每天一點基礎K8S--K8S中的排程策略---汙點(Taints)和容忍度(Tolerations)

阿新 • • 發佈：2022-11-30

汙點和容忍度

之前的實驗測試了排程策略中的nodeName、nodeSelector、節點親和性和pod親和性。

有時，為了實現部分pod不能執行在特定的節點上，可以將節點打上汙點。此時容忍這個汙點的POD還是可以被排程到該節點上

環境中一共有2個master節點，2個worker節點
[root@master-worker-node-1 ~]# kubectl get nodes 
NAME                   STATUS   ROLES           AGE     VERSION
master-worker-node-1   Ready    control-plane   4d20h   v1.25.3
master-worker-node-2   Ready    control-plane   4d19h   v1.25.3
only-worker-node-3     Ready    worker          4d19h   v1.25.3
only-worker-node-4     Ready    worker          4d19h   v1.25.3

正常情況下，新建的pod只能在only-worker-node-3和only-worker-node-4上執行
[root@master-worker-node-1 ~]# kubectl get pods -o wide 
NAME                                   READY   STATUS    RESTARTS        AGE   IP             NODE                 NOMINATED NODE   READINESS GATES
pod-affinity-base-pod                  1/1     Running   29 (20m ago)    10h   10.244.31.11   only-worker-node-3   <none>           <none>
test-node-affinity-2                   1/1     Running   4 (140m ago)    16h   10.244.54.8    only-worker-node-4   <none>           <none>
test-node-affinity-3                   1/1     Running   4 (122m ago)    15h   10.244.54.9    only-worker-node-4   <none>           <none>
test-pod-affinity-by-labelselector     1/1     Running   27 (13m ago)    9h    10.244.54.10   only-worker-node-4   <none>           <none>
test-pod-affinity-by-labelselector-2   1/1     Running   27 (89s ago)    9h    10.244.31.12   only-worker-node-3   <none>           <none>
test-prefered-1                        1/1     Running   9 (5m36s ago)   9h    10.244.54.11   only-worker-node-4   <none>           <none>
test-prefered-2                        1/1     Running   8 (55m ago)     8h    10.244.31.13   only-worker-node-3   <none>           <none>

但是使用kubeadm搭建環境時，etcd、kube-apiserver、kube-controller-manager、kube-scheduler卻可以被排程到這兩個節點上。
[root@master-worker-node-1 ~]# kubectl get pods -n kube-system -o wide |  grep master-worker
calico-node-49qt2                              1/1     Running   0                4d16h   192.168.122.106   master-worker-node-2   <none>           <none>
calico-node-q2wpg                              1/1     Running   0                4d16h   192.168.122.89    master-worker-node-1   <none>           <none>
etcd-master-worker-node-1                      1/1     Running   5                4d20h   192.168.122.89    master-worker-node-1   <none>           <none>
etcd-master-worker-node-2                      1/1     Running   0                4d19h   192.168.122.106   master-worker-node-2   <none>           <none>
kube-apiserver-master-worker-node-1            1/1     Running   32               4d20h   192.168.122.89    master-worker-node-1   <none>           <none>
kube-apiserver-master-worker-node-2            1/1     Running   1 (4d19h ago)    4d19h   192.168.122.106   master-worker-node-2   <none>           <none>
kube-controller-manager-master-worker-node-1   1/1     Running   10 (4d16h ago)   4d20h   192.168.122.89    master-worker-node-1   <none>           <none>
kube-controller-manager-master-worker-node-2   1/1     Running   0                4d19h   192.168.122.106   master-worker-node-2   <none>           <none>
kube-proxy-7gjz9                               1/1     Running   0                4d20h   192.168.122.89    master-worker-node-1   <none>           <none>
kube-proxy-c4d2m                               1/1     Running   0                4d19h   192.168.122.106   master-worker-node-2   <none>           <none>
kube-scheduler-master-worker-node-1            1/1     Running   8 (4d16h ago)    4d20h   192.168.122.89    master-worker-node-1   <none>           <none>
kube-scheduler-master-worker-node-2            1/1     Running   0                4d19h   192.168.122.106   master-worker-node-2   <none>           <none>

正常建立的pod不能排程到master節點是因為該節點上有汙點，而且新建的POD不能容忍這個汙點。
[root@master-worker-node-1 ~]# kubectl describe nodes master-worker-node-1 |  grep ^Taint
Taints:             node-role.kubernetes.io/control-plane:NoSchedule
[root@master-worker-node-1 ~]# kubectl describe nodes master-worker-node-2 |  grep ^Taint
Taints:             node-role.kubernetes.io/control-plane:NoSchedule

kubeadm搭建環境時建立的pod卻可以排程到master-node，是因為這些pod具有容忍度，能夠容忍node的汙點
[root@master-worker-node-1 ~]# kubectl describe pods -n kube-system kube-scheduler-master-worker-node-1 |  grep ^Tolerations
Tolerations:       :NoExecute op=Exists

