九 pod:污点taint 与容忍度tolerations( 二 )


[root@k8scloude1 pod]# kubectl get nodes -l kubernetes.io/hostname=k8scloude1NAMESTATUSROLESAGEVERSIONk8scloude1Readycontrol-plane,master8dv1.21.0创建pod,因为k8scloude1上有污点,pod1不能运行在k8scloude1上,所以pod1状态为Pending
[root@k8scloude1 pod]# kubectl apply -f schedulepod4.yamlpod/pod1 created #因为k8scloude1上有污点 , pod1不能运行在k8scloude1上 , 所以pod1状态为Pending[root@k8scloude1 pod]# kubectl get pod -o wideNAMEREADYSTATUSRESTARTSAGEIPNODENOMINATED NODEREADINESS GATESpod10/1Pending09s<none><none><none><none>[root@k8scloude1 pod]# kubectl delete pod pod1 --forcewarning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.pod "pod1" force deleted[root@k8scloude1 pod]# kubectl get pod -o wideNo resources found in pod namespace.四.容忍度tolerations4.1 容忍度tolerations概览容忍度(Toleration) 是应用于 Pod 上的 。容忍度允许调度器调度带有对应污点的 Pod 。容忍度允许调度但并不保证调度:作为其功能的一部分,调度器也会评估其他参数 。
污点和容忍度(Toleration)相互配合,可以用来避免 Pod 被分配到不合适的节点上 。每个节点上都可以应用一个或多个污点,这表示对于那些不能容忍这些污点的 Pod ,  是不会被该节点接受的 。
4.2 设置容忍度tolerations只有拥有和这个污点相匹配的容忍度的 Pod 才能够被分配到 node节点 。
查看k8scloude1节点的污点
[root@k8scloude1 pod]# kubectl describe nodes k8scloude1 | grep -i taintTaints:node-role.kubernetes.io/master:NoSchedule你可以在 Pod 规约中为 Pod 设置容忍度,创建pod,tolerations参数表示可以容忍污点:node-role.kubernetes.io/master:NoSchedule,nodeSelector:kubernetes.io/hostname: k8scloude1表示pod运行在标签为kubernetes.io/hostname=k8scloude1的节点上 。
[root@k8scloude1 pod]# vim schedulepod4.yaml [root@k8scloude1 pod]# cat schedulepod4.yamlapiVersion: v1kind: Podmetadata:creationTimestamp: nulllabels:run: pod1name: pod1namespace: podspec:tolerations:- key: "node-role.kubernetes.io/master"operator: "Equal"value: ""effect: "NoSchedule"nodeSelector:kubernetes.io/hostname: k8scloude1containers:- image: nginximagePullPolicy: IfNotPresentname: pod1resources: {}ports:- name: httpcontainerPort: 80protocol: TCPhostPort: 80dnsPolicy: ClusterFirstrestartPolicy: Alwaysstatus: {}[root@k8scloude1 pod]# kubectl get pods -o wideNo resources found in pod namespace.[root@k8scloude1 pod]# kubectl apply -f schedulepod4.yamlpod/pod1 created查看pod,即使k8scloude1节点有污点,pod还是正常运行 。
taint污点和cordon,drain的区别:某个节点上有污点 , 可以设置tolerations容忍度,让pod运行在该节点,某个节点被cordon,drain , 则该节点不能被分配出去运行pod 。
关于cordon , drain的详细信息,请查看博客《cordon节点 , drain驱逐节点,delete 节点》https://www.cnblogs.com/renshengdezheli/p/16860674.html
[root@k8scloude1 pod]# kubectl get pods -o wideNAMEREADYSTATUSRESTARTSAGEIPNODENOMINATED NODEREADINESS GATESpod11/1Running04s10.244.158.84k8scloude1<none><none>[root@k8scloude1 pod]# kubectl delete pod pod1 --forcewarning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.pod "pod1" force deleted[root@k8scloude1 pod]# kubectl get pods -o wideNo resources found in pod namespace.注意,tolerations容忍度有两种写法,任选一种即可:
tolerations:- key: "key1"operator: "Equal"value: "value1"effect: "NoSchedule"tolerations:- key: "key1"operator: "Exists"effect: "NoSchedule"给k8scloude2节点打标签
[root@k8scloude1 pod]# kubectl label nodes k8scloude2 taint=Tnode/k8scloude2 labeled[root@k8scloude1 pod]# kubectl get node --show-labelsNAMESTATUSROLESAGEVERSIONLABELSk8scloude1Readycontrol-plane,master8dv1.21.0beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8scloude1,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master=,node.kubernetes.io/exclude-from-external-load-balancers=k8scloude2Ready<none>8dv1.21.0beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8scloude2,kubernetes.io/os=linux,taint=Tk8scloude3Ready<none>8dv1.21.0beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8scloude3,kubernetes.io/os=linux对k8scloude2设置污点
#污点taint的格式:键=值:NoSchedule[root@k8scloude1 pod]# kubectl taint node k8scloude2 wudian=true:NoSchedulenode/k8scloude2 tainted[root@k8scloude1 pod]# kubectl describe nodes k8scloude2 | grep -i TaintsTaints:wudian=true:NoSchedule

推荐阅读