一、容器探测器
1、所谓的容器探测无非就是我们在里面设置了一些探针,或者称之为传感器来获取相应的数据作为判定其存活与否或就绪与否的标准,目前k8s所支持的存活性和就绪性探测方式都是一样的。
2、k8s的探针类型有三种
1、ExecAction
2、TCPSocketAction:TCPSocket探针
3、HTTPGetAction : 如果对方是http服务那么直接向对方发http的get请求就可以了
3、相应字段在 pods.spec.containers 之上
a、livenessProbe <Object>
[root@k8s-master ~]# kubectl explain pods.spec.containers.livenessProbe KIND: Pod VERSION: v1 RESOURCE: livenessProbe <Object> DESCRIPTION: Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. FIELDS: exec <Object> #探针,三种探针中的一种 One and only one of the following should be specified. Exec specifies the action to take. failureThreshold <integer> #探测几次都失败才定义失败,默认值为3,最小值为1 Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. httpGet <Object> HTTPGet specifies the http request to perform. initialDelaySeconds <integer> #不可能主程序启动以后立即对其做探测,因为有可能还没有初始化完成,因此我们要稍微等一点时间再探测,因此其意思为初始化后的延迟探测时间,不定义默认为容器一启动就开始探测。 Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes periodSeconds <integer> #进行探测的频率。默认每10秒钟探测一次 How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold <integer> #失败之后,连续探测成功的最小成功值。最低值为1 Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. tcpSocket <Object> TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported timeoutSeconds <integer> #探测超时时长,默认值为1秒 Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
b、readinessProbe <Object>
c、lifecycle <Object> #生命周期,定义启动后和终止前钩子的
4、exec指针探测
[root@k8s-master ~]# kubectl explain pods.spec.containers.livenessProbe.exec KIND: Pod VERSION: v1 RESOURCE: exec <Object> DESCRIPTION: One and only one of the following should be specified. Exec specifies the action to take. ExecAction describes a "run in container" action. FIELDS: command <[]string> #运行命令以后来探测其是否执行成功,如果这个命令的返回值状态码是成功则表示存活,若返回值状态码是不成功则表示不存活。 Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
案例如下:
[root@k8s-master manifests]# ls demo-pod.yaml liveness-exec.yaml [root@k8s-master manifests]# cat liveness-exec.yaml apiVersion: v1 kind: Pod metadata: name: liveness-exec-pod namespace: test spec: containers: - name: busybox image: busybox:latest command: ["/bin/sh","-c","touch /tmp/healthy;sleep 30;rm -f /tmp/healthy;sleep 3600"] livenessProbe: exec: command: ["test","-e","/tmp/healthy"] #判断此文件是否存在 initialDelaySeconds: 1 #容器启动后等待1秒开始探测 periodSeconds: 3 #每隔3秒探测一次 restartPolicy: Always [root@k8s-master manifests]# kubectl get pods -n test NAME READY STATUS RESTARTS AGE demo-pod 2/2 Running 311 13d liveness-exec-pod 1/1 Running 4 5m8s nginx-deploy-66ff98548d-h8pgw 1/1 Running 0 17d
5、基于tcpSocket探测
[root@k8s-master manifests]# kubectl explain pods.spec.containers.livenessProbe.tcpSocket KIND: Pod VERSION: v1 RESOURCE: tcpSocket <Object> DESCRIPTION: TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TCPSocketAction describes an action based on opening a socket FIELDS: host <string> #基于主机,默认为pod自己的IP地址 Optional: Host name to connect to, defaults to the pod IP. port <string> -required- #基于端口 Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
6、httpGet探测
[root@k8s-master manifests]# kubectl explain pods.spec.containers.livenessProbe.httpGet KIND: Pod VERSION: v1 RESOURCE: httpGet <Object> DESCRIPTION: HTTPGet specifies the http request to perform. HTTPGetAction describes an action based on HTTP Get requests. FIELDS: host <string> Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. httpHeaders <[]Object> Custom headers to set in the request. HTTP allows repeated headers. path <string> #向指定地址指定端口的url发送请求,如果响应码为200、301和302等则ok Path to access on the HTTP server. port <string> -required- 端口和名称都可以,名称必须是服务名 Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. scheme <string> Scheme to use for connecting to the host. Defaults to HTTP.
