在默認(rèn)情況下乐横,一個(gè)Pod在哪個(gè)Node節(jié)點(diǎn)上運(yùn)行,是由Scheduler組件采用相應(yīng)的算法計(jì)算出來(lái)的,這個(gè)過(guò)程是不受人工控制的夹厌。但是在實(shí)際使用中,這并不滿足的需求孩等,因?yàn)楹芏嗲闆r下权她,我們想控制某些Pod到達(dá)某些節(jié)點(diǎn)上董济,那么應(yīng)該怎么做呢?這就要求了解kubernetes對(duì)Pod的調(diào)度規(guī)則,kubernetes提供了四大類調(diào)度方式:
- 自動(dòng)調(diào)度:運(yùn)行在哪個(gè)節(jié)點(diǎn)上完全由Scheduler經(jīng)過(guò)一系列的算法計(jì)算得出
- 定向調(diào)度:NodeName唧领、NodeSelector
- 親和性調(diào)度:NodeAffinity驯杜、PodAffinity、PodAntiAffinity
- 污點(diǎn)(容忍)調(diào)度:Taints、Toleration
定向調(diào)度
定向調(diào)度,指的是利用在pod上聲明nodeName或者nodeSelector,以此將Pod調(diào)度到期望的node節(jié)點(diǎn)上。注意,這里的調(diào)度是強(qiáng)制的,這就意味著即使要調(diào)度的目標(biāo)Node不存在檩电,也會(huì)向上面進(jìn)行調(diào)度奄侠,只不過(guò)pod運(yùn)行失敗而已闷盔。
NodeName
NodeName用于強(qiáng)制約束將Pod調(diào)度到指定的Name的Node節(jié)點(diǎn)上溺拱。這種方式泥从,其實(shí)是直接跳過(guò)Scheduler的調(diào)度邏輯和敬,直接將Pod調(diào)度到指定名稱的節(jié)點(diǎn)奕筐。
接下來(lái),實(shí)驗(yàn)一下:創(chuàng)建一個(gè)pod-nodename.yaml文件
apiVersion: v1
kind: Pod
metadata:
name: pod-nodename
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
nodeName: node1 # 指定調(diào)度到node1節(jié)點(diǎn)上
#創(chuàng)建Pod
[root@k8s-master01 ~]# kubectl create -f pod-nodename.yaml
pod/pod-nodename created
#查看Pod調(diào)度到NODE屬性翎猛,確實(shí)是調(diào)度到了node1節(jié)點(diǎn)上
[root@k8s-master01 ~]# kubectl get pods pod-nodename -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE ......
pod-nodename 1/1 Running 0 56s 10.244.1.87 node1 ......
# 接下來(lái)疫稿,刪除pod怔毛,修改nodeName的值為node3(并沒(méi)有node3節(jié)點(diǎn))
[root@k8s-master01 ~]# kubectl delete -f pod-nodename.yaml
pod "pod-nodename" deleted
[root@k8s-master01 ~]# vim pod-nodename.yaml
[root@k8s-master01 ~]# kubectl create -f pod-nodename.yaml
pod/pod-nodename created
#再次查看抗果,發(fā)現(xiàn)已經(jīng)向Node3節(jié)點(diǎn)調(diào)度逮光,但是由于不存在node3節(jié)點(diǎn)乙帮,所以pod無(wú)法正常運(yùn)行
[root@k8s-master01 ~]# kubectl get pods pod-nodename -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE ......
pod-nodename 0/1 Pending 0 6s <none> node3 ......
