容器资源限制:
resources.limits.cpu 最多
resources.limits.memory
容器使用的最小资源需求,作为容器调度时资源分配的依据
resources.requests.cpu
resources.requests.memory 最少
节点选择器nodeSelector:用于将pod调度匹配label的node上,如果没有匹配标签会调度失败
作用:
约束Pod到到指定的节点运行
完全匹配节点标签
应用场景:
专用节点:根据业务线将node分组管理(根据不同的业务打上不同的标签)
匹配特殊硬件:部分node配有ssd硬盘,GPU
给node1节点打标签
[root@master ~]# kubectl label nodes node1.example.com disktype=ssd node/node1.example.com labeled #查看所有的节点 [root@master ~]# kubectl get nodes --show-labels NAME STATUS ROLES AGE VERSION LABELS master.example.com Ready control-plane,master 4d23h v1.20.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=master.example.com,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master= node1.example.com Ready4d22h v1.20.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,disktype=ssd,kubernetes.io/arch=amd64,kubernetes.io/hostname=node1.example.com,kubernetes.io/os=linux #以打打上disktype=ssd(磁盘标签) node2.example.com Ready 4d22h v1.20.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node2.example.com,kubernetes.io/os=linux #查看单独节点 (一定要是全名) [root@master ~]# kubectl get nodes node1.example.com --show-labels NAME STATUS ROLES AGE VERSION LABELS node1.example.com Ready 4d22h v1.20.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,disktype=ssd,kubernetes.io/arch=amd64,kubernetes.io/hostname=node1.example.com,kubernetes.io/os=linux
创建pod
[root@master manifest]# cat test1.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: test
spec:
containers:
- image: sktystwd/apache:v0.2
imagePullPolicy: IfNotPresent
name: test
nodeSelector: #节点选择器
disktype: ssd
---
apiVersion: v1
kind: Service
metadata:
name: test
spec:
ports:
- port: 80
targetPort: 80
selector:
app: test
type: NodePort
[root@master manifest]# kubectl create -f test1.yaml
pod/test created
service/test created
查看这个pod在哪台node上运行
[root@master ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES test 1/1 Running 0 13s 10.244.1.55 node1.example.comnodeAffinity
nodeAffinity:节点亲和性,与nodeSelector作用一样,但相比更灵活,满足多个条件。
匹配有更多的逻辑组合,不只是字符串的完整相等
调度分为软测忽略和硬策略,而不是硬性要求
硬(required):必须满足
软(preferred):尝试满足
操作符:In(在)、NotIn(不在)、Exists(存在)、DoesNotExist(不存在)、Gt(大于)、Lt(小于) 严格区分大小写
required创建pod
[root@master manifest]# cat test1.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: test
spec:
containers:
- image: sktystwd/apache:v0.2
imagePullPolicy: IfNotPresent
name: test
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchexpressions:
- key: disktype
operator: In
values:
- ssd
---
apiVersion: v1
kind: Service
metadata:
name: test
spec:
ports:
- port: 80
targetPort: 80
selector:
app: test
type: NodePort
[root@master manifest]# kubectl create -f test1.yaml
pod/test created
service/test created
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
test 1/1 Running 0 4m24s 10.244.1.57 node1.example.com
如果把node1上的ssd标签删除添加一个新的标签然后在看容器会在哪运行
[root@master ~]# [root@master ~]# kubectl label nodes node1.example.com disktype- node/node1.example.com labeled [root@master ~]# kubectl label nodes node1.example.com disktype=sata node/node1.example.com labeled [root@master ~]# kubectl get nodes node1.example.com --show-labels NAME STATUS ROLES AGE VERSION LABELS node1.example.com Ready5d v1.20.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,disktype=sata,kubernetes.io/arch=amd64,kubernetes.io/hostname=node1.example.com,kubernetes.io/os=linux
运行
[root@master manifest]# kubectl create -f test1.yaml pod/test created service/test created [root@master manifest]# [root@master ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES test 0/1 Pending 0 7s[root@master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE test 0/1 Pending 0 19s #没有运行
那把node2加上ssd标签
