一、容器探测器
1、所谓的容器探测无非就是我们在里面设置了一些探针,或者称之为传感器来获取相应的数据作为判定其存活与否或就绪与否的标准,目前k8s所支持的存活性和就绪性探测方式都是一样的。
2、k8s的探针类型有三种
1、ExecAction
2、TCPSocketAction:TCPSocket探针
3、HTTPGetAction : 如果对方是http服务那么直接向对方发http的get请求就可以了
3、相应字段在 pods.spec.containers 之上
a、livenessProbe <Object>
[root@k8smaster ~]# kubectl explain pods.spec.containers.livenessProbe
KIND: Pod
VERSION: v1
RESOURCE: livenessProbe <Object>
DESCRIPTION:
Periodic probe of container liveness. Container will be restarted if the
probe fails. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Probe describes a health check to be performed against a container to
determine whether it is alive or ready to receive traffic.
FIELDS:
exec <Object> #探针
One and only one of the following should be specified. Exec specifies the
action to take.
failureThreshold <integer> #探测几次都失败才定义失败,默认为3,最小值为1
Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
httpGet <Object>
HTTPGet specifies the http request to perform.
initialDelaySeconds <integer> #不可能主程序启动以后立即对其做探测,因为有可能还没有初始化完成,因此我们要稍微等一点时间再探测,因此其意思为初始化后的延迟探测时间,不定义默认为容器一启动就开始探测。
Number of seconds after the container has started before liveness probes
are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
periodSeconds <integer> #默认每10秒钟探测一次
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
value is 1.
successThreshold <integer>
Minimum consecutive successes for the probe to be considered successful
after having failed. Defaults to 1. Must be 1 for liveness. Minimum value
is 1.
tcpSocket <Object>
TCPSocket specifies an action involving a TCP port. TCP hooks not yet
supported
timeoutSeconds <integer> #探测超时时长,默认为1秒
Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
b、readinessProbe <Object> 就绪性探测
c、lifecycle <Object> #生命周期,定义启动后和终止前钩子的
4、exec指针探测
[root@k8smaster ~]# kubectl explain pods.spec.containers.livenessProbe.exec
KIND: Pod
VERSION: v1
RESOURCE: exec <Object>
DESCRIPTION:
One and only one of the following should be specified. Exec specifies the
action to take.
ExecAction describes a "run in container" action.
FIELDS:
command <[]string> #运行命令以后来探测其是否执行成功了,如果这个命令的返回值是成功表示存活,若返回值状态码是不成功表示不存活。
Command is the command line to execute inside the container, the working
directory for the command is root ('/') in the container's filesystem. The
command is simply exec'd, it is not run inside a shell, so traditional
shell instructions ('|', etc) won't work. To use a shell, you need to
explicitly call out to that shell. Exit status of 0 is treated as
live/healthy and non-zero is unhealthy.
[root@k8smaster manifests]# ls liveness-exec.yaml pod-demo.yaml
# 创建一个pod文件 [root@k8smaster manifests]# cat liveness-exec.yaml apiVersion: v1 kind: Pod metadata: name: liveness-exec-pod namespace: default spec: containers: - name: liveness-exec-container image: busybox:latest imagePullPolicy: IfNotPresent command: ["/bin/sh","-c","touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 3600"] livenessProbe: # 存活探针的定义 exec: command: ["test","-e","/tmp/healthy"] #判断此文件是否存在 initialDelaySeconds: 1 #容器启动后等待1秒开始探测 periodSeconds: 3 #每隔3秒探测一次 restartPolicy: Always # 重启 [root@k8smaster manifests]# kubectl get pods NAME READY STATUS RESTARTS AGE liveness-exec-pod 1/1 Running 6 9m myapp-848b5b879b-5k4s4 1/1 Running 0 4d myapp-848b5b879b-bzblz 1/1 Running 0 4d myapp-848b5b879b-hzbf5 1/1 Running 0 4d nginx-deploy-5b595999-d9lv5 1/1 Running 0 4d pod-demo 2/2 Running 3 5h [root@k8smaster manifests]# kubectl describe pod liveness-exec-pod #具体的信息 Name: liveness-exec-pod Namespace: default Priority: 0 PriorityClassName: <none> Node: k8snode2/192.168.10.12 Start Time: Thu, 09 May 2019 19:59:15 +0800 Labels: <none> Annotations: <none> Status: Running IP: 10.244.2.17 Containers: liveness-exec-container: Container ID: docker://37b9faa3b66df5f74ce43943e20d414a6e0498b261b65e11e7c89ab26c633109 Image: busybox:latest Image ID: docker-pullable://busybox@sha256:4b6ad3a68d34da29bf7c8ccb5d355ba8b4babcad1f99798204e7abb43e54ee3d Port: <none> Host Port: <none> Command: /bin/sh -c touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 3600 State: Running Started: Thu, 09 May 2019 20:07:42 +0800 Last State: Terminated Reason: Error Exit Code: 137 Started: Thu, 09 May 2019 20:05:00 +0800 Finished: Thu, 09 May 2019 20:06:09 +0800 Ready: True Restart Count: 6 Liveness: exec [test -e /tmp/healthy] delay=1s timeout=1s period=3s #success=1 #failure=3 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-jvtl7 (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-jvtl7: Type: Secret (a volume populated by a Secret) SecretName: default-token-jvtl7 Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Pulled 4d (x4 over 4d) kubelet, k8snode2 Container image "busybox:latest" already present on machine Normal Created 4d (x4 over 4d) kubelet, k8snode2 Created container Normal Started 4d (x4 over 4d) kubelet, k8snode2 Started container Normal Killing 4d (x3 over 4d) kubelet, k8snode2 Killing container with id docker://liveness-exec-container:Container failed liveness probe.. Container will be killed and recreate d. Warning Unhealthy 4d (x13 over 4d) kubelet, k8snode2 Liveness probe failed: Normal Scheduled 9m default-scheduler Successfully assigned default/liveness-exec-pod to k8snode2
5、基于tcpSocket探测
[root@k8smaster manifests]# kubectl explain pods.spec.containers.livenessProbe.tcpSocket
KIND: Pod
VERSION: v1
RESOURCE: tcpSocket <Object>
DESCRIPTION:
TCPSocket specifies an action involving a TCP port. TCP hooks not yet
supported
TCPSocketAction describes an action based on opening a socket
FIELDS:
host <string> #基于主机,默认为pod自己的IP地址
Optional: Host name to connect to, defaults to the pod IP.
port <string> -required- #基于端口
Number or name of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
6、httpGet探测
[root@k8smaster manifests]# kubectl explain pods.spec.containers.livenessProbe.httpGet
KIND: Pod
VERSION: v1
RESOURCE: httpGet <Object>
DESCRIPTION:
HTTPGet specifies the http request to perform.
HTTPGetAction describes an action based on HTTP Get requests.
FIELDS:
host <string>
Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
httpHeaders <[]Object>
Custom headers to set in the request. HTTP allows repeated headers.
path <string> #指定地址指定端口的url发送请求,如果响应码为200则ok
Path to access on the HTTP server.
port <string> -required- #可以直接引用service的名称而不用端口号
Name or number of the port to access on the container. Number must be in
the range 1 to 65535. Name must be an IANA_SVC_NAME.
scheme <string>
Scheme to use for connecting to the host. Defaults to HTTP.
案例如下
[root@k8smaster manifests]# cat liveness-httpget.yaml apiVersion: v1 kind: Pod metadata: name: liveness-httpget-pod namespace: default spec: containers: - name: liveness-httpget-container image: ikubernetes/myapp:v1 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 livenessProbe: httpGet: port: http #也可以使用80 path: /index.html initialDelaySeconds: 1 #容器启动后等待1秒开始探测 periodSeconds: 3 #每隔3秒探测一次 restartPolicy: Always
7、就绪性探测,其与service调度有着重要的关联性。如果不做就绪性探测那么pod刚创建就立即被关联到service后端对象中,此时pod如果未就绪将造成服务无法被访问,因此几乎只要使用pod就必须做readinessProbe(就绪性检测)。
其检测方式和探针与liveness一样,只是目标不一样,livenessProbe只是为了判断存活与否,而readinessProbe则是用来判断它就绪与否。因此只是探测命令可能会不一样。
[root@k8smaster manifests]# cat readiness-httpget.yaml
apiVersion: v1
kind: Pod
metadata:
name: readiness-httpget-pod
namespace: default
spec:
containers:
- name: readiness-httpget-container
image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
readinessProbe:
httpGet:
port: http #也可以使用80
path: /index.html
initialDelaySeconds: 1 #容器启动后等待1秒开始探测
periodSeconds: 3 #每隔3秒探测一次
restartPolicy: Always
[root@k8smaster manifests]# kubectl create -f readiness-httpget.yaml
pod/readiness-httpget-pod created
[root@k8smaster manifests]# kubectl get pods
NAME READY STATUS RESTARTS AGE
liveness-httpget-pod 1/1 Running 1 32m
