Isolate cluster nodes with Kubernetes

This topic describes how to use a Kubernetes namespace to deploy a Kubernetes workload to worker nodes using the MKE web UI.

MKE uses the scheduler.alpha.kubernetes.io/node-selector annotation key to assign node selectors to namespaces. Assigning the name of the node selector to this annotation pins all applications deployed in the namespace to the nodes that have the given node selector specified.

To isolate cluster nodes with Kubernetes:

  1. Create a Kubernetes namespace.

    Note

    You can also associate nodes with a namespace by providing the namespace definition information in a configuration file.

    1. Log in to the MKE web UI as an administrator.

    2. In the left-side navigation panel, navigate to Kubernetes and click Create to open the Create Kubernetes Object page.

    3. Paste the following in the Object YAML editor:

      apiVersion: v1
      kind: Namespace
      metadata:
        name: namespace-name
      
    4. Click Create to create the namespace-name namespace.

  2. Grant access to the Kubernetes namespace:

    1. Create a role binding for a user of your choice to access the namespace-name namespace with the built-in cluster-admin Cluster Role.

  3. Associate nodes with the namespace:

    1. From the left-side navigation panel, navigate to Shared Resources > Nodes.

    2. Select the required node.

    3. Click the Edit Node icon in the upper-right corner.

    4. Scroll down to the Kubernetes Labels section and click Add Label.

    5. In the Key field, enter zone.

    6. In the Value field, enter example-zone.

    7. Click Save.

    8. Add a scheduler node selector annotation as part of the namespace definition:

      apiVersion: v1
         kind: Namespace
         metadata:
            annotations:
            scheduler.alpha.kubernetes.io/node-selector: zone=example-zone
            name: ops-nodes