Kubernetes 學習7 Pod控制器應用進階2

1、容器探測器

　　一、所謂的容器探測無非就是咱們在裏面設置了一些探針，或者稱之爲傳感器來獲取相應的數據做爲斷定其存活與否或就緒與否的標準，目前k8s所支持的存活性和就緒性探測方式都是同樣的。

　　二、k8s的探針類型有三種

　　　　一、ExecAction

　　　　二、TCPSocketAction：TCPSocket探針

　　　　三、HTTPGetAction ： 若是對方是http服務那麼直接向對方發http的get請求就能夠了

　　三、相應字段在  pods.spec.containers 之上

　　　　a、livenessProbe <Object>

[root@k8smaster ~]# kubectl explain pods.spec.containers.livenessProbe KIND: Pod VERSION: v1 RESOURCE: livenessProbe <Object> DESCRIPTION: Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. FIELDS: exec <Object> #探針 One and only one of the following should be specified. Exec specifies the action to take. failureThreshold <integer> #探測幾回都失敗才定義失敗，默認爲3，最小值爲1 Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. httpGet <Object> HTTPGet specifies the http request to perform. initialDelaySeconds <integer> #不可能主程序啓動之後當即對其作探測，由於有可能尚未初始化完成，所以咱們要稍微等一點時間再探測，所以其意思爲初始化後的延遲探測時間，不定義默認爲容器一啓動就開始探測。 Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 periodSeconds <integer> #默認每10秒鐘探測一次 How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold <integer> Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. tcpSocket <Object> TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported timeoutSeconds <integer> #探測超時時長，默認爲1秒 Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

　　　　b、readinessProbe <Object>

　　　　c、lifecycle <Object> #生命週期，定義啓動後和終止前鉤子的

　　四、exec指針探測

[root@k8smaster ~]# kubectl explain pods.spec.containers.livenessProbe.exec KIND: Pod VERSION: v1 RESOURCE: exec <Object> DESCRIPTION: One and only one of the following should be specified. Exec specifies the action to take. ExecAction describes a "run in container" action. FIELDS: command <[]string> #運行命令之後來探測其是否執行成功了，若是這個命令的返回值是成功表示存活，若返回值狀態碼是不成功表示不存活。 Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.

[root@k8smaster manifests]# ls liveness-exec.yaml pod-demo.yaml [root@k8smaster manifests]# cat liveness-exec.yaml apiVersion: v1 kind: Pod metadata: name: liveness-exec-pod namespace: default spec: containers: - name: liveness-exec-container image: busybox:latest imagePullPolicy: IfNotPresent command: ["/bin/sh","-c","touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 3600"] livenessProbe: exec: command: ["test","-e","/tmp/healthy"] #判斷此文件是否存在 initialDelaySeconds: 1 #容器啓動後等待1秒開始探測 periodSeconds: 3 #每隔3秒探測一次 restartPolicy: Always [root@k8smaster manifests]# kubectl get pods NAME READY STATUS RESTARTS AGE liveness-exec-pod 1/1 Running 6 9m myapp-848b5b879b-5k4s4 1/1 Running 0 4d myapp-848b5b879b-bzblz 1/1 Running 0 4d myapp-848b5b879b-hzbf5 1/1 Running 0 4d nginx-deploy-5b595999-d9lv5 1/1 Running 0 4d pod-demo 2/2 Running 3 5h [root@k8smaster manifests]# kubectl describe pod liveness-exec-pod Name: liveness-exec-pod Namespace: default Priority: 0 PriorityClassName: <none> Node: k8snode2/192.168.10.12 Start Time: Thu, 09 May 2019 19:59:15 +0800 Labels: <none> Annotations: <none> Status: Running IP: 10.244.2.17 Containers: liveness-exec-container: Container ID: docker://37b9faa3b66df5f74ce43943e20d414a6e0498b261b65e11e7c89ab26c633109  Image: busybox:latest Image ID: docker-pullable://busybox@sha256:4b6ad3a68d34da29bf7c8ccb5d355ba8b4babcad1f99798204e7abb43e54ee3d Port: <none> Host Port: <none> Command: /bin/sh -c touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 3600 State: Running Started: Thu, 09 May 2019 20:07:42 +0800 Last State: Terminated Reason: Error Exit Code: 137 Started: Thu, 09 May 2019 20:05:00 +0800 Finished: Thu, 09 May 2019 20:06:09 +0800 Ready: True Restart Count: 6 Liveness: exec [test -e /tmp/healthy] delay=1s timeout=1s period=3s #success=1 #failure=3 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-jvtl7 (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-jvtl7: Type: Secret (a volume populated by a Secret) SecretName: default-token-jvtl7 Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Pulled 4d (x4 over 4d) kubelet, k8snode2 Container image "busybox:latest" already present on machine Normal Created 4d (x4 over 4d) kubelet, k8snode2 Created container Normal Started 4d (x4 over 4d) kubelet, k8snode2 Started container Normal Killing 4d (x3 over 4d) kubelet, k8snode2 Killing container with id docker://liveness-exec-container:Container failed liveness probe.. Container will be killed and recreate d. Warning Unhealthy 4d (x13 over 4d) kubelet, k8snode2 Liveness probe failed: Normal Scheduled 9m default-scheduler Successfully assigned default/liveness-exec-pod to k8snode2

