k8s资产清单（二）

什么是清单

说白了清单是k8s当中用来定义pod的文件，语法格式遵循yaml语法，在yaml当中可以定义控制器类型，元数据，容器端口号等等等....，也可以针对于清单对pod进行删除等操作

为什么学习k8s清单

对于用kubectl命令的方式运行一个或者多个pod会有一定的局限性，比如我们想建立一个自主式pod，不需要任何控制器管理，又或者想定义元数据，一个pod跑多个docker容器，这些操作对于kubectl来说非常麻烦，因此我们应该学会用清单的方式定义pod

pod类型

pod可以分为2种类型:

• 自助式pod：没有任何控制器的管控
• 控制器pod：被控制器管控的pod

我们可以用kubectl get命令输出一个pod的配置清单，自主式pod清单定义格式如下

[root@master ~]# kubectl get pods myapp-7c468db58f-qbqhk -o yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2019-12-08T04:40:44Z"
  generateName: myapp-7c468db58f-
  labels:
    pod-template-hash: 7c468db58f
    run: myapp
  name: myapp-7c468db58f-qbqhk
  namespace: default
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: myapp-7c468db58f
    uid: a1d7c81d-eb84-4a67-8eab-a423dc260b9f
  resourceVersion: ""
  selfLink: /api/v1/namespaces/default/pods/myapp-7c468db58f-qbqhk
  uid: 68fbd5a8-ee86--837b-730d582884b6
spec:
  containers:
  - image: ikubernetes/myapp:v1
    imagePullPolicy: IfNotPresent
    name: myapp
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-lxfzn
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeName: node1
  priority:
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds:
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds:
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds:
  volumes:
  - name: default-token-lxfzn
    secret:
      defaultMode:
      secretName: default-token-lxfzn
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2019-12-08T04:40:44Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2019-12-08T04:40:46Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2019-12-08T04:40:46Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2019-12-08T04:40:44Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://4d5ddbff59f6baf604746728b65ba60e5826fbf602d0ad9aaafd594bda519bb8
    image: ikubernetes/myapp:v1
    imageID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
    lastState: {}
    name: myapp
    ready: true
    restartCount:
    started: true
    state:
      running:
        startedAt: "2019-12-08T04:40:45Z"
  hostIP: 192.168.254.11
  phase: Running
  podIP: 10.244.1.35
  podIPs:
  - ip: 10.244.1.35
  qosClass: BestEffort
  startTime: "2019-12-08T04:40:44Z"

可以看到1级字段当中有apiVersion，kind，metadata，spec，status

apiVersion字段

用来指定api的版本，定义的语法格式为group/version,比如我们要定义deployment控制器，那么我们的apiVersion：apps/v1，如果我们要定义自主式pod，那么需要定义apiVersion：v1，这里要注意的是k8s在不断的迭代更新中，有可能新版本中会更换，如果要获取有哪些apiVersion可以用如下命令

[root@master ~]# kubectl api-versions
admissionregistration.k8s.io/v1
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
autoscaling/v2beta2
batch/v1
batch/v1beta1
certificates.k8s.io/v1beta1
coordination.k8s.io/v1
coordination.k8s.io/v1beta1
events.k8s.io/v1beta1
extensions/v1beta1
networking.k8s.io/v1
networking.k8s.io/v1beta1
node.k8s.io/v1beta1
policy/v1beta1
rbac.authorization.k8s.io/v1
rbac.authorization.k8s.io/v1beta1
scheduling.k8s.io/v1
scheduling.k8s.io/v1beta1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1

kind字段

kind字段主要用于绑定控制器类型，比如：我们想定义一个自助式pod，那么我们就应该定义kind：Pod，如果我们要定义一个deployment控制器管理的pod，那么我们就应该定义kind：Deployment

metadata字段

对于metadata字段为元数据，我们已经知道k8s是通过标签选择器的方式管理pod，因此，在metadata当中最重要的就是标签，我们可以在metadata当中定义名称空间，标签等，我们如果想查看metadata下可以定义哪些元数据可以使用kubectl explain pod.metadata命令来查看，如果想查看metadata子命令下的用法可以继续以点.的方式进行查看，比如：

[root@master ~]# kubectl explain pod.metadata
KIND:     Pod
VERSION:  v1

RESOURCE: metadata <Object>

DESCRIPTION:
     Standard object's metadata. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

     ObjectMeta is metadata that all persisted resources must have, which
     includes all objects users must create.

