1.标签
k8s本身就会根据资源等信息将pod分配到合适的node上,但有些场景下,我们需要更强的控制,比如云平台的租户只能使用购买的节点。有3种方式可以实现:node selector,affinity和node name。

Node Selector

Node Selector是指定pod分配到指定node上最简单的方法,使用Pod中的nodeSelector属性来实现。Node Selector会指定key-value pairs,pod会被分配到特定node上,该node具有所有指定key-value pairs对应labels。通常只有一对key-value。

下面命令为node设置label和查看node上label。

kubectl label nodes <node-name> <label-key>=<label-value>
kubectl get nodes --show-labels
kubectl describe node "nodename"

下面创建pod并指定node selector。但通常会使用Deployment等方式创建pod,同样也可以设置node selector.
kubectl label node k8s-n2 disktype=ssd #给k8s-n2节点增加标签

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    env: test
spec:
  containers:
  - name: nginx
    image: nginx
    imagePullPolicy: IfNotPresent
  nodeSelector:
    disktype: ssd

实际使用
kubectl label node cn-shenzhen.10.0.21.33 apptype=dwgtodfx-service
kubectl label node cn-shenzhen.10.0.21.33 apptype- #减去标签
nodeSelector:
apptype: @NODE_LABEL@

注意:当集群中不存在NodeSelector指定的Node,即使集群中还有其他可供使用的Node,这个Pod也不会被成功调度。

NodeSelector将会被继续使用,但最终会被废弃。

Affinity

相对于node selector,affinity更加灵活。除了node selector提供的label强制匹配外, affinity具有3个优势:1. 可以反向指定anti-affinity;2. 可以指定弱匹配,prefer,即使不匹配,也可能被分配; 3.可 提供node中pod之间的限制,不仅仅是node层级。

Affinity分为Node Affinity和Inter-pod Affinity.前者在使用node label进行选择,后者根据相同node上的pod label进行选择。

-Node Affinity

Node Affinity类似于Node Selector,但包括2种类型:requiredDuringSchedulingIgnoredDuringExecution和preferredDuringSchedulingIgnoredDuringExecution。前者表示强匹配,后者表示弱匹配。这2种类型都是pod schedule时起作用,运行时忽略。即pod分配之后,修改label不会影响已经分配的pod。后面计划提供requiredDuringSchedulingRequiredDuringExecution功能。

下面是node affinity示例。node必须具有label,其key为http://kubernetes.io/e2e-az-name,其value为e2e-az1或e2e-az2,同时,更倾向于具有label,其key为another-node-label-key, 其value为another-node-label-value。

kubectl label node cn-shenzhen.10.0.21.33 percona80-master.devops=true
pods:
  affinity:
    rules:
      nodeAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          nodeSelectorTerms:
            - matchExpressions:
              - key: percona80-master.devops
                operator: In
                values:
                  - "true"

物业sass模板

apiVersion:  apps/v1
kind: Deployment
metadata:
  name: ${service}
  labels:
    app.kubernetes.io/name: ${service}
    app.kubernetes.io/version: 0.0.0
    app.kubernetes.io/instance: ${service}
    environment: ${env} #环境变量
spec:
  replicas: ${replicas} #副本数
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: ${service}
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: ${service}
        app.kubernetes.io/version: 0.0.0
        app.kubernetes.io/instance: ${service}
        micrometer-registry-prometheus: "true"
        logging: "false"
    spec:
      serviceAccountName: default
      dnsPolicy: Default
      imagePullSecrets:
        - name: gemdale-registry.cn-shenzhen.cr.aliyuncs.com-secret
      containers:
        - name: ${service}
          image: ${image}
          imagePullPolicy: IfNotPresent
          command:
            - java
          args:
            - -Duser.timezone=Asia/Shanghai
            - -XX:+UseContainerSupport
            - -XX:InitialRAMPercentage=80.0
            - -XX:MaxRAMPercentage=80.0
            - -jar
            - /data/var/www/service/${service}/${jar_name}.jar
          env:
            - name: HOST_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.hostIP

            - name: WFWAPP
              value: wfw-applog

          volumeMounts:
            - mountPath: /data/appdata/
              name: appdata
            - mountPath: /data/config-repo/
              name: config-repo
            - mountPath: /data/logs/
              name: logs
            - mountPath: /mnt/hgfs/
              name: mnt-hgfs
          readinessProbe:
            tcpSocket:
              port: ${port}
            initialDelaySeconds: 30
            periodSeconds: 15
          ports:
            - containerPort: ${port}
              name: http
          resources:
            requests:
              memory: ${requests_memory} #内存资源下限 比如:500Mi、1Gi
              cpu: ${requests_cpu} #CPU资源下限,比如:0.1、0.25
            limits:
              memory: ${limit_memory} #内存资源上限 比如:800Mi、2Gi
              cpu: ${limit_cpu} #CPU资源上限,比如:0.5、1、2

