在 Kubernetes 集群中,将 Pod 调度到指定节点有多种实现方案,其中使用 Label 标签配合 NodeSelector 节点选择器是最直观且广泛应用的方法。操作前,需要先为节点添加标签,这相当于为服务器设置一个“身份标识”,调度器会根据该标识精准分配 Pod 到目标节点。
执行以下命令即可为节点添加标签:
$ kubectl label node master nodename=master该命令为 master 节点赋予一个 nodename=master 的标签。其他节点可参照此方式,按照自定义命名规范打上类似 nodename=worker1、nodename=worker2 等标签,后续在 Pod 配置中直接引用即可实现精准调度。
YAML 配置文件示例
节点标签设置完成后,即可编写 YAML 配置文件。以下提供一套完整的资源定义,包含 RBAC 权限、通过 DaemonSet 部署 Traefik 作为 Ingress Controller、Service 端口暴露、Deployment 部署 Jenkins 并指定调度至 master 节点,以及 Ingress 路由规则。用户可直接复制使用,仅需根据实际环境调整 host 域名和访问路径即可。
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
hostNetwork: true
containers:
- image: traefik
name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
hostPort: 80
- name: admin
containerPort: 8080
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
args:
- --api
- --kubernetes
- --logLevel=INFO
---
apiVersion: v1
kind: Service
metadata:
name: traefik-web-ui
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- name: web
port: 80
targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins-deployment
namespace: kube-system
labels:
app: jenkins
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
terminationGracePeriodSeconds: 60
containers:
- name: jenkins
image: jenkins/jenkins:lts
imagePullPolicy: IfNotPresent
env:
- name: JENKINS_OPTS
value: "--prefix=/jenkins"
ports:
- name: web
containerPort: 8080
protocol: TCP
- name: agent
containerPort: 50000
protocol: TCP
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
volumes:
- name: jenkins-home
hostPath:
path: /root/jenkins-home
nodeSelector:
nodename: master
---
apiVersion: v1
kind: Service
metadata:
name: jenkins-service
namespace: kube-system
labels:
app: jenkins
spec:
ports:
- port: 8888
targetPort: 8080
name: web
- port: 50000
targetPort: 50000
name: agent
selector:
app: jenkins
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
traefik.frontend.rule.type: PathPrefixStrip
spec:
rules:
- host: c4.k8s.com
https:
paths:
- path: /
backend:
serviceName: traefik-web-ui
servicePort: web
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: jenkins-ingress
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/app-root: /jenkins
traefik.ingress.kubernetes.io/rule-type: PathPrefix
traefik.frontend.passHostHeader: "true"
spec:
rules:
- host: c4.k8s.com
https:
paths:
- path: /jenkins
backend:
serviceName: jenkins-service
servicePort: web
该整套配置的核心逻辑为:首先利用 DaemonSet 在每个节点上运行一个 Traefik 实例(采用 hostNetwork: true 模式直接占用宿主机端口),随后通过 Deployment 部署 Jenkins 服务,并在 Pod 的 spec 中设置 nodeSelector: nodename: master,确保 Jenkins 仅被调度到含有 nodename=master 标签的节点。最后,通过两个 Ingress 资源分别暴露 Traefik 管理界面与 Jenkins 服务,统一使用域名 c4.k8s.com 进行访问。
需要注意:hostNetwork: true 表示容器将直接复用宿主机网络栈,因此需确保宿主机端口不与其它服务冲突。此外,Jenkins 的数据卷使用 hostPath 类型,在生产环境中建议替换为 PV/PVC 以保障数据持久化与可迁移性。本示例仅作演示用途,旨在帮助快速验证功能。
