一、容器探測器

　　1、所謂的容器探測無非就是我們在裡面設定了一些探針，或者稱之為感測器來獲取相應的資料作為判定其存活與否或就緒與否的標準，目前k8s所支援的存活性和就緒性探測方式都是一樣的。

　　2、k8s的探針型別有三種

　　　　1、ExecAction

　　　　2、TCPSocketAction：TCPSocket探針

　　　　3、HTTPGetAction ： 如果對方是http服務那麼直接向對方發http的get請求就可以了

　　3、相應欄位在 pods.spec.containers 之上

　　　　a、livenessProbe <Object>

[root@k8smaster ~]# kubectl explain  pods.spec.containers.livenessProbe
KIND:     Pod
VERSION:  v1

RESOURCE: livenessProbe <Object>

DESCRIPTION:
     Periodic probe of container liveness. Container will be restarted if the
     probe fails. Cannot be updated. More info:
     https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

     Probe describes a health check to be performed against a container to
     determine whether it is alive or ready to receive traffic.

FIELDS:
   exec
 
    <Object> #探針
     One and only one of the following should be specified. Exec specifies the
     action to take.

   failureThreshold    <integer> #探測幾次都失敗才定義失敗，預設為3，最小值為1
     Minimum consecutive failures for the probe to be considered failed after
     having succeeded. Defaults to 3. Minimum value is 1.

   httpGet
 
    <Object>
     HTTPGet specifies the http request to perform.

   initialDelaySeconds    <integer> #不可能主程式啟動以後立即對其做探測，因為有可能還沒有初始化完成，因此我們要稍微等一點時間再探測，因此其意思為初始化後的延遲探測時間，不定義預設為容器一啟動就開始探測。
     Number of seconds after the container has started before liveness probes
     are initiated. More info:
     https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

   periodSeconds    <integer> #預設每10秒鐘探測一次
 

     How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
     value is 1.

   successThreshold    <integer>
     Minimum consecutive successes for the probe to be considered successful
     after having failed. Defaults to 1. Must be 1 for liveness. Minimum value
     is 1.

   tcpSocket    <Object>
     TCPSocket specifies an action involving a TCP port. TCP hooks not yet
     supported

   timeoutSeconds    <integer> #探測超時時長，默認為1秒
     Number of seconds after which the probe times out. Defaults to 1 second.
     Minimum value is 1. More info:
     https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

　　　　b、readinessProbe <Object> 就緒性探測

　　　　c、lifecycle <Object> #生命週期，定義啟動後和終止前鉤子的

　　4、exec指標探測

[root@k8smaster ~]# kubectl explain  pods.spec.containers.livenessProbe.exec
KIND:     Pod
VERSION:  v1

RESOURCE: exec <Object>

DESCRIPTION:
     One and only one of the following should be specified. Exec specifies the
     action to take.

     ExecAction describes a "run in container" action.

FIELDS:
   command    <[]string>  #執行命令以後來探測其是否執行成功了，如果這個命令的返回值是成功表示存活，若返回值狀態碼是不成功表示不存活。
     Command is the command line to execute inside the container, the working
     directory for the command is root ('/') in the container's filesystem. The
     command is simply exec'd, it is not run inside a shell, so traditional
     shell instructions ('|', etc) won't work. To use a shell, you need to
     explicitly call out to that shell. Exit status of 0 is treated as
     live/healthy and non-zero is unhealthy.

