如何使用 Terraform for Amazon EKS 设置节点污点
How to set node taints using Terraform for Amazon EKS
我正在使用 this Terraform provider. However, I can't find a way to apply node taints to managed node groups or worker groups. This issue and its resolution 构建 AWS EKS 集群,这似乎表明这是不可能的。有什么办法吗?
在该提供商的 Terraform 脚本中,您可以将以下内容添加到工作组:
(在main.tf)
worker_groups = [
{
name = "my_node_group"
instance_type = "t3.medium"
asg_desired_capacity = 1
asg_min_size = 1
additional_security_group_ids = [aws_security_group.all_worker_mgmt.id]
kubelet_extra_args = "--node-labels=my_node_label --register-with-taints=my_node_label:NoSchedule"
asg_max_size = 1
tags = []
},
]
重要的部分是设置 kubelet_extra_args 以将节点标签应用于节点,并使用该节点标签通过 --register-with-taints 设置污点。这些是 EKS 在启动时在每个工作节点上执行的命令 运行。 (注意,我在worker组中设置的所有其他参数都可以根据您的要求进行更改)
您可以使用 kubectl describe node <node_ip>.
检查节点上的污点
这就是我使用 aws_eks_node_group 资源和预先创建的 EKS 集群创建带有污点的节点组的方式。
resource "aws_eks_node_group" "test" {
cluster_name = var.cluster_name
node_group_name = "test"
node_role_arn = master.worker_iam_role_arn
subnet_ids = var.vpc.private_subnets_id
disk_size = 20
taint {
key = "dedicated"
value = "gpuGroup"
effect = "NO_SCHEDULE"
}
scaling_config {
desired_size = 1
max_size = 3
min_size = 1
}
labels = {
"some-labels" = "labels"
}
instance_types = ["t3.micro"]
remote_access {
ec2_ssh_key = ssh-key.key_name
}
}
参考:https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group#taint
现在eks module does support taints开箱即用,只需使用以下配置:
module "eks" {
source = "terraform-aws-modules/eks/aws"
...
node_groups = {
test_name = {
...
taints = [
{
key = "dedicated"
value = "statefulset"
effect = "NO_SCHEDULE"
}
]
}
}
}
请注意,您不必为此功能使用专用模块,因为 Hashicorp AWS 提供商支持开箱即用的污点 taint configuration block:
resource "aws_eks_node_group" "statefulset-ng" {
cluster_name = aws_eks_cluster.main.name
node_group_name = "statefulset-ng"
.
.
.
# Block 1
taint {
key = "statefulset-no-schedule"
value = "true"
effect = "NO_SCHEDULE"
}
# Block 2
taint {
key = "statefulset-no-execute"
value = "true"
effect = "NO_EXECUTE"
}
}
请注意,每个污点都需要在单独的配置块中进行配置。
我正在使用 this Terraform provider. However, I can't find a way to apply node taints to managed node groups or worker groups. This issue and its resolution 构建 AWS EKS 集群,这似乎表明这是不可能的。有什么办法吗?
在该提供商的 Terraform 脚本中,您可以将以下内容添加到工作组:
(在main.tf)
worker_groups = [
{
name = "my_node_group"
instance_type = "t3.medium"
asg_desired_capacity = 1
asg_min_size = 1
additional_security_group_ids = [aws_security_group.all_worker_mgmt.id]
kubelet_extra_args = "--node-labels=my_node_label --register-with-taints=my_node_label:NoSchedule"
asg_max_size = 1
tags = []
},
]
重要的部分是设置 kubelet_extra_args 以将节点标签应用于节点,并使用该节点标签通过 --register-with-taints 设置污点。这些是 EKS 在启动时在每个工作节点上执行的命令 运行。 (注意,我在worker组中设置的所有其他参数都可以根据您的要求进行更改)
您可以使用 kubectl describe node <node_ip>.
这就是我使用 aws_eks_node_group 资源和预先创建的 EKS 集群创建带有污点的节点组的方式。
resource "aws_eks_node_group" "test" {
cluster_name = var.cluster_name
node_group_name = "test"
node_role_arn = master.worker_iam_role_arn
subnet_ids = var.vpc.private_subnets_id
disk_size = 20
taint {
key = "dedicated"
value = "gpuGroup"
effect = "NO_SCHEDULE"
}
scaling_config {
desired_size = 1
max_size = 3
min_size = 1
}
labels = {
"some-labels" = "labels"
}
instance_types = ["t3.micro"]
remote_access {
ec2_ssh_key = ssh-key.key_name
}
}
参考:https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group#taint
现在eks module does support taints开箱即用,只需使用以下配置:
module "eks" {
source = "terraform-aws-modules/eks/aws"
...
node_groups = {
test_name = {
...
taints = [
{
key = "dedicated"
value = "statefulset"
effect = "NO_SCHEDULE"
}
]
}
}
}
请注意,您不必为此功能使用专用模块,因为 Hashicorp AWS 提供商支持开箱即用的污点 taint configuration block:
resource "aws_eks_node_group" "statefulset-ng" {
cluster_name = aws_eks_cluster.main.name
node_group_name = "statefulset-ng"
.
.
.
# Block 1
taint {
key = "statefulset-no-schedule"
value = "true"
effect = "NO_SCHEDULE"
}
# Block 2
taint {
key = "statefulset-no-execute"
value = "true"
effect = "NO_EXECUTE"
}
}
请注意,每个污点都需要在单独的配置块中进行配置。