九、k8s入门系列---- Taints 、Tolerations
作者:互联网
这节讲跟POD调度相关的另外2个概念:Taints (污点)、 Tolerations(容忍)
Taints
NodeAffinity节点亲和性是pod上定义的一种属性,让pod能够被调度到某些node上运行,Taint(污点)则刚好相反,它让Node拒绝Pod运行,taint也是针对node。
给节点设置污点的命令如下,其中 key/value 作用是使用Tolerations时作为匹配的标签存在:
kubectl taint node [node] key=value[effect]
其中 effect 有下列可取值:
- NoSchedule
如果一个POD没有声明容忍这个taint,则系统不会把该 POD 调度到这个Taint的node上
- PreferNoSchedule
NoSchedule的软限制版本,如果一个Pod 没有声明容忍这个Taint , 则系统会尽量避免把这个pod调度到这一节点上,但不是强制的
- NoExecute
定义Pod的驱逐行为,以应对节点故障。其对节点上正在运行的pod有以下影响:
-
- 没有设置Toleration的pod会被立刻驱逐
- 配置了对应的Toleration的pod,如果没有为TolerationSeconds赋值,则为一直留在这一节点上,配置的话,则会在指定时间后驱逐
实验一下,先查看node 上运行的 pod:
[root@ylserver10686071 ~]# kubectl get pods -n prod -o wide|grep ylserver10686073 affinity002-59b9b4cfcd-8ph9d 1/1 Running 0 147m 10.233.72.51 ylserver10686073 <none> <none> busybox-bbf7c9c98-2nph4 1/1 Running 0 5d5h 10.233.72.44 ylserver10686073 <none> <none> stateapp-0 1/1 Running 0 6d1h 10.233.72.43 ylserver10686073 <none> <none> web001-69bd6f8c5f-nvgmj 1/1 Running 0 24h 10.233.72.47 ylserver10686073 <none> <none> web002-79c6bc455-lsx6z 1/1 Running 0 3d22h 10.233.72.46 ylserver10686073 <none> <none> [root@ylserver10686071 ~]#
配置下污点,effect为 PreferNoSchedule,然后查看pod运行情况:
[root@ylserver10686071 ~]# kubectl taint node ylserver10686073 database=mysql:PreferNoSchedule node/ylserver10686073 tainted [root@ylserver10686071 ~]# kubectl get pods -n prod -o wide|grep ylserver10686073 affinity002-59b9b4cfcd-8ph9d 1/1 Running 0 150m 10.233.72.51 ylserver10686073 <none> <none> busybox-bbf7c9c98-2nph4 1/1 Running 0 5d5h 10.233.72.44 ylserver10686073 <none> <none> stateapp-0 1/1 Running 0 6d1h 10.233.72.43 ylserver10686073 <none> <none> web001-69bd6f8c5f-nvgmj 1/1 Running 0 24h 10.233.72.47 ylserver10686073 <none> <none> web002-79c6bc455-lsx6z 1/1 Running 0 3d23h 10.233.72.46 ylserver10686073 <none> <none> [root@ylserver10686071 ~]#
配置下污点 effect 为 NoSchedule ,看pod是否会被驱逐:
[root@ylserver10686071 ~]# kubectl taint node ylserver10686073 database=mysql:NoSchedule node/ylserver10686073 tainted [root@ylserver10686071 ~]# kubectl get pods -n prod -o wide|grep ylserver10686073 affinity002-59b9b4cfcd-8ph9d 1/1 Running 0 152m 10.233.72.51 ylserver10686073 <none> <none> busybox-bbf7c9c98-2nph4 1/1 Running 0 5d5h 10.233.72.44 ylserver10686073 <none> <none> stateapp-0 1/1 Running 0 6d1h 10.233.72.43 ylserver10686073 <none> <none> web001-69bd6f8c5f-nvgmj 1/1 Running 0 24h 10.233.72.47 ylserver10686073 <none> <none> web002-79c6bc455-lsx6z 1/1 Running 0 3d23h 10.233.72.46 ylserver10686073 <none> <none> [root@ylserver10686071 ~]#
可以看到effect 为 NoSchedule的时候,node上的pod还是会正常运行,不会被驱逐。
配置下污点 effect 为 NoExecute ,可以看到 POD 正在被驱逐中:
