pod 的高阶
容器探测详解
所谓容器探测就是我们在里面设置了一些探针,或者传感器来获取相应的数据用来判断容器存活与否或者就绪与否的标准;
目前k8s支持的存活性探测方式和就绪性探测方式都是一样的,探针类型有三种:
ExecAction:
TCPSocketAction:
HTTPGetAction:
如果探针是针对容器存活性检测的,就是容器存活性探针
如果探针是针对容器就绪状态检测的,就是融容器就绪性探针
kubectl explain pods.spec.containers
可以看到如下:
livenessProbe(容器存活性探针):
readinessProbe (容器就绪性探针)
lifecycle(容器生命周期探针):主要是用来定义容器启动后和结束前的钩子的
#查看livenessprobe(存活性)
[root@master-1 ~]# kubectl explain pods.spec.containers.readinessProbe
KIND: Pod
VERSION: v1
RESOURCE: readinessProbe <Object>
DESCRIPTION:
Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
FIELDS:
exec <Object> 探针
One and only one of the following should be specified. Exec specifies the
action to take.
failureThreshold <integer> 试探几次
Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
httpGet <Object> 探针
HTTPGet specifies the http request to perform.
initialDelaySeconds <integer> 容器初始化等待时间
Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
periodSeconds <integer> 探测周期间隔时常
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
successThreshold <integer>
Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
tcpSocket <Object> 探针
TCPSocket specifies an action involving a TCP port. TCP hooks not yet
supported
timeoutSeconds <integer> 每一次探测的超时时间
Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
readinessprobe(就绪性)用法:
[root@master-1 ~]# kubectl explain pods.spec.containers.readinessProbe
KIND: Pod
VERSION: v1
RESOURCE: readinessProbe <Object>
DESCRIPTION:
Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
FIELDS:
exec <Object>
One and only one of the following should be specified. Exec specifies the
action to take.
failureThreshold <integer>
Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
httpGet <Object>
HTTPGet specifies the http request to perform.
initialDelaySeconds <integer>
Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
periodSeconds <integer>
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
successThreshold <integer>
Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
tcpSocket <Object>
TCPSocket specifies an action involving a TCP port. TCP hooks not yet
supported
timeoutSeconds <integer>
Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
您在 /var/spool/mail/root 中有新邮件
编写命令行存活性探测的pod 模板
vim livenessProbe-exec.yaml
apiVersion: v1 #api版本
kind: Pod #资源类型
metadata: #元数据
annotations: #注解
ann: liveness #注解内容
namespace: default #名称空间
name: liveness-chenxi-dev #pod名字
labels: #标签
dev: liveness #标签值
spec: #期望状态
containers: #pod 的运行状态
- name: liveness-chenxi-test #pod里容器名字的定义
image: busybox # 容器镜像
imagePullPolicy: IfNotPresent #镜像拉取策略
command: ["/bin/sh","-c","touch /top/1.txt;sleep 30;rm -f /tmp/1.txt;sleep 1200"] #容器启动后运行的命令
livenessProbe: #容器存活性探针
exec: #探针类型为命令探针
command: ['test','-e','/tmp/1.txt'] # 探针的命令
initialDelaySeconds: 10 #容器初始化时间,等待开始探测的时间
periodSeconds: 3 # 探测的间隔时间
successThreshold: 1 #必须为1
failureThreshold: 3 # 探测失败连续最大次数
运行pod
[root@master-1 livenessProbes]# kubectl apply -f livenessProbe-exec.yaml
pod/liveness-chenxi-dev created
[root@master-1 livenessProbes]# kubectl get pod
NAME READY STATUS RESTARTS AGE
chenxi-dev 1/1 Running 0 7h7m
demo-pod 2/2 Running 55 2d7h
liveness-chenxi-dev 1/1 Running 0 14s
[root@master-1 livenessProbes]# kubectl get pod liveness-chenxi-dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