　　五、基於tcpSocket探測

[root@k8smaster manifests]# kubectl explain pods.spec.containers.livenessProbe.tcpSocket KIND: Pod VERSION: v1 RESOURCE: tcpSocket <Object> DESCRIPTION: TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TCPSocketAction describes an action based on opening a socket FIELDS: host <string> #基於主機，默認爲pod本身的IP地址 Optional: Host name to connect to, defaults to the pod IP. port <string> -required- #基於端口 Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

　　六、httpGet探測

[root@k8smaster manifests]# kubectl explain pods.spec.containers.livenessProbe.httpGet KIND: Pod VERSION: v1 RESOURCE: httpGet <Object> DESCRIPTION: HTTPGet specifies the http request to perform. HTTPGetAction describes an action based on HTTP Get requests. FIELDS: host <string> Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. httpHeaders <[]Object> Custom headers to set in the request. HTTP allows repeated headers. path <string> #指定地址指定端口的url發送請求，若是響應碼爲200則ok Path to access on the HTTP server. port <string> -required- #能夠直接引用service的名稱而不用端口號 Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. scheme <string> Scheme to use for connecting to the host. Defaults to HTTP.

　　　　案例以下

[root@k8smaster manifests]# cat liveness-httpget.yaml apiVersion: v1 kind: Pod metadata: name: liveness-httpget-pod namespace: default spec: containers: - name: liveness-httpget-container image: ikubernetes/myapp:v1 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 livenessProbe: httpGet: port: http #也可使用80 path: /index.html initialDelaySeconds: 1 #容器啓動後等待1秒開始探測 periodSeconds: 3 #每隔3秒探測一次 restartPolicy: Always

　　七、就緒性探測，其與service調度有着重要的關聯性。若是不作就緒性探測那麼pod剛建立就當即被關聯到service後端對象中，此時pod若是未就緒將形成服務沒法被訪問，所以幾乎只要使用pod就必須作readinessProbe（就緒性檢測）。

　　　　其檢測方式和探針與liveness同樣，只是目標不同，livenessProbe只是爲了判斷存活與否，而readinessProbe則是用來判斷它就緒與否。所以只是探測命令可能會不同。

