yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
71d5c814e7cd147ecf1616dcdb847abdd12996f9
doc-exports/docs/cce/umn/cce_10_0352.html
Dong, Qiu Jian f7b9a88535 CCE UMN update -20240625 version 
Reviewed-by: Kovács, Zoltán <zkovacs@t-systems.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2024-09-04 11:43:54 +00:00

87 lines
10 KiB
HTML
Raw Blame History

<a name="cce_10_0352"></a><a name="cce_10_0352"></a>
<h1 class="topictitle1">Managing Node Taints</h1>
<div id="body0000001149077264"><p id="cce_10_0352__p8060118">Taints enable a node to repel specific pods to prevent these pods from being scheduled to the node.</p>
<div class="section" id="cce_10_0352__section646111718219"><h4 class="sectiontitle">Procedure for Operations Performed on the Console</h4><p id="cce_10_0352__p1231835142012">On the CCE console, you can also batch manage nodes' taints.</p>
<ol id="cce_10_0352__ol143113512018"><li id="cce_10_0352__li932359204"><span>Log in to the CCE console and click the cluster name to access the cluster console.</span></li><li id="cce_10_0352__li18313511204"><span>In the navigation pane, choose <strong id="cce_10_0352__b7665753954">Nodes</strong>. On the displayed page, click the <strong id="cce_10_0352__b156654531519">Nodes</strong> tab, select the target node and click <strong id="cce_10_0352__b3665125315514">Labels and Taints</strong> in the upper left corner.</span></li><li id="cce_10_0352__li10313351208"><span>In the displayed dialog box, click <span class="uicontrol" id="cce_10_0352__uicontrol5954161671218"><b>Add Operation</b></span> under <span class="uicontrol" id="cce_10_0352__uicontrol20954161651217"><b>Batch Operation</b></span>, and then choose <span class="uicontrol" id="cce_10_0352__uicontrol495451620127"><b>Add/Update</b></span> or <span class="uicontrol" id="cce_10_0352__uicontrol1795481619126"><b>Delete</b></span> as well as <span class="uicontrol" id="cce_10_0352__uicontrol20393516204"><b>Taint</b></span>.</span><p><p id="cce_10_0352__p1231435152013">Enter the key and value of the taint to be operated, choose a taint effect, and click <strong id="cce_10_0352__b12325738121413">OK</strong>.</p>
</p></li><li id="cce_10_0352__li143735122017"><span>After the taint is added, check the added taint in node data.</span></li></ol>
</div>
<div class="section" id="cce_10_0352__section1660016436407"><h4 class="sectiontitle">Procedure for Operations Performed Through kubectl</h4><p id="cce_10_0352__p1521494954012">A taint is a key-value pair associated with an effect. The following effects are available:</p>
<ul id="cce_10_0352__ul021424964018"><li id="cce_10_0352__li421494912402"><span class="keyword" id="cce_10_0352__keyword219871962311">NoSchedule</span>: No pod will be scheduled onto the node unless it has a matching toleration. Existing pods will not be evicted from the node.</li><li id="cce_10_0352__li92155499408"><span class="keyword" id="cce_10_0352__keyword10933621142314">PreferNoSchedule</span>: Kubernetes prevents pods that cannot tolerate this taint from being scheduled onto the node.</li><li id="cce_10_0352__li15215114914011"><span class="keyword" id="cce_10_0352__keyword51171926102313">NoExecute</span>: If the pod has been running on a node, the pod will be evicted from the node. If the pod has not been running on a node, the pod will not be scheduled onto the node.</li></ul>
<p id="cce_10_0352__p565812645816">To add a taint to a node, run the <strong id="cce_10_0352__b164121637377">kubectl taint</strong> <strong id="cce_10_0352__b12107133144919">node </strong><em id="cce_10_0352__i15653203574919">nodename</em> command as follows:</p>
<pre class="screen" id="cce_10_0352__screen1977910515016">$ kubectl get node
NAME STATUS ROLES AGE VERSION
192.168.10.170 Ready &lt;none&gt; 73d v1.19.8-r1-CCE21.4.1.B003
192.168.10.240 Ready &lt;none&gt; 4h8m v1.19.8-r1-CCE21.6.1.2.B001
$ kubectl taint node 192.168.10.240 key1=value1:NoSchedule
node/192.168.10.240 tainted</pre>
<p id="cce_10_0352__p15744175401">To view the taint configuration, run the <strong id="cce_10_0352__b1673424184510">describe</strong> and <strong id="cce_10_0352__b18923820124511">get</strong> commands as follows:</p>
<pre class="screen" id="cce_10_0352__screen1676853310019">$ kubectl describe node 192.168.10.240
Name: 192.168.10.240
...
Taints: key1=value1:NoSchedule
...
$ kubectl get node 192.168.10.240 -oyaml
apiVersion: v1
...
spec:
providerID: 06a5ea3a-0482-11ec-8e1a-0255ac101dc2
taints:
- effect: NoSchedule
key: key1
value: value1
...</pre>
<p id="cce_10_0352__p797914269376">To remove a taint, add a hyphen (-) at the end of the command for adding a taint, as shown in the following example:</p>
<pre class="screen" id="cce_10_0352__screen19650205723714">$ kubectl taint node 192.168.10.240 key1=value1:NoSchedule-
node/192.168.10.240 untainted
$ kubectl describe node 192.168.10.240
Name: 192.168.10.240
...