liveness-chenxi-dev 1/1 Running 0 31s 172.16.84.135 node-1 <none> <none>
[root@master-1 livenessProbes]# kubectl describe pod liveness-chenxi-dev
Name: liveness-chenxi-dev
Namespace: default
Priority: 0
Node: node-1/192.168.10.32
Start Time: Sun, 14 Aug 2022 16:58:51 +0800
Labels: dev=liveness
Annotations: ann: liveness
cni.projectcalico.org/podIP: 172.16.84.135/32
cni.projectcalico.org/podIPs: 172.16.84.135/32
Status: Running
IP: 172.16.84.135
IPs:
IP: 172.16.84.135
Containers:
liveness-chenxi-test:
Container ID: docker://3487f48eb342173bb89af4ed31ad3f4fc360d3e1fbbe0b0e620db44edd076ee3
Image: busybox
Image ID: docker-pullable://busybox@sha256:ef320ff10026a50cf5f0213d35537ce0041ac1d96e9b7800bafd8bc9eff6c693
Port: <none>
Host Port: <none>
Command:
/bin/sh
-c
touch /top/1.txt;sleep 30;rm -f /tmp/1.txt;sleep 1200
State: Running
Started: Sun, 14 Aug 2022 16:59:41 +0800
Last State: Terminated
Reason: Error
Exit Code: 137
Started: Sun, 14 Aug 2022 16:58:52 +0800
Finished: Sun, 14 Aug 2022 16:59:41 +0800
Ready: True
Restart Count: 1
Liveness: exec [test -e /tmp/1.txt] delay=10s timeout=1s period=3s #success=1 #failure=3
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-xmj6q (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-xmj6q:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-xmj6q
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 91s default-scheduler Successfully assigned default/liveness-chenxi-dev to node-1
Normal Pulled 41s (x2 over 90s) kubelet Container image "busybox" already present on machine
Normal Created 41s (x2 over 90s) kubelet Created container liveness-chenxi-test
Normal Started 41s (x2 over 90s) kubelet Started container liveness-chenxi-test
Warning Unhealthy 23s (x6 over 77s) kubelet Liveness probe failed:
Normal Killing 23s (x2 over 71s) kubelet Container liveness-chenxi-test failed liveness probe, will be restarted
再次查看pod
[root@master-1 livenessProbes]# kubectl get pod NAME READY STATUS RESTARTS AGE chenxi-dev 1/1 Running 0 7h15m demo-pod 2/2 Running 55 2d7h liveness-chenxi-dev 0/1 CrashLoopBackOff 6(重启次数) 8m10s
编写http行存活性探测的pod 模板
# cat livenessProbe-http.yaml
apiVersion: v1 #api版本
kind: Pod #资源类型
metadata: #元数据
annotations: #注解
zhujie: http #探针
namespace: liveness #名称空间
name: liveness-chenxi-http #pod 名字
labels: #标签
dev: liveness
spec: 期望状态
containers: #容器的定义
- name: liveness-chenxi-http #容器名字
image: nginx #镜像
imagePullPolicy: IfNotPresent #镜像拉取策略
ports: #端口定义
- name: web #端口名字
containerPort: 80 #端口号
livenessProbe:
httpGet:
port: web #端口名字
path: index.html
initialDelaySeconds: 5 #初始化时间
periodSeconds: 3 # 探测周期
failureThreshold: 3 # 最大失败次数
运行此yaml 文件
[root@master-1 livenessProbes]# kubectl apply -f livenessProbe-http.yaml pod/liveness-chenxi-http created [root@master-1 livenessProbes]# kubectl get pod -n liveness NAME READY STATUS RESTARTS AGE liveness-chenxi-http 0/1 ContainerCreating 0 3s
查看 状态
[root@master-1 livenessProbes]# kubectl get pod -n liveness NAME READY STATUS RESTARTS AGE liveness-chenxi-http 1/1 Running 0 28s
进入容器删除index.html文件查看是否重启