案例如下:
[root@k8smaster manifests]# cat liveness-httpget.yaml apiVersion: v1 kind: Pod metadata: name: liveness-httpget-pod namespace: default spec: containers: - name: liveness-httpget-container image: ikubernetes/myapp:v1 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 livenessProbe: httpGet: port: http #也可以使用80 path: /index.html initialDelaySeconds: 1 #容器启动后等待1秒开始探测 periodSeconds: 3 #每隔3秒探测一次 restartPolicy: Always
7、就绪性探测,其与service调度有着重要的关联性。如果不做就绪性探测那么pod刚创建就立即被关联到service后端对象中,此时pod如果未就绪将造成服务无法被访问,因此几乎只要使用pod就必须做readinessProbe(就绪性检测)。
其检测方式和探针与liveness一样,只是目标不一样,livenessProbe只是为了判断存活与否,而readinessProbe则是用来判断它就绪与否。因此只是探测命令可能会不一样。
[root@k8smaster manifests]# cat readiness-httpget.yaml apiVersion: v1 kind: Pod metadata: name: readiness-httpget-pod namespace: default spec: containers: - name: readiness-httpget-container image: ikubernetes/myapp:v1 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 readinessProbe: httpGet: port: http #也可以使用80 path: /index.html initialDelaySeconds: 1 #容器启动后等待1秒开始探测 periodSeconds: 3 #每隔3秒探测一次 restartPolicy: Always [root@k8smaster manifests]# kubectl create -f readiness-httpget.yaml pod/readiness-httpget-pod created [root@k8smaster manifests]# kubectl get pods NAME READY STATUS RESTARTS AGE liveness-httpget-pod 1/1 Running 1 32m myapp-848b5b879b-5k4s4 1/1 Running 0 4d myapp-848b5b879b-bzblz 1/1 Running 0 4d myapp-848b5b879b-hzbf5 1/1 Running 0 4d nginx-deploy-5b595999-d9lv5 1/1 Running 0 5d pod-demo 2/2 Running 4 6h readiness-httpget-pod 1/1 Running 0 6s [root@k8smaster manifests]# kubectl describe pod readiness-httpget-pod Name: readiness-httpget-pod Namespace: default Priority: 0 PriorityClassName: <none> Node: k8snode2/192.168.10.12 Start Time: Thu, 09 May 2019 21:02:50 +0800 Labels: <none> Annotations: <none> Status: Running IP: 10.244.2.19 Containers: readiness-httpget-container: Container ID: docker://2972a892e1c91c2cfa6168f5729cbf1dae02e079f5bd1e8dc370e2ed56dcbf61 Image: ikubernetes/myapp:v1 Image ID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513 Port: 80/TCP Host Port: 0/TCP State: Running Started: Thu, 09 May 2019 21:02:51 +0800 Ready: True Restart Count: 0 Readiness: http-get http://:http/index.html delay=1s timeout=1s period=3s #success=1 #failure=3 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-jvtl7 (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-jvtl7: Type: Secret (a volume populated by a Secret) SecretName: default-token-jvtl7 Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Pulled 4d kubelet, k8snode2 Container image "ikubernetes/myapp:v1" already present on machine Normal Created 4d kubelet, k8snode2 Created container Normal Started 4d kubelet, k8snode2 Started container Normal Scheduled 23s default-scheduler Successfully assigned default/readiness-httpget-pod to k8snode2 #进入容器删除index.html发现READY中是0/1,不再是就绪状态 [root@k8smaster manifests]# kubectl get pods NAME READY STATUS RESTARTS AGE liveness-httpget-pod 1/1 Running 1 34m myapp-848b5b879b-5k4s4 1/1 Running 0 4d myapp-848b5b879b-bzblz 1/1 Running 0 4d myapp-848b5b879b-hzbf5 1/1 Running 0 4d nginx-deploy-5b595999-d9lv5 1/1 Running 0 5d pod-demo 2/2 Running 4 6h readiness-httpget-pod 0/1 Running 0 2m
8、lifecycle <Object> #生命周期,定义启动后和终止前钩子的
[root@k8smaster manifests]# kubectl explain pods.spec.containers.lifecycle KIND: Pod VERSION: v1 RESOURCE: lifecycle <Object> DESCRIPTION: Actions that the management system should take in response to container lifecycle events. Cannot be updated. Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted. FIELDS: postStart <Object> #容器启动后立即执行的操作 PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks preStop <Object> #容器终止前执行的操作 PreStop is called immediately before a container is terminated. The container is terminated after the handler completes. The reason for termination is passed to the handler. Regardless of the outcome of the handler, the container is eventually terminated. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
a、postStart ,默认会在容器的command命令运行完后再运行其定义的命令。
[root@k8smaster manifests]# more poststart-pod.yaml apiVersion: v1 kind: Pod metadata: name: poststart-pod namespace: default spec: containers: - name: busybox-pod image: busybox:latest imagePullPolicy: IfNotPresent lifecycle: postStart: exec: command: ["mkdir","-p","/data/web/html"] command: ["/bin/sh","-c"] #容器启动时,默认此命令+args执行完才会执行上面的postStart.exec.command中的命令 args: ["sleep 3600"] [root@k8smaster manifests]# kubectl exec -it poststart-pod -n test -- /bin/sh #命名空间要在shell前面,目前容器常用shell是/bin/sh和/bin/ash。 / # ls /data/web/html/
/ # cat /etc/shells #查看当前可用的shell
# valid login shells
/bin/sh
/bin/ash / # exit [root@k8smaster manifests]# kubectl get pods NAME READY STATUS RESTARTS AGE liveness-httpget-pod 1/1 Running 1 1h myapp-848b5b879b-5k4s4 1/1 Running 0 4d myapp-848b5b879b-bzblz 1/1 Running 0 4d myapp-848b5b879b-hzbf5 1/1 Running 0 4d nginx-deploy-5b595999-d9lv5 1/1 Running 0 5d pod-demo 2/2 Running 5 7h poststart-pod 1/1 Running 0 1m readiness-httpget-pod 1/1 Running 0 58m
b、preStop ,和postStart类似
总结:在极为特殊的场景下才会使用到lifecycle做一些别的操作,比如说:要依赖于某个git仓库中某些代码做某些操作时,可以在postStar时git clone去克隆某个仓库下来。