kubernetes pod生命周期、探针简介、范例及示例
kubernetes pod生命周期
- pod的生命周期(pod lifecycle),从pod start时间可以设置postStart检测,运行过程中可以设置livenessProbe和 readinessProbe,末了在 stop前可以设置preStop利用
探针简介
- 探针是由 kubelet 对容器执行的定期诊断,以保证Pod的状态始终处于运行状态,要执行诊断,kubelet 调用由容器实现的Handler(处理程序),也成为Hook(钩子),有三种范例的处理程序:
- ExecAction #在容器内执行指定下令,如果下令退出时返回码为0则以为诊断成功。
- TCPSocketAction #对指定端口上的容器的IP地点进行TCP检查,如果端口打开,则诊断被以为是成功的。
- HTTPGetAction:#对指定的端口和路径上的容器的IP地点执行HTTPGet请求,如果相应的状态码大于即是200且小于 400,则诊断被以为是成功的。
- 每次探测都将获得以下三种效果之一:
- 成功:容器通过了诊断。
- 失败:容器未通过诊断。
- 未知:诊断失败,因此不会采取任何行动。
Pod重启策略与镜像拉取策略
Pod重启策略:Pod一旦设置探针,在检测失败时间,会基于restartPolicy对Pod进行下一步利用:
- restartPolicy (容器重启策略):
- Always:当容器异常时,k8s自动重启该容器,ReplicationController/Replicaset/Deployment,默以为Always。
- OnFailure:当容器失败时(容器停止运行且退出码不为0),k8s自动重启该容器。
- Never:不论容器运行状态如何都不会重启该容器,Job或CronJob。
- imagePullPolicy (镜像拉取策略):
- IfNotPresent:node节点没有此镜像就去指定的镜像堆栈拉取,node有就利用node本地镜像。
- Always:每次重修pod都会重新拉取镜像
- Never:从不到镜像中心拉取镜像,只利用本地镜像
探针范例
- startupProbe: #启动探针,kubernetes v1.16引入
- 判定容器内的应用程序是否已启动完成,如果设置了启动探测,则会先禁用所有其它的探测,直到startupProbe检测成功为止,如果startupProbe探测失败,则kubelet将杀死容器,容器将按照重启策略进行下一步利用,如果容器没有提供启动探测,则默认状态为成功
- livenessProbe: #存活探针
- 检测容器容器是否正在运行,如果存活探测失败,则kubelet会杀死容器,而且容器将受到其重启策略的影响,如果容器不提供存活探针,则默认状态为 Success,livenessProbe用于控制是否重启pod。
- readinessProbe: #就绪探针
- 如果就绪探测失败,端点控制器将从与Pod匹配的所有Service的端点中删除该Pod的IP地点,初始耽误之前的就绪状态默以为Failure(失败),如果容器不提供就绪探针,则默认状态为 Success,readinessProbe用于控制pod是否添加至service。
探针设置参数
- 探针有很多设置字段,可以利用这些字段精确的控制存活和就绪检测的行为:
设置存活、就绪和启动探针 | Kubernetes
- initialDelaySeconds: 120 #初始化耽误时间,告诉kubelet在执行第一次探测前应该等待多少秒,默认是0秒,最小值是0
- periodSeconds: 60 #探测周期隔断时间,指定了kubelet应该每多少秒秒执行一次存活探测,默认是 10 秒。最小值是 1
- timeoutSeconds: 5 #单次探测超时时间,探测的超时后等待多少秒,默认值是1秒,最小值是1。
- successThreshold: 1 #从失败转为成功的重试次数,探测器在失败后,被视为成功的最小连续成功数,默认值是1,存活探测的这个值必须是1,最小值是
1。
- failureThreshold: 3 #从成功转为失败的重试次数,当Pod启动了而且探测到失败,Kubernetes的重试次数,存活探测情况下的放弃就意味偏重新启动容器,就绪探测情况下的放弃Pod 会被打上未就绪的标签,默认值是3,最小值是1。
探针http设置参数:
HTTP 探测器可以在 httpGet 上设置额外的字段:
- host: #毗连利用的主机名,默认是Pod的 IP,也可以在HTTP头中设置 “Host” 来代替。
- scheme: http #用于设置毗连主机的方式(HTTP 还是 HTTPS),默认是 HTTP。
- path: /monitor/index.html #访问 HTTP 服务的路径。
- httpHeaders: #请求中自定义的 HTTP 头,HTTP 头字段答应重复。
- port: 80 #访问容器的端标语或者端口名,如果数字必须在 1 ~ 65535 之间。
- [root@k8s-master1 case3-Probe]#cat 1-http-Probe.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: myserver-myapp-frontend-deployment
- namespace: myserver
- spec:
- replicas: 1
- selector:
- matchLabels: #rs or deployment
- app: myserver-myapp-frontend-label
- #matchExpressions:
- # - {key: app, operator: In, values: [myserver-myapp-frontend,ng-rs-81]}
- template:
- metadata:
- labels:
- app: myserver-myapp-frontend-label
- spec:
- containers:
- - name: myserver-myapp-frontend-label
- image: nginx:1.20.2-alpine
- ports:
- - containerPort: 80
- #readinessProbe:
- livenessProbe:
- httpGet:
- path: /monitor/monitor.html
- #path: /index.html
- port: 80
- initialDelaySeconds: 5
- periodSeconds: 3
- timeoutSeconds: 1
- successThreshold: 1
- failureThreshold: 3
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: myserver-myapp-frontend-service
- namespace: myserver
- spec:
- ports:
- - name: http
- port: 81
- targetPort: 80
- nodePort: 30070
- protocol: TCP
- type: NodePort
- selector:
- app: myserver-myapp-frontend-label
- [root@k8s-master1 case3-Probe]#kubectl apply -f 1-http-Probe.yaml
- [root@k8s-master1 case3-Probe]#kubectl get -n myserver pod,svc,ep
- NAME READY STATUS RESTARTS AGE
- pod/myserver-myapp-frontend-deployment-5b559886c9-74bjh 1/1 Running 0 9s
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- service/myserver-myapp-frontend-service NodePort 10.100.47.85 <none> 81:30070/TCP 13m
- NAME ENDPOINTS AGE
- endpoints/myserver-myapp-frontend-service 10.200.107.240:80 13m
- #如果将配置文件改成不存在的路径,livenessProbe会不断的重启
- #readinessProbe:
- livenessProbe:
- httpGet:
- path: /monitor/monitor.html
- #path: /index.html
- port: 80
- [root@k8s-master1 case3-Probe]#kubectl get -n myserver pod,svc,ep
- NAME READY STATUS RESTARTS AGE
- pod/myserver-myapp-frontend-deployment-d8d99c64-bzmcj 1/1 Running 3 (6s ago) 46s
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- service/myserver-myapp-frontend-service NodePort 10.100.193.54 <none> 81:30070/TCP 46s
- NAME ENDPOINTS AGE
- endpoints/myserver-myapp-frontend-service 10.200.107.247:80 45s
- [root@k8s-master1 case3-Probe]#kubectl get -n myserver pod,svc,ep
- NAME READY STATUS RESTARTS AGE
- pod/myserver-myapp-frontend-deployment-d8d99c64-qhq8d 0/1 CrashLoopBackOff 6 (12s ago) 3m40s
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- service/myserver-myapp-frontend-service NodePort 10.100.47.85 <none> 81:30070/TCP 18m
- NAME ENDPOINTS AGE
- endpoints/myserver-myapp-frontend-service 18m
- #如果将配置文件改成不存在的路径,readinessProbe
- #readinessProbe:
- livenessProbe:
- httpGet:
- path: /monitor/monitor.html
- #path: /index.html
- port: 80
-
- [root@k8s-master1 case3-Probe]#kubectl get -n myserver pod,svc,ep
- NAME READY STATUS RESTARTS AGE
- pod/myserver-myapp-frontend-deployment-7dcb656667-wj9kd 0/1 Running 0 4s
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- service/myserver-myapp-frontend-service NodePort 10.100.232.31 <none> 81:30070/TCP 4s
- NAME ENDPOINTS AGE
- endpoints/myserver-myapp-frontend-service 4s
-
- [root@k8s-master1 case3-Probe]#cat 2-tcp-Probe.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: myserver-myapp-frontend-deployment
- namespace: myserver
- spec:
- replicas: 1
- selector:
- matchLabels: #rs or deployment
- app: myserver-myapp-frontend-label
- #matchExpressions:
- # - {key: app, operator: In, values: [myserver-myapp-frontend,ng-rs-81]}
- template:
- metadata:
- labels:
- app: myserver-myapp-frontend-label
- spec:
- containers:
- - name: myserver-myapp-frontend-label
- image: nginx:1.20.2-alpine
- ports:
- - containerPort: 80
- livenessProbe:
- #readinessProbe:
- tcpSocket:
- port: 80
- #port: 8080
- initialDelaySeconds: 5
- periodSeconds: 3
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 3
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: myserver-myapp-frontend-service
- namespace: myserver
- spec:
- ports:
- - name: http
- port: 81
- targetPort: 80
- nodePort: 30070
- protocol: TCP
- type: NodePort
- selector:
- app: myserver-myapp-frontend-label
探针exec设置参数(执行下令)
- [root@k8s-master1 case3-Probe]#cat 3-exec-Probe.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: myserver-myapp-redis-deployment
- namespace: myserver
- spec:
- replicas: 1
- selector:
- matchLabels: #rs or deployment
- app: myserver-myapp-redis-label
- #matchExpressions:
- # - {key: app, operator: In, values: [myserver-myapp-redis,ng-rs-81]}
- template:
- metadata:
- labels:
- app: myserver-myapp-redis-label
- spec:
- containers:
- - name: myserver-myapp-redis-container
- image: redis
- ports:
- - containerPort: 6379
- livenessProbe:
- #readinessProbe:
- exec:
- command:
- #- /apps/redis/bin/redis-cli
- - /usr/local/bin/redis-cli
- - quit
- initialDelaySeconds: 5
- periodSeconds: 3
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 3
-
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: myserver-myapp-redis-service
- namespace: myserver
- spec:
- ports:
- - name: http
- port: 6379
- targetPort: 6379
- nodePort: 40016
- protocol: TCP
- type: NodePort
- selector:
- app: myserver-myapp-redis-label
startupProbe: #启动探针
- [root@k8s-master1 case3-Probe]#cat 5-startupProbe-livenessProbe-readinessProbe.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: myserver-myapp-frontend-deployment
- namespace: myserver
- spec:
- replicas: 3
- selector:
- matchLabels: #rs or deployment
- app: myserver-myapp-frontend-label
- #matchExpressions:
- # - {key: app, operator: In, values: [myserver-myapp-frontend,ng-rs-81]}
- template:
- metadata:
- labels:
- app: myserver-myapp-frontend-label
- spec:
- terminationGracePeriodSeconds: 60
- containers:
- - name: myserver-myapp-frontend-label
- image: nginx:1.20.2
- ports:
- - containerPort: 80
- startupProbe:
- httpGet:
- path: /index.html
- port: 80
- initialDelaySeconds: 5 #首次检测延迟5s
- failureThreshold: 3 #从成功转为失败的次数
- periodSeconds: 3 #探测间隔周期
- readinessProbe:
- httpGet:
- #path: /monitor/monitor.html
- path: /index.html
- port: 80
- initialDelaySeconds: 5
- periodSeconds: 3
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 3
- livenessProbe:
- httpGet:
- #path: /monitor/monitor.html
- path: /index.html
- port: 80
- initialDelaySeconds: 5
- periodSeconds: 3
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 3
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: myserver-myapp-frontend-service
- namespace: myserver
- spec:
- ports:
- - name: http
- port: 81
- targetPort: 80
- nodePort: 40012
- protocol: TCP
- type: NodePort
- selector:
- app: myserver-myapp-frontend-label
postStart and preStop handlers-简介
为容器的生命周期事件设置处理函数 | Kubernetes这个页面将演示如何为容器的生命周期事件挂接处理函数。Kubernetes 支持 postStart 和 preStop 事件。 当一个容器启动后,Kubernetes 将立刻发送 postStart 事件;在容器被终结之前, Kubernetes 将发送一个 preStop 事件。容器可以为每个事件指定一个处理程序。预备开始 你必须拥有一个 Kubernetes 的集群,且必须设置 kubectl 下令行工具让其与你的集群通信。 建议运行本教程的集群至少有两个节点,且这两个节点不能作为控制平面主机。 如果你还没有集群,你可以通过 Minikube 构建一个你自己的集群,或者你可以利用下面的 Kubernetes 训练环境之一:Killercoda 玩转 Kubernetes 要获知版本信息,请输入 kubectl version. 定义 postStart 和 preStop 处理函数 在本训练中,你将创建一个包含一个容器的 Pod,该容器为 postStart 和 preStop 事件提供对应的处理函数。下面是对应 Pod 的设置文件:pods/lifecycle-events.yaml apiVersion: v1 kind: Pod metadata: name: lifecycle-demo spec: containers: - name: lifecycle-demo-container image: nginx lifecycle: postStart: exec: command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] preStop: exec: command: ["/bin/sh","-c","nginx -s quit; while killall -0 nginx; do sleep 1; done"] 在上述设置文件中,你可以看到 postStart 下令在容器的 /usr/share 目次下写入文件 message。 下令 preStop 负责优雅地停止 nginx 服务。当由于失效而导致容器停止时,这一处理方式很有用。https://kubernetes.io/zh/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
