污点与容忍
- 污点(taints):用于node节点排斥Pod调度,与亲和效果相反,即taint的node排斥Pod的创建
- 容忍(toleration):用于Pod容忍Node节点的污点信息,即node节点有污点,也将新的pod创建到改node上
1.1污点配置
- NoSchedule:硬限制,不将新创建的Pod调度到具有该污点的Node上.
- PreferNoSchedule:软限制.避免k8s将尽量避免将Pod调度到具有该污点的Node上.
- NoExecute:表示K8s将不会将Pod调度到具有该污点的Node上,同时会将Node上已经存在的Pod强制驱逐出去.
1.1.1污点配置方法一:
加污点
root@k8s-master1:/app/yaml/qhx# kubectl get nodes
NAME STATUS ROLES AGE VERSION
172.17.1.101 Ready,SchedulingDisabled master 10d v1.22.3
172.17.1.102 Ready,SchedulingDisabled master 10d v1.22.3
172.17.1.103 Ready,SchedulingDisabled master 10d v1.22.3
172.17.1.107 Ready node 10d v1.22.3
172.17.1.108 Ready node 10d v1.22.3
172.17.1.109 Ready node 10d v1.22.3
root@k8s-master1:/app/yaml/qhx# kubectl cordon 172.17.1.107
node/172.17.1.107 cordoned
root@k8s-master1:/app/yaml/qhx# kubectl get nodes
NAME STATUS ROLES AGE VERSION
172.17.1.101 Ready,SchedulingDisabled master 10d v1.22.3
172.17.1.102 Ready,SchedulingDisabled master 10d v1.22.3
172.17.1.103 Ready,SchedulingDisabled master 10d v1.22.3
172.17.1.107 Ready,SchedulingDisabled node 10d v1.22.3
172.17.1.108 Ready node 10d v1.22.3
172.17.1.109 Ready node 10d v1.22.3
去污点
root@k8s-master1:/app/yaml/qhx# kubectl get nodes
NAME STATUS ROLES AGE VERSION
172.17.1.101 Ready,SchedulingDisabled master 10d v1.22.3
172.17.1.102 Ready,SchedulingDisabled master 10d v1.22.3
172.17.1.103 Ready,SchedulingDisabled master 10d v1.22.3
172.17.1.107 Ready,SchedulingDisabled node 10d v1.22.3
172.17.1.108 Ready node 10d v1.22.3
172.17.1.109 Ready node 10d v1.22.3
root@k8s-master1:/app/yaml/qhx# kubectl uncordon 172.17.1.107
node/172.17.1.107 uncordoned
root@k8s-master1:/app/yaml/qhx# kubectl get nodes
NAME STATUS ROLES AGE VERSION
172.17.1.101 Ready,SchedulingDisabled master 10d v1.22.3
172.17.1.102 Ready,SchedulingDisabled master 10d v1.22.3
172.17.1.103 Ready,SchedulingDisabled master 10d v1.22.3
172.17.1.107 Ready node 10d v1.22.3
172.17.1.108 Ready node 10d v1.22.3
172.17.1.109 Ready node 10d v1.22.3
1.1.2污点配置方法二:
加污点:
root@k8s-master1:/app/yaml/qhx# kubectl taint node 172.17.1.107 key1=value:NoSchedule
node/172.17.1.107 tainted
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal NodeNotSchedulable 5m44s kubelet Node 172.17.1.107 status is now: NodeNotSchedulable
去污点:
root@k8s-master1:/app/yaml/qhx# kubectl taint node 172.17.1.107 key1:NoSchedule-
node/172.17.1.107 untainted
1.2容忍
- 定义pod的容忍度,可以调度至含有污点的node节点
- 容忍基于operator的匹配污点
- 如果operator是Exists,则容忍度不需要value而是直接匹配污点类型
- 如果operator是Equal,则需要指定value并且value的值需要等于tolerations的key
root@k8s-master1:/app/yaml/qhx# kubectl cordon 172.17.1.107
node/172.17.1.107 cordoned
root@k8s-master1:/app/yaml/qhx# kubectl taint nodes 172.17.1.108 key1=value1:NoSchedule
node/172.17.1.108 tainted
root@k8s-master1:/app/yaml/qhx# kubectl describe nodes 172.17.1.108|grep Tain
Taints: key1=value1:NoSchedule
此时部署pod,就会避开172.17.1.107和172.17.1.108
打开pod的容忍
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-2
namespace: webwork
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
tolerations:
- key: "key1"
operator: "Equal"
value: "value1"
effect: "NoSchedule"
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
此时172.17.1.107和172.17.1.108就可以被调度了