8.5. 污点和污点容忍度-Kubernets合辑5-Pod控制器

当前位置:　首页>> 技术小册>> Kubernets合辑5-Pod控制器

Node节点上污点管理

用法: 
  增加污点: kubectl taint node <node_name> key=value:effect
  取消污点: kubectl taint node <node_name> key=value:effect-
  查看污点: kubectl describe node <node_name>
effect:
    PreferNoSchedule: 优先不调度，但是其它节点不满足时可以调度
    NoSchedule: 禁止新的Pod调度，已经调度的Pod不会被驱逐
  NoExecute: 禁止新的Pod调度，并且已经运行在该节点时的，其不能容忍污点的Pod将被驱逐

# 查看master的污点
[root@maxiaoke local-k8s-yaml]# kubectl describe node centos-7-51 
Name:               centos-7-51
Roles:              master
Labels:             beta.kubernetes.io/arch=amd64
                    beta.kubernetes.io/os=linux
                    kubernetes.io/arch=amd64
                    kubernetes.io/hostname=centos-7-51
                    kubernetes.io/os=linux
                    node-role.kubernetes.io/master=
Annotations:        flannel.alpha.coreos.com/backend-data: {"VNI":1,"VtepMAC":"52:8a:0e:48:b4:92"}
                    flannel.alpha.coreos.com/backend-type: vxlan
                    flannel.alpha.coreos.com/kube-subnet-manager: true
                    flannel.alpha.coreos.com/public-ip: 10.4.7.51
                    kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
                    node.alpha.kubernetes.io/ttl: 0
                    volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp:  Fri, 04 Dec 2020 21:49:43 +0800
Taints:             node-role.kubernetes.io/master:NoSchedule  # 不可调度
......

# 以此作为示例Pod
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deploy
spec:
  replicas: 6
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx-demo
        image: linuxmaxiaoke/nginx:v1.0.0

# kubectl apply 部署上述的deployment后，Pod分散在三个不同的node上
[root@maxiaoke local-k8s-yaml]# kubectl get pod -o wide
NAME                            READY   STATUS    RESTARTS   AGE    IP             NODE          NOMINATED NODE   READINESS GATES
nginx-deploy-8697d45cb8-4x564   1/1     Running   0          4m9s   172.16.4.9     centos-7-55   <none>           <none>
nginx-deploy-8697d45cb8-bxms4   1/1     Running   0          4m9s   172.16.5.55    centos-7-56   <none>           <none>
nginx-deploy-8697d45cb8-c4rbf   1/1     Running   0          4m9s   172.16.3.171   centos-7-54   <none>           <none>
nginx-deploy-8697d45cb8-hvs92   1/1     Running   0          4m9s   172.16.3.172   centos-7-54   <none>           <none>
nginx-deploy-8697d45cb8-sbfvj   1/1     Running   0          4m9s   172.16.5.54    centos-7-56   <none>           <none>
nginx-deploy-8697d45cb8-sw5m4   1/1     Running   0          4m9s   172.16.4.10    centos-7-55   <none>           <none>

# 使用NoSchedule污点，发现并不会使得现有的Pod发生重调度
[root@maxiaoke local-k8s-yaml]# kubectl taint node centos-7-54 monitor=true:NoSchedule
node/centos-7-54 tainted
[root@maxiaoke local-k8s-yaml]# kubectl get pod -o wide
NAME                            READY   STATUS    RESTARTS   AGE     IP             NODE          NOMINATED NODE   READINESS GATES
nginx-deploy-8697d45cb8-4x564   1/1     Running   0          5m18s   172.16.4.9     centos-7-55   <none>           <none>
nginx-deploy-8697d45cb8-bxms4   1/1     Running   0          5m18s   172.16.5.55    centos-7-56   <none>           <none>
nginx-deploy-8697d45cb8-c4rbf   1/1     Running   0          5m18s   172.16.3.171   centos-7-54   <none>           <none>
nginx-deploy-8697d45cb8-hvs92   1/1     Running   0          5m18s   172.16.3.172   centos-7-54   <none>           <none>
nginx-deploy-8697d45cb8-sbfvj   1/1     Running   0          5m18s   172.16.5.54    centos-7-56   <none>           <none>
nginx-deploy-8697d45cb8-sw5m4   1/1     Running   0          5m18s   172.16.4.10    centos-7-55   <none>           <none>
# 更新deployment后，新的Pod不再调到 NoSchedule 节点
root@maxiaoke local-k8s-yaml]# kubectl set image deployment nginx-deploy nginx-demo=linuxmaxiaoke/nginx:v1.0.1
deployment.apps/nginx-deploy image updated
[root@maxiaoke local-k8s-yaml]# kubectl get pod -o wide
NAME                            READY   STATUS    RESTARTS   AGE   IP            NODE          NOMINATED NODE   READINESS GATES
nginx-deploy-8494c5b6c5-5ddd9   1/1     Running   0          8s    172.16.4.13   centos-7-55   <none>           <none>
nginx-deploy-8494c5b6c5-5zdjg   1/1     Running   0          10s   172.16.5.56   centos-7-56   <none>           <none>
nginx-deploy-8494c5b6c5-bqpgn   1/1     Running   0          10s   172.16.5.57   centos-7-56   <none>           <none>
nginx-deploy-8494c5b6c5-dq44w   1/1     Running   0          9s    172.16.4.12   centos-7-55   <none>           <none>
nginx-deploy-8494c5b6c5-pnvw6   1/1     Running   0          8s    172.16.5.58   centos-7-56   <none>           <none>
nginx-deploy-8494c5b6c5-xnf77   1/1     Running   0          10s   172.16.4.11   centos-7-55   <none>           <none>