汙點和容忍度裡面的effect欄位

NoSchedule
Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.
不允許將新建的pod排程到含有該節點，除非新建的POD允許該汙點。但是允許讓停止的pod再次在該節點執行，已經執行的pod不會被排程。


PreferNoSchedule
Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.
對於新建的pod，在排程的時候會盡力避免該node，對於該節點上已經有的pod不受影響。

NoExecute
Evict any already-running pods that do not tolerate the taint. 
將會把該節點不能容忍這個汙點的所有pod（包括執行的），全部驅逐。

汙點taints

[root@master-worker-node-1 pod]# cat test-taints.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: test-busybox
  labels:
    func: test
spec:
  containers:
  - name: test-busybox
    image: busybox:1.28
    imagePullPolicy: IfNotPresent
    command: ["/bin/sh","-c","sleep 123456"]

正常被排程到only-worker-node-4
[root@master-worker-node-1 pod]# kubectl get pods -o wide 
NAME           READY   STATUS    RESTARTS   AGE   IP             NODE                 NOMINATED NODE   READINESS GATES
test-busybox   1/1     Running   0          11m   10.244.54.12   only-worker-node-4   <none>           <none>

給only-worker-node-4新增一個NoScheduler的taints
[root@master-worker-node-1 pod]# kubectl taint node only-worker-node-4 test-taints:NoSchedule
node/only-worker-node-4 tainted
[root@master-worker-node-1 pod]# kubectl describe node only-worker-node-4 |  grep ^Taints
Taints:             test-taints:NoSchedule


pod還是執行在了only-worker-node-4上
[root@master-worker-node-1 ~]# kubectl get pods -w -o wide 
NAME           READY   STATUS    RESTARTS   AGE   IP             NODE                 NOMINATED NODE   READINESS GATES
test-busybox   1/1     Running   0          25m   10.244.54.12   only-worker-node-4   <none>           <none>

給only-worker-node-4打上NoExecute標籤
[root@master-worker-node-1 pod]# kubectl taint nodes only-worker-node-4 test-taints:NoExecute
node/only-worker-node-4 tainted
[root@master-worker-node-1 pod]# kubectl describe nodes only-worker-node-4 | grep ^Taints
Taints:             test-taints:NoExecute

pod將被終止
[root@master-worker-node-1 ~]# kubectl get pods -w -o wide 
NAME           READY   STATUS    RESTARTS   AGE   IP             NODE                 NOMINATED NODE   READINESS GATES
test-busybox   1/1     Running   0          25m   10.244.54.12   only-worker-node-4   <none>           <none>
test-busybox   1/1     Terminating   0          37m   10.244.54.12   only-worker-node-4   <none>           <none>
test-busybox   1/1     Terminating   0          37m   10.244.54.12   only-worker-node-4   <none>           <none>
test-busybox   0/1     Terminating   0          37m   10.244.54.12   only-worker-node-4   <none>           <none>
test-busybox   0/1     Terminating   0          37m   10.244.54.12   only-worker-node-4   <none>           <none>

容忍度

給only-worker-node-3和only-worker-node-4都打上NoSchedule的標籤
[root@master-worker-node-1 pod]# kubectl taint nodes only-worker-node-3 test-taints:NoSchedule
node/only-worker-node-3 tainted
[root@master-worker-node-1 pod]# kubectl taint nodes only-worker-node-4 test-taints:NoSchedule
node/only-worker-node-4 tainted

[root@master-worker-node-1 pod]# cat test-taints-2.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: test-busybox
  labels:
    func: test
spec:
  containers:
  - name: test-busybox
    image: busybox:1.28
    imagePullPolicy: IfNotPresent
    command: ["/bin/sh","-c","sleep 123456"]
  tolerations:
  - effect: NoSchedule
    key: test-taints
    operator: Exists


pod可以正常排程
[root@master-worker-node-1 pod]# kubectl apply -f test-taints-2.yaml 
pod/test-busybox created
[root@master-worker-node-1 pod]# kubectl get pods -o wide 
NAME           READY   STATUS    RESTARTS   AGE   IP             NODE                 NOMINATED NODE   READINESS GATES
test-busybox   1/1     Running   0          10s   10.244.31.15   only-worker-node-3   <none>           <none>

每天一點基礎K8S--K8S中的排程策略---汙點(Taints)和容忍度(Tolerations)

汙點和容忍度之前的實驗測試了排程策略中的nodeName、nodeSelector、節點親和性和pod親和性。

Kubernetes資源排程之汙點與Pod容忍度

Kubernetes資源排程之汙點與Pod容忍度概述汙點是定義在節點之上的鍵值型屬性資料，用於讓節點有能力主動拒絕排程器將Pod排程執行到節點上，除非該Pod物件具有接納節點汙點的容忍度。容忍度（tolerations）則是定義

每天一點基礎K8S--K8S中排程策略---節點選擇器nodeName、nodeSelector

K8S中的排程策略---節點選擇器正常情況下，Pod被排程到哪一個節點是通過scheduler完成，但在一些場景中，時常需要將一些pod指定在某一個node上執行。那此時就可以通過nodeName和nodeSelector完成

