kubernetes之pod生命周期和探针
kubernetes
- 一、pod生命周期
- 二、探针
- 2.1 认识探针
- 2.2 使用探针
- 2.3 做存活检测(liveness)
- 2.4 准备就绪检测(readinessProbe)
一、pod生命周期
- 查看pod上的namespace
[kubeadm@server2 ~]$ kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7b8f97b6db-5g4hh 1/1 Running 1 20h
coredns-7b8f97b6db-jxccd 1/1 Running 1 20h
etcd-server2 1/1 Running 8 20h
kube-apiserver-server2 1/1 Running 14 20h
kube-controller-manager-server2 1/1 Running 72 20h
kube-flannel-ds-amd64-6cglm 1/1 Running 1 19h
kube-flannel-ds-amd64-957jx 1/1 Running 1 19h
kube-flannel-ds-amd64-gknfj 1/1 Running 1 19h
kube-proxy-hb9c7 1/1 Running 4 20h
kube-proxy-jgnk5 1/1 Running 4 20h
kube-proxy-s6nzt 1/1 Running 4 20h
kube-scheduler-server2 1/1 Running 72 20h
- 将pod节点转换为yaml格式
[kubeadm@server2 ~]$ kubectl get pod -o yaml
- 认识pod生命周期
- init容器能做什么?
- 使用init容器
[kubeadm@server2 manifest]$ \vi init.yaml #使用纯vi不缩进
[kubeadm@server2 manifest]$ cat init.yaml
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
labels:
app: myapp
spec:
containers:
- name: myapp-container
image: busybox:1.28
command: ['sh', '-c', 'echo The app is running! && sleep 3600']
initContainers:
- name: init-myservice
image: busybox:1.28
command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"]
[kubeadm@server2 manifest]$ kubectl create -f init.yaml
pod/myapp-pod created
[kubeadm@server2 manifest]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 0/1 Init:0/1 0 5s
创建myservice
[kubeadm@server2 manifest]$ cat service.yaml
kind: Service
apiVersion: v1
metadata:
name: myservice
spec:
ports:
- protocol: TCP
port: 80
targetPort: 9376
[kubeadm@server2 manifest]$ kubectl create -f service.yaml
service/myservice created
[kubeadm@server2 manifest]$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 22h
myservice ClusterIP 10.108.84.226 <none> 80/TCP 2m8s
容器running说明已经通过init-myservice
[kubeadm@server2 manifest]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 1/1 Running 0 20m
[kubeadm@server2 manifest]$ kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-pod 1/1 Running 0 22m 10.244.2.9 server4 <none> <none>
[kubeadm@server2 manifest]$ curl 10.244.2.9
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
default.svc.cluster.local:表示namespace.服务.当前集群
[kubeadm@server2 manifest]$ kubectl run test -it --image=busyboxplus
If you don't see a command prompt, try pressing enter.
/ # nslookup myservice.default.svc.cluster.local
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: myservice.default.svc.cluster.local
Address 1: 10.108.84.226 myservice.default.svc.cluster.local
/ # exit
Session ended, resume using 'kubectl attach test -c test -i -t' command when the pod is running
上面解析到myservice的clusterip
[kubeadm@server2 manifest]$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 22h
myservice ClusterIP 10.108.84.226 <none> 80/TCP 8m18s
二、探针
2.1 认识探针
探针 是由 kubelet 对容器执行的定期诊断。要执行诊断,kubelet 调用由容器实现的 Handler。有三种类型的处理程序:
ExecAction:在容器内执行指定命令。如果命令退出时返回码为 0 则认为诊断成功。
TCPSocketAction:对指定端口上的容器的 IP 地址进行 TCP 检查。如果端口打开,则诊断被认为是成功的。
HTTPGetAction:对指定的端口和路径上的容器的 IP 地址执行 HTTP Get 请求。如果响应的状态码大于等于200 且小于 400,则诊断被认为是成功的。
每次探测都将获得以下三种结果之一:
成功:容器通过了诊断。
失败:容器未通过诊断。
未知:诊断失败,因此不会采取任何行动。
Kubelet 可以选择是否执行在容器上运行的三种探针执行和做出反应:
livenessProbe:指示容器是否正在运行。如果存活探测失败,则 kubelet 会杀死容器,并且容器将受到其 重启策略 的影响。如果容器不提供存活探针,则默认状态为 Success。
readinessProbe:指示容器是否准备好服务请求。如果就绪探测失败,端点控制器将从与 Pod 匹配的所有 Service 的端点中删除该 Pod 的 IP 地址。初始延迟之前的就绪状态默认为 Failure。如果容器不提供就绪探针,则默认状态为 Success。
startupProbe: 指示容器中的应用是否已经启动。如果提供了启动探测(startup probe),则禁用所有其他探测,直到它成功为止。如果启动探测失败,kubelet 将杀死容器,容器服从其重启策略进行重启。如果容器没有提供启动探测,则默认状态为成功Success
