🐶
Kubernetes

Kubernetes Add Roles to Nodes: A Complete Guide

By Jan on 02/11/2025

Learn how to manage access and permissions for your Kubernetes applications by adding roles to nodes in this comprehensive guide.

Kubernetes Add Roles to Nodes: A Complete Guide

Table of Contents

Introduction

In Kubernetes, you don't directly assign roles like "master" or "worker" to nodes. Instead, you use labels, which are key-value pairs that help organize and select resources. A common format for node role labels is node-role.kubernetes.io/<role>. For instance, to designate a node as a worker, you would use the label node-role.kubernetes.io/worker=. You can view existing node labels using the command kubectl get nodes --show-labels. If you see <none> under "ROLES," it signifies that no role labels are currently assigned. Tools like kubeadm might automatically add some role labels during the cluster creation process. It's crucial to understand that while you can label nodes for roles, the actual components running on a node, such as kubelet and kube-proxy, determine its functionality. Simply adding a role label doesn't automatically install the necessary components. You need to configure those separately based on your desired node type, whether it's a control plane node, a worker node, or another type.

Step-by-Step Guide

In Kubernetes, you don't directly assign roles to nodes like "master" or "worker." Instead, you use labels.

  1. Labels are key-value pairs that help you organize and select resources.

  2. A common label format for node roles is node-role.kubernetes.io/<role>.

    For example, to mark a node as a worker, you'd use:

    kubectl label node <node-name> node-role.kubernetes.io/worker=

  3. You can check existing node labels with:

    kubectl get nodes --show-labels

  4. If you see <none> under "ROLES," it means no role labels are assigned yet.

  5. Tools like kubeadm might automatically add some role labels during cluster creation.

  6. While you can label nodes for roles, the actual components running on a node (like kubelet, kube-proxy) determine its functionality.

  7. Important: Simply adding a role label doesn't magically install necessary components. You need to configure those separately based on your desired node type (control plane, worker, etc.).

Code Example

This code demonstrates how to label nodes in a Kubernetes cluster for different roles, such as "control-plane" and "worker". It shows how to list existing nodes and their labels, add new labels to specific nodes using kubectl command, and verify the updated labels. The example emphasizes that labeling is just for identification and additional configuration is required for the nodes to function in their designated roles.

This example demonstrates how to label nodes in a Kubernetes cluster for different roles.

1. List existing nodes and their labels:

kubectl get nodes --show-labels

Output (example):

NAME       STATUS   ROLES    AGE   VERSION   LABELS
node1      Ready    <none>   24h   v1.25.4   kubernetes.io/hostname=node1, ...
node2      Ready    <none>   24h   v1.25.4   kubernetes.io/hostname=node2, ...
node3      Ready    <none>   24h   v1.25.4   kubernetes.io/hostname=node3, ...

2. Label node1 as a "control-plane" node:

kubectl label node node1 node-role.kubernetes.io/control-plane=

3. Label node2 and node3 as "worker" nodes:

kubectl label node node2 node-role.kubernetes.io/worker=
kubectl label node node3 node-role.kubernetes.io/worker=

4. Verify the updated labels:

kubectl get nodes --show-labels

Output (example):

NAME       STATUS   ROLES                              AGE   VERSION   LABELS
node1      Ready    control-plane                      24h   v1.25.4   kubernetes.io/hostname=node1, node-role.kubernetes.io/control-plane=, ...
node2      Ready    worker                             24h   v1.25.4   kubernetes.io/hostname=node2, node-role.kubernetes.io/worker=, ...
node3      Ready    worker                             24h   v1.25.4   kubernetes.io/hostname=node3, node-role.kubernetes.io/worker=, ...

Important Notes:

  • This example only demonstrates labeling nodes. You still need to configure the necessary components (like kubelet, kube-proxy, kube-apiserver, etc.) on each node based on its intended role.
  • Tools like kubeadm might automatically label nodes during cluster creation. Check your tool's documentation for details.
  • You can use other label keys and values to organize your nodes based on your specific needs.

This code example provides a practical demonstration of how to use labels to identify node roles in a Kubernetes cluster. Remember that labeling is just the first step; you need to configure the necessary components separately to ensure your nodes function as intended.

Additional Notes

  • Flexibility: Labels offer great flexibility. You can use custom labels beyond standard roles to categorize nodes based on environment, hardware, team, etc. This helps in scheduling Pods specifically to matching nodes.
  • Taints and Tolerations: While labels are for expressing node characteristics, "taints" make nodes less desirable for Pods. "Tolerations" on Pods allow them to still run on tainted nodes, creating a powerful selection mechanism.
  • Label Selectors: Various Kubernetes objects (Deployments, Services) use "label selectors" to target specific nodes. For example, you can schedule a Pod to run only on nodes labeled node-role.kubernetes.io/worker=.
  • Dynamic Updates: You can add or modify labels on running nodes. Kubernetes will detect these changes and potentially reschedule Pods to respect new constraints, though this depends on your configuration.
  • No Strict Enforcement: It's important to reiterate that labels are primarily for organization and selection. Kubernetes itself doesn't prevent you from running control plane components on a node labeled as a worker, though it's highly discouraged for security and stability.
  • Cloud Provider Integration: Cloud providers often have their own mechanisms for managing node roles, which might integrate with or be an alternative to Kubernetes labels. Consult your provider's documentation.
  • Best Practices: Establish clear naming conventions for your labels to avoid confusion. Use tools like kubectl get nodes -l <label-key> to filter and manage nodes based on labels effectively.

