污点与容忍
- 什么是污点
- 污点(Taint)是使节点与Pod产生排斥的一类规则
- 污点策略如何实现
- 污点策略通过嵌合在健值对上的污点标签进行声明
污点策略
污点标签
- PreferNoSchedule:尽量不调度
- NoSchedule:不会被调度
- NoExecute:驱逐节点,驱逐策略会删除该节点上的所有Pod
管理污点标签
-
污点标签必须绑定在健值对上,格式为:
key=value:[污点标签]
-
查看污点标签
kubectl describe nodes [节点名字]
-
设置污点标签
kubectl taint node [节点名字] key=value:污点标签
-
删除污点标签
kubectl taint node [节点名字] key=value:污点标签-
# 查看污点策略
[root@master ~]# kubectl describe nodes|grep Taints
Taints: node-role.kubernetes.io/master:NoSchedule
Taints: <none>
Taints: <none>
Taints: <none>
# node-0001 设置污点策略 PreferNoSchedule
[root@master ~]# kubectl taint node node-0001 k1=v1:PreferNoSchedule
node/node-0001 tainted
# node-0002 设置污点策略 NoSchedule
[root@master ~]# kubectl taint node node-0002 k2=v2:NoSchedule
node/node-0002 tainted
[root@master ~]# kubectl describe nodes |grep Taints
Taints: node-role.kubernetes.io/master:NoSchedule
Taints: k1=v1:PreferNoSchedule
Taints: k2=v2:NoSchedule
Taints: <none>
Pod资源文件
[root@master ~]# vim myphp.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: myphp
spec:
containers:
- name: php
image: myos:phpfpm
resources:
requests:
cpu: 800m
验证污点策略
# 优先使用没有污点的节点
[root@master ~]# sed "s,myphp,php1," myphp.yaml |kubectl apply -f -
pod/php1 created
[root@master ~]# sed "s,myphp,php2," myphp.yaml |kubectl apply -f -
pod/php2 created
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
php1 1/1 Running 0 13s 10.244.3.43 node-0003
php2 1/1 Running 0 5s 10.244.3.44 node-0003
# 最后使用 PreferNoSchedule 节点
[root@master ~]# sed 's,myphp,php3,' myphp.yaml |kubectl apply -f -
pod/php3 created
[root@master ~]# sed 's,myphp,php4,' myphp.yaml |kubectl apply -f -
pod/php4 created
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
php1 1/1 Running 0 3m16s 10.244.3.43 node-0003
php2 1/1 Running 0 3m8s 10.244.3.44 node-0003
php3 1/1 Running 0 113s 10.244.1.8 node-0001
php4 1/1 Running 0 9s 10.244.1.9 node-0001
# 不会使用 NoSchedule 节点
[root@master ~]# sed 's,myphp,php5,' myphp.yaml |kubectl apply -f -
pod/php5 created
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
php1 1/1 Running 0 3m16s 10.244.3.43 node-0003
php2 1/1 Running 0 3m8s 10.244.3.44 node-0003
php3 1/1 Running 0 113s 10.244.1.8 node-0001
php4 1/1 Running 0 9s 10.244.1.9 node-0001
php5 0/1 Pending 0 5s <none> <none>
验证驱逐策略
[root@master ~]# kubectl taint node node-0003 k3=v3:NoExecute
node/node-0003 tainted
[root@master ~]# kubectl describe nodes |grep Taints
Taints: node-role.kubernetes.io/master:NoSchedule
Taints: k1=v1:PreferNoSchedule
Taints: k2=v2:NoSchedule
Taints: k3=v3:NoExecute
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
php3 1/1 Running 0 4m19s 10.244.1.8 node-0001
php4 1/1 Running 0 2m35s 10.244.1.9 node-0001
php5 0/1 Pending 0 2m31s <none> <none>
容忍策略
- 容忍刚好与污点相反,某些时候我们需要在有污点的节点上运行Pod,这种污点标签的调度方式称为容忍
- 如何定义容忍策略
... ...
