Pod的三种探针
种类 | 说明 |
startupProbe | Kubernetes1. 16 新加的探测方式, 用于判断容器内的应用程序是否已经启动。如果配置了 startupProbe,就会先禁用其他探测,直到它成功为止。如果探测失败,Kubelet 会杀死容器, 之后根据重启策略进行处理, 如果探测成功, 或没有配置 startupProbe, 则状态为成功,之后就不再探测。程序启动探测,注意!只有启动pod的时候才会检测,如果pod运行中出了问题,除非重启,否则检测不出来 |
livenessProbe | 用于探测容器是否在运行,如果探测失败,kubelet 会“杀死”容器并根据重启策略 进行相应的处理。如果未指定该探针,将默认为 Success |
readinessProbe | 一般用于探测容器内的程序是否健康, 即判断容器是否为就绪(Ready) 状态。如果是, 则可以处理请求, 反之 Endpoints Controller 将从所有的 Service的 Endpoints 中删除此容器所在 Pod 的 IP 地址。如果未指定,将默认为Success |
startupProbe 活性探针(启动探针)
用于判断容器内的应用程序是否已经启动,如果设置了这个探针策略他就会先禁用其他探针,就是禁用后面两个探针,只有等startupProbe探针完成以后下面的探针才会开启,如果startup Probe这个探针 失败了 kebelet 会杀死容器,然后根据重启策略进行重启,如果探测成功或者没有设置startup Probe 就为SuccesslivenessProbe 存活性探针
检测容器是否真正存活,如果探测失败kubelet会直接杀死容器,并且根据重启策略进行重启,如果未指定该探针,将默认为 SuccessreadinessProbe 就绪性检测探针
检测程序运行是否健康,或者健康状态检测,判断容器是否为就绪状态,如果是就返回处理请求如果检测失败(Endpoints节点控制器)他会把你对应的pod从节点控制器里面清除掉,如果未指定默认Success(成功)这三种探针每种探针都给我们提供了四种方式,从1.24版本开始新增了gRPC(1.24以前就三种)
实现方式 | 说明 |
ExecAction | 在容器里面执行一条命令,命令返回结果为0,则认为容器健康 |
TCPSocketAction | 通过TCP连接检查端口号进行状态检测,如果端口号开放,则认为容器健康 |
HTTPGetAction | 基于http协议,给个url地址,通过url地址,通过get方式,状态返回值200-400之间,则认为容器健康 |
1.24版本新加了gRPC
每一种探针都是这四种实现方式
探针属于containers下面的查询一下
kubectl explain pod.spec.containers
[root@k8s-master1 ~]# kubectl explain pod.spec.containers
KIND: Pod
VERSION: v1
RESOURCE: containers <[]Object>
DESCRIPTION:
List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
FIELDS:
livenessProbe <Object>
#存活性探针
Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
readinessProbe <Object>
#就绪性探针
Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
startupProbe <Object>
#活性探针(启动探针)
StartupProbe indicates that the Pod has successfully initialized. If
specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed. This can be used to provide different probe
parameters at the beginning of a Pod's lifecycle, when it might take a long
time to load data or warm a cache, than during steady-state operation. This
cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
先用readinessProbe(就绪性探针)
[root@k8s-master1 ~]# kubectl explain pod.spec.containers.readinessProbe
KIND: Pod
VERSION: v1
RESOURCE: readinessProbe <Object>
DESCRIPTION:
Periodic probe of container service readiness. Container will be removed
from service endpoints if the probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
FIELDS:
exec <Object>
Exec specifies the action to take.
failureThreshold <integer>
#失败阈值 在成功状态下 检查多少次失败,认为有问题 其实就是健康状态检测
#比如两次 failureThreshold: 2
Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
grpc <Object>
GRPC specifies an action involving a GRPC port. This is a beta field and
requires enabling GRPCContainerProbe feature gate.
httpGet <Object>
#先使用httpGet
HTTPGet specifies the http request to perform.
initialDelaySeconds <integer>
#再来个这个 这个的意思是 容器创建以后 多长时间进行就绪性检测
#默认是立即执行 如果写 initialDelaySeconds: 10 #那么就是10秒后进行就绪性检测
Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
periodSeconds <integer>
#检测周期多少时间 默认是10秒 10秒检测一次 10秒太长了!!
