4.6.2 设置 HTTP 探针
基于 HTTP 的探测(HTTPGatAction)向目标容器发起一个HTTP请求,根据其相应码进行结果判定,响应码形如 2xx 或 3xx 时表示检测通过。“spec.containers.liveness.Probe.httpGet” 字段用于定义此类检测,它的可用配置字段包括如下几个。
host <string>
:请求的主机地址,默认为 Pod IP;也可以在 httpHeaders 中使用 “Host:” 来定义httpHeaders <[]Object>
:自定义的请求报文首部。path <string>
:请求的 HTTP 资源路径,即 URL path。scheme
:建立连接使用的协议,仅可为 HTTP 或 HTTPS,默认为 HTTP。
下面是一个定义再资源清单文件 liveness-http.yaml 中的示例,它通过 lifecycle 中 postStart hook 创建了一个专用于 httpGet 测试的页面文件 healthz:
apiVersion: v1
kind: Pod
metadata:
labels:
test: liveness
name: liveness-http
spec:
containers:
- name: liveness-http-demo
image: nginx:1.12-alpine
ports:
- name: http
containerPort: 80
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Healthy > /usr/share/nginx/html/healthz"]
livebessProbe:
httpGet:
path: /healthz
port: http
scheme: HTTP
上述清单文件中定义了 httpGet 测试中,请求的资源路径为 “/healthz”,地址默认为 Pod IP,端口使用了容器中定义的端口名称http,这也是明确为容器指明要暴露的端口的用途之一。首先创建此 Pod 对象:
**[terminal]
**[delimiter $ ]**[command kubectl apply -f liveness-http.yaml]
pod/liveness-http created
而后查看其健康状态检测相关信息,健康状态检测正常时,容器也将正常运行:
**[terminal]
**[delimiter $ ]**[command kubectl describe pods liveness-http]
Name: liveness-http
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: kube-node-3.localdomain/192.168.0.116
Start Time: Fri, 06 Dec 2019 12:50:51 +0800
Labels: test=liveness
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"labels":{"test":"liveness"},"name":"liveness-http","namespace":"default"},"s...
Status: Running
IP: 10.244.4.10
Containers:
liveness-http-demo:
Container ID: docker://b621747212dc32244818d389579dadc265332d27d6f850deaea317759016e31b
Image: nginx:1.12-alpine
Image ID: docker-pullable://nginx@sha256:3a7edf11b0448f171df8f4acac8850a55eff30d1d78c46cd65e7bc8260b0be5d
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Fri, 06 Dec 2019 12:50:53 +0800
Ready: True
Restart Count: 0
Liveness: http-get http://:http/healthz delay=0s timeout=1s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-fwfzr (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-fwfzr:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-fwfzr
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 89s default-scheduler Successfully assigned default/liveness-http to kube-node-3.localdomain
Normal Pulling 88s kubelet, kube-node-3.localdomain Pulling image "nginx:1.12-alpine"
Normal Pulled 87s kubelet, kube-node-3.localdomain Successfully pulled image "nginx:1.12-alpine"
Normal Created 87s kubelet, kube-node-3.localdomain Created container liveness-http-demo
Normal Started 87s kubelet, kube-node-3.localdomain Started container liveness-http-demo
接下来借助于 “kubectl exec” 命令删除经由 postStart hook 创建的测试页面 healthz:
**[terminal]
**[delimiter $ ]**[command kubectl exec liveness-http rm /usr/share/nginx/html/healthz]
而后再次使用 “kubectl describe pods liveness-http” 查看其详细的状态信息,事件输出中的信息可以表明探测测试失败,容器被杀掉后进行了重新创建:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 5m27s default-scheduler Successfully assigned default/liveness-http to kube-node-3.localdomain
Normal Pulling 5m26s kubelet, kube-node-3.localdomain Pulling image "nginx:1.12-alpine"
Normal Pulled 5m25s kubelet, kube-node-3.localdomain Successfully pulled image "nginx:1.12-alpine"
Warning Unhealthy 3s (x3 over 23s) kubelet, kube-node-3.localdomain Liveness probe failed: HTTP probe failed with statuscode: 404
Normal Killing 3s kubelet, kube-node-3.localdomain Container liveness-http-demo failed liveness probe, will be restarted
Normal Pulled 3s kubelet, kube-node-3.localdomain Container image "nginx:1.12-alpine" already present on machine
Normal Created 2s (x2 over 5m25s) kubelet, kube-node-3.localdomain Created container liveness-http-demo
Normal Started 2s (x2 over 5m25s) kubelet, kube-node-3.localdomain Started container liveness-http-demo
一般来说,HTTP 类型的探测操作应该针对专用的 URL 路径进行,例如,前面示例中特别为其准备的 “/healthz” 。另外,此 URL 路径对应的 Web 资源应该以轻量化的方式在内部对应用程序的各关键组件进行全面检测以确保它们可正常向客户端提供完整的服务。
需要注意的是,这种检测方式仅对分层架构中的当前一层有效,例如,它能检测应用程序工作正常与否的状态,但重启操作却无法解决其后端服务(如数据库或缓存服务)导致的故障。此时,容器可能会被一次次的重启,直到后端服务恢复正常为止。其它两种检测方式也存在类似的问题。