kubernetes-在SchedulingDisabled的节点上禁止调度DaemonSet的pod

我们已经把master 节点设置了：SchedulingDisabled ：

$ kubectl get node
NAME         STATUS                     ROLES                  AGE    VERSION
10.2.2.120   Ready,SchedulingDisabled   master                 239d   v1.13.3
10.2.2.121   Ready                      metallb-speaker,node   239d   v1.13.3
10.2.2.122   Ready                      metallb-speaker,node   239d   v1.13.3
10.2.2.123   Ready                      node                   105d   v1.13.3

但是我部署的DaemonSet 还是有pod被调度在设置了SchedulingDisabled的节点(10.2.2.120)上，如下：

$ kubectl get po -l app=nginx -o wide
NAME                     READY   STATUS    RESTARTS   AGE     IP             NODE         NOMINATED NODE   READINESS GATES
web-7l4s6                1/1     Running   0          35s     172.20.0.100   10.2.2.120              
web-clvgl                1/1     Running   0          35s     172.20.3.122   10.2.2.123              
web-j7plz                1/1     Running   0          35s     172.20.1.182   10.2.2.121              
web-zgbnd                1/1     Running   0          35s     172.20.2.139   10.2.2.122              

要想防止pod被调度到SchedulingDisabled的节点上，可以把DaemonSet设置一个nodeSelector,让po运行在指定标签的节点上：

1. 先把节点打上标签：

kubectl label nodes 10.2.2.121 key=val
kubectl label nodes 10.2.2.122 key=val
kubectl label nodes 10.2.2.123 key=val

2. 然后在DaemonSet上增加节点选择：nodeSelector: 

$ cat daemonset.yaml 
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: web
  namespace: default
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      nodeSelector:
        key: val
      containers:
      - name: nginx
        image: nginx:latest

3. 再检查，已经运行正确调度在我们选择的node上：

$ kubectl get po -l app=nginx -o wide
NAME                     READY   STATUS    RESTARTS   AGE     IP             NODE         NOMINATED NODE   READINESS GATES
web-6rnk8                1/1     Running   0          34s     172.20.3.123   10.2.2.123              
web-9jdpc                1/1     Running   0          22s     172.20.2.140   10.2.2.122              
web-l5gvj                1/1     Running   0          56s     172.20.1.183   10.2.2.121              

还有其他的方法，参考：

https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/#taints-and-tolerations

kubernetes-K8S调度之Taints and Tolerations

其他参考：

https://stackoverflow.com/questions/40493395/kubernetes-1-4-3-why-daemonset-is-scheduled-on-master

https://kubernetes.io/zh/docs/concepts/workloads/controllers/daemonset/