NodeSelector
NodeSelector用于將pod調(diào)度到添加了指定標(biāo)簽的node節(jié)點(diǎn)上。它是通過(guò)kubernetes的label-selector機(jī)制實(shí)現(xiàn)的锈至,也就是說(shuō),在pod創(chuàng)建之前,會(huì)由scheduler使用MatchNodeSelector調(diào)度策略進(jìn)行l(wèi)abel匹配,找出目標(biāo)node殊者,然后將pod調(diào)度到目標(biāo)節(jié)點(diǎn)挥转,該匹配規(guī)則是強(qiáng)制約束借宵。
接下來(lái),實(shí)驗(yàn)一下:
1 首先分別為node節(jié)點(diǎn)添加標(biāo)簽
[root@k8s-master01 ~]# kubectl label nodes node1 nodeenv=pro
node/node2 labeled
[root@k8s-master01 ~]# kubectl label nodes node2 nodeenv=test
node/node2 labeled
2 創(chuàng)建一個(gè)pod-nodeselector.yaml文件括改,并使用它創(chuàng)建Pod
apiVersion: v1
kind: Pod
metadata:
name: pod-nodeselector
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
nodeSelector:
nodeenv: pro # 指定調(diào)度到具有nodeenv=pro標(biāo)簽的節(jié)點(diǎn)上
#創(chuàng)建Pod
[root@k8s-master01 ~]# kubectl create -f pod-nodeselector.yaml
pod/pod-nodeselector created
#查看Pod調(diào)度到NODE屬性,確實(shí)是調(diào)度到了node1節(jié)點(diǎn)上
[root@k8s-master01 ~]# kubectl get pods pod-nodeselector -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE ......
pod-nodeselector 1/1 Running 0 47s 10.244.1.87 node1 ......
# 接下來(lái),刪除pod,修改nodeSelector的值為nodeenv: xxxx(不存在打有此標(biāo)簽的節(jié)點(diǎn))
[root@k8s-master01 ~]# kubectl delete -f pod-nodeselector.yaml
pod "pod-nodeselector" deleted
[root@k8s-master01 ~]# vim pod-nodeselector.yaml
[root@k8s-master01 ~]# kubectl create -f pod-nodeselector.yaml
pod/pod-nodeselector created
#再次查看,發(fā)現(xiàn)pod無(wú)法正常運(yùn)行,Node的值為none
[root@k8s-master01 ~]# kubectl get pods -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE
pod-nodeselector 0/1 Pending 0 2m20s <none> <none>
# 查看詳情,發(fā)現(xiàn)node selector匹配失敗的提示
[root@k8s-master01 ~]# kubectl describe pods pod-nodeselector -n dev
.......
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling <unknown> default-scheduler 0/3 nodes are available: 3 node(s) didn't match node selector.
親和性調(diào)度
介紹了兩種定向調(diào)度的方式,使用起來(lái)非常方便,但是也有一定的問(wèn)題,那就是如果沒(méi)有滿足條件的Node,那么Pod將不會(huì)被運(yùn)行,即使在集群中還有可用Node列表也不行,這就限制了它的使用場(chǎng)景。
基于上面的問(wèn)題,kubernetes還提供了一種親和性調(diào)度(Affinity)。它在NodeSelector的基礎(chǔ)之上的進(jìn)行了擴(kuò)展,可以通過(guò)配置的形式,實(shí)現(xiàn)優(yōu)先選擇滿足條件的Node進(jìn)行調(diào)度,如果沒(méi)有,也可以調(diào)度到不滿足條件的節(jié)點(diǎn)上,使調(diào)度更加靈活。
Affinity主要分為三類:
- nodeAffinity(node親和性): 以node為目標(biāo),解決pod可以調(diào)度到哪些node的問(wèn)題
- podAffinity(pod親和性) : 以pod為目標(biāo),解決pod可以和哪些已存在的pod部署在同一個(gè)拓?fù)溆蛑械膯?wèn)題
- podAntiAffinity(pod反親和性) : 以pod為目標(biāo),解決pod不能和哪些已存在pod部署在同一個(gè)拓?fù)溆蛑械膯?wèn)題
關(guān)于親和性(反親和性)使用場(chǎng)景的說(shuō)明:
親和性:如果兩個(gè)應(yīng)用頻繁交互,那就有必要利用親和性讓兩個(gè)應(yīng)用的盡可能的靠近,這樣可以減少因網(wǎng)絡(luò)通信而帶來(lái)的性能損耗。
反親和性:當(dāng)應(yīng)用的采用多副本部署時(shí)塔粒,有必要采用反親和性讓各個(gè)應(yīng)用實(shí)例打散分布在各個(gè)node上圃酵,這樣可以提高服務(wù)的高可用性捌锭。
NodeAffinity
首先來(lái)看一下NodeAffinity的可配置項(xiàng):
pod.spec.affinity.nodeAffinity
