pod 的高级实现污点亲密性探针的实现
名称空间资源限制;对名称空间使用资源的总限额,不是单个pod
[root@master pod]# cat ../nsrq.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: mem-cpu-quota
namespace: test
spec:
hard:
limits.cpu: "2"
limits.memory: "2Gi"
requests.cpu: "4"
requests.memory: "4Gi"
[root@master pod]# kubectl get po -n test
No resources found in test namespace.
[root@master pod]# kubectl apply -f ../nsrq.yaml
resourcequota/mem-cpu-quota configured
[root@master pod]# kubectl describe -n test resourcequotas
Name: mem-cpu-quota
Namespace: test
Resource Used Hard
-------- ---- ----
limits.cpu 0 2
limits.memory 0 2Gi
requests.cpu 0 4
requests.memory 0 4Gi
[root@master pod]# cat po
po2.yaml po3.yaml po.yaml
[root@master pod]# cat po.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-test
namespace: test
labels:
app: tomcat
spec:
containers:
- name: tomcat-test
image: tomcat
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
resources:
limits:
memory: "2Gi"
cpu: "1"
requests:
memory: "2Gi"
cpu: "1"
[root@master pod]# kubectl apply -f po.yaml
pod/pod-test created
[root@master pod]# cat po2.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-test-1
namespace: test
labels:
app: tomcat
spec:
containers:
- name: tomcat-test
image: tomcat
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
resources:
limits:
memory: "100Mi"
cpu: "500m"
requests:
memory: "100Mi"
cpu: "500m"
[root@master pod]# kubectl apply -f po2.yaml
Error from server (Forbidden): error when creating "po2.yaml": pods "pod-test-1" is forbidden: exceeded quota: mem-cpu-quota, requested: limits.memory=100Mi, used: limits.memory=2Gi, limited: limits.memory=2Gi
[root@master pod]# kubectl get po -n test
NAME READY STATUS RESTARTS AGE
pod-test 1/1 Running 0 2m53s
[root@master pod]# kubectl edit resourcequotas -n test mem-cpu-quota
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: ResourceQuota
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"ResourceQuota","metadata":{"annotations":{},"name":"mem-cpu-quota","namespace":"test"},"spec":{"hard":{"limits.cpu":"2","limits.memory":"2Gi","requests.cpu":"4","requests.memor
y":"4Gi"}}} creationTimestamp: "2024-10-11T07:12:37Z"
name: mem-cpu-quota
namespace: test
resourceVersion: "113002"
uid: 9f669803-9b56-46cd-a10d-0291b5c59576
spec:
hard:
limits.cpu: "2"
limits.memory: 3Gi # 修改为3G
requests.cpu: "4"
requests.memory: 4Gi
status:
hard:
limits.cpu: "2"
limits.memory: 2Gi
requests.cpu: "4"
requests.memory: 4Gi
used:
limits.cpu: "1"
limits.memory: 2Gi
requests.cpu: "1"
requests.memory: 2Gi
[root@master pod]# kubectl describe -n test resourcequotas
Name: mem-cpu-quota
Namespace: test
Resource Used Hard
-------- ---- ----
limits.cpu 1 2
limits.memory 2Gi 3Gi
requests.cpu 1 4
requests.memory 2Gi 4Gi
[root@master pod]# kubectl apply -f po2.yaml
pod/pod-test-1 created
[root@master pod]# kubectl get po -n test
NAME READY STATUS RESTARTS AGE
pod-test 1/1 Running 0 1s
pod-test-1 1/1 Running 0 11s
po 指定node 节点
[root@master pod]# cat po3.yaml
apiVersion: v1
kind: Pod
metadata:
name: demo-pod
namespace: default
labels:
app: busybox-tomcat
env: pro
spec:
nodeName: node-1
containers:
- name: tomcat
ports:
- containerPort: 8080
image: tomcat:8.5-jre8-alpine
imagePullPolicy: IfNotPresent
- name: busybox
image: busybox:latest
imagePullPolicy: IfNotPresent
command:
- "/bin/sh"
- "-c"
- "sleep 36000"
[root@master pod]# kubectl get po demo-pod -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo-pod 2/2 Running 0 124m 172.16.84.139 node-1 <none> <none>
po 的通过标签选择器选定node
