标签(Labels)是附加到 Kubernetes 对象(比如 Pod)上的键值对。标签使用户能够以松散耦合的方式将他们自己的组织结构映射到系统对象,而无需客户端存储这些映射。
定义标签
[root@k8s-master1 ~]# kubectl label node k8s-node1 test-label=node-test-label #给node打标签
输出:
node/k8s-node1 labeled
对标签进行筛选
[root@k8s-master1 ~]# kubectl get no -l test-label=node-test-label
输出结果:
NAME STATUS ROLES AGE VERSION
k8s-node1 Ready <none> 185d v1.20.0
给节点打的标签,可以用于pod部署到指定node上,使用nodeSelector。
给service打标签
[root@k8s-master1 ~]# kubectl label svc my-nginx test-label=service-my-nginx-label -n default
service/my-nginx labeled
查看该service的标签
[root@k8s-master1 ~]# kubectl get svc my-nginx -n default --show-labels
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
my-nginx NodePort 10.107.145.148 <none> 80:30474/TCP 185d app=my-nginx,test-label=service-my-nginx-label
查看所有service有test-label标签的
[root@k8s-master1 ~]# kubectl get svc -A -l test-label
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default my-nginx NodePort 10.107.145.148 <none> 80:30474/TCP 185d
[root@k8s-master1 ~]# kubectl get svc -A -l test-label --show-labels
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
default my-nginx NodePort 10.107.145.148 <none> 80:30474/TCP 185d app=my-nginx,test-label=service-my-nginx-label
修改标签
在实际的生产环境中,资源标签的修改是经常发生的事情,使用overwrite参数修改标签
比如把上面的service my-nginx的test-label的标签值修改为test-test,如果不在overwrite参数,修改会报标签已经存在的错误
[root@k8s-master1 ~]# kubectl label svc my-nginx -n default test-label=test-test
error: 'test-label' already has a value (service-my-nginx-label), and --overwrite is false
[root@k8s-master1 ~]# kubectl label svc my-nginx -n default test-label=test-test --overwrite
service/my-nginx labeled
#确认标签值已经修改
[root@k8s-master1 ~]# kubectl get svc -A -l test-label --show-labels
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
default my-nginx NodePort 10.107.145.148 <none> 80:30474/TCP 185d app=my-nginx,test-label=test-test
删除标签
删除资源标签,只需要再label的key名后面加一个减号(-)即可,比如删除上面的service my-nginx的test-label标签
[root@k8s-master1 ~]# kubectl get svc -A -l test-label --show-labels
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
default my-nginx NodePort 10.107.145.148 <none> 80:30474/TCP 185d app=my-nginx,test-label=test-test
[root@k8s-master1 ~]# kubectl label service my-nginx -n default test-label-
service/my-nginx labeled
[root@k8s-master1 ~]# kubectl get svc my-nginx -n default --show-labels
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
my-nginx NodePort 10.107.145.148 <none> 80:30474/TCP 185d app=my-nginx
标签选择器
Selector主要用于资源的匹配,只有符合条件的资源才会被调用或使用,可以使用该方式对集群中的各类资源进行分配。
#查看目前已有的标签
[root@k8s-master1 ~]# kubectl get svc --show-labels
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 186d component=apiserver,provider=kubernetes
my-nginx NodePort 10.107.145.148 <none> 80:30474/TCP 185d app=my-nginx
my-nginx-new ClusterIP 10.106.218.117 <none> 80/TCP 144d app=my-nginx
#选择匹配app为my-nginx的标签,in (my-nginx,xxx)可以写多个值
[root@k8s-master1 ~]# kubectl get svc -l 'app in (my-nginx)' --show-labels
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
my-nginx NodePort 10.107.145.148 <none> 80:30474/TCP 185d app=my-nginx
my-nginx-new ClusterIP 10.106.218.117 <none> 80/TCP 144d app=my-nginx
#匹配选择app不包括my-nginx的对象
[root@k8s-master1 ~]# kubectl get svc -l app!=my-nginx,component=apiserver --show-labels
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 186d component=apiserver,provider=kubernetes
[root@k8s-master1 ~]# kubectl get svc -l app!=my-nginx,'component in (apiserver)' --show-labels
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 186d component=apiserver,provider=kubernetes
