Assign Node Labels

A critical application running on a slice can be configured to have its deployments on predefined nodes on a cluster without sharing the nodes with different applications. This is required to avoid security and cluster's multi-tenancy issues such as:

• The deployment that happen on application namespaces onboarded onto a slice are positioned on the cluster nodes arbitrarily. Sometimes, the same nodes on which the deployments happen are shared with other applications and become vulnerable to issues such as denial of service and resource evasion.
• This could also announce as a security issue where an application with the sensitive data is on the same node is shared with others, or the application cannot stay longer without accessing CPU.
• Setting limits and requests does not prevent utilization of common node resources such as network interfaces, SSD drives, and GPUs. These resources do not fit under the scope of the Kubernetes resource quota.

Benefits

• Assigning node labels creates node affinity that allows namespaces to be placed on a node or group of nodes with the same node label. Node Assignment allows restricting the namespaces to only specific nodes with same labels.
• Node Assignment helps in effective management of common node resources such as network interfaces, SSD drives, and GPUs.
• It helps in eliminating security issues by isolating the labeled nodes with applications running on a slice from other nodes on the worker clusters.

note

Kubernetes Pod Warning: 1 nodes(s) had volume node affinity conflict

The error volume node affinity conflict can occur when the persistent volume claims (PVCs) that a pod is using are scheduled in different availability zones rather than in a single zone. As a result, the pod cannot be scheduled because it cannot connect to the volume from another zone.

This error might occur after applying the SliceNodeAffinity object. To avoid this issue, ensure that your pods and persistent volumes (PVs) remain in the same availability zone.

Node Reservation for Slices

SliceNodeAffinity feature ensures that the nodes are reserved exclusively for specific slice. This means that once a node is reserved by one slice, it cannot be reserved by another slice. This approach is crucial for maintaining isolation, security, and resource allocation integrity.

caution

Reserving all available nodes and gateway nodes

Ensure that not all available nodes and KubeSlice gateway nodes are reserved. Reserving these nodes might evict the pods running on the gateway nodes, specifically the kubeslice-gateway pods.

Assign Node Labels to Slices and Namespaces

1. Go to Node Assignment on the left sidebar.

2. On the Node Assignment page, the slices with namespaces onboarded are listed.

   

3. (Optional) Check the cluster details for each slice by expanding its menu.

   

4. (Optional) Under NODE LABELS, click View all to see the assigned node labels for a given slice.

   note

   The View all link under NODE LABELS is visible only when node labels are assigned to a slice. When no node labels are assigned to a slice, No Labels Assigned is shown under NODE LABELS.

5. Select a slice for which you want to assign node labels and click the Assign Node Labels button.

Step 1 - Assign Labels to Slices

The first step is to assign node labels to a slice.

caution

Ensure that the nodes are correctly labeled on the worker clusters. If nodes matching the labels configured under Node Assignment rules are not found, the Kubernetes scheduler places the application pods in the Pending state.

On the Step 1 - Assign to Slice tab, under NODE LABELS, no labels are assigned to the slice.

To assign node labels to a slice:

1. On the Step 1 - Assign to Slice tab, under LABEL NAME, select the labels that you want to assign to the slice.

   Use the Search by Label search box to look for a label. Pull down the same search box menu for Search by Cluster to look for labels by a worker cluster.

2. After labels are selected, they appear under SELECTED LABELS for all the worker clusters. You can choose to remove a label by clicking the x for a label or click CLEAR to remove labels for a worker cluster.

   

3. Click Next to go to step 2.

Step 2 - Assign Labels to Namespaces

The second step is to assign node labels to namespaces.

caution

Ensure that the nodes are correctly labeled on the worker clusters. If nodes matching the labels configured under Node Assignment rules are not found, the Kubernetes scheduler places the application pods in the Pending state.

To assign node labels to namespaces:

1. On the Step 2 - Assign to Namespaces tab, select the namespace you want to assign namespaces to and click ASSIGN NODE LABELS.

   

   Use the Search by Namespaces search box to look for namespaces. Pull down the same search box menu for Search by Cluster to look for namespaces in a worker cluster.

2. On the Assign Node Labels dialog, select the node labels that you want to assign and click Done.

   

3. On the Step 2 - Assign to Namespaces tab, the labels assigned are under ASSIGNED NODE LABELS.

   

4. (Optional) Alternatively, you can skip assigning node labels to namespaces.

5. Click Next to go to step 3 for applying the YAML file.

Step 3 - Apply YAML to Assign Node Labels

The third step is to apply YAML to save the assigned node labels.

