我的书签
添加书签
移除书签Placing pods on specific nodes using node selectors
- About node selectors
- Using node selectors to control pod placement
- Creating default cluster-wide node selectors
- Creating project-wide node selectors
A node selector specifies a map of key/value pairs that are defined using custom labels on nodes and selectors specified in pods.
For the pod to be eligible to run on a node, the pod must have the same key/value node selector as the label on the node.
About node selectors
You can use node selectors on pods and labels on nodes to control where the pod is scheduled. With node selectors, OKD schedules the pods on nodes that contain matching labels.
You can use a node selector to place specific pods on specific nodes, cluster-wide node selectors to place new pods on specific nodes anywhere in the cluster, and project node selectors to place new pods in a project on specific nodes.
For example, as a cluster administrator, you can create an infrastructure where application developers can deploy pods only onto the nodes closest to their geographical location by including a node selector in every pod they create. In this example, the cluster consists of five data centers spread across two regions. In the U.S., label the nodes as us-east, us-central, or us-west. In the Asia-Pacific region (APAC), label the nodes as apac-east or apac-west. The developers can add a node selector to the pods they create to ensure the pods get scheduled on those nodes.
A pod is not scheduled if the Pod object contains a node selector, but no node has a matching label.
If you are using node selectors and node affinity in the same pod configuration, the following rules control pod placement onto nodes:
|
Node selectors on specific pods and nodes
You can control which node a specific pod is scheduled on by using node selectors and labels.
To use node selectors and labels, first label the node to avoid pods being descheduled, then add the node selector to the pod.
You cannot add a node selector directly to an existing scheduled pod. You must label the object that controls the pod, such as deployment config. |
For example, the following Node object has the region: east label:
Sample Node object with a label
kind: NodeapiVersion: v1metadata:name: ip-10-0-131-14.ec2.internalselfLink: /api/v1/nodes/ip-10-0-131-14.ec2.internaluid: 7bc2580a-8b8e-11e9-8e01-021ab4174c74resourceVersion: '478704'creationTimestamp: '2019-06-10T14:46:08Z'labels:kubernetes.io/os: linuxfailure-domain.beta.kubernetes.io/zone: us-east-1anode.openshift.io/os_version: '4.5'node-role.kubernetes.io/worker: ''failure-domain.beta.kubernetes.io/region: us-east-1node.openshift.io/os_id: fedorabeta.kubernetes.io/instance-type: m4.largekubernetes.io/hostname: ip-10-0-131-14beta.kubernetes.io/arch: amd64region: east (1)
| 1 | Label to match the pod node selector. |
A pod has the type: user-node,region: east node selector:
Sample Pod object with node selectors
apiVersion: v1kind: Pod....spec:nodeSelector: (1)region: easttype: user-node
| 1 | Node selectors to match the node label. |
When you create the pod using the example pod spec, it can be scheduled on the example node.
Default cluster-wide node selectors
With default cluster-wide node selectors, when you create a pod in that cluster, OKD adds the default node selectors to the pod and schedules the pod on nodes with matching labels.
For example, the following Scheduler object has the default cluster-wide region=east and type=user-node node selectors:
Example Scheduler Operator Custom Resource
apiVersion: config.openshift.io/v1kind: Schedulermetadata:name: cluster...spec:defaultNodeSelector: type=user-node,region=east...
A node in that cluster has the type=user-node,region=east labels:
Example Node object
apiVersion: v1kind: Nodemetadata:name: ci-ln-qg1il3k-f76d1-hlmhl-worker-b-df2s4...labels:region: easttype: user-node...
Example Pod object with a node selector
apiVersion: v1kind: Pod...spec:nodeSelector:region: east...
When you create the pod using the example pod spec in the example cluster, the pod is created with the cluster-wide node selector and is scheduled on the labeled node:
Example pod list with the pod on the labeled node
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESpod-s1 1/1 Running 0 20s 10.131.2.6 ci-ln-qg1il3k-f76d1-hlmhl-worker-b-df2s4 <none> <none>
If the project where you create the pod has a project node selector, that selector takes preference over a cluster-wide node selector. Your pod is not created or scheduled if the pod does not have the project node selector. |
Project node selectors
With project node selectors, when you create a pod in this project, OKD adds the node selectors to the pod and schedules the pods on a node with matching labels. If there is a cluster-wide default node selector, a project node selector takes preference.