requiredDuringSchedulingIgnoredDuringExecution Node節(jié)點(diǎn)必須滿足指定的所有規(guī)則才可以捉偏,相當(dāng)于硬限制
nodeSelectorTerms 節(jié)點(diǎn)選擇列表
matchFields 按節(jié)點(diǎn)字段列出的節(jié)點(diǎn)選擇器要求列表
matchExpressions 按節(jié)點(diǎn)標(biāo)簽列出的節(jié)點(diǎn)選擇器要求列表(推薦)
key 鍵
values 值
operator 關(guān)系符 支持Exists, DoesNotExist, In, NotIn, Gt, Lt
preferredDuringSchedulingIgnoredDuringExecution 優(yōu)先調(diào)度到滿足指定的規(guī)則的Node讹躯,相當(dāng)于軟限制 (傾向)
preference 一個(gè)節(jié)點(diǎn)選擇器項(xiàng)酷麦,與相應(yīng)的權(quán)重相關(guān)聯(lián)
matchFields 按節(jié)點(diǎn)字段列出的節(jié)點(diǎn)選擇器要求列表
matchExpressions 按節(jié)點(diǎn)標(biāo)簽列出的節(jié)點(diǎn)選擇器要求列表(推薦)
key 鍵
values 值
operator 關(guān)系符 支持In, NotIn, Exists, DoesNotExist, Gt, Lt
weight 傾向權(quán)重,在范圍1-100。
關(guān)系符的使用說(shuō)明:
- matchExpressions:
- key: nodeenv # 匹配存在標(biāo)簽的key為nodeenv的節(jié)點(diǎn)
operator: Exists
- key: nodeenv # 匹配標(biāo)簽的key為nodeenv,且value是"xxx"或"yyy"的節(jié)點(diǎn)
operator: In
values: ["xxx","yyy"]
- key: nodeenv # 匹配標(biāo)簽的key為nodeenv,且value大于"xxx"的節(jié)點(diǎn)
operator: Gt
values: "xxx"
接下來(lái)首先演示一下requiredDuringSchedulingIgnoredDuringExecution ,創(chuàng)建pod-nodeaffinity-required.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-nodeaffinity-required
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
affinity: #親和性設(shè)置
nodeAffinity: #設(shè)置node親和性
requiredDuringSchedulingIgnoredDuringExecution: # 硬限制
nodeSelectorTerms:
- matchExpressions: # 匹配env的值在["xxx","yyy"]中的標(biāo)簽
- key: nodeenv
operator: In
values: ["xxx","yyy"]
# 創(chuàng)建pod
[root@k8s-master01 ~]# kubectl create -f pod-nodeaffinity-required.yaml
pod/pod-nodeaffinity-required created
# 查看pod狀態(tài) (運(yùn)行失斬选)
[root@k8s-master01 ~]# kubectl get pods pod-nodeaffinity-required -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE ......
pod-nodeaffinity-required 0/1 Pending 0 16s <none> <none> ......
# 查看Pod的詳情
# 發(fā)現(xiàn)調(diào)度失敗机杜,提示node選擇失敗
[root@k8s-master01 ~]# kubectl describe pod pod-nodeaffinity-required -n dev
......
Warning FailedScheduling <unknown> default-scheduler 0/3 nodes are available: 3 node(s) didn't match node selector.
Warning FailedScheduling <unknown> default-scheduler 0/3 nodes are available: 3 node(s) didn't match node selector.
#接下來(lái),停止pod
[root@k8s-master01 ~]# kubectl delete -f pod-nodeaffinity-required.yaml
pod "pod-nodeaffinity-required" deleted
# 修改文件,將values: ["xxx","yyy"]------> ["pro","yyy"]
[root@k8s-master01 ~]# vim pod-nodeaffinity-required.yaml
# 再次啟動(dòng)
[root@k8s-master01 ~]# kubectl create -f pod-nodeaffinity-required.yaml
pod/pod-nodeaffinity-required created
# 此時(shí)查看,發(fā)現(xiàn)調(diào)度成功,已經(jīng)將pod調(diào)度到了node1上
[root@k8s-master01 ~]# kubectl get pods pod-nodeaffinity-required -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE ......
pod-nodeaffinity-required 1/1 Running 0 11s 10.244.1.89 node1 ......
