kubectl taint k8s-master01 ssd=true:PreferNoSchedule
kubectl taint k8s-master01 k8s-master02 k8s-master03 ssd=true:PreferNoSchedule

### Taint參數(shù)說明
NoSchedule        # 禁止調(diào)度到該節(jié)點，已經(jīng)在該節(jié)點上的Pod不受影響
NoExecute         # 禁止調(diào)度到該節(jié)點，已經(jīng)部署在該節(jié)點上的Pod，如果不符合這個污點，Pod立刻會被該節(jié)點驅(qū)逐出去或過一段時間以后再被驅(qū)逐出去
PreferNoSchedule  # 盡量避免將Pod調(diào)度到指定的節(jié)點上，如果沒有更合適的節(jié)點，可以部署到該節(jié)點

tolerations:
- key: "TAINT_KEY"
  operator: "Equal"
  value: "TAINT_VALUE"
  effect: "NoSchedule"

tolerations:
- key: "TAINT_KEY"
  operator: "Exists"
  effect: "NoSchedule"
# 或者
tolerations:
- key: "TAINT_KEY"
  operator: "Equal"
  value: "TAINT_VALUE"

tolerations:
- key: "TAINT_KEY"
  operator: "Exists"
# 或者
tolerations:
- effect: "NoSchedule"
  operator: "Exists"

tolerations:
- operator: "Exists"

tolerations:
- key: "TAINT_KEY"
  operator: "Equal"
  value: "TAINT_VALUE"
  effect: "NoExectue"
  tolerationSeconds: 3600

### 創(chuàng)建Taint污點，ssd=true自定義
kubectl taint nodes k8s-node01 ssd=true:NoExecute

### 查看節(jié)點Taint污點
kubectl describe node k8s-node01  | grep -A 3 Taints
kubectl get nodes -o=custom-columns=NAME:.metadata.name,TAINTS:.spec.taints

### 基于key刪除節(jié)點污點
kubectl taint nodes k8s-node01 ssd-

### 基于key + Effect刪除節(jié)點污點
kubectl taint nodes k8s-node01 ssd:NoExecute-

### 基于key + value + Effect刪除節(jié)點污點
kubectl taint nodes k8s-node01 ssd=true:NoExecute-

### 修改節(jié)點污點（只能修改value值）
kubectl taint nodes k8s-node01 ssd=false:NoExecute --overwrite

### 查看k8s-node01節(jié)點已運行的Pod
kubectl get pods -A -owide | grep k8s-node01

### 在k8s-node01節(jié)點打上一個類型NoSchedule的污點
kubectl taint nodes k8s-node01 system=node:NoSchedule

### 查看k8s-node01和k8s-node02節(jié)點污點
kubectl describe node k8s-node01 k8s-node02 | grep -A 3 Taints
kubectl get nodes -o=custom-columns=NAME:.metadata.name,TAINTS:.spec.taints

### 過300秒后再查看k8s-node01節(jié)點已運行的Pod是否會被驅(qū)逐，NoSchedule參數(shù)默認不驅(qū)逐已部署在該節(jié)點的Pod
kubectl get pods -A -owide | grep k8s-node01

### 創(chuàng)建Deployment（設置toleration容忍完全匹配taint污點健值對）
mkdir -p /data/yaml/taint
cat > /data/yaml/taint/nginx-deploy-noschedule.yaml << 'EOF'
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-deploy
  name: nginx-deploy
  namespace: default
spec:
  replicas: 6
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      containers:
      - image: registry.cn-shenzhen.aliyuncs.com/dockerghost/nginx:1.26
        name: nginx
      tolerations:
      - key: "system"
        operator: "Equal"
        value: "node"
        effect: "NoSchedule"
EOF

kubectl create -f /data/yaml/taint/nginx-deploy-noschedule.yaml

### 查看此時Pod節(jié)點可以部署到k8s-node01節(jié)點上
kubectl get pods -n default -owide

### 刪除污點
kubectl taint nodes k8s-node01 system=node:NoSchedule-
kubectl get nodes -o=custom-columns=NAME:.metadata.name,TAINTS:.spec.taints

### 查看k8s-node02節(jié)點已運行的Pod
kubectl get pods -A -owide | grep k8s-node02

### 在 k8s-node02節(jié)點打上一個類型的NoExecute污點
kubectl taint nodes k8s-node02 disk=ssd:NoExecute

### 查看k8s-node02節(jié)點污點
kubectl describe node k8s-node02 | grep -A 3 Taints
kubectl get nodes -o=custom-columns=NAME:.metadata.name,TAINTS:.spec.taints