#改为5秒 这个值太大 看不出效果 太小过于频繁消耗资源
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
successThreshold <integer>
#在失败状态下,检测多少次成功 代表你特么真成功了 其实就是健康状态检测
Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness and startup.
Minimum value is 1.
tcpSocket <Object>
#tcpSocket 使用tcp端口号方式检测
TCPSocket specifies an action involving a TCP port.
terminationGracePeriodSeconds <integer>
Optional duration in seconds the pod needs to terminate gracefully upon
probe failure. The grace period is the duration in seconds after the
processes running in the pod are sent a termination signal and the time
when the processes are forcibly halted with a kill signal. Set this value
longer than the expected cleanup time for your process. If this value is
nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec. Value must be
non-negative integer. The value zero indicates stop immediately via the
kill signal (no opportunity to shut down). This is a beta field and
requires enabling ProbeTerminationGracePeriod feature gate. Minimum value
is 1. spec.terminationGracePeriodSeconds is used if unset.
timeoutSeconds <integer>
#超时时间 每次检测超过 多长时间 不返回 说明有问题
#他的单位也是秒 格式:timeoutSeconds: 2 #超过2秒不返回代表有问题
Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
先使用httpGet看看效果
[root@k8s-master1 ~]# kubectl explain pod.spec.containers.readinessProbe.httpGet
KIND: Pod
VERSION: v1
RESOURCE: httpGet <Object>
DESCRIPTION:
HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
FIELDS:
host <string>
#主机host 不写默认是127.0.0.1
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
httpHeaders <[]Object>
#报头 http头 可以不写
Custom headers to set in the request. HTTP allows repeated headers.
path <string>
#路径
Path to access on the HTTP server.
port <string> -required- #必选
#端口号 是多少写多少
Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
scheme <string>
#协议 http还是https的 这里要求大写 如HTTP HTTPS
Scheme to use for connecting to the host. Defaults to HTTP.
Possible enum values:
- `"HTTP"` means that the scheme used will be http://
- `"HTTPS"` means that the scheme used will be https://开始操作
vim nginx-pod.ymlapiVersion: v1
kind: Pod
metadata:
name: nginx-2
spec:
containers:
- name: nginx
image: harbor.guoguo.com/apps/ubuntu-nginx:1.24.0
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /index.html
scheme: HTTP
port: 80
initialDelaySeconds: 10
timeoutSeconds: 2
failureThreshold: 2
successThreshold: 1
periodSeconds: 5
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 10
timeoutSeconds: 2
failureThreshold: 2
successThreshold: 1
periodSeconds: 5
restartPolicy: NeverapiVersion: v1
kind: Pod
metadata:
name: nginx-2
spec:
containers:
- name: nginx
image: harbor.guoguo.com/apps/ubuntu-nginx:1.24.0
ports:
- containerPort: 80
readinessProbe: : #就绪性检测
httpGet: #使用httpGet 检测的是协议
path: /index.html #检测的路径 也就是可以访问的地址
scheme: HTTP #scheme 协议 这里要大写 HTTP
port: 80 #检测的端口号
initialDelaySeconds: 10 #启动后多少秒后进行检测 10秒
timeoutSeconds: 2 #检测时超过2秒不返回正确值 定义为错误
failureThershold: 2 #失败阈值 在成功状态下 检测两次为失败 定义为失败
successThreshold: 1 #成功阈值 在失败情况下 检测两次为正常 定义为正常
periodSeconds: 5 #检测周期 每五秒检测一次
livenessProbe: : #存活性探针
