我要评论一.系统环境
| 服务器版本 | docker软件版本 | kubernetes(k8s)集群版本 | cpu架构 |
|---|---|---|---|
| centos linux release 7.4.1708 (core) | docker version 20.10.12 | v1.21.9 | x86_64 |
kubernetes集群架构:k8scloude1作为master节点,k8scloude2,k8scloude3作为worker节点
| 服务器 | 操作系统版本 | cpu架构 | 进程 | 功能描述 |
|---|---|---|---|---|
| k8scloude1/192.168.110.130 | centos linux release 7.4.1708 (core) | x86_64 | docker,kube-apiserver,etcd,kube-scheduler,kube-controller-manager,kubelet,kube-proxy,coredns,calico | k8s master节点 |
| k8scloude2/192.168.110.129 | centos linux release 7.4.1708 (core) | x86_64 | docker,kubelet,kube-proxy,calico | k8s worker节点 |
| k8scloude3/192.168.110.128 | centos linux release 7.4.1708 (core) | x86_64 | docker,kubelet,kube-proxy,calico | k8s worker节点 |
二.前言
本文介绍污点taint 与容忍度tolerations,可以影响pod的调度。
使用污点taint 与容忍度tolerations的前提是已经有一套可以正常运行的kubernetes集群,关于kubernetes(k8s)集群的安装部署,可以查看博客《centos7 安装部署kubernetes(k8s)集群》
三.污点taint
3.1 污点taint概览
节点亲和性 是 pod 的一种属性,它使 pod 被吸引到一类特定的节点 (这可能出于一种偏好,也可能是硬性要求)。 污点(taint) 则相反——它使节点能够排斥一类特定的 pod。
3.2 给节点添加污点taint
给节点增加一个污点的语法如下:给节点 node1 增加一个污点,它的键名是 key1,键值是 value1,效果是 noschedule。 这表示只有拥有和这个污点相匹配的容忍度的 pod 才能够被分配到 node1 这个节点。
#污点的格式:键=值:noschedule kubectl taint nodes node1 key1=value1:noschedule #只有键没有值的话,格式为:键:noschedule kubectl taint nodes node1 key1:noschedule
移除污点语法如下:
kubectl taint nodes node1 key1=value1:noschedule-
节点的描述信息里有一个taints字段,taints字段表示节点有没有污点
[root@k8scloude1 deploy]# kubectl get nodes -o wide
name status roles age version internal-ip external-ip os-image kernel-version container-runtime
k8scloude1 ready control-plane,master 8d v1.21.0 192.168.110.130 <none> centos linux 7 (core) 3.10.0-693.el7.x86_64 docker://20.10.12
k8scloude2 ready <none> 8d v1.21.0 192.168.110.129 <none> centos linux 7 (core) 3.10.0-693.el7.x86_64 docker://20.10.12
k8scloude3 ready <none> 8d v1.21.0 192.168.110.128 <none> centos linux 7 (core) 3.10.0-693.el7.x86_64 docker://20.10.12
[root@k8scloude1 deploy]# kubectl describe nodes k8scloude1
name: k8scloude1
roles: control-plane,master
labels: beta.kubernetes.io/arch=amd64
beta.kubernetes.io/os=linux
kubernetes.io/arch=amd64
kubernetes.io/hostname=k8scloude1
kubernetes.io/os=linux
node-role.kubernetes.io/control-plane=
node-role.kubernetes.io/master=
node.kubernetes.io/exclude-from-external-load-balancers=
annotations: kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
node.alpha.kubernetes.io/ttl: 0
projectcalico.org/ipv4address: 192.168.110.130/24
projectcalico.org/ipv4ipiptunneladdr: 10.244.158.64
volumes.kubernetes.io/controller-managed-attach-detach: true
creationtimestamp: sun, 09 jan 2022 16:19:06 +0800
taints: node-role.kubernetes.io/master:noschedule
unschedulable: false
......
