Kubernetes Node Management - Drain, Cordon and Uncordon

TechOps Examples

Hey — It's Govardhana MK 👋

Welcome to another technical edition.

Every Tuesday – You’ll receive a free edition with a byte-size use case, remote job opportunities, top news, tools, and articles.

Every Thursday and Saturday – You’ll receive a special edition with a deep dive use case, remote job opportunities, and articles.

👋 Before we begin... a big thank you to today's sponsor FELLOW APP

Not All AI Notetakers Are Secure. Here’s the Checklist to Prove It.

You wouldn’t let an unknown vendor record your executive meetings, so why trust just any AI?

Most AI notetakers offer convenience. Very few offer true security.

This free checklist from Fellow breaks down the key criteria CEOs, IT teams, and privacy-conscious leaders should consider before rolling out AI meeting tools across their org.

Get the Security Checklist

👀 Remote Jobs

• Lightning Labs is hiring a Platform Engineer

  Remote Location: Worldwide

• Synapse Labs is hiring a DevOps Engineer

  Remote Location: Worldwide

📚️ Resources

• Building AI Agents with Docker Compose

• ebook - Platform Engineering on Kubernetes

• Want to practice GitOps? Check out this project

Looking to promote your company, product, service, or event to 50,000+ Cloud Native Professionals? Let's work together. Advertise With Us

🧠 DEEP DIVE USE CASE

Kubernetes Node Management - Drain, Cordon and Uncordon

Most Kubernetes engineers don’t start their day expecting to drain a node, but they often end up doing just that. Managing node availability becomes routine work that directly affects workload stability and uptime. You’ll often use drain, cordon, and uncordon when:

• Scaling a cluster

• Preparing for a node upgrade

• Patching OS level vulnerabilities

• Replacing underlying infrastructure

• Investigating issues on a specific node

Let’s go through how these actually behave, with visual examples.

1. DRAIN

The kubectl drain command is used when you want to safely evict all running pods from a node and prevent new ones from being scheduled on it. This is typically used during node maintenance, upgrades, or when preparing to decommission a node.

When you run kubectl drain node2, Kubernetes performs two actions:

• It marks the node as unschedulable (SchedulingDisabled).

• It evicts all non daemonset pods from the node.

Before Drain: All three nodes are healthy and ready to accept pods. node2 is running Pod C and Pod D.

Once kubectl drain node2 is executed:

• Pod C is moved to node1.

• Pod D is moved to node3.

• node2 is marked as SchedulingDisabled so no new pods are placed there.

Things I learnt after burn out:

• Use --ignore-daemonsets or the command fails if daemonset pods are present.

• Pods using emptyDir lose all data when evicted, even if they come back quickly.

• If a PodDisruptionBudget is set, drain can block until it’s safe to evict.

• Hanging drains are usually due to finalizers or stuck shutdown hooks. Use --force only if you understand the risk.

• Drain marks the node as unschedulable. You must run uncordon manually to bring it back.

• Draining nodes with system pods and no tolerations can silently break networking or DNS.

2. Cordon

The kubectl cordon command is used when you want to stop new pods from being scheduled on a node, but keep existing pods running. This is often done before maintenance, scaling operations, or selective upgrades where you don’t want to disrupt workloads immediately.

Become a paying subscriber to get access to this post and other subscriber-only content.

Already a paying subscriber? Sign In.

Paid subscriptions get you:

• • Access to archieve of 175+ use cases
• • Deep Dive use case editions (Thursdays and Saturdays)
• • Access to Private Discord Community
• • Invitations to monthly Zoom calls for use case discussions and industry leaders meetups
• • Quarterly 1:1 'Ask Me Anything' power session