Taints: &lt;none&gt;
...</pre>
</div>
<div class="section" id="cce_10_0352__section184717137266"><a name="cce_10_0352__section184717137266"></a><a name="section184717137266"></a><h4 class="sectiontitle">Configuring a Node Scheduling Policy in One-Click Mode</h4><p id="cce_10_0352__p1365453510263">You can configure a node to be unschedulable on the console. Then, CCE will add a taint with key <strong id="cce_10_0352__b159481348202020">node.kubernetes.io/unschedulable</strong> and the <strong id="cce_10_0352__b5254174817214">NoSchedule</strong> setting to the node. After a node is set to be unschedulable, new pods cannot be scheduled to this node, but pods running on the node are not affected.</p>
<ol id="cce_10_0352__ol257518142616"><li id="cce_10_0352__li657111811263"><span>Log in to the CCE console and click the cluster name to access the cluster console.</span></li><li id="cce_10_0352__li115791882619"><span>In the navigation pane, choose <span class="uicontrol" id="cce_10_0352__uicontrol19119153633516"><b>Nodes</b></span>. On the displayed page, click the <strong id="cce_10_0352__b1110513163360">Nodes</strong> tab.</span></li><li id="cce_10_0352__li14571918192614"><span>In the node list, locate the target node and choose <strong id="cce_10_0352__b1143312138386">More</strong> &gt; <strong id="cce_10_0352__b107504164389">Disable Scheduling</strong> in the <strong id="cce_10_0352__b1956192943817">Operation</strong> column.</span></li><li id="cce_10_0352__li85751816261"><span>In the dialog box that is displayed, click <strong id="cce_10_0352__b9633141715411">Yes</strong> to configure the node to be unschedulable.</span><p><p id="cce_10_0352__p1757151812265">This operation will add a taint to the node. You can use kubectl to view the content of the taint.</p>
<pre class="screen" id="cce_10_0352__screen25751812266">$ kubectl describe node 192.168.10.240
...
Taints: node.kubernetes.io/unschedulable:NoSchedule
...</pre>
</p></li><li id="cce_10_0352__li857918152612"><span>Go back to the node list, locate the target node, and choose <strong id="cce_10_0352__b1336717257486">More</strong> &gt; <strong id="cce_10_0352__b9827182744816">Enable Scheduling</strong>. Then, the node changes to be schedulable.</span></li></ol>
</div>
<div class="section" id="cce_10_0352__section480381653317"><h4 class="sectiontitle"><span class="keyword" id="cce_10_0352__keyword1292993662320">System Taints</span></h4><p id="cce_10_0352__p92607504131">When some issues occurred on a node, Kubernetes automatically adds a taint to the node. The built-in taints are as follows:</p>
<ul id="cce_10_0352__ul12260145018138"><li id="cce_10_0352__li11260155010132">node.kubernetes.io/not-ready: The node is not ready. The node <strong id="cce_10_0352__b1411563310534">Ready</strong> value is <strong id="cce_10_0352__b969119536534">False</strong>.</li><li id="cce_10_0352__li122601550101320">node.kubernetes.io/unreachable: The node controller cannot access the node. The node <strong id="cce_10_0352__b455415765414">Ready</strong> value is <strong id="cce_10_0352__b13555271543">Unknown</strong>.</li><li id="cce_10_0352__li122601050141316">node.kubernetes.io/memory-pressure: The node memory is approaching the upper limit.</li><li id="cce_10_0352__li526045015138">node.kubernetes.io/disk-pressure: The node disk space is approaching the upper limit.</li><li id="cce_10_0352__li526065071311">node.kubernetes.io/pid-pressure: The node PIDs are approaching the upper limit.</li><li id="cce_10_0352__li32601505137">node.kubernetes.io/network-unavailable: The node network is unavailable.</li><li id="cce_10_0352__li1026075071319">node.kubernetes.io/unschedulable: The node cannot be scheduled.</li><li id="cce_10_0352__li42606503137">node.cloudprovider.kubernetes.io/uninitialized: If an external cloud platform driver is specified when kubelet is started, kubelet adds a taint to the current node and marks it as unavailable. After a controller of <strong id="cce_10_0352__b6454528115619">cloud-controller-manager</strong> initializes the node, kubelet will delete the taint.</li></ul>
</div>
<div class="section" id="cce_10_0352__section2047442210417"><h4 class="sectiontitle">Related Operations (Tolerations)</h4><p id="cce_10_0352__p426753884119">Tolerations are applied to pods, and allow (but do not require) the pods to schedule onto nodes with matching taints.</p>
<p id="cce_10_0352__p115612587189">Taints and tolerations work together to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node. This marks that the node should not accept any pods that do not tolerate the taints.</p>
<p id="cce_10_0352__p484717171575">Example:</p>
<pre class="screen" id="cce_10_0352__screen029862812212">apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
env: test
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
tolerations:
- key: "key1"
operator: "Equal"
value: "value1"
effect: "NoSchedule" </pre>
<p id="cce_10_0352__p5728522612">In the preceding example, the toleration label of the pod is key1=value1 and the taint effect is NoSchedule. Therefore, the pod can be scheduled onto the corresponding node.</p>
<p id="cce_10_0352__p924318395235">You can also configure tolerations similar to the following information, which indicates that the pod can be scheduled onto a node when the node has the taint key1:</p>
<pre class="screen" id="cce_10_0352__screen28427492254">tolerations:
- key: "key1"
operator: "Exists"
effect: "NoSchedule"</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_10_0672.html">Management Nodes</a></div>
</div>
</div>
View Git Blame Copy Permalink