[root@master pod]# cat po4.yaml
apiVersion: v1
kind: Pod
metadata:
name: demo-pod-1
namespace: default
labels:
app: busybox-tomcat
env: pro
spec:
# nodeName: node-1
nodeSelector:
app: v1 #选择拥有此标签的node
containers:
- name: tomcat
ports:
- containerPort: 8080
image: tomcat:8.5-jre8-alpine
imagePullPolicy: IfNotPresent
- name: busybox
image: busybox:latest
imagePullPolicy: IfNotPresent
command:
- "/bin/sh"
- "-c"
- "sleep 36000"
[root@master pod]# kubectl get po
NAME READY STATUS RESTARTS AGE
demo-pod 2/2 Running 0 126m
demo-pod-1 0/2 Pending(待调度状态) 0 3m55s
hamster-65db5bcc68-fm6f2 1/1 Running 0 13h
hamster-65db5bcc68-j8bss 1/1 Running 0 13h
[root@master pod]# kubectl get node --show-labels
NAME STATUS ROLES AGE VERSION LABELS
node Ready control-plane 19h v1.28.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node,kubernetes.io/os=linux,node-role.kubernetes.io/c
ontrol-plane=,node.kubernetes.io/exclude-from-external-load-balancers=node-1 Ready <none> 19h v1.28.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node-1,kubernetes.io/os=linux
node-2 Ready <none> 19h v1.28.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node-2,kubernetes.io/os=linux
[root@master pod]# kubectl label nodes node-2 app=v1
node/node-2 labeled
[root@master pod]# kubectl get po
NAME READY STATUS RESTARTS AGE
demo-pod 2/2 Running 0 128m
demo-pod-1 0/2 ContainerCreating 0 5m34s
hamster-65db5bcc68-fm6f2 1/1 Running 0 13h
hamster-65db5bcc68-j8bss 1/1 Running 0 13h
[root@master pod]# kubectl get po -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo-pod 2/2 Running 0 128m 172.16.84.139 node-1 <none> <none>
demo-pod-1 0/2 ContainerCreating 0 5m49s <none> node-2 <none> <none>
hamster-65db5bcc68-fm6f2 1/1 Running 0 13h 172.16.247.10 node-2 <none> <none>
hamster-65db5bcc68-j8bss 1/1 Running 0 13h 172.16.84.138 node-1 <none> <none>
po 节点 硬亲和性
[root@master pod]# cat po.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-test
# namespace: test
labels:
app: tomcat
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: #硬亲和性
nodeSelectorTerms:
- matchExpressions:
- key: app #标签
operator: In # 等于
values:
- v2 #值
- v3
containers:
- name: tomcat-test
image: tomcat
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
[root@master pod]# kubectl apply -f po.yaml
pod/pod-test created
[root@master pod]# kubectl get po
NAME READY STATUS RESTARTS AGE
demo-pod 2/2 Running 0 145m
demo-pod-1 2/2 Running 0 22m
hamster-65db5bcc68-fm6f2 1/1 Running 0 13h
hamster-65db5bcc68-j8bss 1/1 Running 0 13h
pod-test 0/1 Pending 0 4s
[root@master pod]# kubectl label nodes node-1 app=v2 && kubectl get pod pod-test -owide
node/node-1 labeled
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-test 0/1 ContainerCreating 0 50s <none> node-1 <none> <none>
po 节点软亲和性
[root@master pod]# cat po6.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-test-cx
# namespace: test
labels:
app: tomcat
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution: #软亲和性
- preference:
matchExpressions:
- key: cx #标签
operator: In # 等于
values:
- dev #值
weight: 90 # 亲和力度
containers:
- name: tomcat-test
image: tomcat
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
[root@master pod]# kubectl apply -f po6.yaml
pod/pod-test-cx created
[root@master pod]# kubectl get pod pod-test-cx -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-test-cx 1/1 Running 0 26s 172.16.247.13 node-2 <none> <none>
[root@master pod]# kubectl get nodes --show-labels | grep cx=dev
打标签删除标签