从用户到容器的流程:
user—kubectl—apiserver—kubelet—cri—(oci—linux)—pause(root container)—init container —containers
2.2 使用探针
删除多余的pod和service
[kubeadm@server2 manifest]$ kubectl get all
NAME READY STATUS RESTARTS AGE
pod/myapp-pod 1/1 Running 0 118m
pod/test 1/1 Running 1 94m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 24h
service/myservice ClusterIP 10.108.84.226 <none> 80/TCP 100m
[kubeadm@server2 manifest]$ kubectl delete -f init.yaml
pod "myapp-pod" deleted
[kubeadm@server2 manifest]$ kubectl delete pod test
pod "test" deleted
[kubeadm@server2 manifest]$ kubectl delete service myservice
service "myservice" deleted
[kubeadm@server2 manifest]$ kubectl get all
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 24h
2.3 做存活检测(liveness)
[kubeadm@server2 manifest]$ cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: myapp
spec:
containers:
- name: myapp
image: myapp:v1
imagePullPolicy: IfNotPresent
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 1 # pod起动后1秒开始检测
periodSeconds: 2 # 每隔两秒检测
timeoutSeconds: 2 # 监测的超时时间,如果超过这个时长后,则认为监测失败
[kubeadm@server2 manifest]$ kubectl create -f pod.yaml
pod/myapp created
[kubeadm@server2 manifest]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp 1/1 Running 0 6s
[kubeadm@server2 manifest]$ kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp 1/1 Running 0 18s 10.244.2.10 server4 <none> <none>
[kubeadm@server2 manifest]$ curl 10.244.2.10
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[kubeadm@server2 manifest]$ kubectl delete -f pod.yaml
pod "myapp" deleted
将端口改为8080,因为nginx开启的是80端口,所以8080端口根本没有开,它会一直检测
[kubeadm@server2 manifest]$ cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: myapp
spec:
containers:
- name: myapp
image: myapp:v1
imagePullPolicy: IfNotPresent
livenessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 1
periodSeconds: 2
timeoutSeconds: 2
[kubeadm@server2 manifest]$ kubectl create -f pod.yaml
pod/myapp created
在不断的重起,所以restarts为2
[kubeadm@server2 manifest]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp 0/1 CrashLoopBackOff 2 29s
2.4 准备就绪检测(readinessProbe)
[kubeadm@server2 manifest]$ cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: myapp
spec:
containers:
- name: myapp
image: nginx
imagePullPolicy: IfNotPresent
# livenessProbe:
# tcpSocket:
# port: 80
# initialDelaySeconds: 1
# periodSeconds: 2
# timeoutSeconds: 2
readinessProbe:
httpGet:
path: /test.html
port: 80
initialDelaySeconds: 1
periodSeconds: 3
timeoutSeconds: 1
[kubeadm@server2 manifest]$ kubectl create -f pod.yaml
pod/myapp created
[kubeadm@server2 manifest]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp 0/1 Running 0 15s
[kubeadm@server2 manifest]$ kubectl describe pod myapp
Name: myapp
Namespace: default
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled <unknown> default-scheduler Successfully assigned default/myapp to server4
Normal Pulled 34s kubelet, server4 Container image "nginx" already present on machine
Normal Created 34s kubelet, server4 Created container myapp
Normal Started 33s kubelet, server4 Started container myapp
Warning Unhealthy 1s (x11 over 31s) kubelet, server4 Readiness probe failed: HTTP probe failed with statuscode: 404
创建test.html
[kubeadm@server2 manifest]$ kubectl exec -it myapp -- sh
# cd /uar/share/nginx/html
sh: 1: cd: can't cd to /uar/share/nginx/html
# cd /usr/share/nginx/html
# echo hello > test.html
# exit
myapp就绪
[kubeadm@server2 manifest]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp 1/1 Running 0 6m12s