All Products
Search

This Product

    Alibaba Cloud Service Mesh:Schedule the pods of an ASM gateway to a specified node

    Document Center

    Alibaba Cloud Service Mesh:Schedule the pods of an ASM gateway to a specified node

    Last Updated:Jun 13, 2023

    High-performance and high-availability Service Mesh (ASM) gateways ensure business continuity and improve user experience. This topic describes how to configure an ASM gateway and schedule the pods of the gateway to a specified node. This improves the high availability of the ASM gateway and enhances the isolation between gateway pods and application pods.

    Prerequisites

    Terms

    Term

    Description

    Taint

    A taint allows a node to repel a set of pods.

    Toleration

    Tolerations are applied to pods and allow the pods to be scheduled to nodes with matching taints.

    Note

    Taints and tolerations work together to prevent the system from scheduling pods to inappropriate nodes. One or more taints can be applied to a node.

    • If a pod does not tolerate a specific taint, a node with the matching taint does not accept the pod. Specifically, the pod cannot be scheduled to a node with the matching taint.

    • If a pod tolerates a specific taint, the pod can but is not required to be scheduled to a node with the matching taint.

    Node affinity

    Node affinity attracts pods to a set of nodes. Node affinity rules can be required or preferred.

    Step 1: Add a label to the desired node

    1. Run the following command to obtain the names of the nodes in the specific cluster: 

      kubectl get nodes

    2. Run the following command to add a label to the desired node: 

      # Command format 
kubectl label nodes <node-name> <label-key>=<label-value>

# Sample command 
kubectl label nodes node1 mykey4pod=asmgateway

    Step 2: Add a taint to the node

    Run the following command to add a taint to the node: 

    kubectl taint nodes node1 mykey=myvalue:NoSchedule

    This command adds a taint to node1. The key is mykey, the value is myvalue, and the effect is NoSchedule. This way, only pods that tolerate the taint can be scheduled to node1.

    Step 3: Set node affinity and tolerations for the ASM gateway

    Configure the nodeAffinity-related parameters of the ASM gateway so that pods of the ASM gateway are scheduled to the corresponding nodes. Configure the tolerations parameters to match the taint created in Step 2 so that pods of the ASM gateway can be scheduled to node1.

    1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
    2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Ingress Gateway.

    3. On the Ingress Gateway page, find the gateway that you want to set and click YAML on the right.

    4. In the Edit dialog box, add the following content to the spec field, and click OK. 

        affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: mykey4pod
            operator: In
            values:
            - asmgateway
  tolerations:
  - key: "mykey"
    operator: "Equal"
    value: "myvalue"
    effect: "NoSchedule"

    5. Check whether the node of the gateway pods meets expectations.

      1. Log on to the ACK console and click Clusters in the left-side navigation pane.

      2. On the Clusters page, click the name of a cluster and choose Workloads > Pods in the left-side navigation pane.

      3. In the upper part of the Pods page, select istio-system from the Namespace drop-down list and check the node of the gateway pods.

        If the node of the gateway pods meets expectations, the desired node affinity and tolerations are set for the ASM gateway.