#选择匹配key为app的service
[root@k8s-master1 ~]# kubectl get svc -l app!=my-nginx,component=apiserver --show-labels
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 186d component=apiserver,provider=kubernetes
[root@k8s-master1 ~]# kubectl get svc -l app!=my-nginx,'component in (apiserver)' --show-labels
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 186d component=apiserver,provider=kubernetes
如果是二进制安装的kubernetes,默认的master节点的role字段是空的,通过添加label,添加mater标识
#未打标签之前
[root@k8s-master1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master1 Ready <none> 185d v1.20.0
k8s-master2 Ready <none> 185d v1.20.0
k8s-master3 Ready <none> 185d v1.20.0
k8s-node1 Ready <none> 185d v1.20.0
k8s-node2 Ready <none> 185d v1.20.0
#打标签
[root@k8s-master1 ~]# kubectl label node k8s-master1 node-role.kubernetes.io/master=master
node/k8s-master1 labeled
#打标签之后,观察ROLES,从原来的<none>变成master
[root@k8s-master1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master1 Ready master 185d v1.20.0
k8s-master2 Ready <none> 185d v1.20.0
k8s-master3 Ready <none> 185d v1.20.0
k8s-node1 Ready <none> 185d v1.20.0
k8s-node2 Ready <none> 185d v1.20.0
master的污点
master的节点的污点,kubeadm安装的集群,默认会在master节点污点k8s-master1 node-role.kubernetes.io/master:NoSchedule,不允许部署非系统pod。二进制安装的默认不会添加,需要手工添加,实现如下
#默认不带污点
[root@k8s-master1 ~]# kubectl describe node -l node-role.kubernetes.io/master | grep -B 3 Taints
node.alpha.kubernetes.io/ttl: 0
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Fri, 04 Mar 2022 10:52:39 +0800
Taints: <none>
--
node.alpha.kubernetes.io/ttl: 0
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Fri, 04 Mar 2022 10:52:39 +0800
Taints: <none>
--
node.alpha.kubernetes.io/ttl: 0
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Fri, 04 Mar 2022 10:52:39 +0800
Taints: <none>
#添加污点
[root@k8s-master1 ~]# kubectl taint node -l node-role.kubernetes.io/master node-role.kubernetes.io/master:NoSchedule
node/k8s-master1 tainted
node/k8s-master2 tainted
node/k8s-master3 tainted
#查看添加结果
[root@k8s-master1 ~]# kubectl describe node -l node-role.kubernetes.io/master | grep -B 3 Taints
node.alpha.kubernetes.io/ttl: 0
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Fri, 04 Mar 2022 10:52:39 +0800
Taints: node-role.kubernetes.io/master:NoSchedule
--
node.alpha.kubernetes.io/ttl: 0
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Fri, 04 Mar 2022 10:52:39 +0800
Taints: node-role.kubernetes.io/master:NoSchedule
--
node.alpha.kubernetes.io/ttl: 0
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Fri, 04 Mar 2022 10:52:39 +0800
Taints: node-role.kubernetes.io/master:NoSchedule
删除污点
[root@k8s-master1 ~]# kubectl taint node -l node-role.kubernetes.io/master node-role.kubernetes.io/master:NoSchedule-
node/k8s-master1 untainted
node/k8s-master2 untainted
node/k8s-master3 untainted
#查看删除结果
[root@k8s-master1 ~]# kubectl describe node -l node-role.kubernetes.io/master | grep -B 3 Taints
node.alpha.kubernetes.io/ttl: 0
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Fri, 04 Mar 2022 10:52:39 +0800
Taints: <none>
--
node.alpha.kubernetes.io/ttl: 0
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Fri, 04 Mar 2022 10:52:39 +0800
Taints: <none>
--
node.alpha.kubernetes.io/ttl: 0
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Fri, 04 Mar 2022 10:52:39 +0800
Taints: <none>
#单个节点添加污点
kubectl taint node k8s-master1 node-role.kubernetes.io/master:NoSchedule
#单个节点删除污点
kubectl taint node k8s-master1 node-role.kubernetes.io/master:NoSchedule-