A company’s security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.
Can this be used to schedule containers to meet the security policy requirements?
Solution: node taints
A . Yes
B . No
Answer: A
Explanation:
Node taints are a way to mark nodes in a Swarm cluster so that they can repel or attract certain containers based on their tolerations. By applying node taints to the nodes that are designated for development or production, the company can ensure that only the containers that have the matching tolerations can be scheduled on those nodes. This way, the security policy requirements can be met. Node taints are expressed as key=value:effect, where the effect can be NoSchedule,
PreferNoSchedule, or NoExecute. For example, to taint a node for development only, one can run:
kubectl taint nodes node1 env=dev:NoSchedule
This means that no container will be able to schedule onto node1 unless it has a toleration for the taint env=dev:NoSchedule. To add a toleration to a container, one can specify it in the PodSpec. For example:
tolerations:
– key: "env"
operator: "Equal"
value: "dev"
effect: "NoSchedule"
This toleration matches the taint on node1 and allows the container to be scheduled on it.
Reference: Taints and Tolerations | Kubernetes
Update the taints on one or more nodes in Kubernetes
A Complete Guide to Kubernetes Taints & Tolerations
Latest DCA Dumps Valid Version with 55 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund