测试开发技术网站
博客
设计
设计
开发
Python
测试
unittest
运维
Linux基础应用
CI/CD
CI/CD
数据库
数据库
云计算
云计算
云原生
云原生
爬虫
爬虫
数据分析
数据分析
人工智能
人工智能
登录
注册
Kubernetes----Pod配置污点和容忍
收藏本文
作者:redrose2100 类别: 日期:2022-05-23 13:28:24 阅读:917 次 消耗积分:0 分
# 一、污点 ## 1.1 污点简介 亲和性调度的方式都是站在Pod的角度上,通过在Pod上增肌属性来将Pod调度到到指定的节点上,其实也可以站在Node节点的角度上,通过给Node节点设置属性,来决定是否允许Pod调度过来,这就是污点 Node被设置上污点之后就和Pod存在了一种相斥的关系,进而拒绝Pod调度进来,甚至可以将已经存在的Pod驱逐出去 污点的格式为 key=value:effect,key和value是污点的标签,effect描述五点多额作用,支持如下三个选项 * PreferNoSchedule:Kubernetes将尽量避免把Pod调度到具有此污点的Node上,除非每一偶哦其他节点可调度了 * NoSchedule:Kubernetes将不会把Pod调度到具有该污点的Node上,但不会影响当前Node上已经存在的Pod * NoExecute:Kubernetes将不会把Pod调度到具有此污点的Node上,同时也会将Node上已经存在的Pod驱离 ![](/static/upload/20220523_132735.png) ## 1.2 污点命令 ```bash # 设置污点 kubectl taint nodes node1 key=value:effect # 去除污点 kubectl taint nodes node1 key:effect- # 去除所有污点 kubectl taint nodes node1 key- ``` ## 1.3 污点实例演示 如下给node1设置一个污点,尽量不要调度过来pod ```bash [root@master resource_manage]# kubectl taint nodes node1 name=nginx:PreferNoSchedule node/node1 tainted [root@master resource_manage]# ``` 然后创建一个pod ```bash [root@master resource_manage]# kubectl run nginx --image=nginx:1.17.1 --port=80 pod/nginx created [root@master resource_manage]# ``` 然后查询可以看到此时直接调度到node2了,不会调度到node1的,当然如果此时node2挂了,只有node1了,当然也会调度过来的 ```bash [root@master resource_manage]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx 1/1 Running 0 7s 10.244.2.48 node2
[root@master resource_manage]# ``` 通过如下命令可以查看指定节点的污点有哪些 ```bash [root@master resource_manage]# kubectl describe node node1 Name: node1 Roles:
Labels: beta.kubernetes.io/arch=amd64 beta.kubernetes.io/os=linux kubernetes.io/arch=amd64 kubernetes.io/hostname=node1 kubernetes.io/os=linux nodeenv=test Annotations: flannel.alpha.coreos.com/backend-data: {"VNI":1,"VtepMAC":"ba:fe:1f:25:fe:26"} flannel.alpha.coreos.com/backend-type: vxlan flannel.alpha.coreos.com/kube-subnet-manager: true flannel.alpha.coreos.com/public-ip: 192.168.16.41 kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock node.alpha.kubernetes.io/ttl: 0 volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Mon, 14 Mar 2022 14:41:02 +0800 Taints: name=nginx:PreferNoSchedule Unschedulable: false Lease: HolderIdentity: node1 AcquireTime:
RenewTime: Sat, 26 Mar 2022 00:00:54 +0800 Conditions: Type Status LastHeartbeatTime LastTransitionTime Reason Message ---- ------ ----------------- ------------------ ------ ------- NetworkUnavailable False Mon, 14 Mar 2022 14:43:39 +0800 Mon, 14 Mar 2022 14:43:39 +0800 FlannelIsUp Flannel is running on this node MemoryPressure False Fri, 25 Mar 2022 23:58:57 +0800 Mon, 14 Mar 2022 14:41:02 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available DiskPressure False Fri, 25 Mar 2022 23:58:57 +0800 Mon, 14 Mar 2022 14:41:02 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure PIDPressure False Fri, 25 Mar 2022 23:58:57 +0800 Mon, 14 Mar 2022 14:41:02 +0800 KubeletHasSufficientPID kubelet has sufficient PID available Ready True Fri, 25 Mar 2022 23:58:57 +0800 Mon, 14 Mar 2022 14:43:42 +0800 KubeletReady kubelet is posting ready status Addresses: InternalIP: 192.168.16.41 Hostname: node1 Capacity: cpu: 8 ephemeral-storage: 208357992Ki hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 32882960Ki pods: 110 Allocatable: cpu: 8 ephemeral-storage: 192022725110 hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 32780560Ki pods: 110 System Info: Machine ID: f9c2b25f57184e06b8855490b4be6013 System UUID: d1042642-3933-564f-4f2d-279b5e96cead Boot ID: 8517c1cc-8935-452e-9efb-a34f396b98a5 Kernel Version: 5.4.179-200.el7.x86_64 OS Image: