Taint(污点)

Taints:避免Pod调度到特定Node上

应用场景:

  • 专用节点,例如配备了特殊硬件的节点
  • 基于Taint的驱逐

设置污点:

1
2
3
4
5
6
7
8
9
10
11
12
# 用法:
kubectl taint node {node_name} key=value:[effect]
其[effect]可取值:
* NoSchedule:一定不能被调度
* PreferNoSchedule:尽量不要调度
* Noexecute:不仅不会调度,还会驱逐Node上已有的Pod

# 示例:
kubectl taint node node1 node-role.kubernetes.io/master="":NoSchedule

[root@pool1 data]# kubectl describe node pool2 | grep Taints
Taints:             disktype=ssd:NoSchedule

删除污点:

1
2
kubectl taint node [node_name] key:[effect]-
例:kubectl taint node pool2 gpu:NoSchedule-

Cordon(污点)

cordon只能设置污点为不可调度(NoSchedule)

设置污点:

1
[root@pool1 data]# kubectl cordon {node_name}

查看污点:

1
2
[root@pool1 data]# kubectl describe node $(kubectl get node | grep -i ready | grep {node_name} | awk '{print $1}') | grep -i taint
Taints:             node.kubernetes.io/unschedulable:NoSchedule

删除污点:

1
[root@pool1 data]# kubectl uncordon {node_name}

Tolerations(污点容忍)

Tolerations:允许Pod调度到持有Taint的Node上

Tolerations实例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@pool1 data]# vi tolerations-nginx.yaml
apiVersion: v1
kind: Pod
metadata:
  name: tol-nginx
spec:
  tolerations:
  - key: "gpu"
    operator: "Equal"
    value: "yes"
    effect: "NoSchedule"
  containers:
  - name: tol-nginx
    image: nginx
    imagePullPolicy: IfNotPresent
    
[root@pool1 data]# kubectl get pods -o wide | grep tol-nginx
tol-nginx   1/1     Running   0          77s     10.244.206.44   pool3    <none>           <none>

Toleration与taint匹配的条件:

  • key相同、effect相同
  • Operator的值是Exists(无需指定values的值)
  • Operator是Equal,并且values的值相等

如:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# 准确性匹配条件
···
spec:
  tolerations:
  - key: "gpu"
    operator: "Equal"	# key和value必须相等
    value: "yes"
    effect: "NoSchedule"
    
# 模糊性匹配条件
···
spec:
  tolerations:
  - operator: "Exists"	# key和value无需相等,匹配到NoSchedule调度参数即可部署相应Pod
    effect: "NoSchedule"