查看节点是否有污点,taints: node-role.kubernetes.io/master:noschedule表示k8s集群的master节点有污点,这是默认就存在的污点,这也是master节点为什么不能运行应用pod的原因。
[root@k8scloude1 deploy]# kubectl describe nodes k8scloude2 | grep -i taints taints: <none> [root@k8scloude1 deploy]# kubectl describe nodes k8scloude1 | grep -i taints taints: node-role.kubernetes.io/master:noschedule [root@k8scloude1 deploy]# kubectl describe nodes k8scloude3 | grep -i taints taints: <none>
创建pod,nodeselector:kubernetes.io/hostname: k8scloude1表示pod运行在标签为kubernetes.io/hostname=k8scloude1的节点上。
关于pod的调度详细内容,请查看博客《pod(八):pod的调度——将 pod 指派给节点》
[root@k8scloude1 pod]# vim schedulepod4.yaml
[root@k8scloude1 pod]# cat schedulepod4.yaml
apiversion: v1
kind: pod
metadata:
creationtimestamp: null
labels:
run: pod1
name: pod1
namespace: pod
spec:
nodeselector:
kubernetes.io/hostname: k8scloude1
containers:
- image: nginx
imagepullpolicy: ifnotpresent
name: pod1
resources: {}
ports:
- name: http
containerport: 80
protocol: tcp
hostport: 80
dnspolicy: clusterfirst
restartpolicy: always
status: {}
标签为kubernetes.io/hostname=k8scloude1的节点为k8scloude1节点
[root@k8scloude1 pod]# kubectl get nodes -l kubernetes.io/hostname=k8scloude1 name status roles age version k8scloude1 ready control-plane,master 8d v1.21.0
创建pod,因为k8scloude1上有污点,pod1不能运行在k8scloude1上,所以pod1状态为pending
[root@k8scloude1 pod]# kubectl apply -f schedulepod4.yaml pod/pod1 created #因为k8scloude1上有污点,pod1不能运行在k8scloude1上,所以pod1状态为pending [root@k8scloude1 pod]# kubectl get pod -o wide name ready status restarts age ip node nominated node readiness gates pod1 0/1 pending 0 9s <none> <none> <none> <none> [root@k8scloude1 pod]# kubectl delete pod pod1 --force warning: immediate deletion does not wait for confirmation that the running resource has been terminated. the resource may continue to run on the cluster indefinitely. pod "pod1" force deleted [root@k8scloude1 pod]# kubectl get pod -o wide no resources found in pod namespace.
四.容忍度tolerations
4.1 容忍度tolerations概览
容忍度(toleration) 是应用于 pod 上的。容忍度允许调度器调度带有对应污点的 pod。 容忍度允许调度但并不保证调度:作为其功能的一部分, 调度器也会评估其他参数。
污点和容忍度(toleration)相互配合,可以用来避免 pod 被分配到不合适的节点上。 每个节点上都可以应用一个或多个污点,这表示对于那些不能容忍这些污点的 pod, 是不会被该节点接受的。
4.2 设置容忍度tolerations
只有拥有和这个污点相匹配的容忍度的 pod 才能够被分配到 node节点。
查看k8scloude1节点的污点
[root@k8scloude1 pod]# kubectl describe nodes k8scloude1 | grep -i taint taints: node-role.kubernetes.io/master:noschedule
你可以在 pod 规约中为 pod 设置容忍度,创建pod,tolerations参数表示可以容忍污点:node-role.kubernetes.io/master:noschedule ,nodeselector:kubernetes.io/hostname: k8scloude1表示pod运行在标签为kubernetes.io/hostname=k8scloude1的节点上。
[root@k8scloude1 pod]# vim schedulepod4.yaml
[root@k8scloude1 pod]# cat schedulepod4.yaml
apiversion: v1
kind: pod
metadata:
creationtimestamp: null
labels:
run: pod1
name: pod1
namespace: pod
spec:
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "equal"
value: ""
effect: "noschedule"
nodeselector:
kubernetes.io/hostname: k8scloude1
containers:
- image: nginx
imagepullpolicy: ifnotpresent
name: pod1
resources: {}
ports:
- name: http
containerport: 80
protocol: tcp
hostport: 80
dnspolicy: clusterfirst
restartpolicy: always
status: {}
[root@k8scloude1 pod]# kubectl get pods -o wide
no resources found in pod namespace.
[root@k8scloude1 pod]# kubectl apply -f schedulepod4.yaml
pod/pod1 created
查看pod,即使k8scloude1节点有污点,pod还是正常运行。
taint污点和cordon,drain的区别:某个节点上有污点,可以设置tolerations容忍度,让pod运行在该节点,某个节点被cordon,drain,则该节点不能被分配出去运行pod。
关于cordon,drain的详细信息,请查看博客
[root@k8scloude1 pod]# kubectl get pods -o wide name ready status restarts age ip node nominated node readiness gates pod1 1/1 running 0 4s 10.244.158.84 k8scloude1 <none> <none> [root@k8scloude1 pod]# kubectl delete pod pod1 --force warning: immediate deletion does not wait for confirmation that the running resource has been terminated. the resource may continue to run on the cluster indefinitely. pod "pod1" force deleted [root@k8scloude1 pod]# kubectl get pods -o wide no resources found in pod namespace.