[root@master ~]# kubectl label nodes node2.example.com disktype=ssd node/node2.example.com labeled [root@master ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES test 1/1 Running 0 3m42s 10.244.2.52 node2.example.compreferre[root@master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE test 1/1 Running 0 3m51s #自动在node2上运行起来了
[root@master manifest]# cat test1.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: test
spec:
containers:
- image: sktystwd/apache:v0.2
imagePullPolicy: IfNotPresent
name: test
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchexpressions:
- key: disktype
operator: In
values:
- ssd
preferredDuringSchedulingIgnoredDuringExecution:
weight: 5
preference:
matchexpressions:
- key: app
operator: In
values:
- apache
---
apiVersion: v1
kind: Service
metadata:
name: test
spec:
ports:
- port: 80
targetPort: 80
selector:
app: test
type: NodePort
给node1和node2都打上相同的标签,再给node2多打一个标签
[root@master ~]# kubectl label nodes node1.example.com disktype=ssd node/node1.example.com labeled [root@master ~]# kubectl label nodes node2.example.com disktype=ssd node/node2.example.com labeled [root@master ~]# kubectl label nodes node2.example.com app=apache node/node2.example.com labeled
看看在哪个node上运行
[root@master manifest]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES test 1/1 Running 0 21s 10.244.2.53 node2.example.comTaint (污点) Tolerations (污点容忍)
Taint:避免pod调度到特定的node上
Tolerations:允许pod调度到持有Taint 的node上
可取值:
NoSchedule:一定不能被调度
PreferNoSchedule:尽量不要调度,必须配置容忍
NoExecute:不仅不会调度,还会驱逐node上已有的pod
给node1节点添加污点
[root@master ~]# kubectl taint node node1.example.com disktype:NoSchedule node/node1.example.com tainted [root@master ~]# kubectl describe node node1.example.com Name: node1.example.com Roles:Labels: beta.kubernetes.io/arch=amd64 beta.kubernetes.io/os=linux disktype=ssd kubernetes.io/arch=amd64 kubernetes.io/hostname=node1.example.com kubernetes.io/os=linux Annotations: flannel.alpha.coreos.com/backend-data: {"VNI":1,"VtepMAC":"9a:65:2e:42:24:1e"} flannel.alpha.coreos.com/backend-type: vxlan flannel.alpha.coreos.com/kube-subnet-manager: true flannel.alpha.coreos.com/public-ip: 192.168.244.147 kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock node.alpha.kubernetes.io/ttl: 0 volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Sat, 18 Dec 2021 23:04:08 +0800 Taints: disktype:NoSchedule #污点
删除
[root@master ~]# kubectl taint node node1.example.com disktype- node/node1.example.com untainted
两个(node1、node2)节点都添加加disktype标签 node1添加了污点
[root@master ~]# kubectl get nodes --show-labels NAME STATUS ROLES AGE VERSION LABELS master.example.com Ready control-plane,master 5d2h v1.20.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=master.example.com,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master= node1.example.com Ready5d1h v1.20.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,disktype=ssd,kubernetes.io/arch=amd64,kubernetes.io/hostname=node1.example.com,kubernetes.io/os=linux node2.example.com Ready 5d1h v1.20.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,disktype=ssd,kubernetes.io/arch=amd64,kubernetes.io/hostname=node2.example.com,kubernetes.io/os=linux
设置污点
[root@master manifest]# cat test1.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: test
spec:
containers:
- image: sktystwd/apache:v0.2
imagePullPolicy: IfNotPresent
name: test
tolerations:
- key: disktype
operator: Equal
effect: NoExecute
---
apiVersion: v1
kind: Service
metadata:
name: test
spec:
ports:
- port: 80
targetPort: 80
selector:
app: test
type: NodePort
[root@master manifest]# kubectl create -f test1.yaml
pod/test created
service/test created
可以看到运行在node2上面
[root@master ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES test 1/1 Running 0 3m36s 10.244.2.54 node2.example.com