接下來(lái)再演示一下requiredDuringSchedulingIgnoredDuringExecution ,創(chuàng)建pod-nodeaffinity-preferred.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-nodeaffinity-preferred
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
affinity: #親和性設(shè)置
nodeAffinity: #設(shè)置node親和性
preferredDuringSchedulingIgnoredDuringExecution: # 軟限制
- weight: 1
preference:
matchExpressions: # 匹配env的值在["xxx","yyy"]中的標(biāo)簽(當(dāng)前環(huán)境沒(méi)有)
- key: nodeenv
operator: In
values: ["xxx","yyy"]
# 創(chuàng)建pod
[root@k8s-master01 ~]# kubectl create -f pod-nodeaffinity-preferred.yaml
pod/pod-nodeaffinity-preferred created
# 查看pod狀態(tài) (運(yùn)行成功)
[root@k8s-master01 ~]# kubectl get pod pod-nodeaffinity-preferred -n dev
NAME READY STATUS RESTARTS AGE
pod-nodeaffinity-preferred 1/1 Running 0 40s
NodeAffinity規(guī)則設(shè)置的注意事項(xiàng):
1 如果同時(shí)定義了nodeSelector和nodeAffinity,那么必須兩個(gè)條件都得到滿足,Pod才能運(yùn)行在指定的Node上
2 如果nodeAffinity指定了多個(gè)nodeSelectorTerms,那么只需要其中一個(gè)能夠匹配成功即可
3 如果一個(gè)nodeSelectorTerms中有多個(gè)matchExpressions 炮沐,則一個(gè)節(jié)點(diǎn)必須滿足所有的才能匹配成功
4 如果一個(gè)pod所在的Node在Pod運(yùn)行期間其標(biāo)簽發(fā)生了改變专控,不再符合該P(yáng)od的節(jié)點(diǎn)親和性需求柏蘑,則系統(tǒng)將忽略此變化
PodAffinity
PodAffinity主要實(shí)現(xiàn)以運(yùn)行的Pod為參照革半,實(shí)現(xiàn)讓新創(chuàng)建的Pod跟參照pod在一個(gè)區(qū)域的功能六敬。首先來(lái)看一下PodAffinity的可配置項(xiàng):
pod.spec.affinity.podAffinity
requiredDuringSchedulingIgnoredDuringExecution 硬限制
namespaces 指定參照pod的namespace
topologyKey 指定調(diào)度作用域
labelSelector 標(biāo)簽選擇器
matchExpressions 按節(jié)點(diǎn)標(biāo)簽列出的節(jié)點(diǎn)選擇器要求列表(推薦)
key 鍵
values 值
operator 關(guān)系符 支持In, NotIn, Exists, DoesNotExist.
matchLabels 指多個(gè)matchExpressions映射的內(nèi)容
preferredDuringSchedulingIgnoredDuringExecution 軟限制
podAffinityTerm 選項(xiàng)
namespaces
topologyKey
labelSelector
matchExpressions
key 鍵
values 值
operator
matchLabels
weight 傾向權(quán)重,在范圍1-100
topologyKey用于指定調(diào)度時(shí)作用域,例如:
如果指定為kubernetes.io/hostname,那就是以Node節(jié)點(diǎn)為區(qū)分范圍
如果指定為beta.kubernetes.io/os,則以Node節(jié)點(diǎn)的操作系統(tǒng)類型來(lái)區(qū)分
接下來(lái)妻率,演示下requiredDuringSchedulingIgnoredDuringExecution
1)首先創(chuàng)建一個(gè)參照Pod,pod-podaffinity-target.yaml:
apiVersion: v1
kind: Pod
metadata:
name: pod-podaffinity-target
namespace: dev
labels:
podenv: pro #設(shè)置標(biāo)簽
spec:
containers:
- name: nginx
image: nginx:1.17.1
nodeName: node1 # 將目標(biāo)pod名確指定到node1上
# 啟動(dòng)目標(biāo)pod
[root@k8s-master01 ~]# kubectl create -f pod-podaffinity-target.yaml
pod/pod-podaffinity-target created
# 查看pod狀況
[root@k8s-master01 ~]# kubectl get pods pod-podaffinity-target -n dev
NAME READY STATUS RESTARTS AGE
pod-podaffinity-target 1/1 Running 0 4s
2)創(chuàng)建pod-podaffinity-required.yaml炸枣,內(nèi)容如下:
apiVersion: v1
kind: Pod
metadata:
name: pod-podaffinity-required
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
affinity: #親和性設(shè)置
podAffinity: #設(shè)置pod親和性
requiredDuringSchedulingIgnoredDuringExecution: # 硬限制