[root@master-1 livenessProbes]# kubectl exec -n liveness liveness-chenxi-http -- rm -f /usr/share/nginx/html/index.html 删除容器里的网页文件 您在 /var/spool/mail/root 中有新邮件 [root@master-1 livenessProbes]# kubectl get pod -n liveness NAME READY STATUS RESTARTS AGE liveness-chenxi-http 1/1 Running 1 16m [root@master-1 livenessProbes]# kubectl get pod -n liveness NAME READY STATUS RESTARTS AGE liveness-chenxi-http 1/1 Running 1 16m [root@master-1 livenessProbes]# kubectl get pod -n liveness NAME READY STATUS RESTARTS AGE liveness-chenxi-http 1/1 Running 1 16m [root@master-1 livenessProbes]# kubectl get pod -n liveness NAME READY STATUS RESTARTS AGE liveness-chenxi-http 1/1 Running 1 16m [root@master-1 livenessProbes]# kubectl get pod -n liveness NAME READY STATUS RESTARTS AGE liveness-chenxi-http 1/1 Running 1 16m [root@master-1 livenessProbes]# kubectl get pod -n liveness NAME READY STATUS RESTARTS AGE liveness-chenxi-http 1/1 Running 1 16m [root@master-1 livenessProbes]# kubectl get pod -n liveness NAME READY STATUS RESTARTS AGE liveness-chenxi-http 1/1 Running 1 16m [root@master-1 livenessProbes]# kubectl get pod -n liveness NAME READY STATUS RESTARTS AGE liveness-chenxi-http 1/1 Running 2 16m
readnessProbe(容器就绪性探测)
service给pod提供一个入口地址,service和pod关联是通过标签选择器,我们后端只要创建一个pod,那么就会根据标签选择器被service关联到,但是新创建的pod里面的应用程序可能没有启动,我们在通过service访问的时候,可能会访问到刚创建的pod,但是访问时失败的,这个在生产环境是不被允许的,所以需要做容器做就绪性探测(readlinessProbe)和容器存活性探测(livenessProbe),尤其是readnessProbe
exec 探针
apiVersion: v1
kind: Pod
metadata:
annotations:
exec: 命令行探测就绪性
name: readiness-exec
namespace: readiness
labels:
readiness: exec
spec:
containers:
- name: readiness-exec
image: busybox
imagePullPolicy: IfNotPresent
command: ["/bin/sh","-c","touch /tmp/1.txt;sleep 35;rm -f /tmp/1.txt;sleep 1200"]
readinessProbe:
exec:
command: ['test','-e','/tmp/1.txt']
initialDelaySeconds: 5
periodSeconds: 3
failureThreshold: 2
运行
[root@master-1 livenessProbes]# kubectl apply -f readiness-exec.yaml pod/readiness-exec created [root@master-1 livenessProbes]# kubectl get -n readiness pod NAME READY STATUS RESTARTS AGE readiness-exec 1/1 Running 0 7s
http 探针
[root@master-1 livenessProbes]# cat readiness-http.yaml
apiVersion: v1
kind: Pod
metadata:
namespace: readiness
name: readiness-http
labels:
jiuxv: http #探针
spec:
containers:
- name: readiness-http-test
image: nginx
imagePullPolicy: IfNotPresent
ports:
- name: web
containerPort: 80
readinessProbe:
httpGet:
port: web
path: index.html
initialDelaySeconds: 5
periodSeconds: 3
failureThreshold: 2
运行
kubectl apply -f readiness-http.yaml [root@master-1 livenessProbes]# kubectl exec -n readiness readiness-http -- rm -f /usr/share/nginx/html/index.html 删除网页跟文件没有存活性探测不会重启 您在 /var/spool/mail/root 中有新邮件 [root@master-1 livenessProbes]# kubectl get -n readiness pod NAME READY STATUS RESTARTS AGE readiness-exec 0/1 Running 0 6m14s readiness-http 1/1 Running 0 11m [root@master-1 livenessProbes]# kubectl get -n readiness pod NAME READY STATUS RESTARTS AGE readiness-exec 0/1 Running 0 6m15s readiness-http 1/1 Running 0 11m [root@master-1 livenessProbes]# kubectl get -n readiness pod NAME READY STATUS RESTARTS AGE readiness-exec 0/1 Running 0 6m15s readiness-http 1/1 Running 0 11m [root@master-1 livenessProbes]# kubectl get -n readiness pod NAME READY STATUS RESTARTS AGE readiness-exec 0/1 Running 0 6m16s readiness-http 1/1 Running 0 11m [root@master-1 livenessProbes]# kubectl get -n readiness pod NAME READY STATUS RESTARTS AGE readiness-exec 0/1 Running 0 6m18s readiness-http 0/1 Running 0 11m
创建index文件
