廊坊做网站的电话,seo研究中心vip课程,代做毕设网站,微信小程序免费模板直接套用了解k8s中的Liveness和Readiness
Liveness: 表明是否容器正在运行。如果liveness探测为fail#xff0c;则kubelet会kill掉容器#xff0c;并且会触发restart设置的策略。默认不设置的情况下#xff0c;该状态为success. Readiness: 表明容器是否可以接受服务请求。如果re…了解k8s中的Liveness和Readiness
Liveness: 表明是否容器正在运行。如果liveness探测为fail则kubelet会kill掉容器并且会触发restart设置的策略。默认不设置的情况下该状态为success. Readiness: 表明容器是否可以接受服务请求。如果readiness探测失败则endpoints控制器会从endpoints中摘除该Pod IP。在初始化延迟探测时间之前默认是Failure。如果没有设置readiness探测该状态为success。
代码分析
基于Kubernetes 1.11.0
1.启动探测
在kubelet启动是时候会启动健康检查的探测 kubelet.go中Run方法
...
kl.probeManager.Start() //启动探测服务
...
2.看一下probeManager都做了哪些事情
prober_manager.go中我们看一下这段代码
// Manager manages pod probing. It creates a probe worker for every container that specifies a
// probe (AddPod). The worker periodically probes its assigned container and caches the results. The
// manager use the cached probe results to set the appropriate Ready state in the PodStatus when
// requested (UpdatePodStatus). Updating probe parameters is not currently supported.
// TODO: Move liveness probing out of the runtime, to here.
type Manager interface {// AddPod creates new probe workers for every container probe. This should be called for every// pod created.AddPod(pod *v1.Pod)// RemovePod handles cleaning up the removed pod state, including terminating probe workers and// deleting cached results.RemovePod(pod *v1.Pod)// CleanupPods handles cleaning up pods which should no longer be running.// It takes a list of active pods which should not be cleaned up.CleanupPods(activePods []*v1.Pod)// UpdatePodStatus modifies the given PodStatus with the appropriate Ready state for each// container based on container running status, cached probe results and worker states.UpdatePodStatus(types.UID, *v1.PodStatus)// Start starts the Manager sync loops.Start()
}
这是一个Manager的接口声明该Manager负载pod的探测。当执行AddPod时会为Pod中每一个容器创建一个执行探测任务的worker, 该worker会对所分配的容器进行周期性的探测并把探测结果缓存。当UpdatePodStatus方法执行时该manager会使用探测的缓存结果设置PodStatus为近似Ready的状态
3.一“探”究竟
先看一下探测的struct
type Probe struct {// The action taken to determine the health of a containerHandler json:,inline protobuf:bytes,1,opt,namehandler// Number of seconds after the container has started before liveness probes are initiated.// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes// optionalInitialDelaySeconds int32 json:initialDelaySeconds,omitempty protobuf:varint,2,opt,nameinitialDelaySeconds// Number of seconds after which the probe times out.// Defaults to 1 second. Minimum value is 1.// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes// optionalTimeoutSeconds int32 json:timeoutSeconds,omitempty protobuf:varint,3,opt,nametimeoutSeconds// How often (in seconds) to perform the probe.// Default to 10 seconds. Minimum value is 1.// optionalPeriodSeconds int32 json:periodSeconds,omitempty protobuf:varint,4,opt,nameperiodSeconds// Minimum consecutive successes for the probe to be considered successful after having failed.// Defaults to 1. Must be 1 for liveness. Minimum value is 1.// optionalSuccessThreshold int32 json:successThreshold,omitempty protobuf:varint,5,opt,namesuccessThreshold// Minimum consecutive failures for the probe to be considered failed after having succeeded.// Defaults to 3. Minimum value is 1.// optionalFailureThreshold int32 json:failureThreshold,omitempty protobuf:varint,6,opt,namefailureThreshold
}
initialDelaySeconds: 表示容器启动之后延迟多久进行liveness探测 timeoutSeconds每次执行探测的超时时间 periodSeconds探测的周期时间 successThreshold最少连续几次探测成功的次数满足该次数则认为success。 failureThreshold最少连续几次探测失败的次数满足该次数则认为fail
Handler: 不论是liveness还是readiness都支持3种类型的探测方式执行命令、http方式以及tcp方式。
// Handler defines a specific action that should be taken
// TODO: pass structured data to these actions, and document that data here.
