oc-adm-taint man page

oc adm taint — Update the taints on one or more nodes

Synopsis

oc adm taint [Options]

Description

Update the taints on one or more nodes.

· A taint consists of a key, value, and effect. As an argument here, it is expressed as key=value:effect.

· The key must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to  253 characters.

· Optionally, the key can begin with a DNS subdomain prefix and a single '/', like example.com/my-app

· The value must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to  63 characters.

· The effect must be NoSchedule, PreferNoSchedule or NoExecute.

· Currently taint can only apply to node.

Options

--all=false

Select all nodes in the cluster

--allow-missing-template-keys=true

If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.

-o, --output=""

Output format. One of: json|yaml|name|template|go-template|go-template-file|templatefile|jsonpath|jsonpath-file.

--overwrite=false

If true, allow taints to be overwritten, otherwise reject taint updates that overwrite existing taints.

-l, --selector=""

Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)

--template=""

Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [ ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].

--validate=false

If true, use a schema to validate the input before sending it

Options Inherited from Parent Commands

--allow_verification_with_non_compliant_keys=false

Allow a SignatureVerifier to use keys which are technically non-compliant with RFC6962.

--alsologtostderr=false

log to standard error as well as files

--application_metrics_count_limit=100

Max number of application metrics to store (per container)

--as=""

Username to impersonate for the operation

--as-group=[]

Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

--azure-container-registry-config=""

Path to the file containing Azure container registry configuration information.

--boot_id_file="/proc/sys/kernel/random/boot_id"

Comma-separated list of files to check for boot-id. Use the first one that exists.

--cache-dir="/builddir/.kube/http-cache"

Default HTTP cache directory

--certificate-authority=""

Path to a cert file for the certificate authority

--client-certificate=""

Path to a client certificate file for TLS

--client-key=""

Path to a client key file for TLS

--cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16

CIDRs opened in GCE firewall for LB traffic proxy health checks

--cluster=""

The name of the kubeconfig cluster to use

--container_hints="/etc/cadvisor/container_hints.json"

location of the container hints file

--containerd="unix:///var/run/containerd.sock"

containerd endpoint

--context=""

The name of the kubeconfig context to use

--default-not-ready-toleration-seconds=300

Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.

--default-unreachable-toleration-seconds=300

Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.

--docker="unix:///var/run/docker.sock"

docker endpoint

--docker-tls=false

use TLS to connect to docker

--docker-tls-ca="ca.pem"

path to trusted CA

--docker-tls-cert="cert.pem"

path to client certificate

--docker-tls-key="key.pem"

path to private key

--docker_env_metadata_whitelist=""

a comma-separated list of environment variable keys that needs to be collected for docker containers

--docker_only=false

Only report docker containers in addition to root stats

--docker_root="/var/lib/docker"

DEPRECATED: docker root is read from docker info (this is a fallback, default: /var/lib/docker)

--enable_load_reader=false

Whether to enable cpu load reader

--event_storage_age_limit="default=24h"

Max length of time for which to store events (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is a duration. Default is applied to all non-specified event types

--event_storage_event_limit="default=100000"

Max number of events to store (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is an integer. Default is applied to all non-specified event types

--global_housekeeping_interval=0

Interval between global housekeepings

--housekeeping_interval=0

Interval between container housekeepings

--httptest.serve=""

if non-empty, httptest.NewServer serves on this address and blocks

--insecure-skip-tls-verify=false

If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

--kubeconfig=""

Path to the kubeconfig file to use for CLI requests.

--log-flush-frequency=0

Maximum number of seconds between log flushes

--log_backtrace_at=:0

when logging hits line file:N, emit a stack trace

--log_cadvisor_usage=false

Whether to log the usage of the cAdvisor container

--log_dir=""

If non-empty, write log files in this directory

--logtostderr=true

log to standard error instead of files

--machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"

Comma-separated list of files to check for machine-id. Use the first one that exists.

--match-server-version=false

Require server version to match client version

-n, --namespace=""

If present, the namespace scope for this CLI request

--request-timeout="0"

The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

-s, --server=""

The address and port of the Kubernetes API server

--stderrthreshold=2

logs at or above this threshold go to stderr

--storage_driver_buffer_duration=0

Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction

--storage_driver_db="cadvisor"

database name

--storage_driver_host="localhost:8086"

database host:port

--storage_driver_password="root"

database password

--storage_driver_secure=false

use secure connection with database

--storage_driver_table="stats"

table name

--storage_driver_user="root"

database username

--token=""

Bearer token for authentication to the API server

--user=""

The name of the kubeconfig user to use

-v, --v=0

log level for V logs

--version=false

Print version information and quit

--vmodule=

comma-separated list of pattern=N settings for file-filtered logging

Example

  # Update node 'foo' with a taint with key 'dedicated' and value 'special-user' and effect 'NoSchedule'.
  # If a taint with that key and effect already exists, its value is replaced as specified.
  oc adm taint nodes foo dedicated=special-user:NoSchedule
  
  # Remove from node 'foo' the taint with key 'dedicated' and effect 'NoSchedule' if one exists.
  oc adm taint nodes foo dedicated:NoSchedule-
  
  # Remove from node 'foo' all the taints with key 'dedicated'
  oc adm taint nodes foo dedicated-
  
  # Add a taint with key 'dedicated' on nodes having label mylabel=X
  oc adm taint node -l myLabel=X  dedicated=foo:PreferNoSchedule

See Also

oc-adm(1),

History

June 2016, Ported from the Kubernetes man-doc generator

Referenced By

oc-adm(1).

Openshift CLI User Manuals June 2016