Kubernetes Taints and Tolerations

Taints:污点,应用于node

Tolerations:容忍,应用于pod

TaintsTolerations配合使用可以使特定的pod调度到特定的node,这对于某些场景来说非常有用。

概念

通过kubectl taint添加taint到节点:

kubectl taint node node1 key=value:NoSchedule

删除taint

kubectl taint nodes node1 key:NoSchedule-

Tolerations配置:

tolerations:
- key: "key"
  operator: "Equal"
  value: "value"
  effect: "NoSchedule"
tolerations:
- key: "key"
  operator: "Exists"
  effect: "NoSchedule"
  • operatorExists时,value可以为空
  • operatorEqual时,value是必须的

在没有指定的情况下,operator默认值是Equal

effect除了NoSchedule之外,还有PreferNoScheduleNoExecute

  • PreferNoSchedule:轻量版本的NoSchedule,对于没有设置tolerationpod,集群尽量避免调度到PreferNoSchedule的节点,但它不是必需的,还是有可能调度到PreferNoSchedule的节点;
  • NoExecute:设置NoExecute之后,在节点上已经运行的但是没有设置tolerationpod都会被驱逐出该节点,新的pod,如果没有设置toleration也不会调度到该节点;

例子

需要设置两个专用的node来运行es

  1. 设置taint
    kubectl taint nodes lognode1 dedicated=es:NoSchedule
    kubectl taint nodes lognode2 dedicated=es:NoSchedule
    kubectl labels nodes lognode1 role=es
    kubectl labels nodes lognode2 role=es
    
  2. pod template配置
    spec:
      contains:
      ...
      tolerations:
      - key: "dedicated"
        value: "es"
        effect: NoSchedule
      nodeSelector:
        role: es

发表评论