[root@k8smaster manifests]# ls
liveness-exec.yaml  pod-demo.yaml
# 建立一個pod檔案
[root@k8smaster manifests]# cat liveness-exec.yaml 
apiVersion: v1
kind: Pod
metadata: 
  name: liveness-exec-pod
  namespace: default
spec:
  containers:
  - name: liveness-exec-container
    image: busybox:latest
    imagePullPolicy: IfNotPresent
    command: ["/bin/sh","-c","touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 3600"]
    livenessProbe: # 存活探針的定義
      exec:
        command: ["test","-e","/tmp/healthy"] #判斷此檔案是否存在
      initialDelaySeconds: 1 #容器啟動後等待1秒開始探測
      periodSeconds: 3 #每隔3秒探測一次
  restartPolicy: Always # 重啟
[root@k8smaster manifests]# kubectl get pods
NAME                          READY     STATUS    RESTARTS   AGE
liveness-exec-pod             1/1       Running   6          9m
myapp-848b5b879b-5k4s4        1/1       Running   0          4d
myapp-848b5b879b-bzblz        1/1       Running   0          4d
myapp-848b5b879b-hzbf5        1/1       Running   0          4d
nginx-deploy-5b595999-d9lv5   1/1       Running   0          4d
pod-demo                      2/2       Running   3          5h
[root@k8smaster manifests]# kubectl describe pod liveness-exec-pod  #具體的資訊
Name:               liveness-exec-pod
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               k8snode2/192.168.10.12
Start Time:         Thu, 09 May 2019 19:59:15 +0800
Labels:             <none>
Annotations:        <none>
Status:             Running
IP:                 10.244.2.17
Containers:
  liveness-exec-container:
    Container ID:  docker://37b9faa3b66df5f74ce43943e20d414a6e0498b261b65e11e7c89ab26c633109
    Image:         busybox:latest
    Image ID:      docker-pullable://busybox@sha256:4b6ad3a68d34da29bf7c8ccb5d355ba8b4babcad1f99798204e7abb43e54ee3d
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/sh
      -c
      touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 3600
    State:          Running
      Started:      Thu, 09 May 2019 20:07:42 +0800
    Last State:     Terminated
      Reason:       Error
      Exit Code:    137
      Started:      Thu, 09 May 2019 20:05:00 +0800
      Finished:     Thu, 09 May 2019 20:06:09 +0800
    Ready:          True
    Restart Count:  6
    Liveness:       exec [test -e /tmp/healthy] delay=1s timeout=1s period=3s #success=1 #failure=3
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-jvtl7 (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  default-token-jvtl7:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-jvtl7
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason     Age               From               Message
  ----     ------     ----              ----               -------
  Normal   Pulled     4d (x4 over 4d)   kubelet, k8snode2  Container image "busybox:latest" already present on machine
  Normal   Created    4d (x4 over 4d)   kubelet, k8snode2  Created container
  Normal   Started    4d (x4 over 4d)   kubelet, k8snode2  Started container
  Normal   Killing    4d (x3 over 4d)   kubelet, k8snode2  Killing container with id docker://liveness-exec-container:Container failed liveness probe.. Container will be killed and recreate
d.  Warning  Unhealthy  4d (x13 over 4d)  kubelet, k8snode2  Liveness probe failed:
  Normal   Scheduled  9m                default-scheduler  Successfully assigned default/liveness-exec-pod to k8snode2

　　5、基於tcpSocket探測

[root@k8smaster manifests]#  kubectl explain  pods.spec.containers.livenessProbe.tcpSocket
KIND:     Pod
VERSION:  v1

RESOURCE: tcpSocket <Object>

DESCRIPTION:
     TCPSocket specifies an action involving a TCP port. TCP hooks not yet
     supported

     TCPSocketAction describes an action based on opening a socket

FIELDS:
   host    <string> #基於主機，預設為pod自己的IP地址
     Optional: Host name to connect to, defaults to the pod IP.

   port    <string> -required- #基於埠
     Number or name of the port to access on the container. Number must be in
     the range 1 to 65535. Name must be an IANA_SVC_NAME.

　　6、httpGet探測

[root@k8smaster manifests]#  kubectl explain  pods.spec.containers.livenessProbe.httpGet
KIND:     Pod
VERSION:  v1

RESOURCE: httpGet <Object>

DESCRIPTION:
     HTTPGet specifies the http request to perform.

     HTTPGetAction describes an action based on HTTP Get requests.

