污点和容忍
污点(Taints)
前面的调度方式都是站在Pod的角度上,通过在Pod上添加属性,来确定Pod是否要调度到指定的Node上,其实我们也可以站在Node的角度上,通过在Node上添加污点属性,来决定是否允许Pod调度过来。
Node被设置上污点之后就和Pod之间存在了一种相斥的关系,进而拒绝Pod调度进来,甚至可以将已经存在的Pod驱逐出去。
污点的格式为: `key=valueleffect ’ , key和value是污点的标签,effect描述污点的作用,支持如下三个选项:
- PreferNoSchedule: kubernetes将尽量避免把Pod调度到具有该污点的Node上,除非没有其他节点可调度
- NoSchedule: kubernetes将不会把Pod调度到具有该污点的Node上,但不会影响当前Node上已存在的Pod
- NoExecute: kubernetes将不会把Pod调度到具有该污点的Node上,同时也会将Node上已存在的Pod驱离
使用kubectl设置和去除污点的命令
#设置污点
kubectl taint nodes node1 key=value:effect
#去除污点
kubectl taint nodes node1 key:effect-
#去除所有污点
kubectl taint nodes node1 key-
演示
1、准备系欸但那node1(为了演示效果更明显,暂时停止node2节点)
2、为node1节点设置一个污点:tag=zp:PreferNoSchedule;然后创建pod1(pod1可以)
3、修改为node1节点设置一个污点:tag=zp:NoSchedule;然后创建pod2(pod1正常 pod2失败)
4、修改为node1节点设置一个污点:tag=zp:NoExecute;然后创建pod3(3个都失败)
#设置污点
kubectl taint nodes node1 tag=zp:PreferNoSchedule
#查看
kubectl describe nodes node1
kubectl taint nodes node1 tag=zp:PreferNoSchedule
kubectl run taint1 --image=nginx:1.17.1 -n dev
kubectl get pod -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
taint1 1/1 Runing 0 27m 10.244.2.18 node2 <none> <none>
kubectl taint nodes node1 zp:PreferNoSchedule-
kubectl taint nodes node1 tag=zp:NoSchedule
kubectl run taint2 --image=nginx:1.17.1 -n dev
kubectl get pod -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
taint1 1/1 Runing 0 27m 10.244.2.18 node2 <none> <none>
taint1 1/1 Terminating 0 27m 10.244.2.18 node2 <none> <none>
kubectl taint nodes node1 zp:NoSchedule-
kubectl taint nodes node1 tag=zp:NoExecute
kubectl run taint3 --image=nginx:1.17.1 -n dev
kubectl get pod -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
taint1 1/1 Terminating 0 27m 10.244.2.18 node2 <none> <none>
taint2 1/1 Terminating 0 27m 10.244.2.18 node2 <none> <none>
taint3 1/1 Terminating 0 27m 10.244.2.18 node2
容忍
在pod添加容忍
[root@master ~]# cat pod-base.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-base
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
tolerations:
- key: "tag"
operator: "Equal"
value: "zp"
effect: "NoExecute"
[root@master ~]# kubectl get pod -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-base 1/1 Running 0 4m4s 10.244.3.6 node1 <none> <none>
取消容忍
[root@master ~]# cat pod-base.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-base2
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
# tolerations:
# - key: "tag"
# operator: "Equal"
# value: "zp"
# effect: "NoExecute"
[root@master ~]# kubectl get pod -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-base 0/1 Pending 0 118s <none> <none> <none> <none>
实际上就是key=value:effect