Kubernetes——污点与容忍

窒息う

已于 2023-02-01 11:13:58 修改

阅读量210

点赞数

分类专栏： Kubernetes 文章标签： kubernetes docker

于 2023-01-31 15:23:06 首次发布

本文链接：https://blog.csdn.net/qq_41358740/article/details/128818087

版权

Kubernetes 专栏收录该内容

12 篇文章 0 订阅

订阅专栏

文章目录

污点与容忍

污点与容忍

什么是污点
- 污点(Taint)是使节点与Pod产生排斥的一类规则
污点策略如何实现
- 污点策略通过嵌合在健值对上的污点标签进行声明

污点策略

污点标签

PreferNoSchedule：尽量不调度
NoSchedule：不会被调度
NoExecute：驱逐节点，驱逐策略会删除该节点上的所有Pod

管理污点标签

污点标签必须绑定在健值对上，格式为：

key=value:[污点标签]
查看污点标签

kubectl describe nodes [节点名字]
设置污点标签

kubectl taint node [节点名字] key=value:污点标签
删除污点标签

kubectl taint node [节点名字] key=value:污点标签-

# 查看污点策略
[root@master ~]# kubectl describe nodes|grep Taints
Taints:             node-role.kubernetes.io/master:NoSchedule
Taints:             <none>
Taints:             <none>
Taints:             <none>

# node-0001 设置污点策略 PreferNoSchedule
[root@master ~]# kubectl taint node node-0001 k1=v1:PreferNoSchedule
node/node-0001 tainted
# node-0002 设置污点策略 NoSchedule
[root@master ~]# kubectl taint node node-0002 k2=v2:NoSchedule
node/node-0002 tainted

[root@master ~]# kubectl describe nodes |grep Taints
Taints:             node-role.kubernetes.io/master:NoSchedule
Taints:             k1=v1:PreferNoSchedule
Taints:             k2=v2:NoSchedule
Taints:             <none>

Pod资源文件

[root@master ~]# vim myphp.yaml
---
kind: Pod
apiVersion: v1
metadata:
  name: myphp
spec:
  containers:
  - name: php
    image: myos:phpfpm
    resources:
      requests:
        cpu: 800m

验证污点策略

# 优先使用没有污点的节点
[root@master ~]# sed "s,myphp,php1," myphp.yaml |kubectl apply -f -
pod/php1 created
[root@master ~]# sed "s,myphp,php2," myphp.yaml |kubectl apply -f -
pod/php2 created
[root@master ~]# kubectl get pods -o wide
NAME   READY   STATUS    RESTARTS   AGE   IP            NODE
php1   1/1     Running   0          13s   10.244.3.43   node-0003
php2   1/1     Running   0          5s    10.244.3.44   node-0003

# 最后使用 PreferNoSchedule 节点
[root@master ~]# sed 's,myphp,php3,' myphp.yaml |kubectl apply -f -
pod/php3 created
[root@master ~]# sed 's,myphp,php4,' myphp.yaml |kubectl apply -f -
pod/php4 created
[root@master ~]# kubectl get pods -o wide
NAME   READY   STATUS    RESTARTS   AGE     IP            NODE
php1   1/1     Running   0          3m16s   10.244.3.43   node-0003
php2   1/1     Running   0          3m8s    10.244.3.44   node-0003
php3   1/1     Running   0          113s    10.244.1.8    node-0001
php4   1/1     Running   0          9s      10.244.1.9    node-0001

# 不会使用 NoSchedule 节点
[root@master ~]# sed 's,myphp,php5,' myphp.yaml |kubectl apply -f -
pod/php5 created
[root@master ~]# kubectl get pods -o wide
NAME   READY   STATUS    RESTARTS   AGE     IP            NODE
php1   1/1     Running   0          3m16s   10.244.3.43   node-0003
php2   1/1     Running   0          3m8s    10.244.3.44   node-0003
php3   1/1     Running   0          113s    10.244.1.8    node-0001
php4   1/1     Running   0          9s      10.244.1.9    node-0001
php5   0/1     Pending   0          5s      <none>        <none>

验证驱逐策略

[root@master ~]# kubectl taint node node-0003 k3=v3:NoExecute
node/node-0003 tainted
[root@master ~]# kubectl describe nodes |grep Taints
Taints:             node-role.kubernetes.io/master:NoSchedule
Taints:             k1=v1:PreferNoSchedule
Taints:             k2=v2:NoSchedule
Taints:             k3=v3:NoExecute
[root@master ~]# kubectl get pods -o wide
NAME   READY   STATUS    RESTARTS   AGE     IP           NODE
php3   1/1     Running   0          4m19s   10.244.1.8   node-0001
php4   1/1     Running   0          2m35s   10.244.1.9   node-0001
php5   0/1     Pending   0          2m31s   <none>       <none>

