污点与容忍
- 污点(taints),用于node节点排斥Pod调度.与亲和效果相反.即taint的node排斥Pod的创建.
- 容忍(toleration),用于Pod容忍Node节点的污点信息.即node节点有污点,也将新的Pod创建到该Node上.
1 污点配置方法1
加污点
root@k8s-master-01:~# kubectl cordon 192.168.31.114
node/192.168.31.114 cordoned
root@k8s-master-01:~# kubectl get node
NAME STATUS ROLES AGE VERSION
192.168.31.101 Ready,SchedulingDisabled master 121d v1.22.5
192.168.31.102 Ready,SchedulingDisabled master 121d v1.22.5
192.168.31.103 Ready,SchedulingDisabled master 121d v1.22.5
192.168.31.111 Ready node 121d v1.22.5
192.168.31.112 Ready node 121d v1.22.5
192.168.31.113 Ready node 24d v1.22.5
192.168.31.114 Ready,SchedulingDisabled node 22h v1.22.5
root@k8s-master-01:~# kubectl cordon 192.168.31.114
node/192.168.31.114 cordoned
root@k8s-master-01:~# kubectl describe node 192.168.31.114
Taints: node.kubernetes.io/unschedulable:NoSchedule
去污点
root@k8s-master-01:~# kubectl uncordon 192.168.31.114
node/192.168.31.114 uncordoned
root@k8s-master-01:~# kubectl get node
NAME STATUS ROLES AGE VERSION
192.168.31.101 Ready,SchedulingDisabled master 121d v1.22.5
192.168.31.102 Ready,SchedulingDisabled master 121d v1.22.5
192.168.31.103 Ready,SchedulingDisabled master 121d v1.22.5
192.168.31.111 Ready node 121d v1.22.5
192.168.31.112 Ready node 121d v1.22.5
192.168.31.113 Ready node 24d v1.22.5
192.168.31.114 Ready node 22h v1.22.5
root@k8s-master-01:~# kubectl describe node 192.168.31.114
Taints: <none>
2 污点配置方法2
加污点
- NoSchedule:硬限制,不将新创建的Pod调度到具有该污点的Node上.
- PreferNoSchedule:软限制.避免k8s将尽量避免将Pod调度到具有该污点的Node上.
- NoExecute:表示K8s将不会将Pod调度到具有该污点的Node上,同时会将Node上已经存在的Pod强制驱逐出去.
root@k8s-master-01:~# kubectl taint node 192.168.31.114 key1=value1:NoSchedule
node/192.168.31.114 tainted
root@k8s-master-01:~# kubectl get node
NAME STATUS ROLES AGE VERSION
192.168.31.101 Ready,SchedulingDisabled master 121d v1.22.5
192.168.31.102 Ready,SchedulingDisabled master 121d v1.22.5
192.168.31.103 Ready,SchedulingDisabled master 121d v1.22.5
192.168.31.111 Ready node 121d v1.22.5
192.168.31.112 Ready node 121d v1.22.5
192.168.31.113 Ready node 24d v1.22.5
192.168.31.114 Ready node 22h v1.22.5
root@k8s-master-01:~# kubectl describe node 192.168.31.114
Taints: key1=value1:NoSchedule
Normal NodeSchedulable 12m (x2 over 14m) kubelet Node 192.168.31.114 status is now: NodeSchedulable
去污点
root@k8s-master-01:~# kubectl taint node 192.168.31.114 key1:NoSchedule-
node/192.168.31.114 untainted
root@k8s-master-01:~# kubectl describe node 192.168.31.114
Taints: <none>
Normal NodeSchedulable 13m (x2 over 16m) kubelet Node 192.168.31.114 status is now: NodeSchedulable
3 容忍
定义Pod的容忍度,可以调度至含有污点的Node.
容忍基于operator的匹配污点:
如果operator是Exists,则容忍度不需要value而是直接匹配污点类型.
如果operator是Equal,则需要指定value并且value的值需要等于tolerations的key.
3.1 节点打污点
将114设置为cordon,111打上NoSchedule
root@k8s-master-01:~# kubectl cordon 192.168.31.114
node/192.168.31.114 cordoned
root@k8s-master-01:~# kubectl taint nodes 192.168.31.111 key1=value1:NoSchedule
node/192.168.31.111 tainted
root@k8s-master-01:~# kubectl get node
NAME STATUS ROLES AGE VERSION
192.168.31.101 Ready,SchedulingDisabled master 121d v1.22.5
192.168.31.102 Ready,SchedulingDisabled master 121d v1.22.5
192.168.31.103 Ready,SchedulingDisabled master 121d v1.22.5
192.168.31.111 Ready node 121d v1.22.5
192.168.31.112 Ready node 121d v1.22.5
192.168.31.113 Ready node 24d v1.22.5
192.168.31.114 Ready,SchedulingDisabled node 24h v1.22.5
root@k8s-master-01:~# kubectl describe node 192.168.31.111 |grep Taint
Taints: key1=value1:NoSchedule
此时部署pod,会避开111和114两台服务器
root@k8s-master-01:/opt/k8s-data/yaml/wework/affinit/Affinit-case# kubectl get pods -n wework -o wide|grep app1
wework-tomcat-app1-deployment-7f64c5bbcb-48wbp 1/1 Running 0 16s 172.100.140.114 192.168.31.112 <none> <none>
wework-tomcat-app1-deployment-7f64c5bbcb-g5t8w 1/1 Running 0 16s 172.100.76.184 192.168.31.113 <none> <none>
wework-tomcat-app1-deployment-7f64c5bbcb-lfsqb 1/1 Running 0 16s 172.100.76.181 192.168.31.113 <none> <none>
wework-tomcat-app1-deployment-7f64c5bbcb-vh66k 1/1 Running 0 16s 172.100.140.102 192.168.31.112 <none> <none>
wework-tomcat-app1-deployment-7f64c5bbcb-zp7p6 1/1 Running 0 16s 172.100.76.183 192.168.31.113 <none> <none>
此时打开污点的容忍
tolerations:
- key: "key1"
operator: "Equal"
value: "value1"
effect: "NoSchedule"
此时pod也会被在有此标签的111上创建
root@k8s-master-01:/opt/k8s-data/yaml/wework/affinit/Affinit-case# kubectl apply -f case5.1-taint-tolerations.yaml
deployment.apps/wework-tomcat-app1-deployment configured
service/wework-tomcat-app1-service unchanged
root@k8s-master-01:/opt/k8s-data/yaml/wework/affinit/Affinit-case# kubectl get pods -n wework -o wide|grep app1
wework-tomcat-app1-deployment-598d979d5f-2mcvh 1/1 Running 0 36s 172.100.109.80 192.168.31.111 <none> <none>
wework-tomcat-app1-deployment-598d979d5f-nz225 1/1 Running 0 34s 172.100.140.119 192.168.31.112 <none> <none>
wework-tomcat-app1-deployment-598d979d5f-skf42 1/1 Running 0 36s 172.100.76.182 192.168.31.113 <none> <none>
wework-tomcat-app1-deployment-598d979d5f-whjvl 1/1 Running 0 36s 172.100.109.76 192.168.31.111 <none> <none>
wework-tomcat-app1-deployment-598d979d5f-x85vs 1/1 Running 0 33s 172.100.76.185 192.168.31.113 <none> <none>