Summary

Feature Description
Node Roles Kubernetes doesn't use fixed roles like "master" or "worker." Instead, it relies on labels for flexibility.
Labels Key-value pairs used to organize and select resources, including nodes.
Role Label Format node-role.kubernetes.io/<role>, e.g., node-role.kubernetes.io/worker
Labeling Nodes Use kubectl label node <node-name> <label>=
Checking Labels Use kubectl get nodes --show-labels
No Roles Assigned Indicated by <none> under "ROLES" column.
Automatic Labeling Tools like kubeadm might add role labels during cluster setup.
Labels vs. Functionality Labels help organize, but the components running on a node (like kubelet, kube-proxy) determine its actual role.
Important Note Adding a role label doesn't install necessary components. You need to configure them separately based on the desired node type.

Conclusion

In conclusion, while Kubernetes doesn't have rigid node roles, labels provide a flexible and powerful mechanism to categorize and manage nodes. By using labels effectively, you can organize your cluster, influence Pod scheduling, and integrate with other Kubernetes features like taints and tolerations. However, remember that labels are primarily for identification and selection; you must configure the necessary components on each node to ensure they fulfill their intended roles within the cluster.

References

  • Both nodes have Role=<none> ; How to assign master role to a ... Both nodes have Role= ; How to assign master role to a ... | Hi *. I’ve setup a two node cluster with microk8s and it works. I ran in an issue with an error message like 1 node(s) didn't match Pod's node affinity/selector. After some troubleshooting I found out that none of my nodes seem to have the master role kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME ubuntu-k8-sradtke Ready 14d v1.23.3-2+d44106...
  • How to Add Roles to Nodes in Kubernetes? - GeeksforGeeks How to Add Roles to Nodes in Kubernetes? - GeeksforGeeks | A Computer Science portal for geeks. It contains well written, well thought and well explained computer science and programming articles, quizzes and practice/competitive programming/company interview Questions.
  • Roles for Nodes in Kubernetes | Rancher Roles for Nodes in Kubernetes | Rancher | This section describes the roles for etcd nodes, controlplane nodes, and worker nodes in Kubernetes, and how the roles work together in a cluster.
  • Nodes | Kubernetes Nodes | Kubernetes | Kubernetes runs your workload by placing containers into Pods to run on Nodes. A node may be a virtual or physical machine, depending on the cluster. Each node is managed by the control plane and contains the services necessary to run Pods. Typically you have several nodes in a cluster; in a learning or resource-limited environment, you might have only one node. The components on a node include the kubelet, a container runtime, and the kube-proxy.
  • Automatically add roles to non-controlplane nodes · Issue #1487 ... Automatically add roles to non-controlplane nodes · Issue #1487 ... | FEATURE REQUEST Automatically add node-labels: "node-role.kubernetes.io/node=" to kubeletExtraArgs for non-controlplane nodes. So it would show role node instead of What happened? kubernetes...
  • Amazon EKS node IAM role - Amazon EKS Amazon EKS node IAM role - Amazon EKS | Before you create nodes, you must create an IAM role with the ... role associated to the Kubernetes service account instead of assigning it to this role.
  • Nodes | RKE1 Nodes | RKE1 | The nodes directive is the only required section in the cluster.yml file. It's used by RKE to specify cluster node(s), ssh credentials used to access the node(s) and which roles these nodes will be in the Kubernetes cluster.
  • Remove role from node - Rancher - Rancher Labs Remove role from node - Rancher - Rancher Labs | Hello there. How is it possible to remove a role from a specific node (etcd / controlplane / worker)? I manage to remove the labels - but this does not remove the components from the nodes. I also tried to redeploy the rancher-agent with the according flags. This didn’t work neither. Is there a way to remove roles without having to delete / purge the node? I’m grateful for any inputs.
  • How to Add Roles to Nodes in Kubernetes | Baeldung on Ops How to Add Roles to Nodes in Kubernetes | Baeldung on Ops | Learn how to assign roles to Kubernetes nodes, from listing nodes to labeling them with specific roles.

Were You Able to Follow the Instructions?

😍Love it!
😊Yes
😐Meh-gical
😞No
🤮Clickbait

Related posts

Kubernetes Ingress Nginx Controller Admission Service Not Found

Troubleshoot common Kubernetes Nginx Ingress error "service ingress-nginx-controller-admission not found" with this comprehensive guide.

kubectl Get Events Sorted by Field & Filter Output

Learn how to use kubectl effectively to get events sorted by specific fields and display only the event details you need.

Completely Uninstall Kubernetes: A Step-by-Step Guide

Learn how to completely uninstall and remove Kubernetes from your system, including all components and configurations.