Nodes

Nodes are the worker machines that run containerized workloads. Manage node lifecycle, control scheduling, and configure taints and labels for workload placement.

Key Concepts

Node

A worker machine (physical or virtual) that runs pods.

Cordon

Mark a node as unschedulable to prevent new pods.

Drain

Safely evict all pods before maintenance.

Taint

Prevent pods from scheduling unless they have matching tolerations.

Required Permissions

Action	Permission
View nodes	`iam:project:infrastructure:kubernetes:read`
Add/Remove nodes	`iam:project:infrastructure:kubernetes:write`
Cordon/Drain/Uncordon	`iam:project:infrastructure:kubernetes:write`
Manage taints/labels	`iam:project:infrastructure:kubernetes:write`

How to Add Nodes to a Cluster

Configure Nodes

First, configure nodes in cluster settings with hostname, IP, and role.

Click Add Node

Click Add Node in the header.

Select Nodes

Select available nodes from the list.

Join Nodes

Click Add Selected to join nodes to the cluster.

Nodes must be reachable via SSH and meet cluster requirements before joining.

How to Remove Nodes

Select Nodes

Use checkboxes to select nodes to remove.

Click Remove

Click Remove.

Confirm

Confirm removal. Nodes will be drained and removed.

Ensure other nodes have capacity for evicted pods before removing nodes.

How to Cordon a Node

Cordoning prevents new pods from being scheduled on a node. Existing pods continue running.

Find the Node

Locate the node in the list or detail page.

Click Cordon

Click Cordon from the actions menu.

Verify

The node shows a cordoned indicator.

How to Drain a Node

Draining evicts all pods from a node before maintenance.

Find the Node

Locate the node to drain.

Click Drain

Click Drain from the actions menu.

Confirm

Confirm the drain operation.

Drain behavior:

Regular pods are evicted and rescheduled
DaemonSet pods are skipped
Static pods are skipped
Pods with local storage may fail without force flag

Drain makes the node unschedulable. Use uncordon to allow scheduling again.

How to Uncordon a Node

Find the Cordoned Node

Locate the node showing cordoned status.

Click Uncordon

Click Uncordon from the actions menu.

Verify

The node can now accept new pods.

How to Add a Taint

Taints prevent pods from scheduling unless they have matching tolerations.

Open Node Detail

Click on a node to open details.

Click Add Taint

Click Add Taint in the Taints section.

Configure Taint

Key - Taint identifier (e.g., dedicated, gpu)
Value - Optional value (e.g., gpu-node)
Effect - Scheduling behavior

Add

Click Add Taint.

Taint effects:

Effect	Description
`NoSchedule`	Pods without toleration won’t be scheduled
`PreferNoSchedule`	System tries to avoid scheduling pods without toleration
`NoExecute`	Existing pods without toleration will be evicted

How to Remove a Taint

Find the Taint

Locate the taint in the node detail page.

Click Remove

Click the delete icon on the taint.

Confirm

Confirm the removal.

How to Add a Label

Labels help organize nodes and enable workload targeting.

Open Node Detail

Click on a node to open details.

Click Add Label

Click Add Label in the Labels section.

Configure Label

Key - Label key (e.g., environment, tier)
Value - Label value (e.g., production, frontend)

Add

Click Add Label.

How to Remove a Label

Find the Label

Locate the label badge in the node detail page.

Click Remove

Click on the label to remove it.

Confirm

Confirm the removal.

Avoid removing system labels prefixed with kubernetes.io/ or node.kubernetes.io/ as they may affect cluster functionality.

Troubleshooting

Node shows NotReady status

Check kubelet is running on the node
Verify network connectivity to control plane
Check node conditions for memory, disk, or PID pressure
Review kubelet logs

Drain operation fails

Some pods may have PodDisruptionBudgets preventing eviction
Pods with local storage may not drain without force
Check drain summary for specific failures

Pods not scheduling on node

Check if node is cordoned
Verify node has sufficient resources
Check for taints that may prevent scheduling
Ensure pods have matching tolerations

Cannot add taint or label

Verify you have write permission
Check key format is valid
System labels may be protected

FAQ

What's the difference between cordon and drain?

Cordon only marks the node as unschedulable. Drain both cordons AND evicts all pods.

What happens to pods when I drain?

Pods are gracefully terminated and rescheduled on other nodes. DaemonSet and static pods are skipped.

How do taints and tolerations work?

Taints on nodes repel pods. Tolerations on pods allow them to schedule on tainted nodes. A pod must tolerate all taints on a node to schedule there.

Can I remove a master node?

Yes, but ensure you have other masters for high availability. Removing the last master makes the cluster unavailable.

Getting Started

Infrastructure

Platform Services

CI/CD & Deployments

Pipeline & Helm

Performance Testing

Security

Mesh Networking

Access Management

Audit & Compliance

Settings

Key Concepts

Node

Cordon

Drain

Taint

Required Permissions

How to Add Nodes to a Cluster

How to Remove Nodes

How to Cordon a Node

How to Drain a Node

How to Uncordon a Node

How to Add a Taint

How to Remove a Taint

How to Add a Label

How to Remove a Label

Troubleshooting

FAQ

Getting Started

Infrastructure

Platform Services

CI/CD & Deployments

Pipeline & Helm

Performance Testing

Security

Mesh Networking

Access Management

Audit & Compliance

Settings

​Key Concepts

Node

Cordon

Drain

Taint

​Required Permissions

​How to Add Nodes to a Cluster

​How to Remove Nodes

​How to Cordon a Node

​How to Drain a Node

​How to Uncordon a Node

​How to Add a Taint

​How to Remove a Taint

​How to Add a Label

​How to Remove a Label

​Troubleshooting

​FAQ

Key Concepts

Required Permissions

How to Add Nodes to a Cluster

How to Remove Nodes

How to Cordon a Node

How to Drain a Node

How to Uncordon a Node

How to Add a Taint

How to Remove a Taint

How to Add a Label

How to Remove a Label

Troubleshooting

FAQ