其他分享
首页 > 其他分享> > 九、k8s入门系列---- Taints 、Tolerations

九、k8s入门系列---- Taints 、Tolerations

作者:互联网

  这节讲跟POD调度相关的另外2个概念:Taints (污点)、 Tolerations(容忍)

  Taints

  NodeAffinity节点亲和性是pod上定义的一种属性,让pod能够被调度到某些node上运行,Taint(污点)则刚好相反,它让Node拒绝Pod运行,taint也是针对node。

  给节点设置污点的命令如下,其中 key/value 作用是使用Tolerations时作为匹配的标签存在:

kubectl taint node [node] key=value[effect]

  其中 effect 有下列可取值:

     如果一个POD没有声明容忍这个taint,则系统不会把该 POD 调度到这个Taint的node上

     NoSchedule的软限制版本,如果一个Pod 没有声明容忍这个Taint , 则系统会尽量避免把这个pod调度到这一节点上,但不是强制的

 

     定义Pod的驱逐行为,以应对节点故障。其对节点上正在运行的pod有以下影响:

  实验一下,先查看node 上运行的 pod:

[root@ylserver10686071 ~]# kubectl get pods -n prod -o wide|grep ylserver10686073
affinity002-59b9b4cfcd-8ph9d    1/1     Running   0          147m    10.233.72.51   ylserver10686073   <none>           <none>
busybox-bbf7c9c98-2nph4         1/1     Running   0          5d5h    10.233.72.44   ylserver10686073   <none>           <none>
stateapp-0                      1/1     Running   0          6d1h    10.233.72.43   ylserver10686073   <none>           <none>
web001-69bd6f8c5f-nvgmj         1/1     Running   0          24h     10.233.72.47   ylserver10686073   <none>           <none>
web002-79c6bc455-lsx6z          1/1     Running   0          3d22h   10.233.72.46   ylserver10686073   <none>           <none>
[root@ylserver10686071 ~]# 

  配置下污点,effect为 PreferNoSchedule,然后查看pod运行情况:

[root@ylserver10686071 ~]# kubectl taint node ylserver10686073 database=mysql:PreferNoSchedule
node/ylserver10686073 tainted
[root@ylserver10686071 ~]# kubectl get pods -n prod -o wide|grep ylserver10686073
affinity002-59b9b4cfcd-8ph9d    1/1     Running   0          150m    10.233.72.51   ylserver10686073   <none>           <none>
busybox-bbf7c9c98-2nph4         1/1     Running   0          5d5h    10.233.72.44   ylserver10686073   <none>           <none>
stateapp-0                      1/1     Running   0          6d1h    10.233.72.43   ylserver10686073   <none>           <none>
web001-69bd6f8c5f-nvgmj         1/1     Running   0          24h     10.233.72.47   ylserver10686073   <none>           <none>
web002-79c6bc455-lsx6z          1/1     Running   0          3d23h   10.233.72.46   ylserver10686073   <none>           <none>
[root@ylserver10686071 ~]# 

  配置下污点 effect 为 NoSchedule ,看pod是否会被驱逐:

[root@ylserver10686071 ~]# kubectl taint node ylserver10686073 database=mysql:NoSchedule
node/ylserver10686073 tainted
[root@ylserver10686071 ~]# kubectl get pods -n prod -o wide|grep ylserver10686073
affinity002-59b9b4cfcd-8ph9d    1/1     Running   0          152m    10.233.72.51   ylserver10686073   <none>           <none>
busybox-bbf7c9c98-2nph4         1/1     Running   0          5d5h    10.233.72.44   ylserver10686073   <none>           <none>
stateapp-0                      1/1     Running   0          6d1h    10.233.72.43   ylserver10686073   <none>           <none>
web001-69bd6f8c5f-nvgmj         1/1     Running   0          24h     10.233.72.47   ylserver10686073   <none>           <none>
web002-79c6bc455-lsx6z          1/1     Running   0          3d23h   10.233.72.46   ylserver10686073   <none>           <none>
[root@ylserver10686071 ~]# 

  可以看到effect 为 NoSchedule的时候,node上的pod还是会正常运行,不会被驱逐。

  

