【模块一】kubernetes容器编排进阶实战之kubernetes pod Affinity与pod antiaffinity

pod Affinity与pod antiaffinity

Pod Affinity与anti-affinity简介：

• Pod亲和性与反亲和性可以基于已经在node节点上运行的Pod的标签来约束新创建的Pod可以调度到的 目的节点，注意不是基于node上的标签而是使用的已经运行在node上的pod标签匹配。

• 其规则的格式为如果 node节点 A已经运行了一个或多个满足调度新创建的Pod B的规则，那么新的 Pod B在亲和的条件下会调度到A节点之上，而在反亲和性的情况下则不会调度到A节点至上。

• 其中规则表示一个具有可选的关联命名空间列表的LabelSelector，只所以Pod亲和与反亲和需可以通 过LabelSelector选择namespace，是因为Pod是命名空间限定的而node不属于任何nemespace所以 node的亲和与反亲和不需要namespace，因此作用于Pod标签的标签选择算符必须指定选择算符应用 在哪个命名空间。

• 从概念上讲，node节点是一个拓扑域(具有拓扑结构的区域、宕机的时候的故障域)，比如k8s集群中的 单台node节点、一个机架、云供应商可用区、云供应商地理区域等，可以使用topologyKey来定义亲 和或者反亲和的颗粒度是node级别还是可用区级别，以便kubernetes调度系统用来识别并选择正确的 目的拓扑域。

• Pod 亲和性与反亲和性的合法操作符(operator)有 In、NotIn、Exists、DoesNotExist。

• 在Pod亲和性配置中，在requiredDuringSchedulingIgnoredDuringExecution和 preferredDuringSchedulingIgnoredDuringExecution中，topologyKey不允许为空(Empty topologyKey is not allowed.)。

• 在Pod反亲和性中配置中，requiredDuringSchedulingIgnoredDuringExecution和 preferredDuringSchedulingIgnoredDuringExecution 中，topologyKey也不可以为空(Empty topologyKey is not allowed.)。

• 对于requiredDuringSchedulingIgnoredDuringExecution要求的Pod反亲和性，准入控制器 LimitPodHardAntiAffinityTopology被引入以确保topologyKey只能是 kubernetes.io/hostname，如果希 望 topologyKey 也可用于其他定制拓扑逻辑，可以更改准入控制器或者禁用。

• 除上述情况外，topologyKey 可以是任何合法的标签键。

case4-4.1：部署web服务

• 编写yaml文件，在magedu anmespace部署一个nginx服务，nginx pod将用于后续的pod 亲和及反亲和测 试，且pod的label如下：

  • app: python-nginx-selector

  • project: python

• 部署nginx web服务：

  • kubectl apply -f case4-4.1-nginx.yaml

    • deployment.apps/python-nginx-deployment created

    • service/python-nginx-service created

case4-4.2:Pod Affinity-软亲和：

• 基于软亲和实现多pod在一个node：先创建一个nginx服务,后续的服务和nginx运行在同一个node节点

  • kubectl apply -f case4-4.1-nginx.yaml

    • deployment.apps/python-nginx-deployment created

    • service/python-nginx-service created

• 实现软亲和pod调度：

  • kubectl apply -f case4-4.2-podaffinity-preferredDuring.yaml

    • deployment.apps/magedu-tomcat-app2-deployment created

• 验证pod调度结果：

  • 

    [root@k8s-master1 Affinit-case]#cat case4-4.2-podaffinity-preferredDuring.yaml
    kind: Deployment
    #apiVersion: extensions/v1beta1
    apiVersion: apps/v1
    metadata:
    labels:
    app: magedu-tomcat-app2-deployment-label
    name: magedu-tomcat-app2-deployment
    namespace: magedu
    spec:
    replicas: 1
    selector:
    matchLabels:
    app: magedu-tomcat-app2-selector
    template:
    metadata:
    labels:
    app: magedu-tomcat-app2-selector
    spec:
    containers:
    - name: magedu-tomcat-app2-container
    image: tomcat:7.0.94-alpine
    imagePullPolicy: IfNotPresent
    #imagePullPolicy: Always
    ports:
    - containerPort: 8080
    protocol: TCP
    name: http
    affinity:
    podAffinity: #Pod亲和
    #requiredDuringSchedulingIgnoredDuringExecution: #硬亲和，必须匹配成功才调度，如果匹配失败则拒绝调度。
    preferredDuringSchedulingIgnoredDuringExecution: #软亲和，能匹配成功就调度到一个topology，匹配不成功会由kubernetes自行调度。
    - weight: 100
    podAffinityTerm:
    labelSelector: #标签选择
    matchExpressions: #正则匹配
    - key: project
    operator: In
    values:
    - pythonX
    topologyKey: kubernetes.io/hostname
    namespaces:
    - magedu

case4-4.3:Pod Affinity-硬亲和

• 基于软亲和实现多pod在一个node： 先创建一个nginx服务,后续的服务和nginx运行在同一个node节点

  • root@k8s-master1:~/case/case# kubectl apply -f case4-4.1-nginx.yaml

    • deployment.apps/python-nginx-deployment created

    • service/python-nginx-service created

• 实现硬亲和pod调度：

  • root@k8s-master1:~/case/case# kubectl apply -f case4-4.3-podaffinity-requiredDuring.yaml