postStart 和 preStop handlers 处理函数:
- postStart-Pod启动后立刻执行指定的擦利用:
- Pod被创建后立刻执行,即不等待pod中的服务启动。
- 如果postStart执行失败pod不会继续创建
- preStop:
- 在pod被停止之前执行
- 如果preStop一直执行不完成,则末了宽限2秒后强制删除
- [root@k8s-master1 case4-postStart-preStop]#cat 1-myserver-myapp1-postStart-preStop.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: myserver-myapp1-lifecycle
- labels:
- app: myserver-myapp1-lifecycle
- namespace: myserver
- spec:
- replicas: 1
- selector:
- matchLabels:
- app: myserver-myapp1-lifecycle-label
- template:
- metadata:
- labels:
- app: myserver-myapp1-lifecycle-label
- spec:
- terminationGracePeriodSeconds: 60
- containers:
- - name: myserver-myapp1-lifecycle-label
- image: tomcat:7.0.94-alpine
- lifecycle:
- postStart:
- exec:
- #command: 把自己注册到注册在中心
- command: ["/bin/sh", "-c", "echo 'Hello from the postStart handler' >> /usr/local/tomcat/webapps/ROOT/index.html"]
- #httpGet:
- # #path: /monitor/monitor.html
- # host: www.magedu.com
- # port: 80
- # scheme: HTTP
- # path: index.html
- preStop:
- exec:
- #command: 把自己从注册中心移除
- command:
- - /bin/bash
- - -c
- - 'sleep 10000000'
- #command: ["/usr/local/tomcat/bin/catalina.sh","stop"]
- #command: ['/bin/sh','-c','/path/preStop.sh']
- ports:
- - name: http
- containerPort: 8080
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: myserver-myapp1-lifecycle-service
- namespace: myserver
- spec:
- ports:
- - name: http
- port: 80
- targetPort: 8080
- nodePort: 30012
- protocol: TCP
- type: NodePort
- selector:
- app: myserver-myapp1-lifecycle-label
https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-terminating-with-gracehttps://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-terminating-with-grace
1.创建pod
- 向API-Server提交创建请求、API-Server完成鉴权和准入并将事件写入etcd
- kube-scheduler完成调度流程
- kubelet创建并启动pod、然后执行postStart
- 周期进行livenessProbe
- 进入running状态
- readinessProbe检测通过后,service关联pod
- 接受客户端请求
2.删除pod
- 向API-Server提交删除请求、API-Server完成鉴权和准入并将事件写入etcd
- Pod被设置为”Terminating”状态、从service的Endpoints列表中删除并不再接受客户端请求。
- pod执行PreStop
- kubelet向pod中的容器发送SIGTERM信号(正常停止信号)停止pod里面的主历程,这个信号让容器知道自己很快将会被关闭 terminationGracePeriodSeconds: 60 #可选停止等待期(pod删除宽限期),如果有设置删除宽限时间,则等待宽限时间到期,否则最多等待30s,Kubernetes等待指定的时间称为优雅停止宽限期,默认情况下是30秒,值得注意的是等待期与preStop Hook和SIGTERM信号并行执行,即Kubernetes大概不会等待preStop Hook完成(最长30秒之后主历程还没有竣事就就强制停止pod)。
- SIGKILL信号被发送到Pod,并删除Pod
root@k8s-master1:~# kubectl explain Deployment.spec.template.spec
terminationGracePeriodSeconds <integer>
Optional duration in seconds the pod needs to terminate gracefully. May be
decreased in delete request. Value must be non-negative integer. The value
zero indicates stop immediately via the kill signal (no opportunity to shut
down). If this value is nil, the default grace period will be used instead.
The grace period is the duration in seconds after the processes running in
the pod are sent a termination signal and the time when the processes are
forcibly halted with a kill signal. Set this value longer than the expected
cleanup time for your process. Defaults to 30 seconds.
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |
