# K8s 容忍和污点
Taint 指定服务器上打上污点,让不能容忍这个污点的 Pod 不能部署在打了污点的服务器上。Toleration 是让 Pod 容忍节点上配置的污点,可以让一些需要特殊配置的 Pod 能够调用到具有污点和特殊配置的节点上。
# 1. Taint 配置解析
#1.Taint 语法 | |
# kubectl taint nodes NODE_NAME TAINT_KEY=TAINT_VALUE:EFFECT | |
#2. 创建 Taint 示例 | |
# kubectl taint nodes k8s-node01 ssd=true:PreferNoSchedule | |
#3. 查看污点 | |
# kubectl describe node k8s-node01 | grep Taints -A 10 | |
#4. 删除污点 | |
# kubectl taint nodes k8s-node01 ssd- #基于 Key 删除 | |
# kubectl taint nodes k8s-node01 ssd:PreferNoSchedule- #基于 Key+Effect 删除 | |
#5. 修改污点(Key 和 Effect 相同) | |
# kubectl taint nodes k8s-node01 ssd=true:PreferNoSchedule --overwrite |
EFFECT 排斥等级:
- NoSchedule:禁止调度到该节点,已经在该节点上的 Pod 不受影响
- NoExecute:禁止调度到该节点,如果不符合这个污点,会立马被驱逐(或在一段时间后)
- PreferNoSchedule:尽量避免将 Pod 调度到指定的节点上,如果没有更合适的节点,可以部署到该节点
# 2.Toleration 配置解析
#1. 完全匹配 | |
tolerations: | |
- key: "taintKey" | |
operator: "Equal" | |
value: "taintValue" | |
effect: "NoSchedule | |
#2.不完全匹配 | |
tolerations: | |
- key: "taintKey" | |
operator: "Exists" | |
effect: "NoSchedule" | |
#3.大范围匹配(不推荐key为内置Taint,会导致节点故障pod无法漂移) | |
tolerations: | |
- key: "taintKey" | |
operator: "Exists | |
#4. 容忍时间配置 | |
tolerations: | |
- key: "key1" | |
operator: "Equal" | |
value: "value1" | |
effect: "NoExecute" | |
tolerationSeconds: 3600 |
# 3. Taint、Toleration 配置示例
有一个 K8s 节点是纯 SSD 硬盘的节点,现需要只有一些需要高性能存储的 Pod 才能调度到该节点上。
#1. 给节点打上污点和标签 | |
# kubectl taint nodes k8s-node01 ssd=true:PreferNoSchedule | |
# kubectl label node k8s-node01 ssd=true | |
#2. 配置 Toleration: | |
# cat nginx-deploy.yaml | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: nginx-deploy | |
labels: | |
app: nginx-deploy | |
namespace: default | |
spec: | |
selector: | |
matchLabels: | |
app: nginx-deploy | |
replicas: 5 | |
template: | |
metadata: | |
labels: | |
app: nginx-deploy | |
spec: | |
containers: | |
- name: nginx-deploy | |
image: nginx | |
imagePullPolicy: IfNotPresent | |
resources: | |
limits: | |
memory: 1024Mi | |
cpu: 1 | |
requests: | |
memory: 128Mi | |
cpu: 100m | |
nodeSelector: | |
ssd: 'true' | |
tolerations: | |
- key: ssd | |
operator: Exists | |
effect: NoSchedule |
# 4. K8s 内置污点
- node.kubernetes.io/not-ready:节点未准备好,相当于节点状态 Ready 的值为 False。
- node.kubernetes.io/unreachable:Node Controller 访问不到节点,相当于节点状态 Ready 的值为 Unknown。
- node.kubernetes.io/out-of-disk:节点磁盘耗尽。
- node.kubernetes.io/memory-pressure:节点存在内存压力。
- node.kubernetes.io/disk-pressure:节点存在磁盘压力。
- node.kubernetes.io/network-unavailable:节点网络不可达。
- node.kubernetes.io/unschedulable:节点不可调度。
- node.cloudprovider.kubernetes.io/uninitialized:如果 Kubelet 启动时指定了一个外部的 cloudprovider,它将给当前节点添加一个 Taint 将其标记为不可用。在 cloud-controller-manager 的一个 controller 初始化这个节点后,Kubelet 将删除这个 Taint。
Deployment 创建后 K8s 默认为 Pod 添加容忍,当 Pod 所在的节点宕机,300 秒后 pod 会漂移,默认容忍时间 300 秒。
# 5. 节点宕机快速恢复业务应用
节点不健康,180 秒后再驱逐(默认是 300 秒)
# cat nginx-deploy.yaml | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: nginx-deploy | |
labels: | |
app: nginx-deploy | |
namespace: default | |
spec: | |
selector: | |
matchLabels: | |
app: nginx-deploy | |
replicas: 5 | |
template: | |
metadata: | |
labels: | |
app: nginx-deploy | |
spec: | |
containers: | |
- name: nginx-deploy | |
image: nginx | |
imagePullPolicy: IfNotPresent | |
resources: | |
limits: | |
memory: 1024Mi | |
cpu: 1 | |
requests: | |
memory: 128Mi | |
cpu: 100m | |
tolerations: | |
- key: node.kubernetes.io/unreachable | |
operator: Exists | |
effect: NoExecute | |
tolerationSeconds: 180 | |
- key: node.kubernetes.io/not-ready | |
operator: Exists | |
effect: NoExecute | |
tolerationSeconds: 180 |
