如何强制Pods/Deployments到主节点？

Question

我已经设置了一个Kubernetes 1.5集群,其中三个主节点被污染为dedicated = master:NoSchedule.现在我想在主节点上部署Nginx入口控制器,所以我增加了容忍度:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
spec:
  replicas: 3
  template:
    metadata:
      labels:
        k8s-app: nginx-ingress-lb
        name: nginx-ingress-lb
      annotations:
        scheduler.alpha.kubernetes.io/tolerations: |
          [
            {
              "key": "dedicated",
              "operator": "Equal",
              "value": "master",
              "effect": "NoSchedule"
            }
          ]
    spec:
    […]

不幸的是,这没有达到预期的效果:Kubernetes安排工人的所有Pod.将副本数量扩展到更大的数量时,Pod也会部署在工作人员上.

如何才能实现对主节点的调度？

谢谢你的帮助.

Answer 1

一个宽容也并不意味着荚必须用这种污点的节点上进行调度.这意味着吊舱容忍这种污点.如果您希望将您的pod "吸引"到特定节点,则需要将标签附加到您的dedicated = master污染节点,并在pod中设置nodeSelector以查找此类标签.

将标签附加到每个特殊用途节点:

kubectl label nodes name_of_your_node dedicated=master

Kubernetes 1.6及以上语法

将nodeSelector添加到您的pod:

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
spec:
  replicas: 3
  template:
    metadata:
      labels:
        k8s-app: nginx-ingress-lb
        name: nginx-ingress-lb
      annotations:
    spec:
      nodeSelector:
        dedicated: master
      tolerations:
      - key: dedicated
        operator: Equal
        value: master
        effect: NoSchedule
    […]

如果您不喜欢nodeSelector,可以添加affinity:以下内容spec::

affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        matchExpressions:
        - key: dedicated
          operator: Equal
          values: ["master"]

Pre 1.6语法

将nodeSelector添加到您的pod:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
spec:
  replicas: 3
  template:
    metadata:
      labels:
        k8s-app: nginx-ingress-lb
        name: nginx-ingress-lb
      annotations:
        scheduler.alpha.kubernetes.io/tolerations: |
          [
            {
              "key": "dedicated",
              "operator": "Equal",
              "value": "master",
              "effect": "NoSchedule"
            }
          ]
    spec:
      nodeSelector:
        dedicated: master
    […]

如果你不喜欢,nodeSelector你也可以添加这样的注释:

scheduler.alpha.kubernetes.io/affinity: >
  {
    "nodeAffinity": {
      "requiredDuringSchedulingIgnoredDuringExecution": {
        "nodeSelectorTerms": [
          {
            "matchExpressions": [
              {
                "key": "dedicated",
                "operator": "Equal",
                "values": ["master"]
              }
            ]
          }
        ]
      }
    }
  }

请记住,NoSchedule不会驱逐已安排的pod.

以上信息来自https://kubernetes.io/docs/user-guide/node-selection/,其中有更多详细信息.