- labelSelector:
matchExpressions: # 匹配env的值在["xxx","yyy"]中的標(biāo)簽
- key: podenv
operator: In
values: ["xxx","yyy"]
topologyKey: kubernetes.io/hostname
上面配置表達(dá)的意思是:新Pod必須要與擁有標(biāo)簽nodeenv=xxx或者nodeenv=yyy的pod在同一Node上,顯然現(xiàn)在沒(méi)有這樣pod,接下來(lái),運(yùn)行測(cè)試一下。
# 啟動(dòng)pod
[root@k8s-master01 ~]# kubectl create -f pod-podaffinity-required.yaml
pod/pod-podaffinity-required created
# 查看pod狀態(tài)拂檩,發(fā)現(xiàn)未運(yùn)行
[root@k8s-master01 ~]# kubectl get pods pod-podaffinity-required -n dev
NAME READY STATUS RESTARTS AGE
pod-podaffinity-required 0/1 Pending 0 9s
# 查看詳細(xì)信息
[root@k8s-master01 ~]# kubectl describe pods pod-podaffinity-required -n dev
......
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling <unknown> default-scheduler 0/3 nodes are available: 2 node(s) didn't match pod affinity rules, 1 node(s) had taints that the pod didn't tolerate.
# 接下來(lái)修改 values: ["xxx","yyy"]----->values:["pro","yyy"]
# 意思是:新Pod必須要與擁有標(biāo)簽nodeenv=xxx或者nodeenv=yyy的pod在同一Node上
[root@k8s-master01 ~]# vim pod-podaffinity-required.yaml
# 然后重新創(chuàng)建pod,查看效果
[root@k8s-master01 ~]# kubectl delete -f pod-podaffinity-required.yaml
pod "pod-podaffinity-required" deleted
[root@k8s-master01 ~]# kubectl create -f pod-podaffinity-required.yaml
pod/pod-podaffinity-required created
# 發(fā)現(xiàn)此時(shí)Pod運(yùn)行正常
[root@k8s-master01 ~]# kubectl get pods pod-podaffinity-required -n dev
NAME READY STATUS RESTARTS AGE LABELS
pod-podaffinity-required 1/1 Running 0 6s <none>
關(guān)于PodAffinity的 preferredDuringSchedulingIgnoredDuringExecution辑奈,這里不再演示。
PodAntiAffinity
PodAntiAffinity主要實(shí)現(xiàn)以運(yùn)行的Pod為參照涨颜,讓新創(chuàng)建的Pod跟參照pod不在一個(gè)區(qū)域中的功能弹灭。
它的配置方式和選項(xiàng)跟PodAffinty是一樣的捡鱼,這里不再做詳細(xì)解釋乍迄,直接做一個(gè)測(cè)試案例生蚁。
1)繼續(xù)使用上個(gè)案例中目標(biāo)pod
[root@k8s-master01 ~]# kubectl get pods -n dev -o wide --show-labels
NAME READY STATUS RESTARTS AGE IP NODE LABELS
pod-podaffinity-required 1/1 Running 0 3m29s 10.244.1.38 node1 <none>
pod-podaffinity-target 1/1 Running 0 9m25s 10.244.1.37 node1 podenv=pro
2)創(chuàng)建pod-podantiaffinity-required.yaml,內(nèi)容如下:
apiVersion: v1
kind: Pod
metadata:
name: pod-podantiaffinity-required
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
affinity: #親和性設(shè)置
podAntiAffinity: #設(shè)置pod親和性
requiredDuringSchedulingIgnoredDuringExecution: # 硬限制
- labelSelector:
matchExpressions: # 匹配podenv的值在["pro"]中的標(biāo)簽
- key: podenv
operator: In
values: ["pro"]
topologyKey: kubernetes.io/hostname
上面配置表達(dá)的意思是:新Pod必須要與擁有標(biāo)簽nodeenv=pro的pod不在同一Node上绿店,運(yùn)行測(cè)試一下恶导。
# 創(chuàng)建pod
[root@k8s-master01 ~]# kubectl create -f pod-podantiaffinity-required.yaml
pod/pod-podantiaffinity-required created
# 查看pod
# 發(fā)現(xiàn)調(diào)度到了node2上
[root@k8s-master01 ~]# kubectl get pods pod-podantiaffinity-required -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE ..
