Add toleration with toleration seconds condition

[zhouya0]

This PR adds the condition that the tolerations with toleration seconds.
Ref: kubernetes/kubernetes#92170 (comment)

[zhouya0]

/assign @alculquicondor

[netlify]

Deploy preview for kubernetes-io-master-staging ready!

Built with commit 8bfb8dd

https://deploy-preview-24041--kubernetes-io-master-staging.netlify.app

[netlify]

Deploy preview for kubernetes-io-master-staging ready!

Built with commit 3409144

https://deploy-preview-24041--kubernetes-io-master-staging.netlify.app

[alculquicondor]

This makes very little sense, sorry.

I think this should be pointed out as a note to the following paragraphs, which describe the tolerationSeconds functionality. There is a toleration anyways, so the third bullet applies, thus the pod can be scheduled.

[sftim]

@zhouya0 I'm afraid I agree with @alculquicondor

Was there a part of the page you found confusing? Maybe knowing that will help someone propose a different change that still reduces the confusion you noticed.

[alculquicondor]

Context: kubernetes/kubernetes#92170

[alculquicondor]

More specifically, kubernetes/kubernetes#92170 (comment)

[zhouya0]

@alculquicondor @sftim
I followed your suggestions. Please review this again :)

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign sftim
You can assign the PR to them by writing /assign @sftim in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• content/en/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[alculquicondor]

I think we are lacking some subsections for the whole "concepts" section. @sftim, could you advice?

In particular, I feel like there should be subtitle before line 132.

Other than that, we have to stress the fact that, even with "tolerationSeconds", this is still a toleration, and for that reason the Pod can get scheduled in the same node again.

Instead of "to avoid such behavior", I would say "If this is not what you want", then "you can add a NoSchedule taint additionally to the NoExecute taint".

Then, I don't think you have to distinguish system-level taints (what is that anyways?). Only the second point is relevant.

[sftim]

Sure, feel free to add a heading before line 132 - no objection from me for doing that.

[alculquicondor]

The problem is that then that heading seems isolated. We don't have a heading for "taints" or "tolerations". But maybe we can fix that in a follow up.

[zhouya0]

I think system-level taints is like node.kubernetes.io/unreachable when node is down. And controller will add both NoExcute and NoSchedule taint to the node.

[alculquicondor]

That's already covered in https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/#taint-nodes-by-condition

The fact that they are added automatically doesn't change how you write tolerations for them :)

[sftim]

BTW, PR #25998 is improving some of the documentation in this area.

[alculquicondor]

ping for the last review comments

[zhouya0]

ping for the last review comments

Sorry I have to say, with my poor english, I can't do Other than that, we have to stress the fact that, even with "tolerationSeconds", this is still a toleration, and for that reason the Pod can get scheduled in the same node again. in a standard format.

I'll leave this to other contributors :)

[alculquicondor]

Thanks for the progress @zhouya0

[sftim]

@zhouya0 this proposed wording is not quite idiomatic English. I have guessed at what you meant to say and proposed another way to write that. How do these suggestions look?

[sftim]

Suggested change

	- If the node is tainted by system admin, the best practice is to apply both `NoExecute` and `NoSchedule` taints; otherwise, the pod may be
	scheduled and evicted back and forth.
	- If you are setting a `NoExecute` taint manually on a node, you should normally also
	set `NoSchedule`. Otherwise, any new Pod that could run on this node may be scheduled
	onto, it but then immediately face eviction because of the `NoExecute` taint.

[sftim]

@zhouya0 is this another way of writing what you meant?

Suggested change

	- If the node is added system-level taints, Kubernetes will be responsible for applying `NoExecute` taint, as well as `Noschedule` taint.
	So the pod won't be scheduled to the prior node.
	- If the node is tainted based on kubelet or node status , Kubernetes is responsible for applying the `NoExecute` and `NoSchedule` taints. These taints prevent the scheduler placing the replacement Pod onto the same node.

[kbhawkey]

Hi @zhouya0 .
Thanks for contributing!
What do you think about accepting the suggested changes?

[tengqm]

/close
No response from author for a long ... time.

[k8s-ci-robot]

@tengqm: Closed this PR.

In response to this:

/close
No response from author for a long ... time.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.