NodeAffinity节点亲和性,是Pod上定义的一种属性,使Pod能够按我们的要求调度到某个Node上,而Taints则恰恰相反,它可以让Node拒绝运行Pod,甚至驱逐Pod。Taints(污点)是Node的一个属性,设置了Taints(污点)后,因为有了污点,所以Kubernetes是不会将Pod调度到这个Node上的,于是Kubernetes就给Pod设置了个属性Tolerations(容忍),只要Pod能够容忍Node上的污点,那么Kubernetes就会忽略Node上的污点,就能够(不是必须)把Pod调度过去。因此 Taints(污点)通常与Tolerations(容忍)配合使用。

设置 Taints

  • 语法:

    1. kubectl taint node [node] key=value[effect]   
    2.    其中[effect] 可取值: [ NoSchedule | PreferNoSchedule | NoExecute ]
    3.     NoSchedule: 一定不能被调度
    4.     PreferNoSchedule: 尽量不要调度
    5.     NoExecute: 不仅不会调度, 还会驱逐Node上已有的Pod

  • 示例:

    kubectl taint node node1 key1=value1:NoSchedule
kubectl taint node node1 key1=value1:NoExecute
kubectl taint node node1 key2=value2:NoSchedule

    管理 taints

  • 查看

    kubectl describe node master

  • 删除

    kubectl taint node node1 key1:NoSchedule-       # 这里的key可以不用指定value
kubectl taint node node1 key1:NoExecute-
kubectl taint node node1 key1-                  # 删除指定key所有的effect
kubectl taint node node1 key2:NoSchedule-

    为 master 节点配置 taints 禁止普通 pod 调度到 master 上

    kubectl taint nodes master1 node-role.kubernetes.io/master=:NoSchedule

    为master设置的这个taint中, node-role.kubernetes.io/master为key,value为空, effect为NoSchedule

如果输入命令时, 你丢掉了=符号, 写成了node-role.kubernetes.io/master:NoSchedule,会报error: at least one taint update is required错误

容忍 master 节点上的污点

  • 在 pod 的 spec 中设置 tolerations 字段 ```shell tolerations:

  • key: “node-role.kubernetes.io/master” operator: “Equal” value: “” effect: “NoSchedule” ```

  • yaml 文件配置示例 ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: redis namespace: default spec: replicas: 1 selector: matchLabels:

    app: redis
role: logstore

    template: metadata:

    labels:
  app: redis
  role: logstore

    spec:

    containers:
- name: redis
  image: redis:4.0-alpine
  ports:
  - name: redis
    containerPort: 6379

apiVersion: apps/v1 kind: DaemonSet metadata: name: filebeat-ds namespace: default spec: selector: matchLabels: app: filebeat release: stable template: metadata: labels: app: filebeat release: stable spec:

#
  # 容忍 taints 设置
  tolerations:
  - key: "node-role.kubernetes.io/master"
    operator: "Equal"
    value: ""
    effect: "NoSchedule"
#
  containers:
  - name: filebeat
    image: ikubernetes/filebeat:5.6.5-alpine
    env:
    - name: REDIS_HOST
      value: redis.default.svc.cluster.local
    - name: REDIS_LOG_LEVEL
      value: info

```

参考文献

k8s taints 配置