FIELDS:
   annotations  <map[string]string>
     Annotations is an unstructured key value map stored with a resource that
     may be set by external tools to store and retrieve arbitrary metadata. They
     are not queryable and should be preserved when modifying objects. More
     info: http://kubernetes.io/docs/user-guide/annotations

   clusterName  <string>
     The name of the cluster which the object belongs to. This is used to
     distinguish resources with same name and namespace in different clusters.
     This field is not set anywhere right now and apiserver is going to ignore
     it if set in create or update request.

   creationTimestamp    <string>
     CreationTimestamp is a timestamp representing the server time when this
     object was created. It is not guaranteed to be set in happens-before order
     across separate operations. Clients may not set this value. It is
     represented in RFC3339 form and is in UTC. Populated by the system.
     Read-only. Null for lists. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

   deletionGracePeriodSeconds   <integer>
     Number of seconds allowed for this object to gracefully terminate before it
     will be removed from the system. Only set when deletionTimestamp is also
     set. May only be shortened. Read-only.

   deletionTimestamp    <string>
     DeletionTimestamp is RFC  date and time at which this resource will be
     deleted. This field is set by the server when a graceful deletion is
     requested by the user, and is not directly settable by a client. The
     resource is expected to be deleted (no longer visible from resource lists,
     and not reachable by name) after the time in this field, once the
     finalizers list is empty. As long as the finalizers list contains items,
     deletion is blocked. Once the deletionTimestamp is set, this value may not
     be unset or be set further into the future, although it may be shortened or
     the resource may be deleted prior to this time. For example, a user may
     request that a pod is deleted in  seconds. The Kubelet will react by
     sending a graceful termination signal to the containers in the pod. After
     that  seconds, the Kubelet will send a hard termination signal (SIGKILL)
     to the container and after cleanup, remove the pod from the API. In the
     presence of network partitions, this object may still exist after this
     timestamp, until an administrator or automated process can determine the
     resource is fully terminated. If not set, graceful deletion of the object
     has not been requested. Populated by the system when a graceful deletion is
     requested. Read-only. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

   finalizers   <[]string>
     Must be empty before the object is deleted from the registry. Each entry is
     an identifier for the responsible component that will remove the entry from
     the list. If the deletionTimestamp of the object is non-nil, entries in
     this list can only be removed.

   generateName <string>
     GenerateName is an optional prefix, used by the server, to generate a
     unique name ONLY IF the Name field has not been provided. If this field is
     used, the name returned to the client will be different than the name
     passed. This value will also be combined with a unique suffix. The provided
     value has the same validation rules as the Name field, and may be truncated
     by the length of the suffix required to make the value unique on the
     server. If this field is specified and the generated name exists, the
     server will NOT return a  - instead, it will either return  Created
     or  with Reason ServerTimeout indicating a unique name could not be
     found in the time allotted, and the client should retry (optionally after
     the time indicated in the Retry-After header). Applied only if Name is not
     specified. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

   generation   <integer>
     A sequence number representing a specific generation of the desired state.
     Populated by the system. Read-only.

   labels       <map[string]string>
     Map of string keys and values that can be used to organize and categorize
     (scope and select) objects. May match selectors of replication controllers
     and services. More info: http://kubernetes.io/docs/user-guide/labels

   managedFields        <[]Object>
     ManagedFields maps workflow-id and version to the set of fields that are
     managed by that workflow. This is mostly for internal housekeeping, and
     users typically shouldn't need to set or understand this field. A workflow
     can be the user's name, a controller's name, or the name of a specific
     apply path like "ci-cd". The set of fields is always in the version that
     the workflow used when modifying the object.

   name <string>
     Name must be unique within a namespace. Is required when creating
     resources, although some resources may allow a client to request the
     generation of an appropriate name automatically. Name is primarily intended
     for creation idempotence and configuration definition. Cannot be updated.
     More info: http://kubernetes.io/docs/user-guide/identifiers#names

   namespace    <string>
     Namespace defines the space within each name must be unique. An empty
     namespace is equivalent to the "default" namespace, but "default" is the
     canonical representation. Not all objects are required to be scoped to a
     namespace - the value of this field for those objects will be empty. Must
     be a DNS_LABEL. Cannot be updated. More info:
     http://kubernetes.io/docs/user-guide/namespaces

   ownerReferences      <[]Object>
     List of objects depended by this object. If ALL objects in the list have
     been deleted, this object will be garbage collected. If this object is
     managed by a controller, then an entry in this list will point to this
     controller, with the controller field set to true. There cannot be more
     than one managing controller.

   resourceVersion      <string>
     An opaque value that represents the internal version of this object that
     can be used by clients to determine when objects have changed. May be used
     for optimistic concurrency, change detection, and the watch operation on a
     resource or set of resources. Clients must treat these values as opaque and
     passed unmodified back to the server. They may only be valid for a
     particular resource or set of resources. Populated by the system.
     Read-only. Value must be treated as opaque by clients and . More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

   selfLink     <string>
     SelfLink is a URL representing this object. Populated by the system.
     Read-only. DEPRECATED Kubernetes will stop propagating this field in 1.20
     release and the field is planned to be removed in 1.21 release.

   uid  <string>
     UID is the unique in time and space value for this object. It is typically
     generated by the server on successful creation of a resource and is not
     allowed to change on PUT operations. Populated by the system. Read-only.
     More info: http://kubernetes.io/docs/user-guide/identifiers#uids

labels：标签选择器，labels的值决定service控制器关联pod的重要选项

namespace：名称空间，默认为default名称空间

name：这里是自主式pod名称，如果是控制器pod，这里是控制器名称

annotations：资源注解，这里跟labels很像，都是键值对，但是不同点是，不能用于挑选资源对象，仅用于“元数据”，在特定场景下注解是“必不可少的”，这一点要注意

spec字段

spec字段是非常重要的字段，用来定义期望容器达到的状态，在spec字段当中可以定义多个容器，容器的名称，容器的镜像，拖取容器镜像的方式，暴露的端口号，存储卷，容器个数等。也就是说真正定义pod是在spec字段当中定义的，spec字段当中有哪些字段可以定义如下：

[root@master ~]# kubectl explain pod.spec
KIND:     Pod
VERSION:  v1

RESOURCE: spec <Object>

DESCRIPTION:
     Specification of the desired behavior of the pod. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

     PodSpec is a description of a pod.

