如何將k8s中的某些節點單獨、僅給某些應用來使用

一就是一發表於2022-03-02
K8S

1、概述

在k8s叢集的使用場景中有這樣的一種情況,某些機器只給某些特殊的應用來使用。那麼,這個時候,需要有以下的2個條件來進行保障:

  • 節點不允許其他的pod來使用
  • 應用只允許被排程到該節點上

2、實現方法

我們如果要實現上述的目標,節點不被其他的pod應用來使用,那麼將節點增加taints就可以,然後,pod在排程的時候有可能會被排程到其他的節點上,那麼要保證pod只會被排程到這些的節點上,那麼,在打了taints的節點上,在增加label即可。

下面是具體的實現的過程。

2.1、節點上增加taints和標籤

kubectl taint nodes nccztsjb-node-23 role=master:NoSchedule

這樣節點上就不允許沒有toleration的pod執行

kubectl label nodes nccztsjb-node-23 dedicated=prod

2.2、pod上設定toleration和nodeSelector

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-taints
  namespace: default
spec:
  progressDeadlineSeconds: 600
  selector:
    matchLabels:
      app: nginx-taints
  replicas: 5
  template:
    metadata:
      labels:
        app: nginx-taints
    spec:
      containers:
      - image: 172.20.58.152/middleware/nginx:1.21.4
        imagePullPolicy: IfNotPresent
        name: nginx
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      tolerations:
      - key: "role"
        operator: "Exists"
        effect: "NoSchedule"
      nodeSelector:
        dedicated: "prod"

toleration保證pod可以在這個節點上執行,nodeSelector保證pod只在有包含dedicated=prod的標籤節點上執行。

執行結果:

kubectl apply -f nginx-taints.yaml

檢視pod執行狀態

[root@nccztsjb-node-23 ~]# kubectl get pod -l app=nginx-taints -o wide
NAME                            READY   STATUS    RESTARTS   AGE   IP               NODE               NOMINATED NODE   READINESS GATES
nginx-taints-78b7978fd5-7sjm5   1/1     Running   0          5s    172.39.209.112   nccztsjb-node-23   <none>           <none>
nginx-taints-78b7978fd5-97hg9   1/1     Running   0          3s    172.39.209.116   nccztsjb-node-23   <none>           <none>
nginx-taints-78b7978fd5-bswrb   1/1     Running   0          5s    172.39.209.113   nccztsjb-node-23   <none>           <none>
nginx-taints-78b7978fd5-lfwzm   1/1     Running   0          5s    172.39.209.114   nccztsjb-node-23   <none>           <none>
nginx-taints-78b7978fd5-vxhfq   1/1     Running   0          3s    172.39.209.115   nccztsjb-node-23   <none>           <none>
[root@nccztsjb-node-23 ~]#

pod的多個例項都執行在nccztsjb-node-23上了。

OK,以上是基本的配置過程。

如果#1:pod沒有設定toleration

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-taints
  namespace: default
spec:
  progressDeadlineSeconds: 600
  selector:
    matchLabels:
      app: nginx-taints
  replicas: 5
  template:
    metadata:
      labels:
        app: nginx-taints
    spec:
      containers:
      - image: 172.20.58.152/middleware/nginx:1.21.4
        imagePullPolicy: IfNotPresent
        name: nginx
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      #tolerations:
      #- key: "role"
      #  operator: "Exists"
      #  effect: "NoSchedule"
      nodeSelector:
        dedicated: "prod"

執行pod及檢視結果

[root@nccztsjb-node-23 ~]# kubectl apply -f nginx-taints.yaml 
deployment.apps/nginx-taints created
[root@nccztsjb-node-23 ~]# kubectl get pod -l app=nginx-taints -o wide
NAME                            READY   STATUS    RESTARTS   AGE   IP       NODE     NOMINATED NODE   READINESS GATES
nginx-taints-7cfdd85578-67smg   0/1     Pending   0          1s    <none>   <none>   <none>           <none>
nginx-taints-7cfdd85578-877zb   0/1     Pending   0          1s    <none>   <none>   <none>           <none>
nginx-taints-7cfdd85578-nl8p6   0/1     Pending   0          1s    <none>   <none>   <none>           <none>
nginx-taints-7cfdd85578-qgf4t   0/1     Pending   0          1s    <none>   <none>   <none>           <none>
nginx-taints-7cfdd85578-vw987   0/1     Pending   0          1s    <none>   <none>   <none>           <none>
[root@nccztsjb-node-23 ~]#

都未被排程到節點上。

如果#2:節點上未設定nodeSelector

[root@nccztsjb-node-23 ~]# cat nginx-taints.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-taints
  namespace: default
spec:
  progressDeadlineSeconds: 600
  selector:
    matchLabels:
      app: nginx-taints
  replicas: 5
  template:
    metadata:
      labels:
        app: nginx-taints
    spec:
      containers:
      - image: 172.20.58.152/middleware/nginx:1.21.4
        imagePullPolicy: IfNotPresent
        name: nginx
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      tolerations:
      - key: "role"
        operator: "Exists"
        effect: "NoSchedule"
      #nodeSelector:
       # dedicated: "prod"

執行及檢視pod的狀態

[root@nccztsjb-node-23 ~]# kubectl apply -f nginx-taints.yaml 
deployment.apps/nginx-taints created
[root@nccztsjb-node-23 ~]# kubectl get pod -l app=nginx-taints -o wide
NAME                            READY   STATUS    RESTARTS   AGE   IP               NODE               NOMINATED NODE   READINESS GATES
nginx-taints-6cb85bb844-8ggsc   1/1     Running   0          3s    172.39.209.117   nccztsjb-node-23   <none>           <none>
nginx-taints-6cb85bb844-flbf2   1/1     Running   0          3s    172.39.21.121    nccztsjb-node-25   <none>           <none>
nginx-taints-6cb85bb844-gjlqm   1/1     Running   0          3s    172.39.21.120    nccztsjb-node-25   <none>           <none>
nginx-taints-6cb85bb844-hrxfr   1/1     Running   0          3s    172.39.157.206   nccztsjb-node-24   <none>           <none>
nginx-taints-6cb85bb844-q9vfk   1/1     Running   0          3s    172.39.157.201   nccztsjb-node-24   <none>           <none>
[root@nccztsjb-node-23 ~]#

這樣的結果就是pod可以在任意的節點上執行了,不僅僅是在nccztsjb-node-23節點上。

相關文章