CentOS Linux 7 (Core) Operating System: linux Architecture: amd64 Container Runtime Version: docker://20.10.9 Kubelet Version: v1.21.2 Kube-Proxy Version: v1.21.2 PodCIDR: 10.244.1.0/24 PodCIDRs: 10.244.1.0/24 Non-terminated Pods: (4 in total) Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits Age --------- ---- ------------ ---------- --------------- ------------- --- kube-system kube-flannel-ds-gg4jq 100m (1%) 100m (1%) 50Mi (0%) 50Mi (0%) 11d kube-system kube-proxy-tqzjl 0 (0%) 0 (0%) 0 (0%) 0 (0%) 11d kubernetes-dashboard dashboard-metrics-scraper-c45b7869d-7ll25 0 (0%) 0 (0%) 0 (0%) 0 (0%) 11d kubernetes-dashboard kubernetes-dashboard-79b5779bf4-t28b4 0 (0%) 0 (0%) 0 (0%) 0 (0%) 11d Allocated resources: (Total limits may be over 100 percent, i.e., overcommitted.) Resource Requests Limits -------- -------- ------ cpu 100m (1%) 100m (1%) memory 50Mi (0%) 50Mi (0%) ephemeral-storage 0 (0%) 0 (0%) hugepages-1Gi 0 (0%) 0 (0%) hugepages-2Mi 0 (0%) 0 (0%) Events:
[root@master resource_manage]# ``` 通过如下命令可以删除污点 ```bash [root@master resource_manage]# kubectl taint nodes node1 name:PreferNoSchedule- node/node1 untainted [root@master resource_manage]# ``` ## 1.4 为什么Kubernetes在创建Pod的时候不会在master节点创建? 通过如下命令可以看到master节点是默认设置了污点的。如下,master节点被设置了 node-role.kubernetes.io/master:NoSchedule类型的污点,因此在创建pod的时候是不会往master节点调度的 ```bash [root@master resource_manage]# kubectl describe nodes master Name: master Roles: control-plane,master Labels: beta.kubernetes.io/arch=amd64 beta.kubernetes.io/os=linux kubernetes.io/arch=amd64 kubernetes.io/hostname=master kubernetes.io/os=linux node-role.kubernetes.io/control-plane= node-role.kubernetes.io/master= node.kubernetes.io/exclude-from-external-load-balancers= Annotations: flannel.alpha.coreos.com/backend-data: {"VNI":1,"VtepMAC":"02:f6:8e:03:60:51"} flannel.alpha.coreos.com/backend-type: vxlan flannel.alpha.coreos.com/kube-subnet-manager: true flannel.alpha.coreos.com/public-ip: 192.168.16.40 kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock node.alpha.kubernetes.io/ttl: 0 volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Mon, 14 Mar 2022 14:38:03 +0800 Taints: node-role.kubernetes.io/master:NoSchedule Unschedulable: false Lease: HolderIdentity: master AcquireTime:
RenewTime: Sat, 26 Mar 2022 00:05:31 +0800 Conditions: Type Status LastHeartbeatTime LastTransitionTime Reason Message ---- ------ ----------------- ------------------ ------ ------- NetworkUnavailable False Mon, 14 Mar 2022 14:42:58 +0800 Mon, 14 Mar 2022 14:42:58 +0800 FlannelIsUp Flannel is running on this node MemoryPressure False Sat, 26 Mar 2022 00:01:28 +0800 Mon, 14 Mar 2022 14:38:02 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available DiskPressure False Sat, 26 Mar 2022 00:01:28 +0800 Mon, 14 Mar 2022 14:38:02 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure PIDPressure False Sat, 26 Mar 2022 00:01:28 +0800 Mon, 14 Mar 2022 14:38:02 +0800 KubeletHasSufficientPID kubelet has sufficient PID available Ready True Sat, 26 Mar 2022 00:01:28 +0800 Mon, 14 Mar 2022 14:43:03 +0800 KubeletReady kubelet is posting ready status Addresses: InternalIP: 192.168.16.40 Hostname: master Capacity: cpu: 8 ephemeral-storage: 208357992Ki hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 32882960Ki pods: 110 Allocatable: cpu: 8 ephemeral-storage: 192022725110 hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 32780560Ki pods: 110 System Info: Machine ID: f9c2b25f57184e06b8855490b4be6013 System UUID: c5d32642-f84c-61ef-ac7f-d65ae6880a51 Boot ID: 9cbc9b25-2cf2-42d8-aa89-1fdab687c447 