### 過300秒后再查看 k8s-node02節(jié)點已運行的Pod是否被驅(qū)逐出去
kubectl get pods -A -owide | grep k8s-node02

### 創(chuàng)建Deployment（設置toleration容忍匹配所有taint污點NoExecute類型）
mkdir -p /data/yaml/taint
cat > /data/yaml/taint/nginx-deploy-noexecute.yaml << 'EOF'
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-deploy
  name: nginx-deploy
  namespace: default
spec:
  replicas: 6
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      containers:
      - image: registry.cn-shenzhen.aliyuncs.com/dockerghost/nginx:1.26
        name: nginx
      tolerations:
      - effect: "NoExecute"
        operator: "Exists"
EOF

kubectl create -f  /data/yaml/taint/nginx-deploy-noexecute.yaml

### 查看此時Pod節(jié)點可以部署到k8s-node02節(jié)點上
kubectl get pods -n default -owide

### 刪除節(jié)點污點
kubectl taint nodes k8s-node02 disk=ssd:NoExecute-
kubectl get nodes -o=custom-columns=NAME:.metadata.name,TAINTS:.spec.taints

### 在k8s-node01和k8s-node02節(jié)點打上一個類型NoSchedule污點
kubectl taint nodes k8s-node01 k8s-node02 ssd=true:NoSchedule

### 查看k8s-node01和k8s-node02節(jié)點污點
kubectl describe node k8s-node01 k8s-node02 | grep -A 3 Taints
kubectl get nodes -o=custom-columns=NAME:.metadata.name,TAINTS:.spec.taints

### 在k8s-node01、k8s-node02、k8s-node03節(jié)點打上一個標簽（disktype=ssd自定義）
kubectl label node k8s-node01 k8s-node02 k8s-node03 disktype=ssd

### 查看k8s集群節(jié)點標簽
kubectl get nodes --show-labels | grep disktype=ssd
kubectl get nodes --show-labels -l disktype=ssd

### 創(chuàng)建Deployment（Pod配置nodeSelector參數(shù)和tolerations參數(shù)，使tolerations容忍完全匹配taint污點健值對）
mkdir -p /data/yaml/taint
cat > /data/yaml/taint/nginx-deploy-podnoschedule.yaml << 'EOF'
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-deploy
  name: nginx-deploy
spec:
  replicas: 6
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      containers:
      - image: registry.cn-shenzhen.aliyuncs.com/dockerghost/nginx:1.26
        name: nginx
      nodeSelector:
        disktype: "ssd"
      tolerations:
      - key: "ssd"
        operator: "Equal"
        value: "true"
        effect: "NoSchedule"
EOF

kubectl create -f /data/yaml/taint/nginx-deploy-podnoschedule.yaml

### 查看此時Pod節(jié)點可以部署到k8s-node01 k8s-node02、k8s-node03節(jié)點上
kubectl get pods -n default -owide

### 刪除節(jié)點污點
kubectl taint nodes k8s-node01 k8s-node02 ssd=true:NoSchedule-
kubectl get nodes -o=custom-columns=NAME:.metadata.name,TAINTS:.spec.taints

### 刪除節(jié)點標簽
kubectl label nodes k8s-node01 k8s-node02 k8s-node03 disktype-
kubectl get nodes --show-labels -l disktype=ssd

### 在k8s-node01和k8s-node02節(jié)點打上一個類型NoExecute污點
kubectl taint nodes k8s-node01 k8s-node02 ssd=true:NoExecute

### 查看k8s-node01和k8s-node02節(jié)點污點
kubectl describe node k8s-node01 k8s-node02 | grep -A 3 Taints
kubectl get nodes -o=custom-columns=NAME:.metadata.name,TAINTS:.spec.taints

### 在k8s-node01、k8s-node02、k8s-node03節(jié)點打上一個標簽（disktype=ssd自定義）
kubectl label node k8s-node01 k8s-node02 k8s-node03 disktype=ssd