打标签 [root@master pod]# kubectl label nodes node-1 app=v2 node/node-1 labeled 删除标签 [root@master pod]# kubectl label nodes node-2 app- node/node-2 unlabeled [root@master pod]# kubectl label nodes node-1 app- node/node-1 unlabeled [root@master pod]# kubectl label nodes node-1 cx- node/node-1 unlabeled
po 与po 的亲和性
[root@master pod]# kubectl get po --show-labels
NAME READY STATUS RESTARTS AGE LABELS
pod-test 1/1 Running 0 94s app=tomcat,security=S1
[root@master pod]# cat poaffinity.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-test-cx
# namespace: test
labels:
app: tomcat
spec:
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
requiredDuringSchedulingIgnoredDuringExecution: # 硬亲和性
- labelSelector:
matchExpressions:
- key: security
operator: In
values:
- S1
topologyKey: kubernetes.io/hostname # 根据这个node 标签判断是不是一个节点
containers:
- name: tomcat-test
image: tomcat
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
[root@master pod]# kubectl apply -f poaffinity.yaml
pod/pod-test-cx created
[root@master pod]# kubectl get po --show-labels
NAME READY STATUS RESTARTS AGE LABELS
pod-test 1/1 Running 0 109s app=tomcat,security=S1
pod-test-cx 1/1 Running 0 3s app=tomcat
[root@master pod]# kubectl get po -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-test 1/1 Running 0 2m 172.16.84.147 node-1 <none> <none>
pod-test-cx 1/1 Running 0 14s 172.16.84.149 node-1 <none> <none>
po反亲和性
[root@master pod]# cat nopo.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-test-cx
# namespace: test
labels:
app: tomcat
spec:
affinity:
podAntiAffinity: # 反亲和性
preferredDuringSchedulingIgnoredDuringExecution:
requiredDuringSchedulingIgnoredDuringExecution: # 硬反亲和性
- labelSelector:
matchExpressions:
- key: security
operator: In
values:
- S1
topologyKey: kubernetes.io/hostname # 根据这个node 标签判断
containers:
- name: tomcat-test
image: tomcat
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
[root@master pod]# kubectl get po --show-labels
NAME READY STATUS RESTARTS AGE LABELS
pod-test 1/1 Running 0 8m53s app=tomcat,security=S1
pod-test-cx 1/1 Running 0 18s app=tomcat
[root@master pod]# kubectl get po -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-test 1/1 Running 0 9m 172.16.84.150 node-1 <none> <none>
pod-test-cx 1/1 Running 0 25s 172.16.247.14 node-2 <none> <none>
污点与容忍度
KIND: Node
VERSION: v1
FIELD: taints <[]Taint>
DESCRIPTION:
If specified, the node's taints.
The node this Taint is attached to has the "effect" on any pod that does not
tolerate the Taint.
FIELDS:
effect <string> -required-
Required. The effect of the taint on pods that do not tolerate the taint.
Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
Possible enum values:
- `"NoExecute"` Evict any already-running pods that do not tolerate the
taint. Currently enforced by NodeController.
- `"NoSchedule"` Do not allow new pods to schedule onto the node unless
they tolerate the taint, but allow all pods submitted to Kubelet without
going through the scheduler to start, and allow all already-running pods to
continue running. Enforced by the scheduler.
- `"PreferNoSchedule"` Like TaintEffectNoSchedule, but the scheduler tries
not to schedule new pods onto the node, rather than prohibiting new pods
from scheduling onto the node entirely. Enforced by the scheduler.
key <string> -required-
Required. The taint key to be applied to a node.
timeAdded <string>
TimeAdded represents the time at which the taint was added. It is only
written for NoExecute taints.
value <string>
The taint value corresponding to the taint key.