每天一點基礎K8S--K8S中的排程策略--節點親和性、反親和性

K8S中的排程策略--節點親和性、pod親和性上面實驗了nodeName和nodeSelector，其中，nodeName是通過節點的名稱進行區分，在一些特定場景下還是很有用的，如果將節點排程到某一高效能節點。但是nodeName還是顯得有點過

每天一點基礎K8S--K8S中的控制器replicaset

1、replicaset基礎前面都是通過yaml檔案建立自主式pod，如果pod中的服務都是通過單純的重啟策略restartPolicy（always、OnFailure、never）來重啟pod，但是如果pod執行的node 異常，重啟策略將無法生效。或者當POD被

每天一點小進步--css中的counter-increment和counter-reset屬性

技術標籤：htmlcsscsshtml 1.定義 counter-reset 可以建立一個或者多個計數器 counter-increment 用來遞增計數器，可以是多個

在 Nebula K8s 叢集中使用 nebula-spark-connector 和 nebula-algorithm

本文首發於 Nebula Graph Community 公眾號解決思路解決 K8s 部署 Nebula Graph 集群后連線不上叢集問題最方便的方法是將 nebula-algorithm / nebula-spark 執行在與 nebula-operator 相同的網路名稱空間裡，將

k8s 汙點和容忍度

汙點taints是定義在節點之上的鍵值型屬性資料，用於讓節點拒絕將Pod排程運行於其上，除非該Pod物件具有接納節點汙點的容忍度。而容忍度tolerations是定義在 Pod物件上的鍵值型屬性資料，用於配置其可容忍的節點汙點

【PHP基礎】PHP中的回撥函式和匿名函式，再認識一下

技術標籤：phpPHP基礎知識php後端回撥函式 PHP的回撥函式在主執行緒執行的過程中，突然跳去執行設定的回撥函式；回撥函式執行完畢之後，再回到主執行緒處理接下來的流程。在php中使用函式對應的字串名稱執行。

阿里雲k8s 親和性排程【指定伺服器部署】

1.depoly.yaml apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: \'3\'

31, k8s 之 jenkins 部署到k8s 環境中自動部署成Pod

1,將Jenkins構建好的映象，部署在k8s中，需要安裝: Kubernetes Continuous Deploy外掛。

一個小需求，自動重啟k8s叢集中日誌不重新整理的POD

k8s 需求日常工作中，所有專案都不是完美的，筆者就經常遇到這種情況，pod狀態是running，但是程式卻沒有響應。發生這種情況的原因有很多種，有可能是因為k8s健康檢查的原因，比如使用ps檢查程序；或者是程式內部

k8s叢集中部署 jenkins master slave

前提：已有分散式儲存方案，準備1個儲存類StorageClass 第一步：建立pvc vimjenkins-pvc.yaml

Day6-01 如何監控K8S容器中的PHP程序

一、概述在生產環境中我們希望能夠通過prometheus監控容器中php程序的狀態，剛好看到一個比較好的解決辦法，利用php-fpm-exporter對php-fpm進行監控，但想實現該需求需要具備以下條件：

內網伺服器加入k8s叢集中——部署k8s叢集

技術標籤：kuberneteslinux網路運維採用kubeadm快速部署，如果使用原始碼包部署需用注意多網絡卡的配置。一、環境準備

【K8s概念】排程器效能調優

參考：https://kubernetes.io/zh/docs/concepts/scheduling-eviction/scheduler-perf-tuning/ FEATURE STATE: Kubernetes 1.14 [beta]

k8s 叢集中安裝 kubesphere v3.1.1

k8s 叢集中安裝 kubesphere v3.1.1 目錄k8s 叢集中安裝 kubesphere v3.1.1什麼是 KubeSphere開發運維友好支援在任意平臺執行 KubeSphere完全開源雲原生 Landscape前置條件建立 docker hub 映象倉庫建立自簽證書啟動

k8s之list-watch機制、節點排程、親和性和排障思路

一、排程約束 1、k8s通過list-watch 機制進行每個元件的寫作 Kubernetes 是通過 List-Watch 的機制進行每個元件的協作，保持資料同步的，每個元件之間的設計實現瞭解耦。

k8s叢集中網路實現通訊原理

本文轉載至：https://www.fons.com.cn/69436.html 參考：https://www.kancloud.cn/pshizhsysu/network/2202538

k8s部署微服務專案實戰--react前端+springboot/python後端-第三節前端react專案部署到k8s環境中

將上一節建立的簡單的react專案demo_fe進行部署，並說明為什麼要使用ingress。本節我們將上一節建立的簡單的react專案demo_fe進行部署，部署的步驟如下：

每天一點基礎K8S--K8S中的排程策略---汙點(Taints)和容忍度(Tolerations)

汙點和容忍度

汙點和容忍度裡面的effect欄位

汙點taints

容忍度

相關推薦