[root@ylserver10686071 ~]# kubectl taint node ylserver10686073 database=mysql:NoExecute node/ylserver10686073 tainted [root@ylserver10686071 ~]# kubectl get pods -n prod -o wide|grep ylserver10686073 affinity002-59b9b4cfcd-8ph9d 1/1 Terminating 0 154m 10.233.72.51 ylserver10686073 <none> <none> busybox-bbf7c9c98-2nph4 1/1 Terminating 0 5d5h 10.233.72.44 ylserver10686073 <none> <none> stateapp-0 1/1 Terminating 0 6d1h 10.233.72.43 ylserver10686073 <none> <none> web001-69bd6f8c5f-nvgmj 1/1 Terminating 0 24h 10.233.72.47 ylserver10686073 <none> <none> web002-79c6bc455-lsx6z 1/1 Terminating 0 3d23h 10.233.72.46 ylserver10686073 <none> <none> [root@ylserver10686071 ~]#
查看node节点污点情况:
[root@ylserver10686071 ~]# kubectl describe node ylserver10686073|grep -4 Taints projectcalico.org/IPv4Address: 10.68.60.73/24 projectcalico.org/IPv4IPIPTunnelAddr: 10.233.72.0 volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Mon, 12 Jul 2021 14:02:28 +0800 Taints: database=mysql:NoExecute database=mysql:NoSchedule database=mysql:PreferNoSchedule Unschedulable: false Lease: [root@ylserver10686071 ~]#
删除node节点 的key为database,effect 为NoExecute的taint:
[root@ylserver10686071 ~]# kubectl taint node ylserver10686073 database:NoExecute- node/ylserver10686073 untainted [root@ylserver10686071 ~]#
删除node 节点 key为database的所有taint:
[root@ylserver10686071 ~]# kubectl taint node ylserver10686073 database- node/ylserver10686073 untainted [root@ylserver10686071 ~]#
此时查看node的taints,可以看到前面创建的taint都被删除:
[root@ylserver10686071 ~]# kubectl describe node ylserver10686073|grep -2 Taints volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Mon, 12 Jul 2021 14:02:28 +0800 Taints: <none> Unschedulable: false Lease: [root@ylserver10686071 ~]#
使用命令 kubectl cordon 可以使某个node 停止被调度,验证一下:
[root@ylserver10686071 ~]# kubectl cordon ylserver10686072 node/ylserver10686072 cordoned [root@ylserver10686071 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION ylserver10686071 Ready master 15d v1.19.10 ylserver10686072 Ready,SchedulingDisabled master 15d v1.19.10 ylserver10686073 Ready master 15d v1.19.10 [root@ylserver10686071 ~]#
查看下该node的污点情况,可以看到给节点打上了 effect为NoSchedule的 taint:
[root@ylserver10686071 ~]# kubectl describe node ylserver10686072|grep -2 Taints volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Mon, 12 Jul 2021 14:00:48 +0800 Taints: node.kubernetes.io/unschedulable:NoSchedule Unschedulable: true Lease: [root@ylserver10686071 ~]#
恢复节点正常调度:
[root@ylserver10686071 ~]# kubectl uncordon ylserver10686072 node/ylserver10686072 uncordoned [root@ylserver10686071 ~]# kubectl describe node ylserver10686072|grep -2 Taints volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Mon, 12 Jul 2021 14:00:48 +0800 Taints: <none> Unschedulable: false Lease: [root@ylserver10686071 ~]#
标签:node,kubectl,10.233,Taints,----,Tolerations,root,ylserver10686071,ylserver106860 来源: https://www.cnblogs.com/fenggq/p/15065585.html