1 Abstract
There are four methods to put a hook or probe in Pod (Container). Liveness and Readiness Probes are nessessary probes, if you want to deploy a service with pod.
resource.spec.containers.lifecycle.postStart
resource.spec.containers.lifecycle.preStop
resource.spec.containers.readinessProbe
resource.spec.containers.livenessPorbe
2 Container Probes
A Probe is a diagnostic performed periodically by the kubelet on a Container. To perform a diagnostic, the kubelet calls a Handler implemented by the Container. There are three types of handlers:
-
ExecAction: Executes a specified command inside the Container. The diagnostic is considered successful if the command exits with a status code of 0.
-
TCPSocketAction: Performs a TCP check against the Container’s IP address on a specified port. The diagnostic is considered successful if the port is open.
-
HTTPGetAction: Performs an HTTP Get request against the Container’s IP address on a specified port and path. The diagnostic is considered successful if the response has a status code greater than or equal to 200 and less than 400.
In order to setup hooks for these three hooks, you can use kubectl api
For example under pod.spec.containers.readinessProbe / livenessProbe there are three options exec, httpGet and tcpSocket which are coorespodence to ExecAction, HTTPGetAction and TCPSocketAction
Each probe has one of three results:
- Success: The Container passed the diagnostic.
- Failure: The Container failed the diagnostic.
- Unknown: The diagnostic failed, so no action should be taken.
3 Make a liveness exec probe
See a example below:
apiVersion: v1
kind: Pod
metadata:
name: liveness-exec-pod
namespace: default
spec:
containers:
- name: liveness-exec-container
image: busybox:latest
imagePullPolicy: IfNotPresent
command: ["/bin/sh","-c","touch /tmp/healthy; sleep 20; rm -rf /tmp/healthy; sleep 500"]
livenessProbe:
exec:
command: ["test","-e","/tmp/healthy"]
initialDelaySeconds: 2
periodSeconds: 3
restartPolicy: Always
* initialDelaySeconds: 2 -> 2 sec. after container created will start livenessProbe
* periodSeconds: 3 -> probe will start every 3 sec.
Create a new Pod with kubectl create -f liveness-exec-pod
See info via kubectl describe pod liveness-exec-pod
We can see container failed and restarted... Liveness probe failed
[root@k8smaster learning-kubernetes]# kubectl describe pod liveness-exec-pod Name: liveness-exec-pod Namespace: default Priority: 0 PriorityClassName: <none> Node: k8snode1/172.16.0.12 Start Time: Fri, 04 Jan 2019 05:01:00 +0100 Labels: <none> Annotations: <none> Status: Running IP: 10.244.1.25 Containers: liveness-exec-container: Container ID: docker://c4d0b086b10426612603315f9dd5af739896d84f8f19a3a4715ed63059e39e3e Image: busybox:latest Image ID: docker-pullable://busybox@sha256:7964ad52e396a6e045c39b5a44438424ac52e12e4d5a25d94895f2058cb863a0 Port: <none> Host Port: <none> Command: /bin/sh -c touch /tmp/healthy; sleep 20; rm -rf /tmp/healthy; sleep 500 State: Running Started: Fri, 04 Jan 2019 05:02:00 +0100 Last State: Terminated Reason: Error Exit Code: 137 Started: Fri, 04 Jan 2019 05:01:01 +0100 Finished: Fri, 04 Jan 2019 05:01:59 +0100 Ready: True Restart Count: 1 Liveness: exec [test -e /tmp/healthy] delay=2s timeout=1s period=3s #success=1 #failure=3 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-rxs5t (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-rxs5t: Type: Secret (a volume populated by a Secret) SecretName: default-token-rxs5t Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 100s default-scheduler Successfully assigned default/liveness-exec-pod to k8snode1 Normal Pulled 72s (x2 over 2m10s) kubelet, k8snode1 Container image "busybox:latest" already present on machine Normal Created 72s (x2 over 2m10s) kubelet, k8snode1 Created container Normal Killing 72s kubelet, k8snode1 Killing container with id docker://liveness-exec-container:Container failed liveness probe.. Container will be killed and recreated. Normal Started 71s (x2 over 2m10s) kubelet, k8snode1 Started container Warning Unhealthy 45s (x6 over 108s) kubelet, k8snode1 Liveness probe failed:
4 Make a liveness httpget probe
See example below:
apiVersion: v1 kind: Pod metadata: name: liveness-httpget-pod namespace: default spec: containers: - name: liveness-httpget-container image: ikubernetes/myapp:v1 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 livenessProbe: httpGet: port: http path: /index.html initialDelaySeconds: 1 periodSeconds: 3
See info:
[root@k8smaster probe_and_hook]# kubectl create -f liveness-httpget.yaml pod/liveness-httpget-pod created [root@k8smaster probe_and_hook]# kubectl get pod NAME READY STATUS RESTARTS AGE liveness-httpget-pod 1/1 Running 0 20s nginx-79976cbb47-8dqnk 1/1 Running 0 14h nginx-79976cbb47-p247g 1/1 Running 0 14h nginx-79976cbb47-ppbqv 1/1 Running 0 14h [root@k8smaster probe_and_hook]# kubectl describe pod liveness-httpget-pod Name: liveness-httpget-pod Namespace: default Priority: 0 PriorityClassName: <none> Node: k8snode1/172.16.0.12 Start Time: Fri, 04 Jan 2019 05:17:59 +0100 Labels: <none> Annotations: <none> Status: Running IP: 10.244.1.26 Containers: liveness-httpget-container: Container ID: docker://2e211c471130073ae92d92ab9981857bc3e35d1d96009316a1d8660246c16dac Image: ikubernetes/myapp:v1 Image ID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513 Port: 80/TCP Host Port: 0/TCP State: Running Started: Fri, 04 Jan 2019 05:18:00 +0100 Ready: True Restart Count: 0 Liveness: http-get http://:80/index.html delay=1s timeout=1s period=3s #success=1 #failure=3 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-rxs5t (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-rxs5t: Type: Secret (a volume populated by a Secret) SecretName: default-token-rxs5t Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Pulled 69s kubelet, k8snode1 Container image "ikubernetes/myapp:v1" already present on machine Normal Created 69s kubelet, k8snode1 Created container Normal Started 68s kubelet, k8snode1 Started container Normal Scheduled 39s default-scheduler Successfully assigned default/liveness-httpget-pod to k8snode1
5 Make a poststart hook
This example shows how to use lifecycle hook
apiVersion: v1 kind: Pod metadata: name: poststart-pod namespace: default spec: containers: - name: busybox-httpd image: busybox:latest imagePullPolicy: IfNotPresent lifecycle: postStart: exec: command: ["/bin/sh", "-c", "echo Home-Page >> /tmp/index.html"] #command: ['/bin/sh','-c','sleep 3600'] command: ["/bin/httpd"] args: ["-f","-h /tmp"] # this script is not correct!