[root@k8smaster manifests]# cat readiness-httpget.yaml apiVersion: v1 kind: Pod metadata: name: readiness-httpget-pod namespace: default spec: containers: - name: readiness-httpget-container image: ikubernetes/myapp:v1 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 readinessProbe: httpGet: port: http #也可使用80 path: /index.html initialDelaySeconds: 1 #容器啓動後等待1秒開始探測 periodSeconds: 3 #每隔3秒探測一次 restartPolicy: Always [root@k8smaster manifests]# kubectl create -f readiness-httpget.yaml pod/readiness-httpget-pod created [root@k8smaster manifests]# kubectl get pods NAME READY STATUS RESTARTS AGE liveness-httpget-pod          1/1       Running   1 32m myapp-848b5b879b-5k4s4        1/1       Running   0 4d myapp-848b5b879b-bzblz        1/1       Running   0 4d myapp-848b5b879b-hzbf5        1/1       Running   0 4d nginx-deploy-5b595999-d9lv5   1/1       Running   0 5d pod-demo                      2/2       Running   4 6h readiness-httpget-pod         1/1       Running   0 6s [root@k8smaster manifests]# kubectl describe pod readiness-httpget-pod Name: readiness-httpget-pod Namespace: default Priority: 0 PriorityClassName: <none> Node: k8snode2/192.168.10.12 Start Time: Thu, 09 May 2019 21:02:50 +0800 Labels: <none> Annotations: <none> Status: Running IP: 10.244.2.19 Containers: readiness-httpget-container: Container ID: docker://2972a892e1c91c2cfa6168f5729cbf1dae02e079f5bd1e8dc370e2ed56dcbf61
    Image:          ikubernetes/myapp:v1 Image ID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
    Port:           80/TCP Host Port: 0/TCP State: Running Started: Thu, 09 May 2019 21:02:51 +0800 Ready: True Restart Count: 0 Readiness: http-get http://:http/index.html delay=1s timeout=1s period=3s #success=1 #failure=3
    Environment:    <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-jvtl7 (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-jvtl7: Type: Secret (a volume populated by a Secret) SecretName: default-token-jvtl7 Optional: false QoS Class: BestEffort Node-Selectors:  <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ----    ------     ----  ----               ------- Normal Pulled 4d kubelet, k8snode2 Container image "ikubernetes/myapp:v1" already present on machine Normal Created 4d kubelet, k8snode2 Created container Normal Started 4d kubelet, k8snode2 Started container Normal Scheduled 23s default-scheduler  Successfully assigned default/readiness-httpget-pod to k8snode2 #進入容器刪除index.html發現再也不ready [root@k8smaster manifests]# kubectl get pods NAME READY STATUS RESTARTS AGE liveness-httpget-pod          1/1       Running   1 34m myapp-848b5b879b-5k4s4        1/1       Running   0 4d myapp-848b5b879b-bzblz        1/1       Running   0 4d myapp-848b5b879b-hzbf5        1/1       Running   0 4d nginx-deploy-5b595999-d9lv5   1/1       Running   0 5d pod-demo                      2/2       Running   4 6h readiness-httpget-pod         0/1       Running   0          2m

 　　八、lifecycle <Object> #生命週期，定義啓動後和終止前鉤子的

[root@k8smaster manifests]# kubectl explain pods.spec.containers.lifecycle KIND: Pod VERSION: v1 RESOURCE: lifecycle <Object> DESCRIPTION: Actions that the management system should take in response to container lifecycle events. Cannot be updated. Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted. FIELDS: postStart <Object> #容器啓動後當即執行的操做 PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 preStop <Object> #容器終止前執行的操做 PreStop is called immediately before a container is terminated. The container is terminated after the handler completes. The reason for termination is passed to the handler. Regardless of the outcome of the handler, the container is eventually terminated. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

　　　　a、postStart ，默認會在容器的command命令運行完後再運行其定義的命令。

[root@k8smaster manifests]# more poststart-pod.yaml apiVersion: v1 kind: Pod metadata: name: poststart-pod namespace: default spec: containers: - name: busybox-pod image: busybox:latest imagePullPolicy: IfNotPresent lifecycle: postStart: exec: command: ["mkdir","-p","/data/web/html"] command: ["/bin/sh","-c"] #默認此命令+args執行完纔會執行上面的postStart.exec.command中的命令 args: ["sleep 3600"] [root@k8smaster manifests]# kubectl exec -it  poststart-pod /bin/sh
/ # ls /data/web/html/
/ # exit [root@k8smaster manifests]# kubectl get pods NAME READY STATUS RESTARTS AGE liveness-httpget-pod          1/1       Running   1 1h myapp-848b5b879b-5k4s4        1/1       Running   0 4d myapp-848b5b879b-bzblz        1/1       Running   0 4d myapp-848b5b879b-hzbf5        1/1       Running   0 4d nginx-deploy-5b595999-d9lv5   1/1       Running   0 5d pod-demo                      2/2       Running   5 7h poststart-pod                 1/1       Running   0 1m readiness-httpget-pod         1/1       Running   0          58m

　　　　b、preStop ，和postStart相似