### 查看k8s集群節(jié)點標簽
kubectl get nodes --show-labels | grep disktype=ssd
kubectl get nodes --show-labels -l disktype=ssd

### 創(chuàng)建Deployment的yaml文件，配置nodeSelector參數(shù)和tolerations參數(shù)
cat > /data/yaml/nginx-deploy.yaml << 'EOF'
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-deploy
  name: nginx-deploy
spec:
  replicas: 6
  selector:
    matchLabels:
      app: nginx-deploy
  template:
    metadata:
      labels:
        app: nginx-deploy
    spec:
      containers:
      - image: registry.cn-shenzhen.aliyuncs.com/dockerghost/nginx:1.26
        name: nginx
      nodeSelector:
        disktype: "ssd"
      tolerations:
      - key: "ssd"
        operator: "Equal"
        value: "true"
        effect: "NoExecute"
EOF

### 創(chuàng)建Deployment（Pod配置nodeSelector參數(shù)和tolerations參數(shù)，使tolerations容忍完全匹配taint污點健值對）
mkdir -p /data/yaml/taint
cat > /data/yaml/taint/nginx-deploy-podnoexecute.yaml << 'EOF'
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-deploy
  name: nginx-deploy
spec:
  replicas: 6
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      containers:
      - image: registry.cn-shenzhen.aliyuncs.com/dockerghost/nginx:1.26
        name: nginx
      nodeSelector:
        disktype: "ssd"
      tolerations:
      - key: "ssd"
        operator: "Equal"
        value: "true"
        effect: "NoExecute"
EOF

kubectl create -f /data/yaml/taint/nginx-deploy-podnoexecute.yaml

### 查看此時Pod節(jié)點可以部署到k8s-node01 k8s-node02、k8s-node03節(jié)點上
kubectl get pods -n default -owide

### 刪除節(jié)點污點
kubectl taint nodes k8s-node01 k8s-node02 ssd=true:NoSchedule-
kubectl get nodes -o=custom-columns=NAME:.metadata.name,TAINTS:.spec.taints

### 刪除節(jié)點標簽
kubectl label nodes k8s-node01 k8s-node02 k8s-node03 disktype-
kubectl get nodes --show-labels -l disktype=ssd

node.kubernetes.io/not-ready                        # 節(jié)點未準備好，相當于節(jié)點狀態(tài)Ready的值為False
node.kubernetes.io/unreachable                      # Node Controller訪問不到節(jié)點，相當于節(jié)點狀態(tài)Ready值變?yōu)閁nknown值
node.kubernetes.io/out-of-disk                      # 節(jié)點磁盤耗盡
node.kubernetes.io/memory-pressure                  # 節(jié)點存在內(nèi)存壓力
node.kubernetes.io/disk-pressure                    # 節(jié)點存在薇盤壓力
node.kubernetes.io/network-unavailable              # 節(jié)點網(wǎng)終不可達
node.kubernetes.io/unschedulable                    # 節(jié)點不可調(diào)度
node.cloudprovider.kubernetes.io/uninitialized     # 如果Kubelet啟動時指定了一個外部的cloudprovider，它將給當前節(jié)點添加一個Taint將其標記為不可用。在coud-controller-manager的一個controller初始化這個節(jié)點后，Kubelet將刪除這個Taint

### 創(chuàng)建Deployment
kubectl create deploy nginx-deploy --image=registry.cn-shenzhen.aliyuncs.com/dockerghost/nginx:1.26 -n default

### 查看Deployment和Pod
kubectl get deploy -n default
kubectl get pods -n default

### 查看Pod默認的Toleration容忍策略
kubectl get pods nginx-deploy-6988f8548f-swkfv -n default -oyaml
..............................
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready           # 節(jié)點未準備好，相當于節(jié)點狀態(tài)Ready的值為False
    operator: Exists
    tolerationSeconds: 300                      # 默認5分鐘后強制驅(qū)逐已存在的Pod
  - effect: NoExecute
    key: node.kubernetes.io/unreachable         # Node Controller訪問不到節(jié)點，相當于節(jié)點狀態(tài)Ready值變?yōu)閁nknown值
    operator: Exists
    tolerationSeconds: 300                      # 默認5分鐘后強制驅(qū)逐已存在的Pod
..............................