For example, the following project has the region=east node selector:
Example Namespace object
apiVersion: v1kind: Namespacemetadata:name: east-regionannotations:openshift.io/node-selector: "region=east"...
The following node has the type=user-node,region=east labels:
Example Node object
apiVersion: v1kind: Nodemetadata:name: ci-ln-qg1il3k-f76d1-hlmhl-worker-b-df2s4...labels:region: easttype: user-node...
When you create the pod using the example pod spec in this example project, the pod is created with the project node selectors and is scheduled on the labeled node:
Example Pod object
apiVersion: v1kind: Podmetadata:namespace: east-region...spec:nodeSelector:region: easttype: user-node...
Example pod list with the pod on the labeled node
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESpod-s1 1/1 Running 0 20s 10.131.2.6 ci-ln-qg1il3k-f76d1-hlmhl-worker-b-df2s4 <none> <none>
A pod in the project is not created or scheduled if the pod contains different node selectors. For example, if you deploy the following pod into the example project, it is not be created:
Example Pod object with an invalid node selector
apiVersion: v1kind: Pod...spec:nodeSelector:region: west....
Using node selectors to control pod placement
You can use node selectors on pods and labels on nodes to control where the pod is scheduled. With node selectors, OKD schedules the pods on nodes that contain matching labels.
You add labels to a node, a machine set, or a machine config. Adding the label to the machine set ensures that if the node or machine goes down, new nodes have the label. Labels added to a node or machine config do not persist if the node or machine goes down.
To add node selectors to an existing pod, add a node selector to the controlling object for that pod, such as a ReplicaSet object, DaemonSet object, StatefulSet object, Deployment object, or DeploymentConfig object. Any existing pods under that controlling object are recreated on a node with a matching label. If you are creating a new pod, you can add the node selector directly to the Pod spec.
You cannot add a node selector directly to an existing scheduled pod. |
Prerequisites
To add a node selector to existing pods, determine the controlling object for that pod. For example, the router-default-66d5cf9464-m2g75 pod is controlled by the router-default-66d5cf9464 replica set:
$ oc describe pod router-default-66d5cf9464-7pwkcName: router-default-66d5cf9464-7pwkcNamespace: openshift-ingress....Controlled By: ReplicaSet/router-default-66d5cf9464
The web console lists the controlling object under ownerReferences in the pod YAML:
ownerReferences:- apiVersion: apps/v1kind: ReplicaSetname: router-default-66d5cf9464uid: d81dd094-da26-11e9-a48a-128e7edf0312controller: trueblockOwnerDeletion: true
Procedure
Add labels to a node by using a machine set or editing the node directly:
Use a
MachineSetobject to add labels to nodes managed by the machine set when a node is created:Run the following command to add labels to a
MachineSetobject:$ oc patch MachineSet <name> --type='json' -p='[{"op":"add","path":"/spec/template/spec/metadata/labels", "value":{"<key>"="<value>","<key>"="<value>"}}]' -n openshift-machine-api
For example:
$ oc patch MachineSet abc612-msrtw-worker-us-east-1c --type='json' -p='[{"op":"add","path":"/spec/template/spec/metadata/labels", "value":{"type":"user-node","region":"east"}}]' -n openshift-machine-api
Verify that the labels are added to the
MachineSetobject by using theoc editcommand:For example:
$ oc edit MachineSet abc612-msrtw-worker-us-east-1c -n openshift-machine-api
Example
MachineSetobjectapiVersion: machine.openshift.io/v1beta1kind: MachineSet....spec:...template:metadata:...spec:metadata:labels:region: easttype: user-node....
Add labels directly to a node:
Edit the
Nodeobject for the node:$ oc label nodes <name> <key>=<value>
For example, to label a node:
$ oc label nodes ip-10-0-142-25.ec2.internal type=user-node region=east
Verify that the labels are added to the node:
$ oc get nodes -l type=user-node,region=east
Example output
NAME STATUS ROLES AGE VERSIONip-10-0-142-25.ec2.internal Ready worker 17m v1.22.1
Add the matching node selector to a pod:
To add a node selector to existing and future pods, add a node selector to the controlling object for the pods:
Example
ReplicaSetobject with labelskind: ReplicaSet....spec:....template:metadata:creationTimestamp: nulllabels:ingresscontroller.operator.openshift.io/deployment-ingresscontroller: defaultpod-template-hash: 66d5cf9464spec:nodeSelector:kubernetes.io/os: linuxnode-role.kubernetes.io/worker: ''type: user-node (1)
1 Add the node selector. To add a node selector to a specific, new pod, add the selector to the
Podobject directly:Example
Podobject with a node selectorapiVersion: v1kind: Pod....spec:nodeSelector:region: easttype: user-node
You cannot add a node selector directly to an existing scheduled pod.