To apply the YAML file:

1. On the Step 3 - Apply YAML tab, under Code Preview, you can preview the assigned node labels.

   

2. Click Apply YAML file to save the configuration.

3. Click Next to go to step 4.

Step 4 - Finalize

The fourth step is to preview the finalize the configuration.

To finalize the assigned node labels:

1. On the Step 4 - Finalize tab, click View all for the slice and namespaces to verify the node labels assigned to them.

2. Click Done after verifying the node labels. The slice with node labels assigned is on the Assign Node Labels page.

3. Under Node Labels, click View all to see the assigned node labels for that slice.

4. On the Assigned Node Labels dialog, the node labels assigned to that slice are listed.

5. On the Assigned Node Labels dialog, to see assignment details of a node label, click View under description of that label.

6. Click Hide to hide the details and close the dialog or just close the dialog.

Edit Node Labels of Slices and Namespaces

You can edit a slice that has existing node labels to add new labels to it or to the onboarded namespaces.

To edit the node labels of a slice:

1. Go to Node Assignment on the left sidebar.

2. On the Node Assignment page, Under Slices, select a slice and click the Edit Node Labels button.

   

Step 1 - Edit Node Labels of a Slice

The first step is to edit the node labels for a slice.

caution

Ensure that the nodes are correctly labeled on the worker clusters. If nodes matching the labels configured under Node Assignment rules are not found, the Kubernetes scheduler places the application pods in the Pending state.

To edit labels of a slice:

1. On the Step 1 - Assign to Slice tab, add a new node label to worker clusters. You can also add a new label to only a specific worker cluster.

2. After editing the node labels, click Next to go to step 2.

Step 2 - Edit Node Labels of Namespaces

The second step is to edit the node labels for namespaces.

caution

Ensure that the nodes are correctly labeled on the worker clusters. If nodes matching the labels configured under Node Assignment rules are not found, the Kubernetes scheduler places the application pods in the Pending state.

To edit the node labels assigned to namespaces:

1. On the Step 2 - Assign to Namespaces tab, select the namespace for which you want to add or remove node labels.

2. On the Assign Node Labels dialog, select a node label or unselect an assigned node label if you want to remove it.

3. Click Done.

4. On the Step 2 - Assign to Namespaces tab, the edits that you have done reflect under ASSiGN NODE LABELS.

5. Click Next to go to step 3.

Step 3 - Apply YAML to Assign Labels

The third step is to apply the YAML configuration.

To apply the YAML file:

1. On the Step 3 - Apply YAML, verify the configuration under Code Preview. You can also click View all under Node Labels for slice and namespaces to see the assigned node labels.

2. Click Apply YAML to save the configuration.

3. Click Next to go to step 4.

Step 4 - Finalize

The fourth step is to finalize the updated node label assignment.

To finalize the node labels assignment:

1. On the Step 4 - Finalize, click View all under Node Labels for slice and namespaces to verify and confirm.

2. Click Done to confirm the changes. On the Node Assignment page, under Node Labels, click View all to again verify the node labels.

Remove Assigned Node Labels from Namespaces

To remove the assigned node labels from namespaces:

1. Go to Node Assignment on the left sidebar.

2. On the Node Assignment page, select the slice and click the Edit Node Labels button.

3. On the Step 1 - Assign to Slice tab, click Next to go to step 2.

   

4. There are two ways to remove assigned node labels from namespaces:

   • On the Step 1 - Assign to Slice tab, Under SELECTED LABELS, remove the node label by clicking its x mark.

   • On the Step 2 - Assign to Namespaces tab, select the namespace you want to remove assigned node labels from. Click ASSIGN NODE LABELS, and on the Assign Node Labels dialog, unselect the node labels that you want to remove.

   

5. Click Next to go to step 3 and verify the new configuration under Code Preview.

6. Click Apply YAML to save the configuration.

7. Click Next to go to step 4.

8. On the Step 4 - Finalize tab, verify the assigned node labels that you have just removed from the namespace.

9. Click Done to confirm that you have removed the assigned node labels.

Remove Assigned Node Labels from a Slice

To remove the assigned node labels from a slice:

1. Go to Node Assignment on the left sidebar.

2. On the Node Assignment page, select the slice and click the Edit Node Labels button.

3. Click CLEAR ALL to remove all the assigned node labels. The system warns you that all the assigned node labels will be removed. Confirm that you want to remove. Confirming removal takes you to Step 3 - Apply YAML.

   

4. On the Step 3 - Apply YAML tab, verify the updated configuration under Code Preview.

5. Click Apply YAML to save the configuration.

6. Click Next to go to step 4.

7. On the Step 4 - Finalize page, verify that all the assigned node labels are removed from that slice.

   

8. Click Done.

info

Node labels can be assigned using the YAML configuration. For more information, see assign node labels using YAML.