myapp-848b5b879b-5k4s4 1/1 Running 0 4d
myapp-848b5b879b-bzblz 1/1 Running 0 4d
myapp-848b5b879b-hzbf5 1/1 Running 0 4d
nginx-deploy-5b595999-d9lv5 1/1 Running 0 5d
pod-demo 2/2 Running 4 6h
readiness-httpget-pod 1/1 Running 0 6s
[root@k8smaster manifests]# kubectl describe pod readiness-httpget-pod
Name: readiness-httpget-pod
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: k8snode2/192.168.10.12
Start Time: Thu, 09 May 2019 21:02:50 +0800
Labels: <none>
Annotations: <none>
Status: Running
IP: 10.244.2.19
Containers:
readiness-httpget-container:
Container ID: docker://2972a892e1c91c2cfa6168f5729cbf1dae02e079f5bd1e8dc370e2ed56dcbf61
Image: ikubernetes/myapp:v1
Image ID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Thu, 09 May 2019 21:02:51 +0800
Ready: True
Restart Count: 0
Readiness: http-get http://:http/index.html delay=1s timeout=1s period=3s #success=1 #failure=3
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-jvtl7 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-jvtl7:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-jvtl7
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Pulled 4d kubelet, k8snode2 Container image "ikubernetes/myapp:v1" already present on machine
Normal Created 4d kubelet, k8snode2 Created container
Normal Started 4d kubelet, k8snode2 Started container
Normal Scheduled 23s default-scheduler Successfully assigned default/readiness-httpget-pod to k8snode2
#进入容器删除index.html发现不再ready
[root@k8smaster manifests]# kubectl get pods
NAME READY STATUS RESTARTS AGE
liveness-httpget-pod 1/1 Running 1 34m
myapp-848b5b879b-5k4s4 1/1 Running 0 4d
myapp-848b5b879b-bzblz 1/1 Running 0 4d
myapp-848b5b879b-hzbf5 1/1 Running 0 4d
nginx-deploy-5b595999-d9lv5 1/1 Running 0 5d
pod-demo 2/2 Running 4 6h
readiness-httpget-pod 0/1 Running 0 2m
8、lifecycle <Object> #生命周期,定义启动后和终止前钩子的
[root@k8smaster manifests]# kubectl explain pods.spec.containers.lifecycle
KIND: Pod
VERSION: v1
RESOURCE: lifecycle <Object>
DESCRIPTION:
Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
FIELDS:
postStart <Object> #容器启动后立即执行的操作
PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
preStop <Object> #容器终止前执行的操作
PreStop is called immediately before a container is terminated. The
container is terminated after the handler completes. The reason for
termination is passed to the handler. Regardless of the outcome of the
handler, the container is eventually terminated. Other management of the
container blocks until the hook completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
a、postStart ,默认会在容器的command命令运行完后再 运行其定义的命令。
[root@k8smaster manifests]# more poststart-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: poststart-pod
namespace: default
spec:
containers:
- name: busybox-pod
image: busybox:latest
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["mkdir","-p","/data/web/html"]
command: ["/bin/sh","-c"] #默认此命令+args执行完才会执行上面的postStart.exec.command中的命令
args: ["sleep 3600"]
[root@k8smaster manifests]# kubectl exec -it poststart-pod /bin/sh
/ # ls /data/web/html/
/ # exit
[root@k8smaster manifests]# kubectl get pods
NAME READY STATUS RESTARTS AGE
liveness-httpget-pod 1/1 Running 1 1h
myapp-848b5b879b-5k4s4 1/1 Running 0 4d
myapp-848b5b879b-bzblz 1/1 Running 0 4d
myapp-848b5b879b-hzbf5 1/1 Running 0 4d
nginx-deploy-5b595999-d9lv5 1/1 Running 0 5d
pod-demo 2/2 Running 5 7h
poststart-pod 1/1 Running 0 1m
readiness-httpget-pod 1/1 Running 0 58m
b、preStop ,和postStart类似
更新镜像得策略
[root@laso-master-01 ]# kubectl explain pods.spec.containers.imagePullPolicy KIND: Pod VERSION: v1 FIELD: imagePullPolicy <string> DESCRIPTION: Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
IfNotPresent仅当本地不存在图像时才会拉取图像。
Always每次 kubelet 启动容器时,kubelet 都会查询容器镜像注册表以将名称解析为镜像 。如果 kubelet 有一个在本地缓存了精确摘要的容器镜像,则 kubelet 使用其缓存的镜像;否则,kubelet 会使用解析后的摘要提取图像,并使用该图像启动容器。
Never kubelet 不会尝试获取图像。如果镜像已经以某种方式存在于本地,kubelet 会尝试启动容器;否则,启动失败。