      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: microservice
                    operator: In
                    values:
                      - "true"
      volumes:
        - hostPath:
            path: /data/appdata/
            type: DirectoryOrCreate
          name: appdata
        - hostPath:
            path: /data/config-repo/
            type: DirectoryOrCreate
          name: config-repo
        - hostPath:
            path: /data/logs/
            type: DirectoryOrCreate
          name: logs
        - hostPath:
            path: /mnt/hgfs/
            type: DirectoryOrCreate
          name: mnt-hgfs
---
apiVersion: v1
kind: Service
metadata:
  name: ${service}
  labels:
    app.kubernetes.io/name: ${service}
    app.kubernetes.io/version: 0.0.0
    app.kubernetes.io/instance: ${service}
    environment: ${env}
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: ${port}
    - name: https
      port: 443
      protocol: TCP
      targetPort: ${port}
  selector:
    app.kubernetes.io/name: ${service}
    app.kubernetes.io/instance: ${service}

智能审图模板

apiVersion: apps/v1
kind: Deployment  
metadata:  
  name: @APP_NAME@
  labels:  
    app: @APP_NAME@
spec:  
  replicas: @REPLICAS@
  revisionHistoryLimit: 10
  selector:  
    matchLabels:  
      app: @APP_NAME@
  template:  
    metadata:  
      labels:  
        app: @APP_NAME@
    spec:  
      containers:  
      - name: @APP_NAME@
        image: ${IMAGE}
        ports:  
        - containerPort: @targetPort@
          protocol: TCP  
        imagePullPolicy: IfNotPresent
        env:
        - name: protocol
          value: "http"
        - name: domainPrefix
          value: "://10.0.21.21"
        - name: app_env
          value: ":"
        - name: domainDelimiter
          value: "300"
        - name: domain
          value: "48"
        - name: nacos_namespace
          value: "c357bb7a-36a8-4880-a5ae-9778119688a5"
        - name: user_name
          value: "nacos"
        - name: password
          value: "Nacos@qaz"
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /actuator
            port: @targetPort@
            scheme: HTTP
          initialDelaySeconds: 37
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /actuator
            port: @targetPort@
            scheme: HTTP
          initialDelaySeconds: 3
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources:
          limits:
            cpu: @LIMIT_CPU@
            memory: @LIMIT_MEMORY@
          requests:
            cpu: @REQUEST_CPU@
            memory: @REQUEST_MEMORY@          
        startupProbe:
          failureThreshold: 3
          httpGet:
            path: /actuator
            port: @targetPort@
            scheme: HTTP
          initialDelaySeconds: 17
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1	        
          ######### 配置volume mount ###########
        volumeMounts:
          - name: volumn-logging-springboot
            mountPath: /gemdale/logs
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: dwgtodfx-service
                    operator: In
                    values:
                      - "true"  
      volumes:
        - name: volumn-logging-springboot
          hostPath:
            type: DirectoryOrCreate
            path: /data/logs/@APP_NAME@
      ###############################
  
---  
apiVersion: v1  
kind: Service  
metadata:  
  name: @APP_NAME@
  namespace: default
  labels:  
    app: @APP_NAME@
spec:  
  ports:  
    - port: @port@
      targetPort: @targetPort@
      @NodePort@
  selector:  
    app: @APP_NAME@
  type: @PORT_TYPE@  

ack内存可用率优化
```bash
sed -i 's/1764Mi/1024Mi/g' /etc/kubernetes/kubelet-customized-args.conf
systemctl restart kubelet 
ps -ef |grep /usr/bin/kubelet |grep 1024

2.边缘型ack不可调度
边缘集群云端ECS节点说明
在边缘托管集群创建过程中,平台会默认为您创建至少一个ECS实例,并接入到集群管控。该实例主要用来部署云端管控应用,也支持您自定义的云端管控应用部署。通过默认自带node-role.alibabacloud.com/addon: Effect: NoSchedule污点

将应用部署到云端管控节点
如果您需要在云端中心管控节点上部署自定义的管控应用,例如各种类型的operator。您需要配置容忍上述提到的污点(Taints)和对应的节点选择器(NodeSelector),配置片段如下。

     ...
      nodeSelector:
        alibabacloud.com/is-edge-worker: 'false'
        beta.kubernetes.io/arch: amd64
        beta.kubernetes.io/os: linux
      tolerations:
        - effect: NoSchedule
          key: node-role.alibabacloud.com/addon
          operator: Exists
      ...

添加主节点污点

kubectl label node cn-shenzhen.10.0.21.20 node-role.alibabacloud.com/addon: Effect: NoSchedule
Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