污点、容忍度
污点、容忍度
- 给了节点选则的主动权,我们给节点打一个污点,不容忍的pod就运行不上来,污点就是定义在节点上的键值属性数据,可以定决定拒绝那些pod;
- taints是键值数据,用在节点上,定义污点;
- tolerations是键值数据,用在pod上,定义容忍度,能容忍哪些污点
- pod亲和性是pod属性;但是污点是节点的属性,污点定义在k8s集群的节点上的一个字段
python
kubectl explain node.spec.taints
python
KIND: Node
VERSION: v1
RESOURCE: taints <[]Object>
DESCRIPTION:
If specified, the node's taints.
The node this Taint is attached to has the "effect" on any pod that does
not tolerate the Taint.
FIELDS:
effect <string> -required-
key <string> -required-
timeAdded <string>
value <string>
taints的effect用来定义对pod对象的排斥等级(效果):
NoSchedule:
仅影响pod调度过程,当pod能容忍这个节点污点,就可以调度到当前节点,后来这个节点的污点改了,加了一个新的污点,使得之前调度的pod不能容忍了,那这个pod会怎么处理,对现存的pod对象不产生影响
NoExecute:
既影响调度过程,又影响现存的pod对象,如果现存的pod不能容忍节点后来加的污点,这个pod就会被驱逐
PreferNoSchedule:
最好不,也可以,是NoSchedule的柔性版本查看master这个节点是否有污点,显示如下:
python
kubectl describe nodes k8smaster1
python
Taints: node-role.kubernetes.io/control-plane:NoSchedule上面可以看到master这个节点的污点是Noschedule
所以我们创建的pod都不会调度到master上,因为我们创建的pod没有容忍度
python
kubectl describe pods kube-apiserver-k8smaster1 -n kube-system显示如下:
python
Tolerations: :NoExecute op=Exists可以看到这个pod的容忍度是NoExecute,则可以调度到k8smaster1上
管理节点污点
python
kubectl taint --help把k8snode2当成是生产环境专用的,其他node是测试的
给k8snode2打污点,pod如果不能容忍就不会调度过来
python
kubectl taint node k8snode2 node-type=production:NoSchedule
python
vim pod-taint.yaml
python
apiVersion: v1
kind: Pod
metadata:
name: taint-pod
namespace: default
labels:
tomcat: tomcat-pod
spec:
containers:
- name: taint-pod
ports:
- containerPort: 8080
image: tomcat:8.5-jre8-alpine
imagePullPolicy: IfNotPresent
python
kubectl apply -f pod-taint.yaml
python
kubectl get pods -o wide 显示如下:
python
taint-pod running k8snode1可以看到都被调度到k8snode1上了,因为k8snode2这个节点打了污点,而我们在创建pod的时候没有容忍度,所以k8snode2上不会有pod调度上去的
给k8snode1也打上污点
python
kubectl taint node k8snode1 node-type=dev:NoExecute
python
kubectl get pods -o wide 显示如下:可以看到已经存在的pod节点都被撵走了
python
taint-pod termaitering
python
vim pod-demo-1.yaml
python
apiVersion: v1
kind: Pod
metadata:
name: myapp-deploy
namespace: default
labels:
app: myapp
release: canary
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
tolerations:
- key: "node-type"
operator: "Equal"
value: "production"
effect: "NoExecute"
tolerationSeconds: 3600
python
kubectl apply -f pod-demo-1.yaml
python
kubectl get pods
python
myapp-deploy 1/1 Pending 0 11s k8snode2还是显示pending,因为我们使用的是equal(等值匹配),所以key和value,effect必须和node节点定义的污点完全匹配才可以,把上面配置effect: "NoExecute"变成effect: "NoSchedule";
tolerationSeconds: 3600这行去掉
修改后重新生成pod
python
kubectl delete -f pod-demo-1.yaml
kubectl apply -f pod-demo-1.yaml
python
kubectl get pods
python
myapp-deploy 1/1 running 0 11s k8snode2上面就可以调度到k8snode2上了,因为在pod中定义的容忍度能容忍node节点上的污点
删除污点:
python
kubectl taint nodes xianchaonode1 node-type:NoExecute-
kubectl taint nodes xianchaonode2 node-type-