Taints and Tolerations
Taints用于排斥特定节点上的 pod:
为了将pod分配到打了taint的节点,需要给pod设置toleration:
示例
Node1 被污染为蓝色,只有能够容忍这种颜色的 pod 才能调度到上面:
但这并不意味着pod D只能调度到node1:
实践
默认情况,node没有taints:
手动加taint:
kubectl taint node ip-192-168-175-56.us-west-2.compute.internal key=value:NoSchedule
此时新创建的pod都不会在这个node上分布:
kubectl run nginx --image=nginx --replicas=5
[@BDSZYF000132741:Downloads]$ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-7db9fccd9b-7qcn4 1/1 Running 0 9s 192.168.82.29 ip-192-168-87-237.us-west-2.compute.internal <none> <none>
nginx-7db9fccd9b-8kfd9 1/1 Running 0 9s 192.168.247.20 ip-192-168-209-134.us-west-2.compute.internal <none> <none>
nginx-7db9fccd9b-dx722 1/1 Running 0 9s 192.168.217.125 ip-192-168-209-134.us-west-2.compute.internal <none> <none>
nginx-7db9fccd9b-gqk68 1/1 Running 0 9s 192.168.123.204 ip-192-168-87-237.us-west-2.compute.internal <none> <none>
nginx-7db9fccd9b-w4m5s 1/1 Running 0 9s 192.168.251.24 ip-192-168-209-134.us-west-2.compute.internal <none> <none>
toleration
apiVersion: apps/v1
kind: Deployment
metadata:
name: toleration-demo
spec:
replicas: 5
selector:
matchLabels:
tier: frontend
template:
metadata:
labels:
tier: frontend
spec:
containers:
- name: nginx
image: nginx
tolerations:
- key: "key"
operator: "Exists"
effect: "NoSchedule"
pod可以分布在加了taint的node:
toleration-demo-6bbc5c4797-89cb6 1/1 Running 0 6s 192.168.123.204 ip-192-168-87-237.us-west-2.compute.internal <none> <none>
toleration-demo-6bbc5c4797-8sldl 1/1 Running 0 6s 192.168.165.38 ip-192-168-175-56.us-west-2.compute.internal <none> <none>
toleration-demo-6bbc5c4797-gxjm6 1/1 Running 0 6s 192.168.251.24 ip-192-168-209-134.us-west-2.compute.internal <none> <none>
toleration-demo-6bbc5c4797-hwgts 1/1 Running 0 6s 192.168.136.147 ip-192-168-175-56.us-west-2.compute.internal <none> <none>
toleration-demo-6bbc5c4797-ztc4m 1/1 Running 0 6s 192.168.217.125 ip-192-168-209-134.us-west-2.compute.internal <none> <none>
删除taint
在原来的命令后面加上-即可:
[@BDSZYF000132741:Downloads]$ kubectl taint node ip-192-168-175-56.us-west-2.compute.internal key=value:NoSchedule-
node/ip-192-168-175-56.us-west-2.compute.internal untainted
为什么master节点不会运行pod
查看master节点,发现它有一条Taints,所以创建pod或deployment时,由于没有指定toleration,所以pod都不会运行在master节点
Taints and Tolerations的参数
| Parameter | Description |
|---|---|
| key | A key is any string upto 253 characters. |
| value | The value is any string, up to 63 characters. |
| effect | NoSchedule / PreferNoSchedule / NoExecute |
| operator | Equal / Exist |
例如:kubectl taint node worker01 key=value:NoSchedule
Effects
| Effects | Description |
|---|---|
NoSchedule |
与taint不匹配的新 Pod 不会调度到该节点上。节点上的现有 Pod 保留。 |
PreferNoSchedule |
与taint不匹配的新 Pod 可能会被调度到该节点上,但调度程序会尝试不这样做。节点上的现有 Pod 保留。 |
NoExecute |
与taint不匹配的新 Pod 无法调度到该节点上。节点上不具有匹配容忍度的现有 pod 将被删除。 |
Operator
| Operator | Description |
|---|---|
| Equal | The key/value/effect must match. This is the default. |
| Exists | The key/value parameters must match. 必须保留一个空白值参数,该参数与任何参数匹配。 |
NoExecute测试
# 创建五个pod
[@:Downloads]$ kubectl run nginx --image=nginx --replicas=5
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/nginx created
# 此时pod分布在三个worker node
[@:Downloads]$ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-7db9fccd9b-4grlc 1/1 Running 0 7s 192.168.73.129 ip-192-168-87-237.us-west-2.compute.internal <none> <none>
nginx-7db9fccd9b-4qd77 1/1 Running 0 7s 192.168.198.141 ip-192-168-209-134.us-west-2.compute.internal <none> <none>
nginx-7db9fccd9b-hmm49 1/1 Running 0 7s 192.168.134.206 ip-192-168-175-56.us-west-2.compute.internal <none> <none>
nginx-7db9fccd9b-rsjfs 1/1 Running 0 7s 192.168.140.76 ip-192-168-175-56.us-west-2.compute.internal <none> <none>
nginx-7db9fccd9b-xmvgm 1/1 Running 0 7s
[@:Downloads]$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
ip-192-168-175-56.us-west-2.compute.internal Ready <none> 131d v1.13.8-eks-cd3eb0
ip-192-168-209-134.us-west-2.compute.internal Ready <none> 132d v1.13.8-eks-cd3eb0
ip-192-168-87-237.us-west-2.compute.internal Ready <none> 132d v1.13.8-eks-cd3eb0
# 将第二个node taint,
[@:Downloads]$ kubectl taint node ip-192-168-209-134.us-west-2.compute.internal key=value:NoExecute
node/ip-192-168-209-134.us-west-2.compute.internal tainted
# 此时pod自动转移到其他两个node
[@:Downloads]$ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
busybox-7887f8ddcb-bd479 1/1 Running 54 2d6h 192.168.88.27 ip-192-168-87-237.us-west-2.compute.internal <none> <none>
nginx-7db9fccd9b-4grlc 1/1 Running 0 53s 192.168.73.129 ip-192-168-87-237.us-west-2.compute.internal <none> <none>
nginx-7db9fccd9b-hmm49 1/1 Running 0 53s 192.168.134.206 ip-192-168-175-56.us-west-2.compute.internal <none> <none>
nginx-7db9fccd9b-rsjfs 1/1 Running 0 53s 192.168.140.76 ip-192-168-175-56.us-west-2.compute.internal <none> <none>
nginx-7db9fccd9b-tw7pr 1/1 Running 0 7s 192.168.88.73 ip-192-168-87-237.us-west-2.compute.internal <none> <none>
nginx-7db9fccd9b-v49hf 1/1 Running 0 7s 192.168.156.39 ip-192-168-175-56.us-west-2.compute.internal <none> <none>