Kubernetes livenessProbe(health-check)

pod 생애 주기 단계

※ terminating은 pod 생애 주기에 포함되지 않음

• pending
  클러스터 승인은 되었으나, 하나 이상의 컨테이너가 설정되지 않았고 아직 실행할 준비가 안된 상태
  파드가 스케줄되기 이전까지의 시간뿐만 아니라 컨테이너 이미지를 다운로드하는 시간도 포함
• running
  노드에 파드가 배치되었고, 컨테이너가 생성되고 구동까지 된 상태
  적어도 하나의 컨테이너가 아직 실행 중이거나, 시작 또는 재시작 상태
• succeeded
  파드의 컨테이너들이 성공적으로 종료된 상태
• failed
  파드의 컨테이너 중 적어도 하나의 컨테이너가 실패로 종료된 상태
• unknown
  파드 상태를 확인할 수 없는 상태이며, 노드와 통신 오류로 인해 발생

[root@master ~]# kubectl get pod -o wide --watch
NAME   READY   STATUS    RESTARTS   AGE   IP       NODE     NOMINATED NODE   READINESS GATES
web3   0/1     Pending   0          0s    <none>   <none>   <none>           <none>
web3   0/1     Pending   0          0s    <none>   node2    <none>           <none>
web3   0/1     ContainerCreating   0          0s    <none>   node2    <none>           <none>
web3   0/1     ContainerCreating   0          0s    <none>   node2    <none>           <none>
web3   1/1     Running             0          3s    10.233.75.8   node2    <none>           <none>
web3   1/1     Terminating         0          91s   10.233.75.8   node2    <none>           <none>
web3   1/1     Terminating         0          91s   10.233.75.8   node2    <none>           <none>
web3   0/1     Terminating         0          91s   <none>        node2    <none>           <none>
web3   0/1     Terminating         0          92s   10.233.75.8   node2    <none>           <none>
web3   0/1     Terminating         0          92s   10.233.75.8   node2    <none>           <none>
web3   0/1     Terminating         0          92s   10.233.75.8   node2    <none>           <none>

컨테이너 상태

waiting : 컨테이너가 구동하기 위해 필요한 작업을 실행하고 있는 상태
running : 컨테이너가 구동 중인 상태
terminated : 컨테이너가 종료된 상태

liveness probe를 이용한 파드 실행 health-check(self-healing)

1. pod 내 container로 http get 요청을 통해 container의 health check
2. tcpSocket 80과 연결을 통해 health check
3. exec command를 통해 health check (웹서버가 아닌 경우 사용)

[root@master ~/kube/06/livenessProbe]# vi nginx-liveness-pod.yaml
[root@master ~/kube/06/livenessProbe]# cat nginx-liveness-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: nginx-liveness-pod
spec:
  containers:
  - name: nginx-container
    image: nginx
    ports:
    - containerPort: 80
      protocol: TCP
    livenessProbe:
      httpGet:
        path: /
        port: 80
[root@master ~/kube/06/livenessProbe]# kubectl apply -f nginx-liveness-pod.yaml
pod/nginx-liveness-pod created
[root@master ~/kube/06/livenessProbe]# kubectl describe pod nginx-liveness-pod
Name:             nginx-liveness-pod
Namespace:        default
Priority:         0
Service Account:  default
Node:             node2/192.168.2.62
Start Time:       Sat, 08 Mar 2025 16:50:06 +0900
Labels:           <none>
Annotations:      cni.projectcalico.org/containerID: 0ac2c38f44d84950abf9e8a46911944cd3fb4dbb92b36cfd6783ff61b1397243
                  cni.projectcalico.org/podIP: 10.233.75.9/32
                  cni.projectcalico.org/podIPs: 10.233.75.9/32
Status:           Running
IP:               10.233.75.9
IPs:
  IP:  10.233.75.9
Containers:
  nginx-container:
    Container ID:   docker://a2cd09dab94e8e24f015b8893c3dbad00d164797d491672ffd546f305fec6841
    Image:          nginx
    Image ID:       docker-pullable://nginx@sha256:9d6b58feebd2dbd3c56ab5853333d627cc6e281011cfd6050fa4bcf2072c9496
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Sat, 08 Mar 2025 16:50:09 +0900
    Ready:          True
    Restart Count:  0
    Liveness:       http-get http://:80/ delay=0s timeout=1s period=10s #success=1 #failure=3
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-8m88p (ro)

