying to use. To resolve this, ensure that the node affinity rules for both the pod and the persistent volume are compatible.

# PersistentVolume with Node Affinity
apiVersion: v1
kind: PersistentVolume
metadata:
 name: example-pv
spec:
 capacity:
  storage: 5Gi
 accessModes:
  - ReadWriteOnce
 persistentVolumeReclaimPolicy: Retain
 storageClassName: local-storage
 local:
  path: /mnt/data
 nodeAffinity:
  required:
   nodeSelectorTerms:
   - matchExpressions:
    - key: kubernetes.io/hostname
     operator: In
     values:
     - node-1

To avoid volume node affinity conflicts:

  1. Ensure pod and volume affinities are aligned.

  2. Use storage classes that are compatible with your node affinity rules.

  3. Consider using dynamic provisioning where possible to avoid manual PV creation.

Using Node Affinity with Helm Charts

When using Helm charts, you can often specify node affinity rules in the values.yaml file or by overriding values during installation. Here's an example of how you might set node affinity in a Helm chart's values.yaml:

nodeAffinity:
 requiredDuringSchedulingIgnoredDuringExecution:
  nodeSelectorTerms:
  - matchExpressions:
   - key: kubernetes.io/e2e-az-name
    operator: In
    values:
    - e2e-az1
    - e2e-az2

Then, in your Helm template:

{{- if .Values.nodeAffinity }}
affinity:
 nodeAffinity:
{{ toYaml .Values.nodeAffinity | indent 4 }}
{{- end }}

Best practices for using node affinity in Helm charts:

  1. Make node affinity rules configurable in values.yaml.

  2. Provide sensible defaults that work for most use cases.

  3. Document the available options and their implications in the chart's README.

Debugging Node Affinity Issues

If you're encountering issues with node affinity, here are some steps to debug:

  1. Check node labels: kubectl get nodes --show-labels

  2. Verify pod status: kubectl describe pod <pod-name>

  3. Look for events: kubectl get events

  4. Use kubectl explain to understand the structure of node affinity rules: kubectl explain pod.spec.affinity.nodeAffinity

If you see a message like "didn't match pod's node affinity/selector", it means the pod couldn't be scheduled because no nodes matched the affinity rules.

Additional debugging tips:

  • Use kubectl get pods -o wide to see which nodes pods are scheduled on.

  • Check the Kubernetes scheduler logs for detailed scheduling decisions.

  • Consider using a tool like kube-capacity to visualize node resources and pod placements.

Best Practices

  1. Use node affinity for hardware-specific requirements (e.g., GPU nodes).

  2. Combine required and preferred rules for better scheduling flexibility.

  3. Be cautious with strict node affinity rules in production environments to avoid scheduling bottlenecks.

  4. Regularly review and update node affinity rules as your cluster evolves.

  5. Use node anti-affinity to spread critical applications across failure domains.

  6. Consider using pod affinity for co-locating related services.

  7. Test your affinity rules thoroughly before applying them to production workloads.

  8. Document your node affinity strategy and reasoning for future reference.

  9. Monitor the impact of node affinity rules on cluster utilization and adjust as needed.

  10. Use node affinity in combination with other Kubernetes features like resource requests/limits and priority classes for comprehensive workload management.

Real-World Scenarios and Examples

Scenario 1: High-Performance Computing Cluster

In a high-performance computing environment, you might have nodes with specialized hardware accelerators. Here's how you could use node affinity to target these nodes:

affinity:
 nodeAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
   nodeSelectorTerms:
   - matchExpressions:
    - key: accelerator-type
     operator: In
     values:
     - gpu
     - fpga

This ensures that your compute-intensive workloads only run on nodes with the appropriate hardware.

Scenario 2: Multi-Tenant Cluster

In a multi-tenant cluster, you might want to isolate workloads from different teams or customers:

affinity:
 nodeAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
   nodeSelectorTerms:
   - matchExpressions:
    - key: tenant
     operator: In
     values:
     - team-a

Combined with appropriate node labeling, this ensures that Team A's workloads only run on nodes designated for their use.

Scenario 3: Cost Optimization

For cost optimization, you might want to prefer cheaper nodes but allow for overflow to more expensive ones:

affinity:
 nodeAffinity:
  preferredDuringSchedulingIgnoredDuringExecution:
  - weight: 100
   preference:
    matchExpressions:
    - key: node-type
     operator: In
     values:
     - spot
  - weight: 50
   preference:
    matchExpressions:
    - key: node-type
     operator: In
     values:
     - preemptible

This configuration prefers spot instances, then preemptible instances, but will use on-demand instances if necessary.

As Kubernetes continues to evolve, we can expect to see:

  1. More sophisticated scheduling algorithms that take node affinity into account.

  2. Enhanced integration with cloud provider-specific features.

  3. Improved tooling for visualizing and managing complex affinity rules.

  4. Potential extensions to the node affinity API for even finer-grained control.

Developers should stay informed about these developments and be prepared to adapt their node affinity strategies accordingly.

Conclusion

Node affinity in Kubernetes is a powerful feature that gives developers fine-grained control over pod scheduling. By understanding and effectively using node affinity, you can optimize resource utilization, improve application performance, and enhance the overall reliability of your Kubernetes deployments.

Whether you're working with AKS, EKS, GKE, or a self-managed Kubernetes cluster, mastering node affinity will make you a more effective Kubernetes developer. As you continue to explore this topic, remember to consider the interplay between node affinity and other Kubernetes concepts like taints, tolerations, and pod affinity.

By leveraging node affinity in your deployments, DaemonSets, and other Kubernetes objects, you can create more robust and efficient container orchestration strategies that align with your specific infrastructure and application requirements. The key is to start simple, test thoroughly, and gradually increase complexity as you become more comfortable with the concept.

As containerized applications and microservices architectures become increasingly prevalent, the ability to fine-tune workload placement will only grow in importance. Node affinity, along with its related concepts, provides a powerful toolset for addressing these challenges. By mastering these techniques, you'll be well-equipped to design and manage highly optimized, resilient, and efficient Kubernetes deployments in any environment.

Related resources

SIGKILL vs SIGTERM: A Developer's Guide to Process Termination
SIGKILL vs SIGTERM: A Developer's Guide to Process Termination
· Dmitry Maximov
7 min read

This guide will help you to understand the differences between SIGKILL and SIGTERM, as well as how they're used in environments like Linux, Docker, and Kubernetes

Blog
iStock-1685748885
Understanding and Troubleshooting Out of Memory Error Code 137
· Dmitry Maximov
6 min read

This comprehensive guide will delve into the intricacies of error code 137, its common scenarios, and strategies to resolve it.

Blog
Scale Deployment in Kubernetes
Mastering kubectl Scale Deployment: A Comprehensive Guide for Developers
· Dmitry Maximov
5 min read

Explore how to use kubectl to scale deployments up and down, scale all deployments in a namespace, managing replica sets, and more.

Blog