Update node labels and taints for existing node pools


This page provides instructions on how to dynamically update the node labels and node taints of an existing node pool in a Google Kubernetes Engine (GKE) Standard cluster.

You can also dynamically apply and update network tags in GKE Autopilot or Standard clusters. For instructions, refer to Use network tags to apply firewall rules to nodes.

Overview

Node taints and labels are in the object metadata of Kubernetes nodes. Labels are used to schedule Pods on particular nodes, where taints can be used to steer Pods away from them.

Using the Kubernetes Engine API, you can apply updates on the node labels, and node taints of an existing GKE node pool without needing to recreate the node pool or disrupt running workloads. The updated node pool configuration is preserved in GKE, so that future node pool upgrades and new node provisions in the node pool will use the new configuration.

Limitations

There are some limitations for using the Kubernetes Engine API to dynamically update node pool configurations:

  • The version for the node pool must be 1.19.7-gke.1500 or later.
  • The version for the cluster's control plane must be 1.23.4-gke.300 or later to apply updates to node labels or node taints for existing node pools with cluster autoscaler enabled. For clusters on earlier versions, you can use the following workaround: Disable autoscaling on the node pool, and then update the node labels and/or taints. After the updates have been applied, re-enable autoscaling.

Updating node labels

To update node labels for a node pool, use the following command:

gcloud container node-pools update NODEPOOL_NAME \
    --node-labels=[NODE_LABEL,...] \
    [--cluster=CLUSTER_NAME] [--region=REGION | --zone=ZONE]
    [GCLOUD_WIDE_FLAG ]

Replace the following:

  • NODEPOOL_NAME: the name of the node pool to update.
  • [NODE_LABEL,...]: the desired new node labels (for example, label1=value1,label2=value2).
  • CLUSTER_NAME: the name of the cluster.
  • REGION: the Compute Engine region for the cluster.
  • ZONE: the Compute Engine zone for the cluster.

Updating node taints

To update node taints for a node pool, use the following command:

gcloud container node-pools update NODEPOOL_NAME \
    --node-taints=[NODE_TAINT,...] \
    [--cluster=CLUSTER_NAME] [--region=REGION | --zone=ZONE]
    [GCLOUD_WIDE_FLAG ]

Replace the following:

  • NODEPOOL_NAME: the name of the node pool to update.
  • [NODE_TAINT,...]: the desired new node taints (for example, key1=val1:NoSchedule,key2=val2:PreferNoSchedule).
  • CLUSTER_NAME: the name of the cluster.
  • REGION: the Compute Engine region for the cluster.
  • ZONE: the Compute Engine zone for the cluster.

What's next