[root@master ~/kube/06/livenessProbe]# kubectl logs nginx-liveness-pod -f
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2025/03/08 07:50:09 [notice] 1#1: using the "epoll" event method
2025/03/08 07:50:09 [notice] 1#1: nginx/1.27.4
2025/03/08 07:50:09 [notice] 1#1: built by gcc 12.2.0 (Debian 12.2.0-14)
2025/03/08 07:50:09 [notice] 1#1: OS: Linux 5.14.0-452.el9.x86_64
2025/03/08 07:50:09 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1073741816:1073741816
2025/03/08 07:50:09 [notice] 1#1: start worker processes
2025/03/08 07:50:09 [notice] 1#1: start worker process 29
2025/03/08 07:50:09 [notice] 1#1: start worker process 30
2025/03/08 07:50:09 [notice] 1#1: start worker process 31
2025/03/08 07:50:09 [notice] 1#1: start worker process 32
192.168.2.62 - - [08/Mar/2025:07:50:16 +0000] "GET / HTTP/1.1" 200 615 "-" "kube-probe/1.27" "-"
192.168.2.62 - - [08/Mar/2025:07:50:26 +0000] "GET / HTTP/1.1" 200 615 "-" "kube-probe/1.27" "-"
192.168.2.62 - - [08/Mar/2025:07:50:36 +0000] "GET / HTTP/1.1" 200 615 "-" "kube-probe/1.27" "-"
192.168.2.62 - - [08/Mar/2025:07:50:46 +0000] "GET / HTTP/1.1" 200 615 "-" "kube-probe/1.27" "-"
192.168.2.62 - - [08/Mar/2025:07:50:56 +0000] "GET / HTTP/1.1" 200 615 "-" "kube-probe/1.27" "-"
192.168.2.62 - - [08/Mar/2025:07:51:06 +0000] "GET / HTTP/1.1" 200 615 "-" "kube-probe/1.27" "-"
192.168.2.62 - - [08/Mar/2025:07:51:16 +0000] "GET / HTTP/1.1" 200 615 "-" "kube-probe/1.27" "-"
192.168.2.62 - - [08/Mar/2025:07:51:26 +0000] "GET / HTTP/1.1" 200 615 "-" "kube-probe/1.27" "-"

실습 :: unhealthy-liveness-pod

[root@master ~/kube/06/unhealthy-liveness]# vi unhealty-liveness-pod.yaml
[root@master ~/kube/06/unhealthy-liveness]# cat unhealty-liveness-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: unhealthy-liveness-pod

spec:
  containers:
  - name: unhealthy-container
    image: smlinux/unhealthy
    ports:
    - containerPort: 8080
      protocol: TCP
    livenessProbe:
      httpGet:
        path: /
        port: 8080
[root@master ~/kube/06/unhealthy-liveness]# kubectl apply -f unhealty-liveness-pod.yaml
pod/unhealthy-liveness-pod created
[root@master ~/kube/06/unhealthy-liveness]# kubectl describe pod unhealthy-liveness-pod
	···
Events:
  Type     Reason     Age                  From               Message
  ----     ------     ----                 ----               -------
  Normal   Scheduled  2m39s                default-scheduler  Successfully assigned default/unhealthy-liveness-pod to node2
  Normal   Pulled     2m36s                kubelet            Successfully pulled image "smlinux/unhealthy" in 2.366386176s (2.366391779s including waiting)
  Warning  Unhealthy  78s (x3 over 98s)    kubelet            Liveness probe failed: HTTP probe failed with statuscode: 500
  Normal   Killing    78s                  kubelet            Container unhealthy-container failed liveness probe, will be restarted
  Normal   Pulling    48s (x2 over 2m38s)  kubelet            Pulling image "smlinux/unhealthy"
  Normal   Created    46s (x2 over 2m36s)  kubelet            Created container unhealthy-container
  Normal   Started    46s (x2 over 2m36s)  kubelet            Started container unhealthy-container
  Normal   Pulled     46s                  kubelet            Successfully pulled image "smlinux/unhealthy" in 2.209982226s (2.210003245s including waiting)
[root@master ~/kube/06/unhealthy-liveness]# kubectl get pod unhealthy-liveness-pod
NAME                     READY   STATUS    RESTARTS      AGE
unhealthy-liveness-pod   1/1     Running   1 (88s ago)   3m19s