注意,tolerations容忍度有两种写法,任选一种即可:
tolerations: - key: "key1" operator: "equal" value: "value1" effect: "noschedule" tolerations: - key: "key1" operator: "exists" effect: "noschedule"
给k8scloude2节点打标签
[root@k8scloude1 pod]# kubectl label nodes k8scloude2 taint=t node/k8scloude2 labeled [root@k8scloude1 pod]# kubectl get node --show-labels name status roles age version labels k8scloude1 ready control-plane,master 8d v1.21.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8scloude1,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master=,node.kubernetes.io/exclude-from-external-load-balancers= k8scloude2 ready <none> 8d v1.21.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8scloude2,kubernetes.io/os=linux,taint=t k8scloude3 ready <none> 8d v1.21.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8scloude3,kubernetes.io/os=linux
对k8scloude2设置污点
#污点taint的格式:键=值:noschedule [root@k8scloude1 pod]# kubectl taint node k8scloude2 wudian=true:noschedule node/k8scloude2 tainted [root@k8scloude1 pod]# kubectl describe nodes k8scloude2 | grep -i taints taints: wudian=true:noschedule
创建pod,tolerations参数表示容忍污点wudian=true:noschedule,nodeselector:taint: t参数表示pod运行在标签为nodeselector=taint: t的节点。
[root@k8scloude1 pod]# vim schedulepod4.yaml
[root@k8scloude1 pod]# cat schedulepod4.yaml
apiversion: v1
kind: pod
metadata:
creationtimestamp: null
labels:
run: pod1
name: pod1
namespace: pod
spec:
tolerations:
- key: "wudian"
operator: "equal"
value: "true"
effect: "noschedule"
nodeselector:
taint: t
containers:
- image: nginx
imagepullpolicy: ifnotpresent
name: pod1
resources: {}
ports:
- name: http
containerport: 80
protocol: tcp
hostport: 80
dnspolicy: clusterfirst
restartpolicy: always
status: {}
[root@k8scloude1 pod]# kubectl get pod -o wide
no resources found in pod namespace.
[root@k8scloude1 pod]# kubectl apply -f schedulepod4.yaml
pod/pod1 created
查看pod,k8scloude2节点就算有污点也能运行pod
[root@k8scloude1 pod]# kubectl get pods -o wide name ready status restarts age ip node nominated node readiness gates pod1 1/1 running 0 8s 10.244.112.177 k8scloude2 <none> <none> [root@k8scloude1 pod]# kubectl delete pod pod1 --force warning: immediate deletion does not wait for confirmation that the running resource has been terminated. the resource may continue to run on the cluster indefinitely. pod "pod1" force deleted [root@k8scloude1 pod]# kubectl get pods -o wide no resources found in pod namespace.
污点容忍的另一种写法:operator: "exists",没有value值。
[root@k8scloude1 pod]# vim schedulepod4.yaml
[root@k8scloude1 pod]# cat schedulepod4.yaml
apiversion: v1
kind: pod
metadata:
creationtimestamp: null
labels:
run: pod1
name: pod1
namespace: pod
spec:
tolerations:
- key: "wudian"
operator: "exists"
effect: "noschedule"
nodeselector:
taint: t
containers:
- image: nginx
imagepullpolicy: ifnotpresent
name: pod1
resources: {}
ports:
- name: http
containerport: 80
protocol: tcp
hostport: 80
dnspolicy: clusterfirst
restartpolicy: always
status: {}
[root@k8scloude1 pod]# kubectl apply -f schedulepod4.yaml
pod/pod1 created
查看pod,k8scloude2节点就算有污点也能运行pod
[root@k8scloude1 pod]# kubectl get pods -o wide name ready status restarts age ip node nominated node readiness gates pod1 1/1 running 0 10s 10.244.112.178 k8scloude2 <none> <none> [root@k8scloude1 pod]# kubectl delete pod pod1 --force warning: immediate deletion does not wait for confirmation that the running resource has been terminated. the resource may continue to run on the cluster indefinitely. pod "pod1" force deleted [root@k8scloude1 pod]# kubectl get pods -o wide no resources found in pod namespace.