effect 字段的允许值包括:
NoExecute- 这会影响已在节点上运行的 Pod,具体影响如下:
- 如果 Pod 不能容忍这类污点,会马上被驱逐。
- 如果 Pod 能够容忍这类污点,但是在容忍度定义中没有指定
tolerationSeconds, 则 Pod 还会一直在这个节点上运行。 - 如果 Pod 能够容忍这类污点,而且指定了
tolerationSeconds, 则 Pod 还能在这个节点上继续运行这个指定的时间长度。 这段时间过去后,节点生命周期控制器从节点驱除这些 Pod。
NoSchedul
PreferNoSchedulePreferNoSchedule是“偏好”或“软性”的NoSchedule。 控制平面将尝试避免将不能容忍污点的 Pod 调度到的节点上,但不能保证完全避免。-
查看node-1 .节点pod [root@master ~]# kubectl get node NAME STATUS ROLES AGE VERSION node Ready control-plane 4d18h v1.28.2 node-1 Ready <none> 4d18h v1.28.2 node-2 Ready <none> 4d18h v1.28.2 [root@master ~]# kubectl get pod -A -owide | grep node-1 default pod-test 1/1 Running 1 (28m ago) 3d22h 172.16.84.151 node-1 <none> <none> kube-system calico-node-2bjbd 1/1 Running 3 (28m ago) 4d18h 192.168.10.30 node-1 <none> <none> kube-system kube-proxy-jxl5j 1/1 Running 3 (28m ago) 4d18h 192.168.10.30 node-1 <none> <none> kube-system vpa-admission-controller-6cfd4f784d-w8c58 1/1 Running 1 (28m ago) 4d17h 172.16.84.153 node-1 <none> <none> kube-system vpa-updater-cc89b6c56-grq55 1/1 Running 1 (28m ago) 4d17h 172.16.84.152 node-1 <none> <none> 给node-1 打污点,并查看node-1 上pod [root@master ~]# kubectl taint node node-1 a=b:NoExecute && kubectl get pod -A -owide | grep node-1 node/node-1 tainted default pod-test 1/1 Terminating 1 (30m ago) 3d22h 172.16.84.151 node-1 <none> <none> kube-system calico-node-2bjbd 1/1 Running 3 (30m ago) 4d18h 192.168.10.30 node-1 <none> <none> kube-system kube-proxy-jxl5j 1/1 Running 3 (30m ago) 4d19h 192.168.10.30 node-1 <none> <none> kube-system vpa-admission-controller-6cfd4f784d-w8c58 1/1 Terminating 1 (30m ago) 4d17h 172.16.84.153 node-1 <none> <none> kube-system vpa-updater-cc89b6c56-grq55 1/1 Terminating 1 (30m ago) 4d17h 172.16.84.152 node-1 <none> <none>
operator的默认值是Equal。一个容忍度和一个污点相“匹配”是指它们有一样的键名和效果,并且:
- 如果
operator是Exists(此时容忍度不能指定value),或者 - 如果
operator是Equal,则它们的值应该相等
[root@master ~]# kubectl taint node node-1 a=b:NoSchedule node/node-1 tainted [root@master ~]# cat po.yaml apiVersion: v1 kind: Pod metadata: name: pod-test-1 labels: app: tomcat spec: tolerations: - key: a operator: Exists #可以不知道value effect: "NoSchedule" #容忍度 nodeName: node-1 containers: - name: tomcat-test image: tomcat imagePullPolicy: IfNotPresent ports: - containerPort: 8080指定value
[root@master ~]# kubectl apply -f po-2.yaml pod/pod-test-2 created [root@master ~]# kubectl get pod -A -owide | grep node-1 default pod-test-1 1/1 Running 0 4m57s 172.16.84.154 node-1 <none> <none> default pod-test-2 1/1 Running 0 4s 172.16.84.155 node-1 <none> <none> kube-system calico-node-2bjbd 1/1 Running 3 (54m ago) 4d19h 192.168.10.30 node-1 <none> <none> kube-system kube-proxy-jxl5j 1/1 Running 3 (54m ago) 4d19h 192.168.10.30 node-1 <none> <none> [root@master ~]# cat po-2.yaml apiVersion: v1 kind: Pod metadata: name: pod-test-2 labels: app: tomcat spec: tolerations: - key: a operator: Equal #可以省略,默认需要指定value value: b effect: "NoSchedule" nodeName: node-1 containers: - name: tomcat-test image: tomcat imagePullPolicy: IfNotPresent ports: - containerPort: 8080pod 的探测