pod-podantiaffinity-required 1/1 Running 0 30s 10.244.1.96 node2 ..
污點(diǎn)和容忍
污點(diǎn)(Taints)
前面的調(diào)度方式都是站在Pod的角度上,通過(guò)在Pod上添加屬性,來(lái)確定Pod是否要調(diào)度到指定的Node上,其實(shí)我們也可以站在Node的角度上份乒,通過(guò)在Node上添加污點(diǎn)屬性缺谴,來(lái)決定是否允許Pod調(diào)度過(guò)來(lái)阳啥。
Node被設(shè)置上污點(diǎn)之后就和Pod之間存在了一種相斥的關(guān)系喊废,進(jìn)而拒絕Pod調(diào)度進(jìn)來(lái),甚至可以將已經(jīng)存在的Pod驅(qū)逐出去叠殷。
污點(diǎn)的格式為:key=value:effect, key和value是污點(diǎn)的標(biāo)簽缕题,effect描述污點(diǎn)的作用,支持如下三個(gè)選項(xiàng):
- PreferNoSchedule:kubernetes將盡量避免把Pod調(diào)度到具有該污點(diǎn)的Node上,除非沒(méi)有其他節(jié)點(diǎn)可調(diào)度
- NoSchedule:kubernetes將不會(huì)把Pod調(diào)度到具有該污點(diǎn)的Node上,但不會(huì)影響當(dāng)前Node上已存在的Pod
- NoExecute:kubernetes將不會(huì)把Pod調(diào)度到具有該污點(diǎn)的Node上样屠,同時(shí)也會(huì)將Node上已存在的Pod驅(qū)離
使用kubectl設(shè)置和去除污點(diǎn)的命令示例如下:
# 設(shè)置污點(diǎn)
kubectl taint nodes 節(jié)點(diǎn)名稱 key=value:effect
# 去除污點(diǎn)
kubectl taint nodes 節(jié)點(diǎn)名稱 key:effect-
# 去除所有污點(diǎn)
kubectl taint nodes 節(jié)點(diǎn)名稱 key-
接下來(lái)知举,演示下污點(diǎn)的效果:
- 準(zhǔn)備節(jié)點(diǎn)node1(為了演示效果更加明顯曙痘,暫時(shí)停止node2節(jié)點(diǎn))
- 為node1節(jié)點(diǎn)設(shè)置一個(gè)污點(diǎn):
tag=heima:PreferNoSchedule;然后創(chuàng)建pod1( pod1 可以 ) - 修改為node1節(jié)點(diǎn)設(shè)置一個(gè)污點(diǎn):
tag=heima:NoSchedule;然后創(chuàng)建pod2( pod1 正常 pod2 失敗 ) - 修改為node1節(jié)點(diǎn)設(shè)置一個(gè)污點(diǎn):
tag=heima:NoExecute淋纲;然后創(chuàng)建pod3 ( 3個(gè)pod都失敗 )
# 為node1設(shè)置污點(diǎn)(PreferNoSchedule)
[root@k8s-master01 ~]# kubectl taint nodes node1 tag=heima:PreferNoSchedule
# 創(chuàng)建pod1
[root@k8s-master01 ~]# kubectl run taint1 --image=nginx:1.17.1 -n dev
[root@k8s-master01 ~]# kubectl get pods -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE
taint1-7665f7fd85-574h4 1/1 Running 0 2m24s 10.244.1.59 node1
# 為node1設(shè)置污點(diǎn)(取消PreferNoSchedule,設(shè)置NoSchedule)
[root@k8s-master01 ~]# kubectl taint nodes node1 tag:PreferNoSchedule-
[root@k8s-master01 ~]# kubectl taint nodes node1 tag=heima:NoSchedule
# 創(chuàng)建pod2
[root@k8s-master01 ~]# kubectl run taint2 --image=nginx:1.17.1 -n dev
[root@k8s-master01 ~]# kubectl get pods taint2 -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE
taint1-7665f7fd85-574h4 1/1 Running 0 2m24s 10.244.1.59 node1
