k8s 給節點打標簽和打污點

打標簽

kubectl label node node1 env-role=prod

 查看標簽

kubectl get nodes  --show-labels

打污點

kubectl taint node node名 key=value:污點三個可選值
NoSchedule : 一定不被調度
PreferNoSchedule ： 盡量不被調度
NoExecute : 不會調度，並且還會驅逐Node已有Pod

kubectl taint node node1 key1=value1:NoSchedule （PreferNoSchedule，NoExecute）

更新污點

kubectl taint node node1 key1=value1:PreferNoSchedule:NoSchedule-

查看taint：

kubectl describe node node1 | grep Taints

Taints:             key1:NoSchedule

 刪除taint:

kubectl taint node node1 key1:NoSchedule-  # 這里的key可以不用指定value 標簽后直接加“-”減號即可
kubectl taint node node1 key1:NoExecute-
# kubectl taint node node1 key1-  刪除指定key所有的effect
kubectl taint node node1 key2:NoSchedule-

 master節點設置taint

kubectl taint nodes master1 node-role.kubernetes.io/master=:NoSchedule

注意⚠️ : 為master設置的這個taint中, node-role.kubernetes.io/master為key, value為空, effect為NoSchedule

如果輸入命令時, 你丟掉了=符號, 寫成了node-role.kubernetes.io/master:NoSchedule, 會報error: at least one taint update is required錯誤

[root@bogon ~]# kubectl get no -o yaml | grep taint -A 5
    taints:
    - effect: NoSchedule
      key: node.kubernetes.io/not-ready

[root@bogon ~]# kubectl taint nodes --all node.kubernetes.io/not-ready-
node/master untainted

容忍tolerations主節點的taints

以上面為 master1 設置的 taints 為例, 你需要為你的 yaml 文件中添加如下配置, 才能容忍 master 節點的污點

在 pod 的 spec 中設置 tolerations 字段

tolerations:
- key: "node-role.kubernetes.io/master"
  operator: "Equal"
  value: ""
  effect: "NoSchedule"

 舉例如果將pod 調度到指定節點上，並且節點有不可調度的污點

    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: env-role
                    operator: In
                    values:
                      - prod
      tolerations:
      - key: key1
        operator: Exists
        effect: NoSchedule

 舉例包含節點親和性（Node Affinity）、Pod 反親和性（Pod Anti-Affinity）

spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
          # 節點親和性：要求節點具有 "env-role=prod" 的標簽
          - matchExpressions:
              - key: env-role
                operator: In
                values:
                  - prod
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        # Pod 反親和性：確保與具有標簽 "app=minio-mc" 的其他 Pod 不在同一節點上
        - labelSelector:
            matchExpressions:
              - key: app
                operator: In
                values:
                  - minio-mc
        topologyKey: "kubernetes.io/hostname"
    tolerations:
      # 容忍具有 "key1" 鍵的污點
      - key: key1
        operator: Exists
        effect: NoSchedule
  containers:
    # 容器定義
    - name: minio-mc
      image: your-minio-mc-image

舉例節點反親和性和 Pod 親和性

spec:
  affinity:
    podAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchExpressions:
              - key: app
                operator: In
                values:
                  - minio-mc
          topologyKey: "kubernetes.io/hostname"
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchExpressions:
              - key: app
                operator: In
                values:
                  - minio-mc
          topologyKey: "kubernetes.io/hostname"
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        - matchExpressions:
            - key: env-role
              operator: NotIn
              values:
                - prod
  containers:
    - name: minio-mc
      image: your-minio-mc-image