    • deployment.apps/magedu-tomcat-app2-deployment created

• 验证pod调度结果：

  • 

    [root@k8s-master1 Affinit-case]#cat case4-4.3-podaffinity-requiredDuring.yaml
    kind: Deployment
    #apiVersion: extensions/v1beta1
    apiVersion: apps/v1
    metadata:
    labels:
    app: magedu-tomcat-app2-deployment-label
    name: magedu-tomcat-app2-deployment
    namespace: magedu
    spec:
    replicas: 1
    selector:
    matchLabels:
    app: magedu-tomcat-app2-selector
    template:
    metadata:
    labels:
    app: magedu-tomcat-app2-selector
    spec:
    containers:
    - name: magedu-tomcat-app2-container
    image: tomcat:7.0.94-alpine
    imagePullPolicy: IfNotPresent
    #imagePullPolicy: Always
    ports:
    - containerPort: 8080
    protocol: TCP
    name: http
    affinity:
    podAffinity:
    requiredDuringSchedulingIgnoredDuringExecution: #硬亲和
    - labelSelector:
    matchExpressions:
    - key: project
    operator: In
    values:
    - python
    topologyKey: "kubernetes.io/hostname"
    namespaces:
    - magedu

case4-4.4:podAntiAffinity-硬反亲和

• 基于硬反亲和实现多个pod调度不在一个node：先创建一个nginx服务,后续的服务和nginx运行不在同一个node节点

  • root@k8s-master1:~/case/case# kubectl apply -f case4-4.1-nginx.yaml

    • deployment.apps/python-nginx-deployment created

    • service/python-nginx-service created

• 实现硬反亲和pod调度：

  • kubectl apply -f case4-4.4-podAntiAffinity-requiredDuring.yaml

    • deployment.apps/magedu-tomcat-app2-deployment created

• 验证pod调度结果：

[root@k8s-master1 Affinit-case]#cat case4-4.4-podAntiAffinity-requiredDuring.yaml 
kind: Deployment
#apiVersion: extensions/v1beta1
apiVersion: apps/v1
metadata:
  labels:
    app: magedu-tomcat-app2-deployment-label
  name: magedu-tomcat-app2-deployment
  namespace: magedu
spec:
  replicas: 1
  selector:
    matchLabels:
      app: magedu-tomcat-app2-selector
  template:
    metadata:
      labels:
        app: magedu-tomcat-app2-selector
    spec:
      containers:
      - name: magedu-tomcat-app2-container
        image: tomcat:7.0.94-alpine
        imagePullPolicy: IfNotPresent
        #imagePullPolicy: Always
        ports:
        - containerPort: 8080
          protocol: TCP
          name: http
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: project
                operator: In
                values:
                  - python
            topologyKey: "kubernetes.io/hostname"
            namespaces:
              - magedu

case4-4.5:podAntiAffinity-软反亲和：

• 基于软亲和实现多个pod调度不在一个node：先创建一个nginx服务,后续的服务和nginx运行不在同一个node节点

  • root@k8s-master1:~/case/case# kubectl apply -f case4-4.1-nginx.yaml

    • deployment.apps/python-nginx-deployment created

    • service/python-nginx-service created

• 实现软亲和pod调度：

  • root@k8s-master1:~/case/case# kubectl apply -f case4-4.5-podAntiAffinity-preferredDuring.yaml

    • deployment.apps/magedu-tomcat-app2-deployment created

• 验证pod调度结果：

• 

  [root@k8s-master1 Affinit-case]#cat case4-4.5-podAntiAffinity-preferredDuring.yaml
  kind: Deployment
  #apiVersion: extensions/v1beta1
  apiVersion: apps/v1
  metadata:
  labels:
  app: magedu-tomcat-app2-deployment-label
  name: magedu-tomcat-app2-deployment
  namespace: magedu
  spec:
  replicas: 20
  selector:
  matchLabels:
  app: magedu-tomcat-app2-selector
  template:
  metadata:
  labels:
  app: magedu-tomcat-app2-selector
  spec:
  containers:
  - name: magedu-tomcat-app2-container
  image: tomcat:7.0.94-alpine
  imagePullPolicy: IfNotPresent
  #imagePullPolicy: Always
  ports:
  - containerPort: 8080
  protocol: TCP
  name: http
  affinity:
  podAntiAffinity:
  preferredDuringSchedulingIgnoredDuringExecution:
  - weight: 100
  podAffinityTerm:
  labelSelector:
  matchExpressions:
  - key: project
  operator: In
  values:
  - python
  topologyKey: kubernetes.io/hostname
  namespaces:
  - magedu