NodeAffinity節(jié)點親和性渗柿,是Pod上定義的一種屬性仅炊,使Pod能夠按我們的要求調度到某個Node上贿堰,而Taints則恰恰相反包颁,它可以讓Node拒絕運行Pod,甚至驅逐Pod胞枕。
Taints(污點)是Node的一個屬性杆煞,設置了Taints(污點)后,因為有了污點腐泻,所以Kubernetes是不會將Pod調度到這個Node上的决乎,
于是Kubernetes就給Pod設置了個屬性Tolerations(容忍),只要Pod能夠容忍Node上的污點派桩,那么Kubernetes就會忽略Node上的污點构诚,就能夠(不是必須)把Pod調度過去。
因此 Taints(污點)通常與Tolerations(容忍)配合使用铆惑。
一范嘱、設置 Taints
- 語法:
kubectl taint node [node] key=value[effect]
其中[effect] 可取值: [ NoSchedule | PreferNoSchedule | NoExecute ]
NoSchedule: 一定不能被調度
PreferNoSchedule: 盡量不要調度
NoExecute: 不僅不會調度, 還會驅逐Node上已有的Pod
- 示例:
kubectl taint node node1 key1=value1:NoSchedule
kubectl taint node node1 key1=value1:NoExecute
kubectl taint node node1 key2=value2:NoSchedule
二、管理 taints
- 查看
kubectl describe node master
- 刪除
kubectl taint node node1 key1:NoSchedule- # 這里的key可以不用指定value
kubectl taint node node1 key1:NoExecute-
kubectl taint node node1 key1- # 刪除指定key所有的effect
kubectl taint node node1 key2:NoSchedule-
三鸭津、為 master 節(jié)點配置 taints 禁止普通 pod 調度到 master 上
kubectl taint nodes master1 node-role.kubernetes.io/master=:NoSchedule
為master設置的這個taint中, node-role.kubernetes.io/master為key彤侍,value為空, effect為NoSchedule
如果輸入命令時, 你丟掉了=符號, 寫成了node-role.kubernetes.io/master:NoSchedule,會報error: at least one taint update is required錯誤
四逆趋、容忍 master 節(jié)點上的污點
- 在 pod 的 spec 中設置 tolerations 字段
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Equal"
value: ""
effect: "NoSchedule"
- yaml 文件配置示例
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: redis
role: logstore
template:
metadata:
labels:
app: redis
role: logstore
spec:
containers:
- name: redis
image: redis:4.0-alpine
ports:
- name: redis
containerPort: 6379
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: filebeat-ds
namespace: default
spec:
selector:
matchLabels:
app: filebeat
release: stable
template:
metadata:
labels:
app: filebeat
release: stable
spec:
########################################################
# 容忍 taints 設置
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Equal"
value: ""
effect: "NoSchedule"
########################################################
containers:
- name: filebeat
image: ikubernetes/filebeat:5.6.5-alpine
env:
- name: REDIS_HOST
value: redis.default.svc.cluster.local
- name: REDIS_LOG_LEVEL
value: info
