手动部署的k8s集群, 需要为master节点手动设置taints

设置taint

语法:

kubectl taint node [node] key=value[effect]   
     其中[effect] 可取值: [ NoSchedule | PreferNoSchedule | NoExecute ]
      NoSchedule: 一定不能被调度
      PreferNoSchedule: 尽量不要调度
      NoExecute: 不仅不会调度, 还会驱逐Node上已有的Pod

示例:

kubectl taint node node1 key1=value1:NoSchedule
kubectl taint node node1 key1=value1:NoExecute
kubectl taint node node1 key2=value2:NoSchedule

查看taint：

kubectl describe node node1

删除taint:

kubectl taint node node1 key1:NoSchedule-  # 这里的key可以不用指定value
kubectl taint node node1 key1:NoExecute-
# kubectl taint node node1 key1-  删除指定key所有的effect
kubectl taint node node1 key2:NoSchedule-

master节点设置taint

kubectl taint nodes master1 /master=:NoSchedule

注意⚠️ : 为master设置的这个taint中, /master为key, value为空, effect为NoSchedule

如果输入命令时, 你丢掉了=符号, 写成了/master:NoSchedule, 会报error: at least one taint update is required错误

容忍tolerations主节点的taints

以上面为 master1 设置的 taints 为例, 你需要为你的 yaml 文件中添加如下配置, 才能容忍 master 节点的污点

在 pod 的 spec 中设置 tolerations 字段

tolerations:
- key: "/master"
  operator: "Equal"
  value: ""
  effect: "NoSchedule"

---

以上，均来自/2018/11/14/%E4%B8%BAk8s-master%E8%8A%82%E7%82%B9%E6%B7%BB%E5%8A%A0%E6%B1%A1%E7%82%B9taints/

下面，是自己环境移除污点

#查看污点策略，显示三个master节点都是NoSchedule
[root@master1 ~]# kubectl get no -o yaml | grep taint -A 5
    taints:
    - effect: NoSchedule
      key: /master
  status:
    addresses:
    - address: master1的IP
--
    taints:
    - effect: NoSchedule
      key: /master
  status:
    addresses:
    - address: master2的IP
--
    taints:
    - effect: NoSchedule
      key: /master
  status:
    addresses:
    - address: master3的IP


#去除污点，允许master节点部署pod
[root@master1 ~]# kubectl taint nodes --all /master-
node/master1 untainted
node/master2 untainted
node/master3 untainted
error: taint "/master" not found

#再次查看，无显示，说明污点去除成功
[root@master1 ~]# kubectl get no -o yaml | grep taint -A 5
[root@master1 ~]# kubectl get no -o yaml | grep taint -A 5