spec: # 在Pod.spec中定义
tolerations: # 定义容忍策略
- operator: "Equal" # 完全匹配键值对,匹配方式,必选(Equal,Exists)
key: "k" # 设置健值对的key,为空代表任意健值对
value: "v1" # 设置values的值
effect: "NoSchedule" # 设置容忍的标签,为空代表所有污点标签
为node设置污点
# 节点 node-0001 设置污点标签 k=v1:NoSchedule
[root@master ~]# kubectl taint node node-0001 k=v1:NoSchedule
node/node-0001 tainted
# 节点 node-0002 设置污点标签 k=v2:NoSchedule
[root@master ~]# kubectl taint node node-0002 k=v2:NoSchedule
node/node-0002 tainted
# 节点 node-0003 设置污点标签 k=v1:NoExecute
[root@master ~]# kubectl taint node node-0003 k=v1:NoExecute
node/node-0003 tainted
[root@master ~]# kubectl describe nodes |grep Taints
Taints: node-role.kubernetes.io/master:NoSchedule
Taints: k=v1:NoSchedule
Taints: k=v2:NoSchedule
Taints: k=v1:NoExecute
精确匹配策略
# 容忍 k=v1:NoSchedule 污点
[root@master ~]# vim myphp.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: myphp
spec:
tolerations:
- operator: "Equal" # 完全匹配键值对
key: "k" # 键
value: "v1" # 值
effect: "NoSchedule" # 污点标签
containers:
- name: php
image: myos:phpfpm
resources:
requests:
cpu: 800m
[root@master ~]# for i in php{1..3};do sed "s,myphp,${i}," myphp.yaml ;done|kubectl apply -f -
pod/php1 created
pod/php2 created
pod/php3 created
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
php1 1/1 Running 0 6s 10.244.1.10 node-0001
php2 1/1 Running 0 6s 10.244.1.11 node-0001
php3 1/1 Pending 0 6s <none> <none>
[root@master ~]# kubectl delete pod php{1..3}
pod "php1" deleted
pod "php2" deleted
pod "php3" deleted
模糊匹配策略
# 容忍 k=*:NoSchedule 污点
[root@master ~]# vim myphp.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: myphp
spec:
tolerations:
- operator: "Exists" # 部分匹配,存在即可
key: "k" # 键
effect: "NoSchedule" # 污点标签
containers:
- name: php
image: myos:phpfpm
resources:
requests:
cpu: 800m
[root@master ~]# for i in php{1..3};do sed "s,myphp,${i}," myphp.yaml ;done|kubectl apply -f -
pod/php1 created
pod/php2 created
pod/php3 created
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
php1 1/1 Running 0 6s 10.244.1.12 node-0001
php2 1/1 Running 0 6s 10.244.2.21 node-0002
php3 1/1 Running 0 6s 10.244.2.22 node-0002
[root@master ~]# kubectl delete pod php{1..3}
pod "php1" deleted
pod "php2" deleted
pod "php3" deleted
所有污点标签
# 容忍所有 node 上的污点
[root@master ~]# vim myphp.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: myphp
spec:
tolerations:
- operator: "Exists" # 模糊匹配
key: "k" # 键
effect: # 没有设置污点标签代表所有
containers:
- name: php
image: myos:phpfpm
resources:
requests:
cpu: 800m
[root@master ~]# for i in php{1..3};do sed "s,myphp,${i}," myphp.yaml ;done|kubectl apply -f -
pod/php1 created
pod/php2 created
pod/php3 created
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
php1 1/1 Running 0 36s 10.244.1.15 node-0001
php2 1/1 Running 0 36s 10.244.2.16 node-0002
php3 1/1 Running 0 36s 10.244.3.18 node-0003
[root@master ~]# kubectl delete pod php{1..3}
pod "php1" deleted
pod "php2" deleted
pod "php3" deleted