Pod调度之PodAffinity:pod亲和与互斥调度策略

pod间的亲和与互斥调度策略让用户从另一个角度来限制pod所运行的节点:
根据在节点上正在运行的pod的标签而不是节点的标签进行判断和调度,要求对节点和pod两个条件进行匹配。
下面通过实例来说明pod间的亲和性和互斥性策略设置

  1. 参照目标pod
    首先,创建一个名为pod-flag的pod,带有标签security=s1和app=nginx,后面的例子将使用pod-flag作为pod亲和与互斥的目标pod:
[root@bogon ~]# vim pod-flag.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: pod-flag
  labels:
    security: "s1"
    app: "nginx"
spec:
  containers:
  - name: nginx
    image: nginx

[root@bogon ~]# kubectl get pods -o wide
NAME                 READY   STATUS      RESTARTS   AGE   IP           NODE       NOMINATED NODE   READINESS GATES
pod-flag             1/1     Running     0          24s   172.17.0.3   kafka03    <none>           <none>
172.17.0.4   kafka03    <none>           <none>
  1. pod的亲和性调度
    下面创建第2个pod来说明pod的亲和性调度,这里定义的亲和标签是security=s1,对应上面的pod “pod-flag”。
[root@bogon ~]# vim pod-affinity.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: pod-affinity
spec:
  affinity:
    podAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: security
            operator: In
            values:
            - s1
        topologyKey: kubernetes.io/hostname
  containers:
  - name: with-pod-affinity
    image: k8s.gcr.io/pause:3.1

[root@bogon ~]# kubectl create -f pod-affinity.yaml 
pod/pod-affinity created
[root@bogon ~]# kubectl get pod -o wide
NAME                 READY   STATUS      RESTARTS   AGE   IP           NODE       NOMINATED NODE   READINESS GATES
pod-affinity         1/1     Running     0          10s   172.17.0.5   kafka03    <none>           <none>
pod-flag             1/1     Running     0          16m   172.17.0.3   kafka03    <none>           <none>
172.17.0.4   kafka03    <none>           <none>

可以看到,这两个pod在同一个node上运行。

  1. pod的互斥性调度
    创建第3个pod,我们希望他不与目标pod运行在同一个node上:
    vim anti-affinity.yaml
apiVersion: v1
kind: Pod
metadata:
  name: anti-affinity
spec:
  affinity:
    podAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: security
            operator: In
            values:
            - s1
        topologyKey: failure-damon.beta.kubernetes.io/zone
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: app
            operator: In
            values:
            - nginx
        topologyKey: kubernetes.io/hostname

  containers:
  - name: anti-affinity
    image: k8s.gcr.io/pause:3.1

这里要求这个新的pod与security=s1的pod为同一个zone,但是不与app=nginx的pod为同一个node!

[root@bogon ~]# kubectl get pod -o wide
NAME                 READY   STATUS      RESTARTS   AGE    IP           NODE       NOMINATED NODE   READINESS GATES
anti-affinity        0/1     Pending     0          26s    <none>       <none>     <none>           <none>

查看详情:kubectl describe pod/anti-affinity
会发现有不匹配调度规则的字样!

Events:
  Type     Reason            Age        From               Message
  ----     ------            ----       ----               -------
  Warning  FailedScheduling  <unknown>  default-scheduler  0/2 nodes are available: 2 node(s) didn't match pod affinity rules.
  Warning  FailedScheduling    default-scheduler  0/2 nodes are available: 2 node(s) didn't match pod affinity rules.

与节点亲和性类型,pod亲和性的操作符也包括:

  1. In
  2. NotIn
  3. Exists
  4. DoseNotExist
  5. Gt
  6. Lt

你可能感兴趣的:(k8s)