Kernel Version: 5.4.179-200.el7.x86_64 OS Image: CentOS Linux 7 (Core) Operating System: linux Architecture: amd64 Container Runtime Version: docker://20.10.9 Kubelet Version: v1.21.2 Kube-Proxy Version: v1.21.2 PodCIDR: 10.244.0.0/24 PodCIDRs: 10.244.0.0/24 Non-terminated Pods: (6 in total) Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits Age --------- ---- ------------ ---------- --------------- ------------- --- kube-system etcd-master 100m (1%) 0 (0%) 100Mi (0%) 0 (0%) 11d kube-system kube-apiserver-master 250m (3%) 0 (0%) 0 (0%) 0 (0%) 11d kube-system kube-controller-manager-master 200m (2%) 0 (0%) 0 (0%) 0 (0%) 11d kube-system kube-flannel-ds-n76xj 100m (1%) 100m (1%) 50Mi (0%) 50Mi (0%) 11d kube-system kube-proxy-h27ms 0 (0%) 0 (0%) 0 (0%) 0 (0%) 11d kube-system kube-scheduler-master 100m (1%) 0 (0%) 0 (0%) 0 (0%) 11d Allocated resources: (Total limits may be over 100 percent, i.e., overcommitted.) Resource Requests Limits -------- -------- ------ cpu 750m (9%) 100m (1%) memory 150Mi (0%) 50Mi (0%) ephemeral-storage 0 (0%) 0 (0%) hugepages-1Gi 0 (0%) 0 (0%) hugepages-2Mi 0 (0%) 0 (0%) Events:
[root@master resource_manage]# ``` # 二、容忍 ## 2.1 容忍简介 当对一个node节点定义了污点,但是又希望某一些pod是可以调度到带有污点的节点上,此时就需要容忍了,污点就是拒绝,容忍就是忽略,Node通过污点拒绝Pod调度上去,Pod通过容忍忽略拒绝,如下: ![](/static/upload/20220523_132817.png) ## 2.2 容忍实战 首先给node1设置NoSchedule污点(此时为演示,可以先保持只有node1一个节点,将其他节点关闭) ```bash [root@master resource_manage]# kubectl taint nodes node1 name=nginx:NoSchedule node/node1 tainted [root@master resource_manage]# ``` 然后编辑带有容忍的pod_toleration.yaml文件,内容如下: ```bash apiVersion: v1 kind: Namespace metadata: name: dev --- apiVersion: v1 kind: Pod metadata: name: nginx-pod namespace: dev spec: containers: - name: nginx image: nginx:1.17.1 tolerations: - key: "name" operator: "Equal" value: "nginx" effect: "NoSchedule" ``` 然后使用如下命令创建资源 ```bash [root@master resource_manage]# kubectl apply -f pod_toleration.yaml namespace/dev created pod/nginx-pod created [root@master resource_manage]# ``` 然后通过如下命令查看,可以发现此时还是可以调度到node1节点上的 ```bash [root@master resource_manage]# kubectl get pod -n dev -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-pod 1/1 Running 0 13s 10.244.2.49 node1
[root@master resource_manage]# ``` ## 2.3 容忍配置项说明 通过如下命令可以查看配置项的说明: ```bash [root@master resource_manage]# kubectl explain pod.spec.tolerations KIND: Pod VERSION: v1 RESOURCE: tolerations <[]Object> DESCRIPTION: If specified, the pod's tolerations. The pod this Toleration is attached to tolerates any taint that matches the triple
using the matching operator
. FIELDS: effect
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. key
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. operator
Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. tolerationSeconds
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. value
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. [root@master resource_manage]# ```
始终坚持开源开放共享精神,同时感谢您的充电鼓励和支持!
版权所有,转载本站文章请注明出处:redrose2100, http://blog.redrose2100.com/article/268
上一篇:
Kubernetes----Pod亲和性调度
下一篇:
Kubernetes----Pod控制器简介
搜索
个人成就
出版书籍
《Pytest企业级应用实战》
测试开发技术全栈公众号
测试开发技术全栈公众号
DevOps技术交流微信群
加微信邀请进群
常用网站链接
开源软件洞察
云原生技术栈全景图
Python语言官方文档
Golang官方文档
Docker官方文档
Jenkins中文用户手册
Scrapy官方文档
VUE官方文档
Harbor官方文档
openQA官方文档
云原生开源社区
开源中国
Kubernetes中文文档
Markdown语法官方教程
Kubernetes中文社区
Kubersphere官方文档
BootStrap中文网站
JavaScript中文网
NumPy官方文档
Pandas官方文档
GitLink确实开源网站
数据库排名网站
编程语言排名网站
SEO综合查询网站
数学加减法练习自动生成网站
Kickstart Generator
文章分类
最新文章
最多阅读
特别推荐
×
Close
登录
注册
找回密码
登录邮箱:
登录密码:
图片验证码:
注册邮箱:
注册密码:
邮箱验证码:
发送邮件
注册邮箱:
新的密码:
邮箱验证码:
发送邮件