Creating default cluster-wide node selectors
You can use default cluster-wide node selectors on pods together with labels on nodes to constrain all pods created in a cluster to specific nodes.
With cluster-wide node selectors, when you create a pod in that cluster, OKD adds the default node selectors to the pod and schedules the pod on nodes with matching labels.
You configure cluster-wide node selectors by editing the Scheduler Operator custom resource (CR). You add labels to a node, a machine set, or a machine config. Adding the label to the machine set ensures that if the node or machine goes down, new nodes have the label. Labels added to a node or machine config do not persist if the node or machine goes down.
You can add additional key/value pairs to a pod. But you cannot add a different value for a default key. |
Procedure
To add a default cluster-wide node selector:
Edit the Scheduler Operator CR to add the default cluster-wide node selectors:
$ oc edit scheduler cluster
Example Scheduler Operator CR with a node selector
apiVersion: config.openshift.io/v1kind: Schedulermetadata:name: cluster...spec:defaultNodeSelector: type=user-node,region=east (1)mastersSchedulable: falsepolicy:name: ""
1 Add a node selector with the appropriate <key>:<value>pairs.After making this change, wait for the pods in the
openshift-kube-apiserverproject to redeploy. This can take several minutes. The default cluster-wide node selector does not take effect until the pods redeploy.Add labels to a node by using a machine set or editing the node directly:
Use a machine set to add labels to nodes managed by the machine set when a node is created:
Run the following command to add labels to a
MachineSetobject:$ oc patch MachineSet <name> --type='json' -p='[{"op":"add","path":"/spec/template/spec/metadata/labels", "value":{"<key>"="<value>","<key>"="<value>"}}]' -n openshift-machine-api (1)
1 Add a <key>/<value>pair for each label.For example:
$ oc patch MachineSet ci-ln-l8nry52-f76d1-hl7m7-worker-c --type='json' -p='[{"op":"add","path":"/spec/template/spec/metadata/labels", "value":{"type":"user-node","region":"east"}}]' -n openshift-machine-api
Verify that the labels are added to the
MachineSetobject by using theoc editcommand:For example:
$ oc edit MachineSet ci-ln-l8nry52-f76d1-hl7m7-worker-c -n openshift-machine-api
Example output
apiVersion: machine.openshift.io/v1beta1kind: MachineSetmetadata:...spec:...template:metadata:...spec:metadata:labels:region: easttype: user-node
Redeploy the nodes associated with that machine set by scaling down to
0and scaling up the nodes:For example:
$ oc scale --replicas=0 MachineSet ci-ln-l8nry52-f76d1-hl7m7-worker-c -n openshift-machine-api
$ oc scale --replicas=1 MachineSet ci-ln-l8nry52-f76d1-hl7m7-worker-c -n openshift-machine-api
When the nodes are ready and available, verify that the label is added to the nodes by using the
oc getcommand:$ oc get nodes -l <key>=<value>
For example:
$ oc get nodes -l type=user-node
Example output
NAME STATUS ROLES AGE VERSIONci-ln-l8nry52-f76d1-hl7m7-worker-c-vmqzp Ready worker 61s v1.22.1
Add labels directly to a node:
Edit the
Nodeobject for the node:$ oc label nodes <name> <key>=<value>
For example, to label a node:
$ oc label nodes ci-ln-l8nry52-f76d1-hl7m7-worker-b-tgq49 type=user-node region=east
Verify that the labels are added to the node using the
oc getcommand:$ oc get nodes -l <key>=<value>,<key>=<value>
For example:
$ oc get nodes -l type=user-node,region=east
Example output
NAME STATUS ROLES AGE VERSIONci-ln-l8nry52-f76d1-hl7m7-worker-b-tgq49 Ready worker 17m v1.22.1
Creating project-wide node selectors
You can use node selectors in a project together with labels on nodes to constrain all pods created in that project to the labeled nodes.