### 節(jié)點宕機由狀態(tài)Ready值變?yōu)閁nknown（False）值中間是由kube-controller-manager服務--node-monitor-grace-period參數(shù)設置檢查時長
[root@k8s-master01 ~]# cat /usr/lib/systemd/system/kube-controller-manager.service | grep "node-monitor-grace-period"
      --node-monitor-grace-period=40s \

### 在k8s-node01和k8s-node02節(jié)點打上一個類型NoExecute污點和一個標簽
kubectl taint nodes k8s-node01 k8s-node02 ssd=true:NoExecute
kubectl label nodes k8s-node01 k8s-node02 disktype=ssd

### 查看k8s-node01和k8s-node02節(jié)點污點和標簽
kubectl get nodes -o=custom-columns=NAME:.metadata.name,TAINTS:.spec.taints
kubectl get nodes --show-labels -l disktype=ssd

### 創(chuàng)建Deployment（Nginx容器配置當k8s-node02節(jié)點宕機toleration容忍10秒后自動遷移到別的節(jié)點）
mkdir -p /data/yaml/taint
cat > /data/yaml/taint/nginx-deploy.yaml << 'EOF'
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-deploy
  name: nginx-deploy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      containers:
      - image: registry.cn-shenzhen.aliyuncs.com/dockerghost/nginx:1.26
        name: nginx
      nodeSelector:
        disktype: "ssd"
      tolerations:
      - key: "ssd"
        operator: "Equal"
        value: "true"
        effect: "NoExecute"
      - effect: NoExecute
        key: node.kubernetes.io/not-ready
        operator: Exists
        tolerationSeconds: 10
      - effect: NoExecute
        key: node.kubernetes.io/unreachable
        operator: Exists
        tolerationSeconds: 10
EOF

kubectl create -f /data/yaml/taint/nginx-deploy.yaml
kubectl get pods -owide -n default

### 創(chuàng)建Deployment（redis容器配置toleration容忍，但使用內(nèi)置的容忍時間，默認300秒）
cat > /data/yaml/taint/redis-deploy.yaml << 'EOF'
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: redis-deploy
  name: redis-deploy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: redis-pod
  template:
    metadata:
      labels:
        app: redis-pod
    spec:
      containers:
      - image: registry.cn-shenzhen.aliyuncs.com/dockerghost/redis:latest
        name: redis
      nodeSelector:
        disktype: "ssd"
      tolerations:
      - key: "ssd"
        operator: "Equal"
        value: "true"
        effect: "NoExecute"
EOF

kubectl create -f /data/yaml/taint/redis-deploy.yaml
kubectl get pods -owide -n default

### 此時nginx容器和redis容器正好都部署在k8s-node02節(jié)點上
[root@k8s-master01 ~]# kubectl get pods -owide
NAME                            READY   STATUS    RESTARTS   AGE     IP              NODE         NOMINATED NODE   READINESS GATES
nginx-deploy-67745bdcf8-jfsst   1/1     Running   0          2m31s   172.30.58.244   k8s-node02   <none>           <none>
redis-deploy-6d549cd6bd-xdb5x   1/1     Running   0          50s     172.30.58.245   k8s-node02   <none>           <none>

### 登錄k8s-node02節(jié)點關機模擬異常宕機
init 0

### 登錄master管理節(jié)點查看節(jié)點狀態(tài)，此時k8s-node02節(jié)點狀態(tài)變成了NotReady
[root@k8s-master01 ~]# kubectl get nodes
NAME           STATUS     ROLES    AGE   VERSION
k8s-master01   Ready      <none>   14d   v1.28.15
k8s-master02   Ready      <none>   14d   v1.28.15
k8s-master03   Ready      <none>   14d   v1.28.15
k8s-node01     Ready      <none>   14d   v1.28.15
k8s-node02     NotReady   <none>   14d   v1.28.15

### 登錄master管理節(jié)點查看Pod狀態(tài)，因為redis容器比nginx容器容忍時長，所以nginx容器遷移到k8s-node02節(jié)點，而redis容器還在等待容忍時長
[root@k8s-master01 ~]# kubectl get pods -owide -n default
NAME                            READY   STATUS        RESTARTS   AGE     IP              NODE         NOMINATED NODE   READINESS GATES
nginx-deploy-67745bdcf8-jfsst   1/1     Terminating   0          4m20s   172.30.58.244   k8s-node02   <none>           <none>
nginx-deploy-67745bdcf8-np7hl   1/1     Running       0          19s     172.30.85.203   k8s-node01   <none>           <none>
redis-deploy-6d549cd6bd-xdb5x   1/1     Running       0          2m39s   172.30.58.245   k8s-node02   <none>           <none>

### 刪除節(jié)點污點
kubectl taint nodes k8s-node01  k8s-node02 ssd=true:NoExecute-
kubectl get nodes -o=custom-columns=NAME:.metadata.name,TAINTS:.spec.taints

### 刪除節(jié)點標簽
kubectl label nodes k8s-node01 k8s-node02 disktype-
kubectl get nodes --show-labels -l disktype=ssd