tcpSocket: #使用tcpSocket进行检测
port: 80 #端口号 80
initialDelaySeconds: 10 #启动后10秒进行检测
timeoutSeconds: 2 #检测超过2秒 不返回正常值 定义为失败
failureThershold: 2 #失败阈值 成功状态下 检测失败2次 定义为失败
successThreshold: 1 #成功阈值 失败状态下 检测成功2次 定义为成功
periodSeconds: 5 #检测时间间隔 每5秒进行一次检测
restartPolicy: Nerver #pod的重启策略 Nerver 不管咋样都不重启创建
[root@k8s-master1 pod]# kubectl apply -f nginx-pod2.yml
pod/nginx-2 created
#查看
[root@k8s-master1 pod]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-2 1/1 Running 0 97s我们现在对他进行修改
#进入到dashboard或者exec进入pod容器
[root@k8s-master1 pod]# kubectl exec -it nginx-2 /bin/bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.我们httpGet是对 path index.html 进行检测的 我们把index.html删掉 会怎么样
root@nginx-2:/# rm -rf /apps/nginx/html/index.html
#我当前时在nginx-2 pod里面 进行的操作 我这个路径是我打的镜像的路径 自己按照自己nginx路径去删除#查看一下
[root@k8s-master1 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-2 0/1 Running 0 7m46s
#少了一个
[root@k8s-master1 ~]# kubectl describe pod nginx-2
#用describe查看一下
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 8m47s default-scheduler Successfully assigned default/nginx-2 to k8s-node2.guoguo.com
Normal Pulled 8m46s kubelet Container image "harbor.guoguo.com/apps/ubuntu-nginx:1.24.0" already present on machine
Normal Created 8m46s kubelet Created container nginx
Normal Started 8m46s kubelet Started container nginx
Warning Unhealthy 47s (x23 over 2m27s) kubelet Readiness probe failed: HTTP probe failed with statuscode: 404
#最后一行显示 readiness 就绪性检测 HTTP 404了 找不到了这里就绪性检测失败了 并不会重启,这个容器现在通过ip地址是访问不了了
[root@k8s-master1 ~]# kubectl get pods -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-2 0/1 Running 0 10m 192.28.252.211 k8s-node2.guoguo.com <none> <none>
[root@k8s-master1 ~]# curl 192.28.252.211
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.24.0</center>
</body>
</html>我们再给他加进来
[root@k8s-master1 ~]# kubectl exec -it nginx-2 /bin/bash
#进入到pod容器
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@nginx-2:/# echo "abc.test" > /apps/nginx/html/index.html查看一下
[root@k8s-master1 ~]# kubectl get pods -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-2 1/1 Running 0 59m 192.28.252.211 k8s-node2.guoguo.com <none> <none>访问一下
[root@k8s-master1 ~]# curl 192.28.252.211
abc.test我们再修改一下我们的yml文件
vim nginx-pod3.ymlapiVersion: v1
kind: Pod
metadata:
name: nginx-3
spec:
containers:
- name: nginx
image: harbor.guoguo.com/apps/ubuntu-nginx:1.24.0
ports:
- containerPort: 80
readinessProbe:
tcpSocket: #将就绪性检测的 方式改为tcp 端口号检测
port: 80
initialDelaySeconds: 10
timeoutSeconds: 2
failureThreshold: 2
successThreshold: 1
periodSeconds: 5
livenessProbe:
httpGet: #将存活性检测 改为http方式检测 HTTP协议检测
port: 80
path: /index.html
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 2
failureThreshold: 2
successThreshold: 1
periodSeconds: 5
restartPolicy: Never[root@k8s-master1 pod]# kubectl apply -f nginx-pod3.yml
#执行它这次的意义是为了看出就绪性检测和存活性检测的区别
进入pod容器里面
[root@k8s-master1 pod]# kubectl exec -it nginx-3 /bin/bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@nginx-3:/# rm -rf /apps/nginx/html/index.html查看一下