When you create a pod in this project, OKD adds the node selectors to the pods in the project and schedules the pods on a node with matching labels in the project. If there is a cluster-wide default node selector, a project node selector takes preference.
You add node selectors to a project by editing the Namespace object to add the openshift.io/node-selector parameter. You add labels to a node, a machine set, or a machine config. Adding the label to the machine set ensures that if the node or machine goes down, new nodes have the label. Labels added to a node or machine config do not persist if the node or machine goes down.
A pod is not scheduled if the Pod object contains a node selector, but no project has a matching node selector. When you create a pod from that spec, you receive an error similar to the following message:
Example error message
Error from server (Forbidden): error when creating "pod.yaml": pods "pod-4" is forbidden: pod node label selector conflicts with its project node label selector
You can add additional key/value pairs to a pod. But you cannot add a different value for a project key. |
Procedure
To add a default project node selector:
Create a project or edit an existing project to add the
openshift.io/node-selectorparameter:$ oc edit project <name>
Example output
apiVersion: project.openshift.io/v1kind: Projectmetadata:annotations:openshift.io/node-selector: "type=user-node,region=east" (1)openshift.io/description: ""openshift.io/display-name: ""openshift.io/requester: kube:adminopenshift.io/sa.scc.mcs: s0:c30,c5openshift.io/sa.scc.supplemental-groups: 1000880000/10000openshift.io/sa.scc.uid-range: 1000880000/10000creationTimestamp: "2021-05-10T12:35:04Z"labels:kubernetes.io/metadata.name: demoname: demoresourceVersion: "145537"uid: 3f8786e3-1fcb-42e3-a0e3-e2ac54d15001spec:finalizers:- kubernetes
1 Add the openshift.io/node-selectorwith the appropriate<key>:<value>pairs.Add labels to a node by using a machine set or editing the node directly:
Use a
MachineSetobject to add labels to nodes managed by the machine set when a node is created:Run the following command to add labels to a
MachineSetobject:$ oc patch MachineSet <name> --type='json' -p='[{"op":"add","path":"/spec/template/spec/metadata/labels", "value":{"<key>"="<value>","<key>"="<value>"}}]' -n openshift-machine-api
For example:
$ oc patch MachineSet ci-ln-l8nry52-f76d1-hl7m7-worker-c --type='json' -p='[{"op":"add","path":"/spec/template/spec/metadata/labels", "value":{"type":"user-node","region":"east"}}]' -n openshift-machine-api
Verify that the labels are added to the
MachineSetobject by using theoc editcommand:For example:
$ oc edit MachineSet ci-ln-l8nry52-f76d1-hl7m7-worker-c -n openshift-machine-api
Example output
apiVersion: machine.openshift.io/v1beta1kind: MachineSetmetadata:...spec:...template:metadata:...spec:metadata:labels:region: easttype: user-node
Redeploy the nodes associated with that machine set:
For example:
$ oc scale --replicas=0 MachineSet ci-ln-l8nry52-f76d1-hl7m7-worker-c -n openshift-machine-api
$ oc scale --replicas=1 MachineSet ci-ln-l8nry52-f76d1-hl7m7-worker-c -n openshift-machine-api
When the nodes are ready and available, verify that the label is added to the nodes by using the
oc getcommand:$ oc get nodes -l <key>=<value>
For example:
$ oc get nodes -l type=user-node,region=east
Example output
NAME STATUS ROLES AGE VERSIONci-ln-l8nry52-f76d1-hl7m7-worker-c-vmqzp Ready worker 61s v1.22.1
Add labels directly to a node:
Edit the
Nodeobject to add labels:$ oc label <resource> <name> <key>=<value>
For example, to label a node:
$ oc label nodes ci-ln-l8nry52-f76d1-hl7m7-worker-c-tgq49 type=user-node region=east
Verify that the labels are added to the
Nodeobject using theoc getcommand:$ oc get nodes -l <key>=<value>
For example:
$ oc get nodes -l type=user-node,region=east
Example output
NAME STATUS ROLES AGE VERSIONci-ln-l8nry52-f76d1-hl7m7-worker-b-tgq49 Ready worker 17m v1.22.1
Additional resources
