Mastering Node Readiness Controller: Ensuring Node Health in Kubernetes
The Node Readiness Controller exists to solve a critical problem in Kubernetes: ensuring that workloads are only placed on nodes that meet specific infrastructure requirements. Traditional readiness checks can fall short, especially during node bootstrapping. This controller enhances the readiness guarantee by dynamically managing taints based on custom health signals, thus preventing workloads from being scheduled on nodes that are not yet ready.
At its core, the Node Readiness Controller revolves around the NodeReadinessRule (NRR) API. This allows you to define declarative gates for your nodes. You can set it up in two operational modes: 'continuous enforcement' for ongoing checks or 'bootstrap-only enforcement' for one-time initialization steps. The controller reacts to Node Conditions, which means it doesn't perform health checks itself but relies on existing conditions to determine readiness. For example, you can create a rule that specifies a condition type like 'cniplugin.example.net/NetworkReady' and requires its status to be 'True'. If the condition is not met, the controller applies a taint, such as 'readiness.k8s.io/acme.com/network-unavailable', with an effect of 'NoSchedule' to prevent scheduling on that node.
In production, deploying new readiness rules carries inherent risks, especially across a fleet of nodes. You need to be cautious about the implications of taints and ensure that your conditions are correctly defined. The dry run mode can be a lifesaver here, allowing you to simulate the impact of your rules before applying them. Remember, this controller is set to be available starting February 3, 2026, so plan your upgrades accordingly.
Key takeaways
- →Define NodeReadinessRule (NRR) to set custom readiness gates for your nodes.
- →Choose between 'continuous enforcement' and 'bootstrap-only enforcement' based on your needs.
- →Utilize dry run mode to simulate impacts before applying taints to your nodes.
- →React to Node Conditions instead of performing health checks directly.
- →Be cautious when deploying new readiness rules across a fleet.
Why it matters
In production, ensuring that workloads are only scheduled on fully prepared nodes can significantly reduce downtime and improve application reliability. The Node Readiness Controller helps maintain this readiness throughout the node's lifecycle.
Code examples
1apiVersion: readiness.node.x-k8s.io/v1alpha1
2kind: NodeReadinessRule
3metadata:
4 name: network-readiness-rule
5spec:
6 conditions:
7 - type: "cniplugin.example.net/NetworkReady"
8 requiredStatus: "True"
9 taint:
10 key: "readiness.k8s.io/acme.com/network-unavailable"
11 effect: "NoSchedule"
12 value: "pending"
13enforcementMode: "bootstrap-only"
14nodeSelector:
15 matchLabels:
16 node-role.kubernetes.io/worker: ""When NOT to use this
The official docs don't call out specific anti-patterns here. Use your judgment based on your scale and requirements.
Want the complete reference?
Read official docsUnified observability — logs, uptime monitoring, and on-call in one place. Used by 50,000+ engineering teams to ship faster and sleep better.
Try Better Stack free →Securing GitHub Actions: Best Practices for Dependency Management
In a world where CI/CD pipelines are critical, securing your GitHub Actions dependencies is non-negotiable. Pinning versions and enforcing strict permissions can prevent vulnerabilities from third-party actions. Let's dive into how to implement these strategies effectively.
Unlocking Performance with Kubernetes Pod-Level Resource Managers
Kubernetes v1.36 introduces Pod-Level Resource Managers, a game changer for performance-sensitive workloads. This feature allows for hybrid resource allocation models, enhancing efficiency without compromising NUMA alignment.
Streamline Your Hybrid Kubernetes Networking with EKS Hybrid Nodes Gateway
Hybrid cloud environments are complex, but the Amazon EKS Hybrid Nodes gateway simplifies networking between on-premises and cloud resources. By leveraging Cilium's VXLAN Tunnel Endpoint feature, it creates seamless connections that keep your applications running smoothly.
Get the daily digest
One email. 5 articles. Every morning.
No spam. Unsubscribe anytime.