kubernetes污点与容忍

<h1><center>kubernetes污点与容忍</center></h1>



------

## 一：污点与容忍

​		对于nodeAffinity无论是硬策略还是软策略方式，都是调度POD到预期节点上，而Taints恰好与之相反，如果一个节点标记为Taints ，除非 POD 也被标识为可以容忍污点节点，否则该 Taints 节点不会被调度pod；比如用户希望把 Master 节点保留给 Kubernetes 系统组件使用，或者把一组具有特殊资源预留给某些 POD，则污点就很有用了，POD 不会再被调度到 taint 标记过的节点

#### 1.将节点设置为污点

```shell
[root@master yaml]# kubectl taint node node-2  key=value:NoSchedule
node/node-2 tainted
```

查看污点：

```shell
[root@master yaml]# kubectl describe node node-1 | grep Taint
Taints:             <none>
```

#### 2.去除节点污点

```shell
[root@master yaml]# kubectl taint node node-2 key=value:NoSchedule-
node/node-2 untainted
```

#### 3.污点分类

​		NoSchedule:新的不能容忍的pod不能再调度过来，但是之前运行在node节点中的Pod不受影响

​		NoExecute:新的不能容忍的pod不能调度过来，老的pod也会被驱逐

​		PreferNoScheduler:表示尽量不调度到污点节点中去

#### 4.使用

​		如果仍然希望某个 POD 调度到 taint 节点上，则必须在 Spec 中做出Toleration定义，才能调度到该节点，举例如下:

```shell
[root@master yaml]# kubectl taint node node-2 key=value:NoSchedule
node/node-2 tainted
[root@master yaml]# cat b.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: sss
spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: app
            operator: In
            values:
            - myapp
  containers:
  - name: with-node-affinity
    image: daocloud.io/library/nginx:latest
注意:node-2节点设置为污点,所以label定义到node-2,但是因为有污点所以调度失败,以下是新的yaml文件
[root@master yaml]# cat b.yaml
apiVersion: v1
kind: Pod
metadata:
  name: sss-1
spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: app
            operator: In
            values:
            - myapp
  containers:
  - name: with-node-affinity
    image: daocloud.io/library/nginx:latest
  tolerations:
  - key: "key"
    operator: "Equal"
    value: "value"
    effect: "NoSchedule"
```

结果：旧的调度失败,新的调度成功

```shell
[root@master yaml]# kubectl get pod -o wide
NAME                 READY   STATUS    RESTARTS   AGE    IP            NODE     NOMINATED NODE   READINESS GATES
sss                  0/1     Pending   0          3m2s   <none>        <none>   <none>           <none>
sss-1                1/1     Running   0          7s     10.244.2.9    node-2   <none>           <none>
```

注意：

​		tolerations:      #添加容忍策略 

​		\- key: "key1"    #对应我们添加节点的变量名	

​		operator: "Equal"    #操作符

​		value: "value"    #容忍的值  key1=value对应

​		effect: NoExecute   #添加容忍的规则，这里必须和我们标记的五点规则相同

​		operator值是Exists，则value属性可以忽略

​		operator值是Equal，则表示key与value之间的关系是等于

​		operator不指定，则默认为Equal