容忍策略

容忍刚好与污点相反，某些时候我们需要在有污点的节点上运行Pod，这种污点标签的调度方式称为容忍
如何定义容忍策略

... ...
spec:						# 在Pod.spec中定义
  tolerations:				# 定义容忍策略
  - operator: "Equal"		# 完全匹配键值对，匹配方式，必选（Equal,Exists）
    key: "k"				# 设置健值对的key，为空代表任意健值对
    value: "v1"				# 设置values的值
    effect: "NoSchedule"	# 设置容忍的标签，为空代表所有污点标签

为node设置污点

# 节点 node-0001 设置污点标签 k=v1:NoSchedule
[root@master ~]# kubectl taint node node-0001 k=v1:NoSchedule
node/node-0001 tainted

# 节点 node-0002 设置污点标签 k=v2:NoSchedule
[root@master ~]# kubectl taint node node-0002 k=v2:NoSchedule
node/node-0002 tainted

# 节点 node-0003 设置污点标签 k=v1:NoExecute
[root@master ~]# kubectl taint node node-0003 k=v1:NoExecute
node/node-0003 tainted

[root@master ~]# kubectl describe nodes |grep Taints
Taints:             node-role.kubernetes.io/master:NoSchedule
Taints:             k=v1:NoSchedule
Taints:             k=v2:NoSchedule
Taints:             k=v1:NoExecute

精确匹配策略

# 容忍 k=v1:NoSchedule 污点
[root@master ~]# vim myphp.yaml
---
kind: Pod
apiVersion: v1
metadata:
  name: myphp
spec:
  tolerations:
  - operator: "Equal"      # 完全匹配键值对
    key: "k"               # 键
    value: "v1"            # 值
    effect: "NoSchedule"   # 污点标签
  containers:
  - name: php
    image: myos:phpfpm
    resources:
      requests:
        cpu: 800m

[root@master ~]# for i in php{1..3};do sed "s,myphp,${i}," myphp.yaml ;done|kubectl apply -f -
pod/php1 created
pod/php2 created
pod/php3 created
[root@master ~]# kubectl get pods -o wide
NAME   READY   STATUS    RESTARTS   AGE   IP            NODE
php1   1/1     Running   0          6s    10.244.1.10   node-0001
php2   1/1     Running   0          6s    10.244.1.11   node-0001
php3   1/1     Pending   0          6s    <none>        <none>
[root@master ~]# kubectl delete pod php{1..3}
pod "php1" deleted
pod "php2" deleted
pod "php3" deleted

模糊匹配策略

# 容忍 k=*:NoSchedule 污点
[root@master ~]# vim myphp.yaml
---
kind: Pod
apiVersion: v1
metadata:
  name: myphp
spec:
  tolerations:
  - operator: "Exists"     # 部分匹配，存在即可
    key: "k"               # 键
    effect: "NoSchedule"   # 污点标签
  containers:
  - name: php
    image: myos:phpfpm
    resources:
      requests:
        cpu: 800m

[root@master ~]# for i in php{1..3};do sed "s,myphp,${i}," myphp.yaml ;done|kubectl apply -f -
pod/php1 created
pod/php2 created
pod/php3 created
[root@master ~]# kubectl get pods -o wide
NAME   READY   STATUS    RESTARTS   AGE   IP            NODE
php1   1/1     Running   0          6s    10.244.1.12   node-0001
php2   1/1     Running   0          6s    10.244.2.21   node-0002
php3   1/1     Running   0          6s    10.244.2.22   node-0002
[root@master ~]# kubectl delete pod php{1..3}
pod "php1" deleted
pod "php2" deleted
pod "php3" deleted

所有污点标签

# 容忍所有 node 上的污点
[root@master ~]# vim myphp.yaml 
---
kind: Pod
apiVersion: v1
metadata:
  name: myphp
spec:
  tolerations:
  - operator: "Exists"     # 模糊匹配
    key: "k"               # 键
    effect:                # 没有设置污点标签代表所有
  containers:
  - name: php
    image: myos:phpfpm
    resources:
      requests:
        cpu: 800m

[root@master ~]# for i in php{1..3};do sed "s,myphp,${i}," myphp.yaml ;done|kubectl apply -f -
pod/php1 created
pod/php2 created
pod/php3 created
[root@master ~]# kubectl get pods -o wide
NAME   READY   STATUS    RESTARTS   AGE   IP            NODE
php1   1/1     Running   0          36s   10.244.1.15   node-0001
php2   1/1     Running   0          36s   10.244.2.16   node-0002
php3   1/1     Running   0          36s   10.244.3.18   node-0003
[root@master ~]# kubectl delete pod php{1..3}
pod "php1" deleted
pod "php2" deleted
pod "php3" deleted