1、概述
在k8s叢集的使用場景中有這樣的一種情況,某些機器只給某些特殊的應用來使用。那麼,這個時候,需要有以下的2個條件來進行保障:
- 節點不允許其他的pod來使用
- 應用只允許被排程到該節點上
2、實現方法
我們如果要實現上述的目標,節點不被其他的pod應用來使用,那麼將節點增加taints就可以,然後,pod在排程的時候有可能會被排程到其他的節點上,那麼要保證pod只會被排程到這些的節點上,那麼,在打了taints的節點上,在增加label即可。
下面是具體的實現的過程。
2.1、節點上增加taints和標籤
kubectl taint nodes nccztsjb-node-23 role=master:NoSchedule這樣節點上就不允許沒有toleration的pod執行
kubectl label nodes nccztsjb-node-23 dedicated=prod2.2、pod上設定toleration和nodeSelector
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-taints
namespace: default
spec:
progressDeadlineSeconds: 600
selector:
matchLabels:
app: nginx-taints
replicas: 5
template:
metadata:
labels:
app: nginx-taints
spec:
containers:
- image: 172.20.58.152/middleware/nginx:1.21.4
imagePullPolicy: IfNotPresent
name: nginx
dnsPolicy: ClusterFirst
restartPolicy: Always
tolerations:
- key: "role"
operator: "Exists"
effect: "NoSchedule"
nodeSelector:
dedicated: "prod"toleration保證pod可以在這個節點上執行,nodeSelector保證pod只在有包含dedicated=prod的標籤節點上執行。
執行結果:
kubectl apply -f nginx-taints.yaml檢視pod執行狀態
[root@nccztsjb-node-23 ~]# kubectl get pod -l app=nginx-taints -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-taints-78b7978fd5-7sjm5 1/1 Running 0 5s 172.39.209.112 nccztsjb-node-23 <none> <none>
nginx-taints-78b7978fd5-97hg9 1/1 Running 0 3s 172.39.209.116 nccztsjb-node-23 <none> <none>
nginx-taints-78b7978fd5-bswrb 1/1 Running 0 5s 172.39.209.113 nccztsjb-node-23 <none> <none>
nginx-taints-78b7978fd5-lfwzm 1/1 Running 0 5s 172.39.209.114 nccztsjb-node-23 <none> <none>
nginx-taints-78b7978fd5-vxhfq 1/1 Running 0 3s 172.39.209.115 nccztsjb-node-23 <none> <none>
[root@nccztsjb-node-23 ~]# pod的多個例項都執行在nccztsjb-node-23上了。
OK,以上是基本的配置過程。
如果#1:pod沒有設定toleration
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-taints
namespace: default
spec:
progressDeadlineSeconds: 600
selector:
matchLabels:
app: nginx-taints
replicas: 5
template:
metadata:
labels:
app: nginx-taints
spec:
containers:
- image: 172.20.58.152/middleware/nginx:1.21.4
imagePullPolicy: IfNotPresent
name: nginx
dnsPolicy: ClusterFirst
restartPolicy: Always
#tolerations:
#- key: "role"
# operator: "Exists"
# effect: "NoSchedule"
nodeSelector:
dedicated: "prod"執行pod及檢視結果
[root@nccztsjb-node-23 ~]# kubectl apply -f nginx-taints.yaml
deployment.apps/nginx-taints created
[root@nccztsjb-node-23 ~]# kubectl get pod -l app=nginx-taints -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-taints-7cfdd85578-67smg 0/1 Pending 0 1s <none> <none> <none> <none>
nginx-taints-7cfdd85578-877zb 0/1 Pending 0 1s <none> <none> <none> <none>
nginx-taints-7cfdd85578-nl8p6 0/1 Pending 0 1s <none> <none> <none> <none>
nginx-taints-7cfdd85578-qgf4t 0/1 Pending 0 1s <none> <none> <none> <none>
nginx-taints-7cfdd85578-vw987 0/1 Pending 0 1s <none> <none> <none> <none>
[root@nccztsjb-node-23 ~]# 都未被排程到節點上。
如果#2:節點上未設定nodeSelector
[root@nccztsjb-node-23 ~]# cat nginx-taints.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-taints
namespace: default
spec:
progressDeadlineSeconds: 600
selector:
matchLabels:
app: nginx-taints
replicas: 5
template:
metadata:
labels:
app: nginx-taints
spec:
containers:
- image: 172.20.58.152/middleware/nginx:1.21.4
imagePullPolicy: IfNotPresent
name: nginx
dnsPolicy: ClusterFirst
restartPolicy: Always
tolerations:
- key: "role"
operator: "Exists"
effect: "NoSchedule"
#nodeSelector:
# dedicated: "prod"執行及檢視pod的狀態
[root@nccztsjb-node-23 ~]# kubectl apply -f nginx-taints.yaml
deployment.apps/nginx-taints created
[root@nccztsjb-node-23 ~]# kubectl get pod -l app=nginx-taints -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-taints-6cb85bb844-8ggsc 1/1 Running 0 3s 172.39.209.117 nccztsjb-node-23 <none> <none>
nginx-taints-6cb85bb844-flbf2 1/1 Running 0 3s 172.39.21.121 nccztsjb-node-25 <none> <none>
nginx-taints-6cb85bb844-gjlqm 1/1 Running 0 3s 172.39.21.120 nccztsjb-node-25 <none> <none>
nginx-taints-6cb85bb844-hrxfr 1/1 Running 0 3s 172.39.157.206 nccztsjb-node-24 <none> <none>
nginx-taints-6cb85bb844-q9vfk 1/1 Running 0 3s 172.39.157.201 nccztsjb-node-24 <none> <none>
[root@nccztsjb-node-23 ~]# 這樣的結果就是pod可以在任意的節點上執行了,不僅僅是在nccztsjb-node-23節點上。