[root@k8s-master1 pod]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-3 0/1 Completed 0 3m2s
#停止了
[root@k8s-master1 pod]# kubectl describe pods nginx-3
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m23s default-scheduler Successfully assigned default/nginx-3 to k8s-node3.guoguo.com
Normal Pulled 3m23s kubelet Container image "harbor.guoguo.com/apps/ubuntu-nginx:1.24.0" already present on machine
Normal Created 3m23s kubelet Created container nginx
Normal Started 3m23s kubelet Started container nginx
Warning Unhealthy 53s (x2 over 58s) kubelet Liveness probe failed: HTTP probe failed with statuscode: 404
Normal Killing 53s kubelet Stopping container nginx
#就绪性检测不惯着 之间给你kill 容器停止以后他会调用你的重启策略,我们设置了pod的重启策略为Never restartPolicy: Never 不重启
它启动不来,如果我们再次修改一下 删掉这个pod 然后将重启策略改为Always 看下会怎么样
[root@k8s-master1 pod]# kubectl delete -f nginx-pod3.yml
pod "nginx-3" deleted
[root@k8s-master1 pod]# cat nginx-pod3.yml
apiVersion: v1
kind: Pod
metadata:
name: nginx-3
spec:
containers:
- name: nginx
image: harbor.guoguo.com/apps/ubuntu-nginx:1.24.0
ports:
- containerPort: 80
readinessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 10
timeoutSeconds: 2
failureThreshold: 2
successThreshold: 1
periodSeconds: 5
livenessProbe:
httpGet:
path: /index.html
port: 80
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 2
failureThreshold: 2
successThreshold: 1
periodSeconds: 5
restartPolicy: Always #修改为Always再从新创建
[root@k8s-master1 pod]# kubectl apply -f nginx-pod3.yml
pod/nginx-3 created
[root@k8s-master1 pod]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-2 1/1 Running 0 76m
nginx-3 1/1 Running 0 36s再进去删掉
[root@k8s-master1 pod]# kubectl exec -it nginx-3 /bin/bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@nginx-3:/# rm -rf /apps/nginx/
root@nginx-3:/# rm -rf /apps/nginx/html/index.html查看状态
[root@k8s-master1 pod]# kubectl describe pods nginx-3
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m2s default-scheduler Successfully assigned default/nginx-3 to k8s-node3.guoguo.com
Normal Pulled 46s (x2 over 2m1s) kubelet Container image "harbor.guoguo.com/apps/ubuntu-nginx:1.24.0" already present on machine
Normal Created 46s (x2 over 2m1s) kubelet Created container nginx
Normal Started 46s (x2 over 2m1s) kubelet Started container nginx
Warning Unhealthy 46s (x2 over 51s) kubelet Liveness probe failed: HTTP probe failed with statuscode: 404
#失败了 404在查看
[root@k8s-master1 pod]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-2 1/1 Running 0 78m
nginx-3 1/1 Running 1 (9s ago) 2m50s
#重启次数为1, 9秒前就绪性检测如果检测失败会killpod,然后根据pod重启策略进行下一步动作,如果restartPolicy为Always 那么就会一直重启
如果restartPolicy 为Never 那么就不会重启了 如果restartPolicy OnFailure 那么如果容器退出不是以0状态退出,非0状态退出容器,他会自动重启,如果不是非0的就不重启
以上是存活性检测和就绪性检测的区别
startupProbe 活性探针(启动探针)启动状态检测
用于判断容器内的应用程序是否已经启动,如果设置了这个探针策略他就会先禁用其他探针,
就是禁用后面两个探针,只有等startupProbe探针完成以后下面的探针才会开启,
如果startup Probe这个探针 失败了 kebelet 会杀死容器,然后根据重启策略进行重启,
如果探测成功或者没有设置startup Probe 就为SuccesslivenessProbe 存活性探针
检测容器是否真正存活,如果探测失败kubelet会直接杀死容器,
并且根据重启策略进行重启,如果未指定该探针,将默认为 SuccessreadinessProbe 就绪性检测探针
检测程序运行是否健康,或者健康状态检测,判断容器是否为就绪状态,