type Handler struct {// One and only one of the following should be specified.// Exec specifies the action to take.// optionalExec *ExecAction json:exec,omitempty protobuf:bytes,1,opt,nameexec// HTTPGet specifies the http request to perform.// optionalHTTPGet *HTTPGetAction json:httpGet,omitempty protobuf:bytes,2,opt,namehttpGet// TCPSocket specifies an action involving a TCP port.// TCP hooks not yet supported// TODO: implement a realistic TCP lifecycle hook// optionalTCPSocket *TCPSocketAction json:tcpSocket,omitempty protobuf:bytes,3,opt,nametcpSocket
}
接下来看一下prober.go中的runProbe方法。
func (pb *prober) runProbe(probeType probeType, p *v1.Probe, pod *v1.Pod, status v1.PodStatus, container v1.Container, containerID kubecontainer.ContainerID) (probe.Result, string, error) {timeout : time.Duration(p.TimeoutSeconds) * time.Secondif p.Exec ! nil {glog.V(4).Infof(Exec-Probe Pod: %v, Container: %v, Command: %v, pod, container, p.Exec.Command)command : kubecontainer.ExpandContainerCommandOnlyStatic(p.Exec.Command, container.Env)return pb.exec.Probe(pb.newExecInContainer(container, containerID, command, timeout))}if p.HTTPGet ! nil {scheme : strings.ToLower(string(p.HTTPGet.Scheme))host : p.HTTPGet.Hostif host {host status.PodIP}port, err : extractPort(p.HTTPGet.Port, container)if err ! nil {return probe.Unknown, , err}path : p.HTTPGet.Pathglog.V(4).Infof(HTTP-Probe Host: %v://%v, Port: %v, Path: %v, scheme, host, port, path)url : formatURL(scheme, host, port, path)headers : buildHeader(p.HTTPGet.HTTPHeaders)glog.V(4).Infof(HTTP-Probe Headers: %v, headers)if probeType liveness {return pb.livenessHttp.Probe(url, headers, timeout)} else { // readinessreturn pb.readinessHttp.Probe(url, headers, timeout)}}if p.TCPSocket ! nil {port, err : extractPort(p.TCPSocket.Port, container)if err ! nil {return probe.Unknown, , err}host : p.TCPSocket.Hostif host {host status.PodIP}glog.V(4).Infof(TCP-Probe Host: %v, Port: %v, Timeout: %v, host, port, timeout)return pb.tcp.Probe(host, port, timeout)}glog.Warningf(Failed to find probe builder for container: %v, container)return probe.Unknown, , fmt.Errorf(Missing probe handler for %s:%s, format.Pod(pod), container.Name)
}
1.执行命令方式 通过newExecInContainer方法调用CRI执行命令
// ExecAction describes a run in container action.
type ExecAction struct {// Command is the command line to execute inside the container, the working directory for the// command is root (/) in the containers filesystem. The command is simply execd, it is// not run inside a shell, so traditional shell instructions (|, etc) wont work. To use// a shell, you need to explicitly call out to that shell.// Exit status of 0 is treated as live/healthy and non-zero is unhealthy.// optionalCommand []string json:command,omitempty protobuf:bytes,1,rep,namecommand
}
2.http GET方式 通过http GET方式进行探测。 Port表示访问容器的端口 Host表示访问的主机默认是Pod IP
// HTTPGetAction describes an action based on HTTP Get requests.
type HTTPGetAction struct {// Path to access on the HTTP server.// optionalPath string json:path,omitempty protobuf:bytes,1,opt,namepath// Name or number of the port to access on the container.// Number must be in the range 1 to 65535.// Name must be an IANA_SVC_NAME.Port intstr.IntOrString json:port protobuf:bytes,2,opt,nameport// Host name to connect to, defaults to the pod IP. You probably want to set// Host in httpHeaders instead.// optionalHost string json:host,omitempty protobuf:bytes,3,opt,namehost// Scheme to use for connecting to the host.// Defaults to HTTP.// optionalScheme URIScheme json:scheme,omitempty protobuf:bytes,4,opt,namescheme,casttypeURIScheme// Custom headers to set in the request. HTTP allows repeated headers.// optionalHTTPHeaders []HTTPHeader json:httpHeaders,omitempty protobuf:bytes,5,rep,namehttpHeaders
}
3.tcp方式 通过设置主机和端口即可进行tcp方式访问
// TCPSocketAction describes an action based on opening a socket
type TCPSocketAction struct {// Number or name of the port to access on the container.// Number must be in the range 1 to 65535.// Name must be an IANA_SVC_NAME.Port intstr.IntOrString json:port protobuf:bytes,1,opt,nameport// Optional: Host name to connect to, defaults to the pod IP.// optionalHost string json:host,omitempty protobuf:bytes,2,opt,namehost
}
此处脑洞一下如果三种探测方式都设置了会如何执行处理
思考
通过k8s部署生产环境应用时建议设置上liveness和readiness, 这也是保障服务稳定性的最佳实践。 另外由于Pod Ready不能保证实际的业务应用Ready可用在最新的 1.14 版本中新增了一个Pod Readiness Gates 特性 。通过这个特性可以保证应用Ready后进而设置Pod Ready。
结尾
针对上面的脑洞如果三种探测方式都设置了会如何执行处理 答我们如果在Pod中设置多个探测方式提交配置的时候会直接报错 此处继续源代码在validation.go中validateHandler中进行了限制(也为上面Handler struct提到的One and only one of the following should be specified.提供了事实依据) func validateHandler(handler *core.Handler, fldPath *field.Path) field.ErrorList {numHandlers : 0allErrors : field.ErrorList{}if handler.Exec ! nil {if numHandlers 0 {allErrors append(allErrors, field.Forbidden(fldPath.Child(exec), may not specify more than 1 handler type))} else {numHandlersallErrors append(allErrors, validateExecAction(handler.Exec, fldPath.Child(exec))...)}}if handler.HTTPGet ! nil {if numHandlers 0 {allErrors append(allErrors, field.Forbidden(fldPath.Child(httpGet), may not specify more than 1 handler type))} else {numHandlersallErrors append(allErrors, validateHTTPGetAction(handler.HTTPGet, fldPath.Child(httpGet))...)}}if handler.TCPSocket ! nil {if numHandlers 0 {allErrors append(allErrors, field.Forbidden(fldPath.Child(tcpSocket), may not specify more than 1 handler type))} else {numHandlersallErrors append(allErrors, validateTCPSocketAction(handler.TCPSocket, fldPath.Child(tcpSocket))...)}}if numHandlers 0 {allErrors append(allErrors, field.Required(fldPath, must specify a handler type))}return allErrors
}
原文链接 本文为云栖社区原创内容未经允许不得转载。