[root@master-1 livenessProbes]# kubectl exec -n readiness readiness-http -- touch /usr/share/nginx/html/index.html 您在 /var/spool/mail/root 中有新邮件
查看pod 状态
[root@master-1 livenessProbes]# kubectl get -n readiness pod NAME READY STATUS RESTARTS AGE readiness-exec 0/1 Running 0 13m readiness-http 0/1 Running 0 17m [root@master-1 livenessProbes]# kubectl get -n readiness pod NAME READY STATUS RESTARTS AGE readiness-exec 0/1 Running 0 13m readiness-http 0/1 Running 0 17m [root@master-1 livenessProbes]# kubectl get -n readiness pod NAME READY STATUS RESTARTS AGE readiness-exec 0/1 Running 0 13m readiness-http 1/1 Running 0 17m [root@master-1 livenessProbes]# kubectl get -n readiness pod NAME READY STATUS RESTARTS AGE readiness-exec 0/1 Running 0 13m readiness-http 1/1 Running 0 17m
容器的生命周期postStart、preStop帮助
#poststart是在容器启动之后被立即执行的钩子,如果操作失败,容器根据重启策略决定是否重启,
PreStop在整个生命周期中比较有用,实用场景也比较多。 比如:
1.关闭前等待某一个状态完成;
2.关闭前同步一些状态(数据)到其他的地方;
3.关闭前通知某一个系统或者更新一个状态;
kubectl explain pod.spec.containers.lifecycle
KIND: Pod
VERSION: v1
RESOURCE: lifecycle <Object>
DESCRIPTION:
Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
FIELDS:
postStart <Object>
PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
preStop <Object>
PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The reason for termination is passed to the
handler. The Pod's termination grace period countdown begins before the
PreStop hooked is executed. Regardless of the outcome of the handler, the
container will eventually terminate within the Pod's termination grace
period. Other management of the container blocks until the hook completes
or until the termination grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
poststart 的用法
[root@master-1 livenessProbes]# cat poststart-chenxi.yaml
apiVersion: v1
kind: Pod
metadata:
namespace: poststart
name: poststart-chenxi
labels:
dev: poststart
spec:
containers:
- name: poststart-dev-chenxi
image: nginx
imagePullPolicy: IfNotPresent
lifecycle:
postStart: #启动前钩子
exec:
command: ["/bin/sh","-c","echo 你好 >> /usr/share/nginx/html/index.html"]
ports:
- name: web
containerPort: 80
运行并查看状态
[root@master-1 livenessProbes]# kubectl apply -f poststart-chenxi.yaml pod/poststart-chenxi created [root@master-1 livenessProbes]# kubectl get pod -n poststart NAME READY STATUS RESTARTS AGE poststart-chenxi 1/1 Running 0 3s
查看文件内容
[root@master-1 livenessProbes]# kubectl exec -n poststart poststart-chenxi -i -t -- cat /usr/share/nginx/html/index.html 你好
PreStop 的用法
vim prestop-chenxi.yaml
apiVersion: v1
kind: Pod
metadata:
name: prestop-chenxi-dev
namespace: prestop
labels:
dev: prestop
spec:
containers:
- name: prestop-chenxi
image: nginx
imagePullPolicy: IfNotPresent
lifecycle:
preStop: #停止前钩子
exec:
command: ["/usr/sbin/nginx","-s","quit"] #优雅的关闭
ports:
- name: web
containerPort: 80
pod 设置两个容器
[root@master-1 livenessProbes]# cat prestop-chenxi.yaml
apiVersion: v1
kind: Pod
metadata:
name: prestop-chenxi-dev
namespace: prestop
labels:
dev: prestop
spec:
containers:
- name: prestop-chenxi
image: nginx
imagePullPolicy: IfNotPresent
lifecycle:
preStop: #停止前钩子
exec:
command: ["/usr/sbin/nginx","-s","quit"] #优雅的关闭
ports:
- name: web
containerPort: 80
- name: chenxi
image: tomcat
imagePullPolicy: IfNotPresent
ports:
- name: web-tomcat
containerPort: 80
草都可以从石头缝隙中长出来更可况你呢
浙公网安备 33010602011771号