Taint와 Toleration 원리
- 테인트는 "오점을 남기다, 더럽히다"라는 뜻을 가짐
- 테인트는 노드에 설정하며 설정된 노드에는 "어떤" 오점을 남김
- 톨러레이션은 "용인하다, 견디다"란 뜻을 가짐
- 노드가 갖고 있는 오점을 용인하는 옵션을 포드에 설정 -> 노드에 배치 가능
- 톨러레이션 옵션은 노드 셀렉터 등과 다르게 아무 오점이 없어도 배치가 될 수 있으며, 만약 오점이 있는 경우에는 톨러레이션 세팅이 필수적으로 필요
Taint 현황 확인하기
kubectl describe node <노드 이름> | grep -i Taintskubectl get nodes -o json | jq .items[].spec.taints
imkunyoung@cloudshell:~ (kubernetes-397511)$ kubectl describe node gke-artbridge-default-pool-65403ed8-fz5f | grep -i taints
node.gke.io/last-applied-node-taints:
Taints: <none>imkunyoung@cloudshell:~ (kubernetes-397511)$ kubectl get nodes -o json | jq .items[].spec.taints
null
null
null노드에 테인트 추가하기
- 사용자가 원하는 노드에 테인트 설정 가능
kubectl taint nodes <노드이름> key1=value1:NoExecute
imkunyoung@cloudshell:~ (kubernetes-397511)$ kubectl get pods -A -o wide | grep gke-artbridge-default-pool-65403ed8-7zvx
argocd argocd-application-controller-0 1/1 Running 0 5m32s 10.40.0.175 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
argocd argocd-applicationset-controller-5dffff55bd-pzpv6 1/1 Running 0 5m34s 10.40.0.172 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
argocd argocd-dex-server-656864dd94-ph98s 1/1 Running 0 11d 10.40.0.7 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
argocd argocd-notifications-controller-567f8cdddc-cxg7s 1/1 Running 0 5m34s 10.40.0.171 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
argocd argocd-redis-b5d6bf5f5-mbfck 1/1 Running 0 11d 10.40.0.8 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
argocd argocd-repo-server-7555f4b465-g9btp 1/1 Running 0 5m34s 10.40.0.173 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
argocd argocd-server-7f758fccf6-mpds7 1/1 Running 0 11d 10.40.0.9 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
default config-server 1/1 Running 0 5d20h 10.40.0.168 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
default exhibition-sonar-deployment-57b47c487d-5tt9m 1/1 Running 0 2d15h 10.40.0.169 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
default http-go-r2bbv 1/1 Running 0 39s 10.40.0.177 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
default mariadb-5bfcbc8dd5-8w8n8 1/1 Running 0 5m33s 10.40.0.176 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
default nginx-sidecar 3/3 Running 0 8d 10.40.0.22 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
flask0 flask-6b7fbcfd94-h6xd5 1/1 Running 0 11d 10.40.0.10 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
gmp-system collector-5mkmp 2/2 Running 0 10d 10.40.0.17 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
kube-system fluentbit-gke-p5n7f 2/2 Running 0 12d 10.128.0.3 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
kube-system gke-metrics-agent-hhbz2 2/2 Running 0 12d 10.128.0.3 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
kube-system kube-proxy-gke-artbridge-default-pool-65403ed8-7zvx 1/1 Running 0 12d 10.128.0.3 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
kube-system pdcsi-node-l9dq5 2/2 Running 0 10d 10.128.0.3 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
mychart2 mychart2-test-7699f994d8-jdrzb 1/1 Running 0 5m34s 10.40.0.174 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>imkunyoung@cloudshell:~ (kubernetes-397511)$ kubectl taint nodes gke-artbridge-default-pool-65403ed8-7zvx key1=value1:NoExecute
node/gke-artbridge-default-pool-65403ed8-7zvx taintedimkunyoung@cloudshell:~ (kubernetes-397511)$ kubectl get pods -A -o wide | grep gke-artbridge-default-pool-65403ed8-7zvx
gmp-system collector-5mkmp 2/2 Running 0 10d 10.40.0.17 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
kube-system fluentbit-gke-p5n7f 2/2 Running 0 12d 10.128.0.3 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
kube-system gke-metrics-agent-hhbz2 2/2 Running 0 12d 10.128.0.3 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
kube-system kube-proxy-gke-artbridge-default-pool-65403ed8-7zvx 1/1 Running 0 12d 10.128.0.3 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>
kube-system pdcsi-node-l9dq5 2/2 Running 0 10d 10.128.0.3 gke-artbridge-default-pool-65403ed8-7zvx <none> <none>imkunyoung@cloudshell:~ (kubernetes-397511)$ kubectl describe pod kube-proxy-gke-artbridge-default-pool-65403ed8-7zvx -n kube-system | grep -A7 Tolerations
Tolerations: :NoExecute op=Exists
:NoSchedule op=Exists
Events: <none>NoExecute op=Exists: "NoExecute" Taint에 대해 무시NoSchedule op=Exists: "NoSchedule" Taint에 대해 무시
원상 복구
imkunyoung@cloudshell:~ (kubernetes-397511)$ kubectl taint nodes gke-artbridge-default-pool-65403ed8-7zvx key1=value1:NoExecute-
node/gke-artbridge-default-pool-65403ed8-7zvx untainted포드에 톨러레이션 추가
# pod-with-toleration.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
env: test
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
tolerations:
- key: "key1"
operator: "Exists"
value: "value1"
effect: "NoExecute"| Effect 종류 | 설명 |
|---|---|
| NoSchedule | 해당 노드에 포드를 스케줄링하지 않음 |
| PreferNoSchedule | 가능한 경우 해당 노드에 포드를 스케줄링하지 않도록 함 |
| NoExecute | 해당 노드에서 포드를 실행 중인 경우 포드를 중단시킴 |