  配置下污点 effect 为 NoExecute ,可以看到 POD 正在被驱逐中:

[root@ylserver10686071 ~]# kubectl taint node ylserver10686073 database=mysql:NoExecute
node/ylserver10686073 tainted
[root@ylserver10686071 ~]# kubectl get pods -n prod -o wide|grep ylserver10686073
affinity002-59b9b4cfcd-8ph9d    1/1     Terminating         0          154m    10.233.72.51   ylserver10686073   <none>           <none>
busybox-bbf7c9c98-2nph4         1/1     Terminating         0          5d5h    10.233.72.44   ylserver10686073   <none>           <none>
stateapp-0                      1/1     Terminating         0          6d1h    10.233.72.43   ylserver10686073   <none>           <none>
web001-69bd6f8c5f-nvgmj         1/1     Terminating         0          24h     10.233.72.47   ylserver10686073   <none>           <none>
web002-79c6bc455-lsx6z          1/1     Terminating         0          3d23h   10.233.72.46   ylserver10686073   <none>           <none>
[root@ylserver10686071 ~]# 

  查看node节点污点情况:

[root@ylserver10686071 ~]# kubectl describe node ylserver10686073|grep -4 Taints
                    projectcalico.org/IPv4Address: 10.68.60.73/24
                    projectcalico.org/IPv4IPIPTunnelAddr: 10.233.72.0
                    volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp:  Mon, 12 Jul 2021 14:02:28 +0800
Taints:             database=mysql:NoExecute
                    database=mysql:NoSchedule
                    database=mysql:PreferNoSchedule
Unschedulable:      false
Lease:
[root@ylserver10686071 ~]# 

  删除node节点 的key为database,effect 为NoExecute的taint:

[root@ylserver10686071 ~]# kubectl taint node ylserver10686073 database:NoExecute-
node/ylserver10686073 untainted
[root@ylserver10686071 ~]# 

  删除node 节点 key为database的所有taint:

[root@ylserver10686071 ~]# kubectl taint node ylserver10686073 database-
node/ylserver10686073 untainted
[root@ylserver10686071 ~]# 

  此时查看node的taints,可以看到前面创建的taint都被删除:

[root@ylserver10686071 ~]# kubectl describe node ylserver10686073|grep -2 Taints
                    volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp:  Mon, 12 Jul 2021 14:02:28 +0800
Taints:             <none>
Unschedulable:      false
Lease:
[root@ylserver10686071 ~]# 

  使用命令 kubectl cordon 可以使某个node 停止被调度,验证一下:

[root@ylserver10686071 ~]# kubectl cordon ylserver10686072
node/ylserver10686072 cordoned
[root@ylserver10686071 ~]# kubectl get nodes
NAME               STATUS                     ROLES    AGE   VERSION
ylserver10686071   Ready                      master   15d   v1.19.10
ylserver10686072   Ready,SchedulingDisabled   master   15d   v1.19.10
ylserver10686073   Ready                      master   15d   v1.19.10
[root@ylserver10686071 ~]# 

  查看下该node的污点情况,可以看到给节点打上了 effect为NoSchedule的 taint:

[root@ylserver10686071 ~]# kubectl describe node ylserver10686072|grep -2 Taints
                    volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp:  Mon, 12 Jul 2021 14:00:48 +0800
Taints:             node.kubernetes.io/unschedulable:NoSchedule
Unschedulable:      true
Lease:
[root@ylserver10686071 ~]# 

  恢复节点正常调度:

[root@ylserver10686071 ~]# kubectl uncordon ylserver10686072
node/ylserver10686072 uncordoned
[root@ylserver10686071 ~]# kubectl describe node ylserver10686072|grep -2 Taints
                    volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp:  Mon, 12 Jul 2021 14:00:48 +0800
Taints:             <none>
Unschedulable:      false
Lease:
[root@ylserver10686071 ~]# 

  

 

标签:node,kubectl,10.233,Taints,----,Tolerations,root,ylserver10686071,ylserver106860
来源: https://www.cnblogs.com/fenggq/p/15065585.html