FIELDS:
   host    <string>
     Host name to connect to, defaults to the pod IP. You probably want to set
     "Host" in httpHeaders instead.

   httpHeaders    <[]Object>
     Custom headers to set in the request. HTTP allows repeated headers.

   path    <string> #指定地址指定埠的url傳送請求，如果響應碼為200則ok
     Path to access on the HTTP server.

   port    <string> -required- #可以直接引用service的名稱而不用埠號
     Name or number of the port to access on the container. Number must be in
     the range 1 to 65535. Name must be an IANA_SVC_NAME.

   scheme    <string>
     Scheme to use for connecting to the host. Defaults to HTTP.

　　　　案例如下

[root@k8smaster manifests]# cat liveness-httpget.yaml 
apiVersion: v1
kind: Pod
metadata: 
  name: liveness-httpget-pod
  namespace: default
spec:
  containers:
  - name: liveness-httpget-container
    image: ikubernetes/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    livenessProbe:
      httpGet:
        port: http #也可以使用80
        path: /index.html
      initialDelaySeconds: 1 #容器啟動後等待1秒開始探測
      periodSeconds: 3 #每隔3秒探測一次
  restartPolicy: Always

　　7、就緒性探測，其與service排程有著重要的關聯性。如果不做就緒性探測那麼pod剛建立就立即被關聯到service後端物件中，此時pod如果未就緒將造成服務無法被訪問，因此幾乎只要使用pod就必須做readinessProbe（就緒性檢測）。

　　　　其檢測方式和探針與liveness一樣，只是目標不一樣，livenessProbe只是為了判斷存活與否，而readinessProbe則是用來判斷它就緒與否。因此只是探測命令可能會不一樣。

[root@k8smaster manifests]# cat readiness-httpget.yaml 
apiVersion: v1
kind: Pod
metadata: 
  name: readiness-httpget-pod
  namespace: default
spec:
  containers:
  - name: readiness-httpget-container
    image: ikubernetes/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    readinessProbe:
      httpGet:
        port: http #也可以使用80
        path: /index.html
      initialDelaySeconds: 1 #容器啟動後等待1秒開始探測
      periodSeconds: 3 #每隔3秒探測一次
  restartPolicy: Always

[root@k8smaster manifests]# kubectl create -f readiness-httpget.yaml 
pod/readiness-httpget-pod created
[root@k8smaster manifests]# kubectl get pods
NAME                          READY     STATUS    RESTARTS   AGE
liveness-httpget-pod          1/1       Running   1          32m
myapp-848b5b879b-5k4s4        1/1       Running   0          4d
myapp-848b5b879b-bzblz        1/1       Running   0          4d
myapp-848b5b879b-hzbf5        1/1       Running   0          4d
nginx-deploy-5b595999-d9lv5   1/1       Running   0          5d
pod-demo                      2/2       Running   4          6h
readiness-httpget-pod         1/1       Running   0          6s
[root@k8smaster manifests]# kubectl describe pod readiness-httpget-pod
Name:               readiness-httpget-pod
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               k8snode2/192.168.10.12
Start Time:         Thu, 09 May 2019 21:02:50 +0800
Labels:             <none>
Annotations:        <none>
Status:             Running
IP:                 10.244.2.19
Containers:
  readiness-httpget-container:
    Container ID:   docker://2972a892e1c91c2cfa6168f5729cbf1dae02e079f5bd1e8dc370e2ed56dcbf61
    Image:          ikubernetes/myapp:v1
    Image ID:       docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Thu, 09 May 2019 21:02:51 +0800
    Ready:          True
    Restart Count:  0
    Readiness:      http-get http://:http/index.html delay=1s timeout=1s period=3s #success=1 #failure=3
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-jvtl7 (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  default-token-jvtl7:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-jvtl7
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Pulled     4d    kubelet, k8snode2  Container image "ikubernetes/myapp:v1" already present on machine
  Normal  Created    4d    kubelet, k8snode2  Created container
  Normal  Started    4d    kubelet, k8snode2  Started container
  Normal  Scheduled  23s   default-scheduler  Successfully assigned default/readiness-httpget-pod to k8snode2