# 设置NoExecute后，现有Pod会被驱逐
[root@maxiaoke local-k8s-yaml]# kubectl taint node centos-7-55 monitor=true:NoExecute
node/centos-7-55 tainted
[root@maxiaoke local-k8s-yaml]# kubectl get pod -o wide
NAME                            READY   STATUS    RESTARTS   AGE    IP            NODE          NOMINATED NODE   READINESS GATES
nginx-deploy-8494c5b6c5-5zdjg   1/1     Running   0          3m8s   172.16.5.56   centos-7-56   <none>           <none>
nginx-deploy-8494c5b6c5-bqpgn   1/1     Running   0          3m8s   172.16.5.57   centos-7-56   <none>           <none>
nginx-deploy-8494c5b6c5-bzc2c   1/1     Running   0          14s    172.16.5.60   centos-7-56   <none>           <none>
nginx-deploy-8494c5b6c5-f7k2b   1/1     Running   0          14s    172.16.5.62   centos-7-56   <none>           <none>
nginx-deploy-8494c5b6c5-pnvw6   1/1     Running   0          3m6s   172.16.5.58   centos-7-56   <none>           <none>
nginx-deploy-8494c5b6c5-s57tv   1/1     Running   0          14s    172.16.5.61   centos-7-56   <none>           <none>

Pod的污点容忍度

# api-server 能容忍所有NoExecute的污点，因此能在Master上运行
[root@maxiaoke local-k8s-yaml]# kubectl describe pod -n kube-system kube-apiserver-centos-7-51  
......
Tolerations:       :NoExecute

# 清除所有节点的污点后，执行以下操作。模拟Prometheus(Prometheus占用内存巨大，推荐单独部署到一个固有节点)的部署
[root@maxiaoke local-k8s-yaml]# kubectl label node centos-7-56 prometheus=true
node/centos-7-56 labeled
[root@maxiaoke local-k8s-yaml]# kubectl taint node centos-7-56 monitor=true:NoSchedule
node/centos-7-56 tainted

apiVersion: apps/v1
kind: Deployment
metadata:
  name: prometheus
spec:
  replicas: 1
  selector:
    matchLabels:
      app: prometheus
  template:
    metadata:
      labels:
        app: prometheus
    spec:
      containers:
      - name: prometheus-demo
        image: linuxmaxiaoke/nginx:v1.0.1
      nodeSelector:
        prometheus: "true"
      tolerations:
      - key: monitor
        operator: Exists
        effect: NoSchedule

# 通过节点选择器和污点容忍度，实现独占一个节点
[root@maxiaoke local-k8s-yaml]# kubectl get pod -o wide
NAME                          READY   STATUS    RESTARTS   AGE     IP            NODE          NOMINATED NODE   READINESS GATES
prometheus-76f64854b7-sxdq9   1/1     Running   0          2m21s   172.16.5.71   centos-7-56   <none>           <none>

该分类下的相关小册推荐：

Kubernets合辑11-持续集成

Kubernets合辑15-持续部署

云原生-K8S入门实战

Kubernets合辑14-日志收集

Kubernets合辑12-配置中心

Kubernetes中文教程(四)

Kubernets合辑9-资源约束

Kubernetes中文教程(二)

Kubernets合辑8-权限控制

Kubernetes中文教程(一)

Kubernets合辑13-集群监控

Kubernets合辑6-服务发现