Kubernetes 之 Pod 容忍度与节点污点
Pod 的容忍度与节点污点的定义
节点污点taints和 Pod 容忍度terlerations是结合使用的。它给了节点选择 Pod 的权利,污点设置了effect参数来选择 Pod,如果 Pod 的容忍度级别不够,那么 Pod 将不会出现在该节点上,反之,则有可能被分配这个节点上。控制节点默认设置的污点如下:
root@k8s-master1:~# kubectl describe nodes k8s-master1 | grep Taints
Taints: node-role.kubernetes.io/control-plane:NoSchedule
污点 effect 级别
| 级别 | 定义 |
|---|---|
| NoExecute | 最高级别,驱逐不能容忍该污点的 已经在运行的 Pod,不允许不容忍该污点 Pod 被调度上该节点 |
| NoSchedule | 不允许不容忍该污点 Pod 被调度器调度上该节点,但已运行的 Pod 不受干扰,不通过调度器调度的 Pod 也不受干扰 |
| PreferNoSchedule | 尽可能不调度不容忍该污点的 Pod 到此节点上 |
节点污点与 Pod 容忍度使用
先将两个工作节点打上运维污点
kubectl taint nodes k8s-worker1 maintenance:NoExecute kubectl taint nodes k8s-worker2 maintenance:NoExecute尝试创建一个 Pod 在工作节点上
root@k8s-master1:~# kubectl apply -f test-pod.yaml pod/k8s-test created root@k8s-master1:~# kubectl get pods -ntest NAME READY STATUS RESTARTS AGE k8s-test 0/1 Pending 0 12s root@k8s-master1:~# kubectl describe pods k8s-test -ntest Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning FailedScheduling 55s default-scheduler 0/3 nodes are available: 1 node(s) had untolerated taint {node-role.kubernetes.io/control-plane: }, 2 node(s) had untolerated taint {maintenance: }. preemption: 0/3 nodes are available: 3 Preemption is not helpful for scheduling.编写一个可以在控制节点上运行的 Pod
apiVersion: v1 kind: Pod metadata: name: pod-taint-pod namespace: default labels: app: taint spec: tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists containers: - name: k8s-test image: k8s-test:v1.0 imagePullPolicy: IfNotPresent ports: - containerPort: 80运行结果如下
root@k8s-master1:~# kubectl apply -f pod-taint-pod.yaml pod/pod-taint-pod created root@k8s-master1:~# kubectl get pods -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod-taint-pod 1/1 Running 0 13s 10.244.159.152 k8s-master1 <none> <none>删除
maintenance节点污点,并将k8s-worker1设置env=production污点,旨在不要轻易让 Pod 进入生产环境root@k8s-master1:~# kubectl taint nodes k8s-worker1 maintenance- node/k8s-worker1 untainted root@k8s-master1:~# kubectl taint nodes k8s-worker2 maintenance- node/k8s-worker2 untainted root@k8s-master1:~# kubectl taint nodes k8s-worker1 env=production:NoSchedule node/k8s-worker1 tainted root@k8s-master1:~# kubectl taint nodes k8s-worker2 env=dev:NoExecute node/k8s-worker2 tainted删除之前测试的 Pod,修改配置使其进入生产环境
apiVersion: v1 kind: Pod metadata: name: pod-taint-pod namespace: default labels: app: taint spec: tolerations: - key: env operator: Equal value: production effect: NoSchedule containers: - name: k8s-test image: k8s-test:v1.0 imagePullPolicy: IfNotPresent ports: - containerPort: 80root@k8s-master1:~# kubectl get pods -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod-taint-pod 1/1 Running 0 6s 10.244.194.89 k8s-worker1 <none> <none>