#進入容器刪除index.html發現不再ready
[root@k8smaster manifests]# kubectl get pods
NAME                          READY     STATUS    RESTARTS   AGE
liveness-httpget-pod          1/1       Running   1          34m
myapp-848b5b879b-5k4s4        1/1       Running   0          4d
myapp-848b5b879b-bzblz        1/1       Running   0          4d
myapp-848b5b879b-hzbf5        1/1       Running   0          4d
nginx-deploy-5b595999-d9lv5   1/1       Running   0          5d
pod-demo                      2/2       Running   4          6h
readiness-httpget-pod         0/1       Running   0          2m

　　8、lifecycle <Object> #生命週期，定義啟動後和終止前鉤子的

[root@k8smaster manifests]# kubectl explain  pods.spec.containers.lifecycle
KIND:     Pod
VERSION:  v1

RESOURCE: lifecycle <Object>

DESCRIPTION:
     Actions that the management system should take in response to container
     lifecycle events. Cannot be updated.

     Lifecycle describes actions that the management system should take in
     response to container lifecycle events. For the PostStart and PreStop
     lifecycle handlers, management of the container blocks until the action is
     complete, unless the container process fails, in which case the handler is
     aborted.

FIELDS:
   postStart    <Object> #容器啟動後立即執行的操作
     PostStart is called immediately after a container is created. If the
     handler fails, the container is terminated and restarted according to its
     restart policy. Other management of the container blocks until the hook
     completes. More info:
     https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

   preStop    <Object> #容器終止前執行的操作
     PreStop is called immediately before a container is terminated. The
     container is terminated after the handler completes. The reason for
     termination is passed to the handler. Regardless of the outcome of the
     handler, the container is eventually terminated. Other management of the
     container blocks until the hook completes. More info:
     https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

　　　　a、postStart ，預設會在容器的command命令執行完後再 執行其定義的命令。

[root@k8smaster manifests]# more poststart-pod.yaml 
apiVersion: v1
kind: Pod
metadata:
    name: poststart-pod
    namespace: default
spec:
    containers:
    - name: busybox-pod
      image: busybox:latest
      imagePullPolicy: IfNotPresent
      lifecycle:
        postStart:
          exec:
            command: ["mkdir","-p","/data/web/html"]
      command: ["/bin/sh","-c"] #預設此命令+args執行完才會執行上面的postStart.exec.command中的命令
      args: ["sleep 3600"]
[root@k8smaster manifests]# kubectl exec -it  poststart-pod /bin/sh
/ # ls /data/web/html/
/ # exit
[root@k8smaster manifests]# kubectl get pods
NAME                          READY     STATUS    RESTARTS   AGE
liveness-httpget-pod          1/1       Running   1          1h
myapp-848b5b879b-5k4s4        1/1       Running   0          4d
myapp-848b5b879b-bzblz        1/1       Running   0          4d
myapp-848b5b879b-hzbf5        1/1       Running   0          4d
nginx-deploy-5b595999-d9lv5   1/1       Running   0          5d
pod-demo                      2/2       Running   5          7h
poststart-pod                 1/1       Running   0          1m
readiness-httpget-pod         1/1       Running   0          58m

　　　　b、preStop ，和postStart類似

更新映象得策略

[root@laso-master-01 ]# kubectl explain  pods.spec.containers.imagePullPolicy
KIND:     Pod
VERSION:  v1

FIELD:    imagePullPolicy <string>

DESCRIPTION:
     Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
     if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
     More info:
     https://kubernetes.io/docs/concepts/containers/images#updating-images

IfNotPresent僅當本地不存在影象時才會拉取影象。

Always每次 kubelet 啟動容器時，kubelet 都會查詢容器映象登錄檔以將名稱解析為映象。如果 kubelet 有一個在本地快取了精確摘要的容器映象，則 kubelet 使用其快取的映象；否則，kubelet 會使用解析後的摘要提取影象，並使用該影象啟動容器。

Neverkubelet 不會嘗試獲取影象。如果映象已經以某種方式存在於本地，kubelet 會嘗試啟動容器；否則，啟動失敗。