2020-03-26

允许master节点参与部署pods:
kubectl taint nodes k8s-master node-role.kubernetes.io/master-

禁止master节点部署pods:
kubectl taint nodes k8s-master node-role.kubernetes.io/master=true:NoSchedule
注：这个执行后，原有的pods不会立即被驱逐出去。

默认情况下，master上是不会部署pod的，当pod被调度到master上时，会出现节点不允许部署的pod的问题“pods had taints that the pod didn't tolerate”. 这是因为k8s的taint和toleration机制造成的，按照上面的方式去掉节点的taint就可以了。
此外，还可以利用另外一种方式解决，即给pod加上“node-role.kubernetes.io/master-”这个toleration，具体可参考https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/。

查看node具有的taints:
kubectl describe node k8s-master

[root@k8s-master ~]# kubectl describe node k8s-master 
Name:               k8s-master
Roles:              master
Labels:             beta.kubernetes.io/arch=amd64
                    beta.kubernetes.io/os=linux
                    kubernetes.io/arch=amd64
                    kubernetes.io/hostname=k8s-master
                    kubernetes.io/os=linux
                    node-role.kubernetes.io/master=
Annotations:        kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
                    node.alpha.kubernetes.io/ttl: 0
                    projectcalico.org/IPv4Address: 192.168.174.138/24
                    projectcalico.org/IPv4IPIPTunnelAddr: 10.100.235.192
                    volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp:  Thu, 19 Mar 2020 15:12:59 +0800
Taints:             node-role.kubernetes.io/master=true:NoSchedule
Unschedulable:      false
......