通过

你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

对成员群集使用污点,对群集资源放置使用容忍

本文介绍如何在 Azure Kubernetes Fleet Manager 中对 MemberCluster 资源添加或删除污点以及对 ClusterResourcePlacement 资源添加或删除容忍。

污点和容忍一同确保成员群集在资源传播期间仅接收指定的资源。 将污点应用于 MemberCluster 资源,以防止将资源传播到成员群集。 将容忍应用于 ClusterResourcePlacement 资源,以允许将资源传播到成员群集,即使成员群集存在污点也是如此。

先决条件

为成员群集添加污点

在此示例中,你要为 MemberCluster 资源添加污点。 然后,你要尝试使用包含 ClusterResourcePlacement 放置策略的 PickAll 将资源传播到成员群集中。 由于存在污点,该资源不应传播到成员群集。

  1. 使用 kubectl create ns 命令创建命名空间以传播到成员群集:

    kubectl create ns test-ns

  2. 使用以下示例代码在 MemberCluster 资源上创建污点:

    apiVersion: placement.kubernetes-fleet.io/v1
kind: MemberCluster
metadata:
  name: kind-cluster-1
spec:
  identity:
    name: fleet-member-agent-cluster-1
    kind: ServiceAccount
    namespace: fleet-system
    apiGroup: ""
  taints:                    # Add a taint to the member cluster
    - key: test-key1
      value: test-value1
      effect: NoSchedule

  3. 使用 MemberCluster 命令将污点应用到 kubectl apply 资源。 确保将文件名替换为你自己文件的名称。

    kubectl apply -f member-cluster-taint.yml

  4. 使用以下示例代码在 PickAll 资源上创建 ClusterResourcePlacement 放置策略:

      resourceSelectors:
    - group: ""
      kind: Namespace
      version: v1          
      name: test-ns
  policy:
    placementType: PickAll

  5. 使用 ClusterResourcePlacement 命令应用 kubectl apply 资源。 确保将文件名替换为你自己文件的名称。

    kubectl apply -f cluster-resource-placement-pick-all.yml

  6. 使用 ClusterResourcePlacement 命令检查 kubectl describe 资源的详细信息,确认资源没有传播到成员群集:

    kubectl describe clusterresourceplacement test-ns

    输出应类似于以下示例:

    status:
  conditions:
  - lastTransitionTime: "2024-04-16T19:03:17Z"
    message: found all the clusters needed as specified by the scheduling policy
    observedGeneration: 2
    reason: SchedulingPolicyFulfilled
    status: "True"
    type: ClusterResourcePlacementScheduled
  - lastTransitionTime: "2024-04-16T19:03:17Z"
    message: All 0 cluster(s) are synchronized to the latest resources on the hub
      cluster
    observedGeneration: 2
    reason: SynchronizeSucceeded
    status: "True"
    type: ClusterResourcePlacementSynchronized
  - lastTransitionTime: "2024-04-16T19:03:17Z"
    message: There are no clusters selected to place the resources
    observedGeneration: 2
    reason: ApplySucceeded
    status: "True"
    type: ClusterResourcePlacementApplied
  observedResourceIndex: "0"
  selectedResources:
  - kind: Namespace
    name: test-ns
    version: v1

移除成员群集的污点

在此示例中,你需要移除本文此前创建的污点。 此删除应自动触发 Fleet Manager 计划程序,将资源传播到成员群集。

  1. 打开 MemberCluster YAML 文件并删除污点部分。

  2. 使用 MemberCluster 命令将更改应用于 kubectl apply 资源。 确保将文件名替换为你自己文件的名称。

    kubectl apply -f member-cluster-taint.yml

  3. 使用 ClusterResourcePlacement 命令查看 kubectl describe 资源的详细信息,确认资源已传播到成员群集:

    kubectl describe clusterresourceplacement test-ns

    输出应类似于以下示例:

    status:
  conditions:
  - lastTransitionTime: "2024-04-16T20:00:03Z"
    message: found all the clusters needed as specified by the scheduling policy
    observedGeneration: 2
    reason: SchedulingPolicyFulfilled
    status: "True"
    type: ClusterResourcePlacementScheduled
  - lastTransitionTime: "2024-04-16T20:02:57Z"
    message: All 1 cluster(s) are synchronized to the latest resources on the hub
      cluster
    observedGeneration: 2
    reason: SynchronizeSucceeded
    status: "True"
    type: ClusterResourcePlacementSynchronized
  - lastTransitionTime: "2024-04-16T20:02:57Z"
    message: Successfully applied resources to 1 member clusters
    observedGeneration: 2
    reason: ApplySucceeded
    status: "True"
    type: ClusterResourcePlacementApplied
  observedResourceIndex: "0"
  placementStatuses:
  - clusterName: kind-cluster-1
    conditions:
    - lastTransitionTime: "2024-04-16T20:02:52Z"
      message: 'Successfully scheduled resources for placement in kind-cluster-1 (affinity
        score: 0, topology spread score: 0): picked by scheduling policy'
      observedGeneration: 2
      reason: ScheduleSucceeded
      status: "True"
      type: Scheduled
    - lastTransitionTime: "2024-04-16T20:02:57Z"
      message: Successfully Synchronized work(s) for placement
      observedGeneration: 2
      reason: WorkSynchronizeSucceeded
      status: "True"
      type: WorkSynchronized
    - lastTransitionTime: "2024-04-16T20:02:57Z"
      message: Successfully applied resources
      observedGeneration: 2
      reason: ApplySucceeded
      status: "True"
      type: Applied
  selectedResources:
  - kind: Namespace
    name: test-ns
    version: v1

为群集资源放置添加容忍

在此示例中,你要为 ClusterResourcePlacement 资源添加容忍,以将资源传播到具有污点的成员群集。 容忍允许将资源传播到成员群集。

  1. 使用 kubectl create ns 命令创建命名空间以传播到成员群集:

    kubectl create ns test-ns

  2. 使用以下示例代码在 MemberCluster 资源上创建污点:

    apiVersion: placement.kubernetes-fleet.io/v1
kind: MemberCluster
metadata:
  name: kind-cluster-1
spec:
  identity:
    name: fleet-member-agent-cluster-1
    kind: ServiceAccount
    namespace: fleet-system
    apiGroup: ""
  taints:                    # Add a taint to the member cluster
    - key: test-key1
      value: test-value1
      effect: NoSchedule

  3. 使用 MemberCluster 命令将污点应用到 kubectl apply 资源。 确保将文件名替换为你自己文件的名称。

    kubectl apply -f member-cluster-taint.yml

  4. 使用以下示例代码在 ClusterResourcePlacement 资源上创建容忍:

    spec:
  policy:
    placementType: PickAll
    tolerations:
      - key: test-key1
        operator: Exists
  resourceSelectors:
    - group: ""
      kind: Namespace
      name: test-ns
      version: v1
  revisionHistoryLimit: 10
  strategy:
    type: RollingUpdate

  5. 使用 ClusterResourcePlacement 命令应用 kubectl apply 资源。 确保将文件名替换为你自己文件的名称。

    kubectl apply -f cluster-resource-placement-toleration.yml

  6. 使用 ClusterResourcePlacement 命令查看 kubectl describe 资源的详细信息,确认资源已传播到成员群集:

    kubectl describe clusterresourceplacement test-ns

    输出应类似于以下示例:

    status:
  conditions:
    - lastTransitionTime: "2024-04-16T20:16:10Z"
      message: found all the clusters needed as specified by the scheduling policy
      observedGeneration: 3
      reason: SchedulingPolicyFulfilled
      status: "True"
      type: ClusterResourcePlacementScheduled
    - lastTransitionTime: "2024-04-16T20:16:15Z"
      message: All 1 cluster(s) are synchronized to the latest resources on the hub
        cluster
      observedGeneration: 3
      reason: SynchronizeSucceeded
      status: "True"
      type: ClusterResourcePlacementSynchronized
    - lastTransitionTime: "2024-04-16T20:16:15Z"
      message: Successfully applied resources to 1 member clusters
      observedGeneration: 3
      reason: ApplySucceeded
      status: "True"
      type: ClusterResourcePlacementApplied
  observedResourceIndex: "0"
  placementStatuses:
    - clusterName: kind-cluster-1
      conditions:
        - lastTransitionTime: "2024-04-16T20:16:10Z"
          message: 'Successfully scheduled resources for placement in kind-cluster-1 (affinity
        score: 0, topology spread score: 0): picked by scheduling policy'
          observedGeneration: 3
          reason: ScheduleSucceeded
          status: "True"
          type: Scheduled
        - lastTransitionTime: "2024-04-16T20:16:15Z"
          message: Successfully Synchronized work(s) for placement
          observedGeneration: 3
          reason: WorkSynchronizeSucceeded
          status: "True"
          type: WorkSynchronized
        - lastTransitionTime: "2024-04-16T20:16:15Z"
          message: Successfully applied resources
          observedGeneration: 3
          reason: ApplySucceeded
          status: "True"
          type: Applied
  selectedResources:
    - kind: Namespace
      name: test-ns
      version: v1

相关内容