问题描述
我已经设置了一个 Kubernetes 1.5 集群,其中三个主节点污染了dedicated=master:NoSchedule.现在我只想在主节点上部署 Nginx 入口控制器,所以我添加了容忍:
I've setup a Kubernetes 1.5 cluster with the three master nodes tainted dedicated=master:NoSchedule. Now I want to deploy the Nginx Ingress Controller on the Master nodes only so I've added tolerations:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
spec:
replicas: 3
template:
metadata:
labels:
k8s-app: nginx-ingress-lb
name: nginx-ingress-lb
annotations:
scheduler.alpha.kubernetes.io/tolerations: |
[
{
"key": "dedicated",
"operator": "Equal",
"value": "master",
"effect": "NoSchedule"
}
]
spec:
[…]
不幸的是,这并没有达到预期的效果:Kubernetes 将所有 Pod 调度到工作线程上.当将副本数量扩展到更大数量时,Pod 也会部署在工作线程上.
Unfortunately this does not have the desired effect: Kubernetes schedules all Pods on the workers. When scaling the number of replicas to a larger number the Pods are deployed on the workers, too.
如何实现只调度到Master节点?
How can I achieve scheduling to the Master nodes only?
感谢您的帮助.
推荐答案
容忍并不不意味着必须在具有此类污点的节点上调度 Pod.这意味着 pod 容忍这样的污点.如果您希望您的 pod 被吸引"到特定节点,您需要将标签附加到您的 dedicated=master 受污染节点,并在 pod 中设置 nodeSelector 以查找这样的标签.
A toleration does not mean that the pod must be scheduled on a node with such taints. It means that the pod tolerates such a taint. If you want your pod to be "attracted" to specific nodes you will need to attach a label to your dedicated=master tainted nodes and set nodeSelector in the pod to look for such label.
将标签附加到您的每个特殊用途节点上:
Attach the label to each of your special use nodes:
kubectl label nodes name_of_your_node dedicated=master
Kubernetes 1.6 及以上语法
将 nodeSelector 添加到您的 Pod:
Kubernetes 1.6 and above syntax
Add the nodeSelector to your pod:
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
spec:
replicas: 3
template:
metadata:
labels:
k8s-app: nginx-ingress-lb
name: nginx-ingress-lb
annotations:
spec:
nodeSelector:
dedicated: master
tolerations:
- key: dedicated
operator: Equal
value: master
effect: NoSchedule
[…]
如果您不喜欢 nodeSelector
,您可以在 spec:
下添加 affinity:
代替:
If you don't fancy nodeSelector
you can add affinity:
under spec:
instead:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
matchExpressions:
- key: dedicated
operator: Equal
values: ["master"]
1.6 之前的语法
将 nodeSelector 添加到您的 Pod:
Pre 1.6 syntax
Add the nodeSelector to your pod:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
spec:
replicas: 3
template:
metadata:
labels:
k8s-app: nginx-ingress-lb
name: nginx-ingress-lb
annotations:
scheduler.alpha.kubernetes.io/tolerations: |
[
{
"key": "dedicated",
"operator": "Equal",
"value": "master",
"effect": "NoSchedule"
}
]
spec:
nodeSelector:
dedicated: master
[…]
如果你不喜欢 nodeSelector
你也可以添加这样的注释:
If you don't fancy nodeSelector
you can also add an annotation like this:
scheduler.alpha.kubernetes.io/affinity: >
{
"nodeAffinity": {
"requiredDuringSchedulingIgnoredDuringExecution": {
"nodeSelectorTerms": [
{
"matchExpressions": [
{
"key": "dedicated",
"operator": "Equal",
"values": ["master"]
}
]
}
]
}
}
}
请记住,NoSchedule 不会驱逐已经安排好的 Pod.
Keep in mind that NoSchedule will not evict pods that are already scheduled.
以上信息来自https://kubernetes.io/docs/user-指南/节点选择/,那里有更多细节.
The information above is from https://kubernetes.io/docs/user-guide/node-selection/ and there are more details there.
这篇关于如何强制 Pods/Deployments 到 Master 节点?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!