污点与容忍

• 污点（taints)：用于node节点排斥Pod调度，与亲和效果相反，即taint的node排斥Pod的创建
• 容忍（toleration)：用于Pod容忍Node节点的污点信息，即node节点有污点，也将新的pod创建到改node上

1.1污点配置

• NoSchedule:硬限制,不将新创建的Pod调度到具有该污点的Node上.
• PreferNoSchedule:软限制.避免k8s将尽量避免将Pod调度到具有该污点的Node上.
• NoExecute:表示K8s将不会将Pod调度到具有该污点的Node上,同时会将Node上已经存在的Pod强制驱逐出去.

1.1.1污点配置方法一：

加污点

root@k8s-master1:/app/yaml/qhx# kubectl get nodes
NAME           STATUS                     ROLES    AGE   VERSION
172.17.1.101   Ready,SchedulingDisabled   master   10d   v1.22.3
172.17.1.102   Ready,SchedulingDisabled   master   10d   v1.22.3
172.17.1.103   Ready,SchedulingDisabled   master   10d   v1.22.3
172.17.1.107   Ready                      node     10d   v1.22.3
172.17.1.108   Ready                      node     10d   v1.22.3
172.17.1.109   Ready                      node     10d   v1.22.3
root@k8s-master1:/app/yaml/qhx# kubectl cordon 172.17.1.107
node/172.17.1.107 cordoned
root@k8s-master1:/app/yaml/qhx# kubectl get nodes
NAME           STATUS                     ROLES    AGE   VERSION
172.17.1.101   Ready,SchedulingDisabled   master   10d   v1.22.3
172.17.1.102   Ready,SchedulingDisabled   master   10d   v1.22.3
172.17.1.103   Ready,SchedulingDisabled   master   10d   v1.22.3
172.17.1.107   Ready,SchedulingDisabled   node     10d   v1.22.3
172.17.1.108   Ready                      node     10d   v1.22.3
172.17.1.109   Ready                      node     10d   v1.22.3

去污点

root@k8s-master1:/app/yaml/qhx# kubectl get nodes
NAME           STATUS                     ROLES    AGE   VERSION
172.17.1.101   Ready,SchedulingDisabled   master   10d   v1.22.3
172.17.1.102   Ready,SchedulingDisabled   master   10d   v1.22.3
172.17.1.103   Ready,SchedulingDisabled   master   10d   v1.22.3
172.17.1.107   Ready,SchedulingDisabled   node     10d   v1.22.3
172.17.1.108   Ready                      node     10d   v1.22.3
172.17.1.109   Ready                      node     10d   v1.22.3
root@k8s-master1:/app/yaml/qhx# kubectl uncordon 172.17.1.107
node/172.17.1.107 uncordoned
root@k8s-master1:/app/yaml/qhx# kubectl get nodes
NAME           STATUS                     ROLES    AGE   VERSION
172.17.1.101   Ready,SchedulingDisabled   master   10d   v1.22.3
172.17.1.102   Ready,SchedulingDisabled   master   10d   v1.22.3
172.17.1.103   Ready,SchedulingDisabled   master   10d   v1.22.3
172.17.1.107   Ready                      node     10d   v1.22.3
172.17.1.108   Ready                      node     10d   v1.22.3
172.17.1.109   Ready                      node     10d   v1.22.3

1.1.2污点配置方法二：

加污点：

root@k8s-master1:/app/yaml/qhx# kubectl taint node 172.17.1.107 key1=value:NoSchedule
node/172.17.1.107 tainted
Events:
  Type    Reason              Age    From     Message
  ----    ------              ----   ----     -------
  Normal  NodeNotSchedulable  5m44s  kubelet  Node 172.17.1.107 status is now: NodeNotSchedulable

去污点：

root@k8s-master1:/app/yaml/qhx# kubectl taint node 172.17.1.107 key1:NoSchedule-
node/172.17.1.107 untainted

1.2容忍

• 定义pod的容忍度，可以调度至含有污点的node节点
• 容忍基于operator的匹配污点
• 如果operator是Exists，则容忍度不需要value而是直接匹配污点类型
• 如果operator是Equal，则需要指定value并且value的值需要等于tolerations的key

root@k8s-master1:/app/yaml/qhx# kubectl cordon 172.17.1.107
node/172.17.1.107 cordoned
root@k8s-master1:/app/yaml/qhx# kubectl taint nodes 172.17.1.108 key1=value1:NoSchedule
node/172.17.1.108 tainted
root@k8s-master1:/app/yaml/qhx# kubectl describe nodes 172.17.1.108|grep Tain
Taints:             key1=value1:NoSchedule

此时部署pod，就会避开172.17.1.107和172.17.1.108

打开pod的容忍

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-2
  namespace: webwork
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      tolerations:
      - key: "key1"
        operator: "Equal"
        value: "value1"
        effect: "NoSchedule"
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80

此时172.17.1.107和172.17.1.108就可以被调度了