1.存活探测: livenessProbe 用于存活探针决定何时重启容器。检测pod 容器是否处于运行状态,当存活性探测失败。存活探针失败多次,kubelet 将重启该容器存活探针不会等待就绪探针成功。 如果你想在执行存活探针前等待,你可以定义
initialDelaySeconds,或者使用启动探针KIND: Pod VERSION: v1 FIELD: livenessProbe <Probe> DESCRIPTION: Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. FIELDS: exec <ExecAction> # 命令行探测方式 Exec specifies the action to take. failureThreshold <integer> Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. grpc <GRPCAction> #grpc 探测 GRPC specifies an action involving a GRPC port. httpGet <HTTPGetAction> # http 协议探测 HTTPGet specifies the http request to perform. initialDelaySeconds <integer> # initialDelaySeconds 字段告诉 kubelet 在执行第一次探测前应该等待 时间 秒 Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes periodSeconds <integer> #periodSeconds 字段指定了 kubelet 应该每 5 秒执行一次存活探测 How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold <integer> #探测成功的最少连续成功次数 Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. tcpSocket <TCPSocketAction> # tcp 探测 TCPSocket specifies an action involving a TCP port. terminationGracePeriodSeconds <integer> # 正常终止的可选持续时间;Pod 中运行的进程会收到终止信号以及终止时间 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. timeoutSeconds <integer> #探测超时后的秒数。默认为 1 秒。 Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probeshttp 探测
[root@master pod]# cat livenessProbe-1.yaml apiVersion: v1 kind: Pod metadata: name: liveness-1 spec: containers: - name: liveness image: nginx imagePullPolicy: IfNotPresent ports: - name: web containerPort: 80 livenessProbe: initialDelaySeconds: 10 httpGet: port: web path: /index.html [root@master pod]# kubectl apply -f livenessProbe-1.yaml pod/liveness-1 created [root@master pod]# kubectl get po NAME READY STATUS RESTARTS AGE liveness-1 0/1 ContainerCreating 0 7s pod-test-1 1/1 Running 0 159m pod-test-2 1/1 Running 0 154m pod-test-cx 1/1 Running 1 (15h ago) 4d1h [root@master pod]# kubectl get po NAME READY STATUS RESTARTS AGE liveness-1 0/1 ContainerCreating 0 8s pod-test-1 1/1 Running 0 159m pod-test-2 1/1 Running 0 154m pod-test-cx 1/1 Running 1 (15h ago) 4d1h [root@master pod]# kubectl get po -w NAME READY STATUS RESTARTS AGE liveness-1 0/1 ContainerCreating 0 11s pod-test-1 1/1 Running 0 159m pod-test-2 1/1 Running 0 154m pod-test-cx 1/1 Running 1 (15h ago) 4d1h liveness-1 1/1 Running 0 29sexec 探测
[root@master pod]# cat livenessProbe-2.yaml apiVersion: v1 kind: Pod metadata: name: liveness-2 spec: containers: - name: liveness image: busybox imagePullPolicy: IfNotPresent command: - /bin/sh - "-c" - "echo 1 > /tmp/1.txt && sleep 120;rm -f /tmp/1.txt;sleep 1200" livenessProbe: initialDelaySeconds: 10 exec: command: - /bin/sh - "-c" - "cat /tmp/1.txt" periodSeconds: 3 successThreshold: 1 [root@master pod]# kubectl apply -f livenessProbe-2.yaml && kubectl get po -w pod/liveness-2 created NAME READY STATUS RESTARTS AGE liveness-1 1/1 Running 0 24m liveness-2 0/1 ContainerCreating 0 0s pod-test-1 1/1 Running 0 3h3m pod-test-2 1/1 Running 0 179m pod-test-cx 1/1 Running 1 (15h ago) 4d1h liveness-2 0/1 ContainerCreating 0 1s liveness-2 1/1 Running 0 2s liveness-2 1/1 Running 1 (1s ago) 2m41stcp
