k8s 给节点打标签和打污点

打标签

kubectl label node node1 env-role=prod

 查看标签

kubectl get nodes  --show-labels

打污点

kubectl taint node node名 key=value:污点三个可选值
NoSchedule : 一定不被调度
PreferNoSchedule ： 尽量不被调度
NoExecute : 不会调度，并且还会驱逐Node已有Pod

kubectl taint node node1 key1=value1:NoSchedule （PreferNoSchedule，NoExecute）

更新污点

kubectl taint node node1 key1=value1:PreferNoSchedule:NoSchedule-

查看taint：

kubectl describe node node1 | grep Taints

Taints:             key1:NoSchedule

 删除taint:

kubectl taint node node1 key1:NoSchedule-  # 这里的key可以不用指定value 标签后直接加“-”减号即可
kubectl taint node node1 key1:NoExecute-
# kubectl taint node node1 key1-  删除指定key所有的effect
kubectl taint node node1 key2:NoSchedule-

 master节点设置taint

kubectl taint nodes master1 node-role.kubernetes.io/master=:NoSchedule

注意⚠️ : 为master设置的这个taint中, node-role.kubernetes.io/master为key, value为空, effect为NoSchedule

如果输入命令时, 你丢掉了=符号, 写成了node-role.kubernetes.io/master:NoSchedule, 会报error: at least one taint update is required错误

[root@bogon ~]# kubectl get no -o yaml | grep taint -A 5
    taints:
    - effect: NoSchedule
      key: node.kubernetes.io/not-ready

[root@bogon ~]# kubectl taint nodes --all node.kubernetes.io/not-ready-
node/master untainted

容忍tolerations主节点的taints

以上面为 master1 设置的 taints 为例, 你需要为你的 yaml 文件中添加如下配置, 才能容忍 master 节点的污点

在 pod 的 spec 中设置 tolerations 字段

tolerations:
- key: "node-role.kubernetes.io/master"
  operator: "Equal"
  value: ""
  effect: "NoSchedule"

 举例如果将pod 调度到指定节点上，并且节点有不可调度的污点

    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: env-role
                    operator: In
                    values:
                      - prod
      tolerations:
      - key: key1
        operator: Exists
        effect: NoSchedule

 举例包含节点亲和性（Node Affinity）、Pod 反亲和性（Pod Anti-Affinity）

spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
          # 节点亲和性：要求节点具有 "env-role=prod" 的标签
          - matchExpressions:
              - key: env-role
                operator: In
                values:
                  - prod
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        # Pod 反亲和性：确保与具有标签 "app=minio-mc" 的其他 Pod 不在同一节点上
        - labelSelector:
            matchExpressions:
              - key: app
                operator: In
                values:
                  - minio-mc
        topologyKey: "kubernetes.io/hostname"
    tolerations:
      # 容忍具有 "key1" 键的污点
      - key: key1
        operator: Exists
        effect: NoSchedule
  containers:
    # 容器定义
    - name: minio-mc
      image: your-minio-mc-image

举例节点反亲和性和 Pod 亲和性

spec:
  affinity:
    podAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchExpressions:
              - key: app
                operator: In
                values:
                  - minio-mc
          topologyKey: "kubernetes.io/hostname"
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchExpressions:
              - key: app
                operator: In
                values:
                  - minio-mc
          topologyKey: "kubernetes.io/hostname"
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        - matchExpressions:
            - key: env-role
              operator: NotIn
              values:
                - prod
  containers:
    - name: minio-mc
      image: your-minio-mc-image