| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2025-02-01 |
openshift, kubernetes, affinity, taint, edge node, edge |
openshift |
{{site.data.keyword.attribute-definition-list}}
{: #edge}
- Ensure that you have the following IAM roles:
- Any platform access role for the cluster
- Writer or Manager service access role for all namespaces
- Access your {{site.data.keyword.redhat_openshift_notm}} cluster.
To isolate your workload to edge worker nodes:
-
Create a worker pool with the label
dedicated=edgeor add the label to one of your existing worker pools.-
To create a Classic worker pool, you can use the
worker-pool create classiccommand.ibmcloud oc worker-pool create classic --name POOL_NAME --cluster CLUSTER --flavor FLAVOR --size-per-zone WORKERS_PER_ZONE --hardware ISOLATION --label dedicated=edge
{: pre}
-
To create a VPC worker pool, you can use the
worker-pool create vpc-gen2command.ibmcloud oc worker-pool create vpc-gen2 --name POOL_NAME --cluster CLUSTER --flavor FLAVOR --size-per-zone WORKERS_PER_ZONE --hardware ISOLATION --label dedicated=edge
{: pre}
-
To label an existing worker pool, you can use the
worker-pool label setcommand.ibmcloud oc worker-pool label set --cluster CLUSTER --worker-pool POOL --label dedicated=edge{: pre}
-
-
Verify that the worker pool and worker nodes have the
dedicated=edgelabel.-
To check the worker pool, use the
getcommand.ibmcloud oc worker-pool get --cluster <cluster_name_or_ID> --worker-pool <worker_pool_name_or_ID>
{: pre}
-
To check individual worker nodes, review the Labels field of the output of the following command.
oc describe node <worker_node_private_IP>
{: pre}
-
-
Retrieve all existing Ingress Controllers in the cluster.
oc get ingresscontroller -n openshift-ingress-operator
{: pre}
Example output
NAME AGE default 5h37m
{: screen}
-
Edit the Ingress Controller.
oc edit ingresscontroller -n openshift-ingress-operator default
{: pre}
-
Set the
spec.nodePlacementfield to the following. For more information, see the Red Hat documentation{: external}.nodePlacement: nodeSelector: matchLabels: dedicated: edge tolerations: - effect: NoSchedule operator: Exists
{: codeblock}
-
Save and close the file.
-
Verify that router pods are scheduled onto edge nodes and are not scheduled onto compute nodes.
oc describe nodes -l dedicated=edge | grep "router-*"
{: pre}
Example output
openshift-ingress router-default-7784f69c7c-qq577 100m (2%) 0 (0%) 256Mi (1%) 0 (0%) 5m4s openshift-ingress router-default-7784f69c7c-7rwrj 100m (2%) 0 (0%) 256Mi (1%) 0 (0%) 5m5s
{: screen}
-
Confirm that no router pods are deployed to non-edge nodes.
oc describe nodes -l dedicated!=edge | grep "router-*"
{: pre}
If the router pods are correctly deployed to edge nodes, no router pods are returned. Your routers are successfully rescheduled onto only edge worker nodes.
You labeled worker nodes in a worker pool with dedicated=edge and redeployed all the existing ALBs to the edge nodes. All subsequent ALBs that are added to the cluster are also deployed to an edge node in your edge worker pool. Next, you can prevent other workloads from running on edge worker nodes.