[root@master pod]# cat livenessProbe-3.yaml apiVersion: v1 kind: Pod metadata: name: liveness-3 spec: containers: - name: liveness image: nginx imagePullPolicy: IfNotPresent ports: - name: web containerPort: 80 livenessProbe: initialDelaySeconds: 10 tcpSocket: port: web successThreshold: 1 [root@master pod]# kubectl apply -f livenessProbe-3.yaml && kubectl get po -w pod/liveness-3 created NAME READY STATUS RESTARTS AGE liveness-1 1/1 Running 0 44m liveness-3 0/1 ContainerCreating 0 0s pod-test-1 1/1 Running 0 3h23m pod-test-2 1/1 Running 0 3h18m pod-test-cx 1/1 Running 1 (16h ago) 4d1h liveness-3 0/1 ContainerCreating 0 0s liveness-3 1/1 Running 0 1s2.就绪探测:就绪探针决定何时容器准备好开始接受流量。 这种探针在等待应用执行耗时的初始任务时非常有用,例如建立网络连接、加载文件和预热缓存。
tcp
[root@master pod]# cat readinessProbe-1.yaml apiVersion: v1 kind: Pod metadata: name: periodseconds-1 spec: containers: - name: liveness image: nginx imagePullPolicy: IfNotPresent ports: - name: web containerPort: 80 readinessProbe: initialDelaySeconds: 10 tcpSocket: port: web successThreshold: 1 periodSeconds: 3 [root@master pod]# vim readinessProbe-1.yaml [root@master pod]# kubectl apply -f readinessProbe-1.yaml && kubectl get po -w pod/periodseconds-1 created NAME READY STATUS RESTARTS AGE liveness-1 1/1 Running 0 52m liveness-3 1/1 Running 0 8m54s periodseconds-1 0/1 ContainerCreating 0 0s pod-test-1 1/1 Running 0 3h32m pod-test-2 1/1 Running 0 3h27m pod-test-cx 1/1 Running 1 (16h ago) 4d1h periodseconds-1 0/1 ContainerCreating 0 1s periodseconds-1 0/1 Running 0 1s periodseconds-1 1/1 Running 0 12shttp
[root@master pod]# cat readinessProbe-2.yaml apiVersion: v1 kind: Pod metadata: name: periodseconds-2 spec: containers: - name: liveness image: nginx imagePullPolicy: IfNotPresent ports: - name: web containerPort: 80 readinessProbe: initialDelaySeconds: 10 httpGet: path: /index.html port: web successThreshold: 1 periodSeconds: 3 [root@master pod]# kubectl apply -f readinessProbe-2.yaml ; kubectl get pod -w pod/periodseconds-2 created NAME READY STATUS RESTARTS AGE liveness-1 1/1 Running 0 4h8m liveness-3 1/1 Running 0 3h24m periodseconds-1 1/1 Running 0 3h15m periodseconds-2 0/1 ContainerCreating 0 0s pod-test-1 1/1 Running 0 6h47m pod-test-2 1/1 Running 0 6h42m pod-test-cx 1/1 Running 1 (19h ago) 4d5h periodseconds-2 0/1 ContainerCreating 0 1s periodseconds-2 0/1 Running 0 2s periodseconds-2 1/1 Running 0 12sexec
[root@master pod]# cat readinessProbe-3.yaml apiVersion: v1 kind: Pod metadata: name: riodseconds-2 labels: app: exec spec: containers: - name: liveness image: nginx imagePullPolicy: IfNotPresent command: - /bin/sh - "-c" - "sleep 120;rm -f /usr/share/nginx/html/index.html" ports: - name: web containerPort: 80 readinessProbe: initialDelaySeconds: 10 exec: command: - /bin/sh - "-c" - "ls /usr/share/nginx/html/index.html" successThreshold: 1 periodSeconds: 3 --- apiVersion: v1 kind: Service metadata: name: riodseconds-exec spec: selector: app: exec ports: name: web protocol: TCP targetPort: web port: 80 [root@master pod]# vim readinessProbe-3.yaml [root@master pod]# kubectl apply -f readinessProbe-3.yaml ; kubectl get pod && kubectl get svc -w pod/riodseconds-2 