taint2-544694789-6zmlf 0/1 Pending 0 21s <none> <none>
# 為node1設(shè)置污點(diǎn)(取消NoSchedule跪妥,設(shè)置NoExecute)
[root@k8s-master01 ~]# kubectl taint nodes node1 tag:NoSchedule-
[root@k8s-master01 ~]# kubectl taint nodes node1 tag=heima:NoExecute
# 創(chuàng)建pod3
[root@k8s-master01 ~]# kubectl run taint3 --image=nginx:1.17.1 -n dev
[root@k8s-master01 ~]# kubectl get pods -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED
taint1-7665f7fd85-htkmp 0/1 Pending 0 35s <none> <none> <none>
taint2-544694789-bn7wb 0/1 Pending 0 35s <none> <none> <none>
taint3-6d78dbd749-tktkq 0/1 Pending 0 6s <none> <none> <none>
使用kubeadm搭建的集群芜赌,默認(rèn)就會(huì)給master節(jié)點(diǎn)添加一個(gè)污點(diǎn)標(biāo)記,所以pod就不會(huì)調(diào)度到master節(jié)點(diǎn)上.
容忍(Toleration)
上面介紹了污點(diǎn)的作用顷锰,我們可以在node上添加污點(diǎn)用于拒絕pod調(diào)度上來(lái)酝陈,但是如果就是想將一個(gè)pod調(diào)度到一個(gè)有污點(diǎn)的node上去待牵,這時(shí)候應(yīng)該怎么做呢?這就要使用到容忍。
污點(diǎn)就是拒絕健蕊,容忍就是忽略,Node通過(guò)污點(diǎn)拒絕pod調(diào)度上去歌懒,Pod通過(guò)容忍忽略拒絕
下面先通過(guò)一個(gè)案例看下效果:
- 上一小節(jié),已經(jīng)在node1節(jié)點(diǎn)上打上了
NoExecute的污點(diǎn)效扫,此時(shí)pod是調(diào)度不上去的 - 本小節(jié),可以通過(guò)給pod添加容忍郊供,然后將其調(diào)度上去
創(chuàng)建pod-toleration.yaml,內(nèi)容如下
apiVersion: v1
kind: Pod
metadata:
name: pod-toleration
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
tolerations: # 添加容忍
- key: "tag" # 要容忍的污點(diǎn)的key
operator: "Equal" # 操作符
value: "heima" # 容忍的污點(diǎn)的value
effect: "NoExecute" # 添加容忍的規(guī)則熙掺,這里必須和標(biāo)記的污點(diǎn)規(guī)則相同
# 添加容忍之前的pod
[root@k8s-master01 ~]# kubectl get pods -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED
pod-toleration 0/1 Pending 0 3s <none> <none> <none>
# 添加容忍之后的pod
[root@k8s-master01 ~]# kubectl get pods -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED
pod-toleration 1/1 Running 0 3s 10.244.1.62 node1 <none>
下面看一下容忍的詳細(xì)配置:
[root@k8s-master01 ~]# kubectl explain pod.spec.tolerations
......
FIELDS:
key
value
operator
effect
tolerationSeconds
- key 對(duì)應(yīng)著要容忍的污點(diǎn)的鍵费就,空意味著匹配所有的鍵
- value 對(duì)應(yīng)著要容忍的污點(diǎn)的值
- operator key-value的運(yùn)算符斗躏,支持Equal和Exists(默認(rèn))
- effect 對(duì)應(yīng)污點(diǎn)的effect静陈,空意味著匹配所有影響
- tolerationSeconds 容忍時(shí)間, 當(dāng)effect為NoExecute時(shí)生效,表示pod在Node上的停留時(shí)間
