124 lines
3.5 KiB
Markdown
124 lines
3.5 KiB
Markdown
|
<h1><center>kubernetes污点与容忍</center></h1>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
------
|
|||
|
|
|||
|
## 一:污点与容忍
|
|||
|
|
|||
|
对于nodeAffinity无论是硬策略还是软策略方式,都是调度POD到预期节点上,而Taints恰好与之相反,如果一个节点标记为Taints ,除非 POD 也被标识为可以容忍污点节点,否则该 Taints 节点不会被调度pod;比如用户希望把 Master 节点保留给 Kubernetes 系统组件使用,或者把一组具有特殊资源预留给某些 POD,则污点就很有用了,POD 不会再被调度到 taint 标记过的节点
|
|||
|
|
|||
|
#### 1.将节点设置为污点
|
|||
|
|
|||
|
```shell
|
|||
|
[root@master yaml]# kubectl taint node node-2 key=value:NoSchedule
|
|||
|
node/node-2 tainted
|
|||
|
```
|
|||
|
|
|||
|
查看污点:
|
|||
|
|
|||
|
```shell
|
|||
|
[root@master yaml]# kubectl describe node node-1 | grep Taint
|
|||
|
Taints: <none>
|
|||
|
```
|
|||
|
|
|||
|
#### 2.去除节点污点
|
|||
|
|
|||
|
```shell
|
|||
|
[root@master yaml]# kubectl taint node node-2 key=value:NoSchedule-
|
|||
|
node/node-2 untainted
|
|||
|
```
|
|||
|
|
|||
|
#### 3.污点分类
|
|||
|
|
|||
|
NoSchedule:新的不能容忍的pod不能再调度过来,但是之前运行在node节点中的Pod不受影响
|
|||
|
|
|||
|
NoExecute:新的不能容忍的pod不能调度过来,老的pod也会被驱逐
|
|||
|
|
|||
|
PreferNoScheduler:表示尽量不调度到污点节点中去
|
|||
|
|
|||
|
#### 4.使用
|
|||
|
|
|||
|
如果仍然希望某个 POD 调度到 taint 节点上,则必须在 Spec 中做出Toleration定义,才能调度到该节点,举例如下:
|
|||
|
|
|||
|
```shell
|
|||
|
[root@master yaml]# kubectl taint node node-2 key=value:NoSchedule
|
|||
|
node/node-2 tainted
|
|||
|
[root@master yaml]# cat b.yaml
|
|||
|
apiVersion: v1
|
|||
|
kind: Pod
|
|||
|
metadata:
|
|||
|
name: sss
|
|||
|
spec:
|
|||
|
affinity:
|
|||
|
nodeAffinity:
|
|||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|||
|
nodeSelectorTerms:
|
|||
|
- matchExpressions:
|
|||
|
- key: app
|
|||
|
operator: In
|
|||
|
values:
|
|||
|
- myapp
|
|||
|
containers:
|
|||
|
- name: with-node-affinity
|
|||
|
image: daocloud.io/library/nginx:latest
|
|||
|
注意:node-2节点设置为污点,所以label定义到node-2,但是因为有污点所以调度失败,以下是新的yaml文件
|
|||
|
[root@master yaml]# cat b.yaml
|
|||
|
apiVersion: v1
|
|||
|
kind: Pod
|
|||
|
metadata:
|
|||
|
name: sss-1
|
|||
|
spec:
|
|||
|
affinity:
|
|||
|
nodeAffinity:
|
|||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|||
|
nodeSelectorTerms:
|
|||
|
- matchExpressions:
|
|||
|
- key: app
|
|||
|
operator: In
|
|||
|
values:
|
|||
|
- myapp
|
|||
|
containers:
|
|||
|
- name: with-node-affinity
|
|||
|
image: daocloud.io/library/nginx:latest
|
|||
|
tolerations:
|
|||
|
- key: "key"
|
|||
|
operator: "Equal"
|
|||
|
value: "value"
|
|||
|
effect: "NoSchedule"
|
|||
|
```
|
|||
|
|
|||
|
结果:旧的调度失败,新的调度成功
|
|||
|
|
|||
|
```shell
|
|||
|
[root@master yaml]# kubectl get pod -o wide
|
|||
|
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
|
|||
|
sss 0/1 Pending 0 3m2s <none> <none> <none> <none>
|
|||
|
sss-1 1/1 Running 0 7s 10.244.2.9 node-2 <none> <none>
|
|||
|
```
|
|||
|
|
|||
|
注意:
|
|||
|
|
|||
|
tolerations: #添加容忍策略
|
|||
|
|
|||
|
\- key: "key1" #对应我们添加节点的变量名
|
|||
|
|
|||
|
operator: "Equal" #操作符
|
|||
|
|
|||
|
value: "value" #容忍的值 key1=value对应
|
|||
|
|
|||
|
effect: NoExecute #添加容忍的规则,这里必须和我们标记的五点规则相同
|
|||
|
|
|||
|
operator值是Exists,则value属性可以忽略
|
|||
|
|
|||
|
operator值是Equal,则表示key与value之间的关系是等于
|
|||
|
|
|||
|
operator不指定,则默认为Equal
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|