如果是就返回处理请求如果检测失败(Endpoints节点控制器)他会把你对应的pod从节点控制器里面清除掉,
如果未指定默认Success(成功)这三种探针每种探针都给我们提供了四种方式,从1.24版本开始新增了gRPC(1.24以前就三种)
实现方式 | 说明 |
ExecAction | 在容器里面执行一条命令,命令返回结果为0,则认为容器健康 |
TCPSocketAction | 通过TCP连接检查端口号进行状态检测,如果端口号开放,则认为容器健康 |
HTTPGetAction | 基于http协议,给个url地址,通过url地址,通过get方式,状态返回值200-400之间,则认为容器健康 |
还有个启动状态检测
再对ym文件做一些修改
再加个启动状态检测startupProbe,他们的写法几乎是一样的
[root@k8s-master1 pod]# cat nginx-pod4.yml
apiVersion: v1
kind: Pod
metadata:
name: nginx-4
spec:
containers:
- name: nginx
image: harbor.guoguo.com/apps/ubuntu-nginx:1.24.0
ports:
- containerPort: 80
startupProbe: #加了个启动状态检测 用的tcp 检测端口号的方式
tcpSocket:
port: 80
initialDelaySeconds: 10
timeoutSeconds: 2
failureThreshold: 2
successThreshold: 1
periodSeconds: 5
readinessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 10
timeoutSeconds: 2
failureThreshold: 2
successThreshold: 1
periodSeconds: 5
livenessProbe:
httpGet:
path: /index.html
port: 80
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 2
failureThreshold: 2
successThreshold: 1
periodSeconds: 5
restartPolicy: Always启动
[root@k8s-master1 pod]# kubectl apply -f nginx-pod4.yml
pod/nginx-4 created
[root@k8s-master1 pod]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-4 1/1 Running 0 59s我们试下如果startupProbe执行不成功会有什么状态
因为我们是通过端口号检测的,我们把端口号改为81,试试
[root@k8s-master1 pod]# kubectl delete -f nginx-pod4.yml
pod "nginx-4" deleted
[root@k8s-master1 pod]# cat nginx-pod4.yml
apiVersion: v1
kind: Pod
metadata:
name: nginx-4
spec:
containers:
- name: nginx
image: harbor.guoguo.com/apps/ubuntu-nginx:1.24.0
ports:
- containerPort: 80
startupProbe:
tcpSocket:
port: 81 #将startupProbe检查的端口号改为81
initialDelaySeconds: 10
timeoutSeconds: 2
failureThreshold: 2
successThreshold: 1
periodSeconds: 5
readinessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 10
timeoutSeconds: 2
failureThreshold: 2
successThreshold: 1
periodSeconds: 5
livenessProbe:
httpGet:
path: /index.html
port: 80
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 2
failureThreshold: 2
successThreshold: 1
periodSeconds: 5
restartPolicy: Always启动查看
[root@k8s-master1 pod]# kubectl apply -f nginx-pod4.yml
pod/nginx-4 created
[root@k8s-master1 pod]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-4 0/1 Running 0 4s[root@k8s-master1 pod]# kubectl describe pod nginx-4
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 45s default-scheduler Successfully assigned default/nginx-4 to k8s-node3.guoguo.com
Normal Pulled 10s (x3 over 44s) kubelet Container image "harbor.guoguo.com/apps/ubuntu-nginx:1.24.0" already present on machine
Normal Created 10s (x3 over 44s) kubelet Created container nginx
Normal Started 10s (x3 over 44s) kubelet Started container nginx
Warning Unhealthy 10s (x4 over 30s) kubelet Startup probe failed: dial tcp 192.17.65.208:81: connect: connection refused
#检测不到81这个端口号
Normal Killing 10s (x2 over 25s) kubelet Container nginx failed startup probe, will be restarted
#之间给你kill掉了[root@k8s-master1 pod]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-4 0/1 Running 5 (2s ago) 117sstartupProbe:
注意!只有启动pod的时候才会检测,如果pod运行中出了问题,除非重启,否则检测不出来