created service/riodseconds-exec created NAME READY STATUS RESTARTS AGE liveness-1 1/1 Running 0 4h28m liveness-3 1/1 Running 0 3h43m periodseconds-1 1/1 Running 0 3h35m periodseconds-2 1/1 Running 0 19m pod-test-1 1/1 Running 0 7h7m pod-test-2 1/1 Running 0 7h2m pod-test-cx 1/1 Running 1 (19h ago) 4d5h riodseconds-2 0/1 ContainerCreating 0 0s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d2h riodseconds-exec ClusterIP 10.108.185.32 <none> 80/TCP 0s ^C[root@master pod] [root@master pod]# [root@master pod]# [root@master pod]# [root@master pod]# kubectl describe svc riodseconds-exec Name: riodseconds-exec Namespace: default Labels: <none> Annotations: <none> Selector: app=exec Type: ClusterIP IP Family Policy: SingleStack IP Families: IPv4 IP: 10.108.185.32 IPs: 10.108.185.32 Port: web 80/TCP TargetPort: web/TCP Endpoints: 172.16.84.166:80 Session Affinity: None Events: <none> [root@master pod]# kubectl describe svc riodseconds-exec Name: riodseconds-exec Namespace: default Labels: <none> Annotations: <none> Selector: app=exec Type: ClusterIP IP Family Policy: SingleStack IP Families: IPv4 IP: 10.108.185.32 IPs: 10.108.185.32 Port: web 80/TCP TargetPort: web/TCP Endpoints: Session Affinity: None Events: <none>3.启动探针检查容器内的应用是否已启动。 启动探针可以用于对慢启动容器进行存活性检测,避免它们在启动运行之前就被 kubelet 杀掉。如果配置了这类探针,它会禁用存活检测和就绪检测,直到启动探针成功为止。这类探针仅在启动时执行,不像存活探针和就绪探针那样周期性地运行。
exec
[root@master pod]# cat stat-1.yaml apiVersion: v1 kind: Pod metadata: name: stat-1 spec: containers: - name: stat-1 image: nginx imagePullPolicy: IfNotPresent ports: - name: web containerPort: 80 # readinessProbe: # initialDelaySeconds: 10 # httpGet: # path: /index.html # port: web # successThreshold: 1 # periodSeconds: 3 startupProbe: #httpGet: # path: /healthz # port: liveness-port exec: command: - /bin/sh - "-c" - "ls /usr/share/nginx/html/index.html" failureThreshold: 3 # 失败的次数 periodSeconds: 10 # 探测间隔 [root@master pod]# kubectl apply -f stat-1.yaml ; kubectl get po -w pod/stat-1 created NAME READY STATUS RESTARTS AGE liveness-1 1/1 Running 0 7h11m liveness-3 1/1 Running 0 6h27m periodseconds-1 1/1 Running 0 6h18m periodseconds-2 1/1 Running 0 3h3m pod-test-1 1/1 Running 0 9h pod-test-2 1/1 Running 0 9h pod-test-cx 1/1 Running 1 (22h ago) 4d8h stat-1 0/1 ContainerCreating 0 0s stat-1 0/1 ContainerCreating 0 0s stat-1 0/1 Running 0 1s stat-1 0/1 Running 0 10s stat-1 1/1 Running 0 10stcp
[root@master pod]# cat stat-2.yaml apiVersion: v1 kind: Pod metadata: name: stat-2 spec: containers: - name: stat-2 image: nginx imagePullPolicy: IfNotPresent ports: - name: web containerPort: 80 # readinessProbe: # initialDelaySeconds: 10 # httpGet: # path: /index.html # port: web # successThreshold: 1 # periodSeconds: 3 startupProbe: #httpGet: # path: /healthz # port: liveness-port #exec: # command: # - /bin/sh # - "-c" # - "ls /usr/share/nginx/html/index.html" tcpSocket: port: web failureThreshold: 3 # 失败的次数 periodSeconds: 10 # 探测间隔 [root@master pod]# kubectl apply -f stat-2.yaml ; kubectl get po -w pod/stat-2 created NAME READY STATUS RESTARTS AGE liveness-1 1/1 Running 0 19h liveness-3 1/1 Running 0 18h periodseconds-1 1/1 Running 0 18h periodseconds-2 1/1 Running 0 15h pod-test-1 1/1 Running 0 22h pod-test-2 1/1 Running 0 22h pod-test-cx 1/1 Running 1 (35h ago) 4d20h stat-1 1/1 Running 0 12h stat-2 0/1 ContainerCreating 0 0s stat-2 0/1 ContainerCreating 0 1s stat-2 0/1 Running 0 1s stat-2 0/1 Running 0 10s stat-2 1/1 Running 0 11shttp
