标签：node 23 某些 taints nginx nccztsjb pod k8s 节点

1、概述

在k8s集群的使用场景中有这样的一种情况，某些机器只给某些特殊的应用来使用。那么，这个时候，需要有以下的2个条件来进行保障：

• 节点不允许其他的pod来使用
• 应用只允许被调度到该节点上

2、实现方法

我们如果要实现上述的目标，节点不被其他的pod应用来使用，那么将节点增加taints就可以，然后，pod在调度的时候有可能会被调度到其他的节点上，那么要保证pod只会被调度到这些的节点上，那么，在打了taints的节点上，在增加label即可。

下面是具体的实现的过程。

2.1、节点上增加taints和标签

kubectl taint nodes nccztsjb-node-23 role=master:NoSchedule

这样节点上就不允许没有toleration的pod运行

kubectl label nodes nccztsjb-node-23 dedicated=prod

2.2、pod上设置toleration和nodeSelector

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-taints
  namespace: default
spec:
  progressDeadlineSeconds: 600
  selector:
    matchLabels:
      app: nginx-taints
  replicas: 5
  template:
    metadata:
      labels:
        app: nginx-taints
    spec:
      containers:
      - image: 172.20.58.152/middleware/nginx:1.21.4
        imagePullPolicy: IfNotPresent
        name: nginx
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      tolerations:
      - key: "role"
        operator: "Exists"
        effect: "NoSchedule"
      nodeSelector:
        dedicated: "prod"

toleration保证pod可以在这个节点上运行，nodeSelector保证pod只在有包含dedicated=prod的标签节点上运行。

运行结果：

kubectl apply -f nginx-taints.yaml

查看pod运行状态

[root@nccztsjb-node-23 ~]# kubectl get pod -l app=nginx-taints -o wide
NAME                            READY   STATUS    RESTARTS   AGE   IP               NODE               NOMINATED NODE   READINESS GATES
nginx-taints-78b7978fd5-7sjm5   1/1     Running   0          5s    172.39.209.112   nccztsjb-node-23   <none>           <none>
nginx-taints-78b7978fd5-97hg9   1/1     Running   0          3s    172.39.209.116   nccztsjb-node-23   <none>           <none>
nginx-taints-78b7978fd5-bswrb   1/1     Running   0          5s    172.39.209.113   nccztsjb-node-23   <none>           <none>
nginx-taints-78b7978fd5-lfwzm   1/1     Running   0          5s    172.39.209.114   nccztsjb-node-23   <none>           <none>
nginx-taints-78b7978fd5-vxhfq   1/1     Running   0          3s    172.39.209.115   nccztsjb-node-23   <none>           <none>
[root@nccztsjb-node-23 ~]# 

pod的多个实例都运行在nccztsjb-node-23上了。

OK，以上是基本的配置过程。

如果#1：pod没有设置toleration

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-taints
  namespace: default
spec:
  progressDeadlineSeconds: 600
  selector:
    matchLabels:
      app: nginx-taints
  replicas: 5
  template:
    metadata:
      labels:
        app: nginx-taints
    spec:
      containers:
      - image: 172.20.58.152/middleware/nginx:1.21.4
        imagePullPolicy: IfNotPresent
        name: nginx
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      #tolerations:
      #- key: "role"
      #  operator: "Exists"
      #  effect: "NoSchedule"
      nodeSelector:
        dedicated: "prod"

运行pod及查看结果

[root@nccztsjb-node-23 ~]# kubectl apply -f nginx-taints.yaml 
deployment.apps/nginx-taints created
[root@nccztsjb-node-23 ~]# kubectl get pod -l app=nginx-taints -o wide
NAME                            READY   STATUS    RESTARTS   AGE   IP       NODE     NOMINATED NODE   READINESS GATES
nginx-taints-7cfdd85578-67smg   0/1     Pending   0          1s    <none>   <none>   <none>           <none>
nginx-taints-7cfdd85578-877zb   0/1     Pending   0          1s    <none>   <none>   <none>           <none>
nginx-taints-7cfdd85578-nl8p6   0/1     Pending   0          1s    <none>   <none>   <none>           <none>
nginx-taints-7cfdd85578-qgf4t   0/1     Pending   0          1s    <none>   <none>   <none>           <none>
nginx-taints-7cfdd85578-vw987   0/1     Pending   0          1s    <none>   <none>   <none>           <none>
[root@nccztsjb-node-23 ~]# 

都未被调度到节点上。

如果#2:节点上未设置nodeSelector

[root@nccztsjb-node-23 ~]# cat nginx-taints.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-taints
  namespace: default
spec:
  progressDeadlineSeconds: 600
  selector:
    matchLabels:
      app: nginx-taints
  replicas: 5
  template:
    metadata:
      labels:
        app: nginx-taints
    spec:
      containers:
      - image: 172.20.58.152/middleware/nginx:1.21.4
        imagePullPolicy: IfNotPresent
        name: nginx
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      tolerations:
      - key: "role"
        operator: "Exists"
        effect: "NoSchedule"
      #nodeSelector:
       # dedicated: "prod"

运行及查看pod的状态

[root@nccztsjb-node-23 ~]# kubectl apply -f nginx-taints.yaml 
deployment.apps/nginx-taints created
[root@nccztsjb-node-23 ~]# kubectl get pod -l app=nginx-taints -o wide
NAME                            READY   STATUS    RESTARTS   AGE   IP               NODE               NOMINATED NODE   READINESS GATES
nginx-taints-6cb85bb844-8ggsc   1/1     Running   0          3s    172.39.209.117   nccztsjb-node-23   <none>           <none>
nginx-taints-6cb85bb844-flbf2   1/1     Running   0          3s    172.39.21.121    nccztsjb-node-25   <none>           <none>
nginx-taints-6cb85bb844-gjlqm   1/1     Running   0          3s    172.39.21.120    nccztsjb-node-25   <none>           <none>
nginx-taints-6cb85bb844-hrxfr   1/1     Running   0          3s    172.39.157.206   nccztsjb-node-24   <none>           <none>
nginx-taints-6cb85bb844-q9vfk   1/1     Running   0          3s    172.39.157.201   nccztsjb-node-24   <none>           <none>
[root@nccztsjb-node-23 ~]# 

这样的结果就是pod可以在任意的节点上运行了，不仅仅是在nccztsjb-node-23节点上。

标签：node,23,某些,taints,nginx,nccztsjb,pod,k8s,节点
来源： https://www.cnblogs.com/chuanzhang053/p/15954056.html

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。