通过

你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

对成员群集使用污点,对资源放置使用容忍

本文介绍如何在 Azure Kubernetes Fleet Manager 中对MemberCluster资源添加或删除污点,以及对ClusterResourcePlacementResourcePlacement资源进行容忍度设置。

污点和容忍一同确保成员群集在资源传播期间仅接收指定的资源。 将污点应用于 MemberCluster 资源,以防止将资源传播到成员群集。 即使成员群集存在污点,仍然会对资源应用ClusterResourcePlacementResourcePlacement的容忍,从而允许将资源传播到成员群集。

Prerequisites

注释

本文中的示例演示了群集范围 (ClusterResourcePlacement) 和命名空间范围的 (ResourcePlacement) 资源放置。 使用 ClusterResourcePlacement 表示群集范围的资源,使用 ResourcePlacement 表示在特定命名空间中的命名空间范围资源。

为成员群集添加污点

在此示例中,你要为 MemberCluster 资源添加污点。 然后,尝试使用具有 PickAll 放置策略的资源放置将资源传播到成员群集。 由于存在污点,该资源不应传播到成员群集。

  1. 使用 kubectl create ns 命令创建命名空间以传播到成员群集:

    kubectl create ns test-ns

  2. 使用以下示例代码在 MemberCluster 资源上创建污点:

    apiVersion: placement.kubernetes-fleet.io/v1
kind: MemberCluster
metadata:
  name: kind-cluster-1
spec:
  identity:
    name: fleet-member-agent-cluster-1
    kind: ServiceAccount
    namespace: fleet-system
    apiGroup: ""
  taints:                    # Add a taint to the member cluster
    - key: test-key1
      value: test-value1
      effect: NoSchedule

  3. 使用 MemberCluster 命令将污点应用到 kubectl apply 资源。 确保将文件名替换为你自己文件的名称。

    kubectl apply -f member-cluster-taint.yml

  4. 使用以下示例代码在 PickAll 资源上创建 ClusterResourcePlacement 放置策略:

    apiVersion: placement.kubernetes-fleet.io/v1beta1
kind: ClusterResourcePlacement
metadata:
  name: test-ns
spec:
  resourceSelectors:
    - group: ""
      kind: Namespace
      version: v1          
      name: test-ns
  policy:
    placementType: PickAll

  5. 使用 ClusterResourcePlacement 命令应用 kubectl apply 资源。 确保将文件名替换为你自己文件的名称。

    kubectl apply -f cluster-resource-placement-pick-all.yml

  6. 使用 ClusterResourcePlacement 命令检查 kubectl describe 资源的详细信息,确认资源没有传播到成员群集:

    kubectl describe clusterresourceplacement test-ns

    输出应类似于以下示例:

    status:
  conditions:
  - lastTransitionTime: "2024-04-16T19:03:17Z"
    message: found all the clusters needed as specified by the scheduling policy
    observedGeneration: 2
    reason: SchedulingPolicyFulfilled
    status: "True"
    type: ClusterResourcePlacementScheduled
  - lastTransitionTime: "2024-04-16T19:03:17Z"
    message: All 0 cluster(s) are synchronized to the latest resources on the hub
      cluster
    observedGeneration: 2
    reason: SynchronizeSucceeded
    status: "True"
    type: ClusterResourcePlacementSynchronized
  - lastTransitionTime: "2024-04-16T19:03:17Z"
    message: There are no clusters selected to place the resources
    observedGeneration: 2
    reason: ApplySucceeded
    status: "True"
    type: ClusterResourcePlacementApplied
  observedResourceIndex: "0"
  selectedResources:
  - kind: Namespace
    name: test-ns
    version: v1

移除成员群集的污点

在此示例中,你需要移除本文此前创建的污点。 此删除应自动触发 Fleet Manager 计划程序,将资源传播到成员群集。

  1. 打开 MemberCluster YAML 文件并删除污点部分。

  2. 使用 MemberCluster 命令将更改应用于 kubectl apply 资源。 确保将文件名替换为你自己文件的名称。

    kubectl apply -f member-cluster-taint.yml

  3. 使用 ClusterResourcePlacement 命令查看 kubectl describe 资源的详细信息,确认资源已传播到成员群集:

    kubectl describe clusterresourceplacement test-ns

    输出应类似于以下示例:

    status:
  conditions:
  - lastTransitionTime: "2024-04-16T20:00:03Z"
    message: found all the clusters needed as specified by the scheduling policy
    observedGeneration: 2
    reason: SchedulingPolicyFulfilled
    status: "True"
    type: ClusterResourcePlacementScheduled
  - lastTransitionTime: "2024-04-16T20:02:57Z"
    message: All 1 cluster(s) are synchronized to the latest resources on the hub
      cluster
    observedGeneration: 2
    reason: SynchronizeSucceeded
    status: "True"
    type: ClusterResourcePlacementSynchronized
  - lastTransitionTime: "2024-04-16T20:02:57Z"
    message: Successfully applied resources to 1 member clusters
    observedGeneration: 2
    reason: ApplySucceeded
    status: "True"
    type: ClusterResourcePlacementApplied
  observedResourceIndex: "0"
  placementStatuses:
  - clusterName: kind-cluster-1
    conditions:
    - lastTransitionTime: "2024-04-16T20:02:52Z"
      message: 'Successfully scheduled resources for placement in kind-cluster-1 (affinity
        score: 0, topology spread score: 0): picked by scheduling policy'
      observedGeneration: 2
      reason: ScheduleSucceeded
      status: "True"
      type: Scheduled
    - lastTransitionTime: "2024-04-16T20:02:57Z"
      message: Successfully Synchronized work(s) for placement
      observedGeneration: 2
      reason: WorkSynchronizeSucceeded
      status: "True"
      type: WorkSynchronized
    - lastTransitionTime: "2024-04-16T20:02:57Z"
      message: Successfully applied resources
      observedGeneration: 2
      reason: ApplySucceeded
      status: "True"
      type: Applied
  selectedResources:
  - kind: Namespace
    name: test-ns
    version: v1

在资源分配中添加容忍性

在此示例中,您将容忍规则添加到资源放置策略中,以便将资源传播到具有污点的成员群集中。 容忍允许将资源传播到成员群集。

  1. 使用 kubectl create ns 命令创建命名空间以传播到成员群集:

    kubectl create ns test-ns

  2. 使用以下示例代码在 MemberCluster 资源上创建污点:

    apiVersion: placement.kubernetes-fleet.io/v1
kind: MemberCluster
metadata:
  name: kind-cluster-1
spec:
  identity:
    name: fleet-member-agent-cluster-1
    kind: ServiceAccount
    namespace: fleet-system
    apiGroup: ""
  taints:                    # Add a taint to the member cluster
    - key: test-key1
      value: test-value1
      effect: NoSchedule

  3. 使用 MemberCluster 命令将污点应用到 kubectl apply 资源。 确保将文件名替换为你自己文件的名称。

    kubectl apply -f member-cluster-taint.yml

  4. 使用以下示例代码在 ClusterResourcePlacement 资源上创建容忍:

    apiVersion: placement.kubernetes-fleet.io/v1beta1
kind: ClusterResourcePlacement
metadata:
  name: test-ns
spec:
  policy:
    placementType: PickAll
    tolerations:
      - key: test-key1
        operator: Exists
  resourceSelectors:
    - group: ""
      kind: Namespace
      name: test-ns
      version: v1
  revisionHistoryLimit: 10
  strategy:
    type: RollingUpdate

  5. 使用 ClusterResourcePlacement 命令应用 kubectl apply 资源。 确保将文件名替换为你自己文件的名称。

    kubectl apply -f cluster-resource-placement-toleration.yml

  6. 使用 ClusterResourcePlacement 命令查看 kubectl describe 资源的详细信息,确认资源已传播到成员群集:

    kubectl describe clusterresourceplacement test-ns

    输出应类似于以下示例:

    status:
  conditions:
    - lastTransitionTime: "2024-04-16T20:16:10Z"
      message: found all the clusters needed as specified by the scheduling policy
      observedGeneration: 3
      reason: SchedulingPolicyFulfilled
      status: "True"
      type: ClusterResourcePlacementScheduled
    - lastTransitionTime: "2024-04-16T20:16:15Z"
      message: All 1 cluster(s) are synchronized to the latest resources on the hub
        cluster
      observedGeneration: 3
      reason: SynchronizeSucceeded
      status: "True"
      type: ClusterResourcePlacementSynchronized
    - lastTransitionTime: "2024-04-16T20:16:15Z"
      message: Successfully applied resources to 1 member clusters
      observedGeneration: 3
      reason: ApplySucceeded
      status: "True"
      type: ClusterResourcePlacementApplied
  observedResourceIndex: "0"
  placementStatuses:
    - clusterName: kind-cluster-1
      conditions:
        - lastTransitionTime: "2024-04-16T20:16:10Z"
          message: 'Successfully scheduled resources for placement in kind-cluster-1 (affinity
        score: 0, topology spread score: 0): picked by scheduling policy'
          observedGeneration: 3
          reason: ScheduleSucceeded
          status: "True"
          type: Scheduled
        - lastTransitionTime: "2024-04-16T20:16:15Z"
          message: Successfully Synchronized work(s) for placement
          observedGeneration: 3
          reason: WorkSynchronizeSucceeded
          status: "True"
          type: WorkSynchronized
        - lastTransitionTime: "2024-04-16T20:16:15Z"
          message: Successfully applied resources
          observedGeneration: 3
          reason: ApplySucceeded
          status: "True"
          type: Applied
  selectedResources:
    - kind: Namespace
      name: test-ns
      version: v1

相关内容

  • Last updated on