[root@master pod]# cat stat-3.yaml apiVersion: v1 kind: Pod metadata: name: stat-3 spec: containers: - name: stat-3 image: nginx imagePullPolicy: IfNotPresent ports: - name: web containerPort: 80 # readinessProbe: # initialDelaySeconds: 10 # httpGet: # path: /index.html # port: web # successThreshold: 1 # periodSeconds: 3 startupProbe: httpGet: path: /index.html port: web #exec: # command: # - /bin/sh # - "-c" # - "ls /usr/share/nginx/html/index.html" #tcpSocket: # port: web failureThreshold: 3 # 失败的次数 periodSeconds: 10 # 探测间隔 [root@master pod]# kubectl apply -f stat-3.yaml ; kubectl get po -w pod/stat-3 created NAME READY STATUS RESTARTS AGE liveness-1 1/1 Running 0 19h liveness-3 1/1 Running 0 18h periodseconds-1 1/1 Running 0 18h periodseconds-2 1/1 Running 0 15h pod-test-1 1/1 Running 0 22h pod-test-2 1/1 Running 0 22h pod-test-cx 1/1 Running 1 (35h ago) 4d20h stat-1 1/1 Running 0 12h stat-2 1/1 Running 0 5m stat-3 0/1 ContainerCreating 0 1s stat-3 0/1 ContainerCreating 0 1s stat-3 0/1 Running 0 2s stat-3 0/1 Running 0 11s stat-3 1/1 Running 0 11s容器重启策略:
restartPolicyrestartPolicy应用于 Pod 中的应用容器和常规的 Init 容器。 Sidecar 容器忽略 Pod 级别的restartPolicy字段:在 Kubernetes 中,Sidecar 被定义为initContainers内的一个条目,其容器级别的restartPolicy被设置为Always。 对于因错误而退出的 Init 容器,如果 Pod 级别restartPolicy为OnFailure或Always, 则 kubelet 会重新启动 Init 容器。Always:只要容器终止就自动重启容器。OnFailure:只有在容器错误退出(退出状态非零)时才重新启动容器。Never:不会自动重启已终止的容器。
混合使用
[root@master pod]# cat readinessProbe-3.yaml apiVersion: v1 kind: Pod metadata: name: lrso labels: app: exec-1 spec: containers: - name: liveness image: nginx imagePullPolicy: IfNotPresent ports: - name: web containerPort: 80 readinessProbe: initialDelaySeconds: 10 exec: command: - /bin/sh - "-c" - "ls /usr/share/nginx/html/index.html" successThreshold: 1 periodSeconds: 3 livenessProbe: initialDelaySeconds: 15 httpGet: port: web path: /index.html startupProbe: httpGet: path: /index.html port: web failureThreshold: 3 # 失败的次数 periodSeconds: 10 # 探测间隔 --- apiVersion: v1 kind: Service metadata: name: riodseconds-exec-1 spec: selector: app: exec-1 ports: - name: web protocol: TCP targetPort: web port: 80 [root@master pod]# kubectl apply -f readinessProbe-3.yaml ; kubectl get po -w pod/lrso created service/riodseconds-exec-1 created NAME READY STATUS RESTARTS AGE liveness-1 1/1 Running 0 20h liveness-3 1/1 Running 0 19h lrso 0/1 ContainerCreating 0 1s periodseconds-1 1/1 Running 0 19h periodseconds-2 1/1 Running 0 16h pod-test-1 1/1 Running 0 22h pod-test-2 1/1 Running 0 22h pod-test-cx 1/1 Running 1 (35h ago) 4d21h stat-1 1/1 Running 0 12h stat-2 1/1 Running 0 35m stat-3 1/1 Running 0 30m lrso 0/1 ContainerCreating 0 1s lrso 0/1 Running 0 2s lrso 0/1 Running 0 11s lrso 1/1 Running 0 11s - 如果
草都可以从石头缝隙中长出来更可况你呢