给k8scloude2节点再添加一个污点
[root@k8scloude1 pod]# kubectl describe nodes k8scloude2 | grep taints
taints: wudian=true:noschedule
[root@k8scloude1 pod]# kubectl taint node k8scloude2 zang=shide:noschedule
node/k8scloude2 tainted
[root@k8scloude1 pod]# kubectl describe nodes k8scloude2 | grep taints
taints: wudian=true:noschedule
[root@k8scloude1 pod]# kubectl describe nodes k8scloude2 | grep -a2 taints
taints: wudian=true:noschedule
zang=shide:noschedule
unschedulable: false
[root@k8scloude1 pod]# kubectl describe nodes k8scloude2 | grep -a1 taints
taints: wudian=true:noschedule
zang=shide:noschedule
创建pod,tolerations参数表示容忍2个污点:wudian=true:noschedule和zang=shide:noschedule,nodeselector:taint: t参数表示pod运行在标签为nodeselector=taint: t的节点。
[root@k8scloude1 pod]# vim schedulepod4.yaml
[root@k8scloude1 pod]# cat schedulepod4.yaml
apiversion: v1
kind: pod
metadata:
creationtimestamp: null
labels:
run: pod1
name: pod1
namespace: pod
spec:
tolerations:
- key: "wudian"
operator: "equal"
value: "true"
effect: "noschedule"
- key: "zang"
operator: "equal"
value: "shide"
effect: "noschedule"
nodeselector:
taint: t
containers:
- image: nginx
imagepullpolicy: ifnotpresent
name: pod1
resources: {}
ports:
- name: http
containerport: 80
protocol: tcp
hostport: 80
dnspolicy: clusterfirst
restartpolicy: always
status: {}
[root@k8scloude1 pod]# kubectl apply -f schedulepod4.yaml
pod/pod1 created
查看pod,k8scloude2节点就算有2个污点也能运行pod
[root@k8scloude1 pod]# kubectl get pods -o wide name ready status restarts age ip node nominated node readiness gates pod1 1/1 running 0 6s 10.244.112.179 k8scloude2 <none> <none> [root@k8scloude1 pod]# kubectl delete pod pod1 --force warning: immediate deletion does not wait for confirmation that the running resource has been terminated. the resource may continue to run on the cluster indefinitely. pod "pod1" force deleted
创建pod,tolerations参数表示容忍污点:wudian=true:noschedule,nodeselector:taint: t参数表示pod运行在标签为nodeselector=taint: t的节点。
[root@k8scloude1 pod]# vim schedulepod4.yaml
[root@k8scloude1 pod]# cat schedulepod4.yaml
apiversion: v1
kind: pod
metadata:
creationtimestamp: null
labels:
run: pod1
name: pod1
namespace: pod
spec:
tolerations:
- key: "wudian"
operator: "equal"
value: "true"
effect: "noschedule"
nodeselector:
taint: t
containers:
- image: nginx
imagepullpolicy: ifnotpresent
name: pod1
resources: {}
ports:
- name: http
containerport: 80
protocol: tcp
hostport: 80
dnspolicy: clusterfirst
restartpolicy: always
status: {}
[root@k8scloude1 pod]# kubectl apply -f schedulepod4.yaml
pod/pod1 created
查看pod,一个节点有两个污点值,但是yaml文件只容忍一个,所以pod创建不成功。
[root@k8scloude1 pod]# kubectl get pods -o wide name ready status restarts age ip node nominated node readiness gates pod1 0/1 pending 0 8s <none> <none> <none> <none> [root@k8scloude1 pod]# kubectl delete pod pod1 --force warning: immediate deletion does not wait for confirmation that the running resource has been terminated. the resource may continue to run on the cluster indefinitely. pod "pod1" force deleted [root@k8scloude1 pod]# kubectl get pods -o wide no resources found in pod namespace.
取消k8scloude2污点
[root@k8scloude1 pod]# kubectl describe nodes k8scloude2 | grep -a2 taints
taints: wudian=true:noschedule
zang=shide:noschedule
unschedulable: false
#取消污点
[root@k8scloude1 pod]# kubectl taint node k8scloude2 zang-
node/k8scloude2 untainted
[root@k8scloude1 pod]# kubectl taint node k8scloude2 wudian-
node/k8scloude2 untainted
[root@k8scloude1 pod]# kubectl describe nodes k8scloude1 | grep -a2 taints
taints: node-role.kubernetes.io/master:noschedule
unschedulable: false
lease:
[root@k8scloude1 pod]# kubectl describe nodes k8scloude2 | grep -a2 taints
taints: <none>
unschedulable: false
lease:
[root@k8scloude1 pod]# kubectl describe nodes k8scloude3 | grep -a2 taints
taints: <none>
unschedulable: false
lease:
tips:如果自身机器有限,只能有一台机器,则可以把master节点的污点taint取消,就可以在master上运行pod了。
以上就是pod污点taint 与容忍度tolerations详解的详细内容,更多关于污点taint容忍度tolerations 的资料请关注代码网其它相关文章!
发表评论