FIELDS:
   activeDeadlineSeconds        <integer>
     Optional duration in seconds the pod may be active on the node relative to
     StartTime before the system will actively try to mark it failed and kill
     associated containers. Value must be a positive integer.

   affinity     <Object>
     If specified, the pod's scheduling constraints

   automountServiceAccountToken <boolean>
     AutomountServiceAccountToken indicates whether a service account token
     should be automatically mounted.

   containers   <[]Object> -required-
     List of containers belonging to the pod. Containers cannot currently be
     added or removed. There must be at least one container in a Pod. Cannot be
     updated.

   dnsConfig    <Object>
     Specifies the DNS parameters of a pod. Parameters specified here will be
     merged to the generated DNS configuration based on DNSPolicy.

   dnsPolicy    <string>
     Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are
     'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS
     parameters given in DNSConfig will be merged with the policy selected with
     DNSPolicy. To have DNS options set along with hostNetwork, you have to
     specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

   enableServiceLinks   <boolean>
     EnableServiceLinks indicates whether information about services should be
     injected into pod's environment variables, matching the syntax of Docker
     links. Optional: Defaults to true.

   ephemeralContainers  <[]Object>
     List of ephemeral containers run in this pod. Ephemeral containers may be
     run in an existing pod to perform user-initiated actions such as debugging.
     This list cannot be specified when creating a pod, and it cannot be
     modified by updating the pod spec. In order to add an ephemeral container
     to an existing pod, use the pod's ephemeralcontainers subresource. This
     field is alpha-level and is only honored by servers that enable the
     EphemeralContainers feature.

   hostAliases  <[]Object>
     HostAliases is an optional list of hosts and IPs that will be injected into
     the pod's hosts file if specified. This is only valid for non-hostNetwork
     pods.

   hostIPC      <boolean>
     Use the host's ipc namespace. Optional: Default to false.

   hostNetwork  <boolean>
     Host networking requested for this pod. Use the host's network namespace.
     If this option is set, the ports that will be used must be specified.
     Default to false.

   hostPID      <boolean>
     Use the host's pid namespace. Optional: Default to false.

   hostname     <string>
     Specifies the hostname of the Pod If not specified, the pod's hostname will
     be set to a system-defined value.

   imagePullSecrets     <[]Object>
     ImagePullSecrets is an optional list of references to secrets in the same
     namespace to use for pulling any of the images used by this PodSpec. If
     specified, these secrets will be passed to individual puller
     implementations for them to use. For example, in the case of docker, only
     DockerConfig type secrets are honored. More info:
     https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

   initContainers       <[]Object>
     List of initialization containers belonging to the pod. Init containers are
     executed in order prior to containers being started. If any init container
     fails, the pod is considered to have failed and is handled according to its
     restartPolicy. The name for an init container or normal container must be
     unique among all containers. Init containers may not have Lifecycle
     actions, Readiness probes, Liveness probes, or Startup probes. The
     resourceRequirements of an init container are taken into account during
     scheduling by finding the highest request/limit for each resource type, and
     then using the max of of that value or the sum of the normal containers.
     Limits are applied to init containers in a similar fashion. Init containers
     cannot currently be added or removed. Cannot be updated. More info:
     https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

   nodeName     <string>
     NodeName is a request to schedule this pod onto a specific node. If it is
     non-empty, the scheduler simply schedules this pod onto that node, assuming
     that it fits resource requirements.

   nodeSelector <map[string]string>
     NodeSelector is a selector which must be true for the pod to fit on a node.
     Selector which must match a node's labels for the pod to be scheduled on
     that node. More info:
     https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

   overhead     <map[string]string>
     Overhead represents the resource overhead associated with running a pod for
     a given RuntimeClass. This field will be autopopulated at admission time by
     the RuntimeClass admission controller. If the RuntimeClass admission
     controller is enabled, overhead must not be set in Pod create requests. The
     RuntimeClass admission controller will reject Pod create requests which
     have the overhead already set. If RuntimeClass is configured and selected
     in the PodSpec, Overhead will be set to the value defined in the
     corresponding RuntimeClass, otherwise it will remain unset and treated as
     zero. More info:
     https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This
     field is alpha-level as of Kubernetes v1., and is only honored by servers
     that enable the PodOverhead feature.

   preemptionPolicy     <string>
     PreemptionPolicy is the Policy for preempting pods with lower priority. One
     of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
     This field is alpha-level and is only honored by servers that enable the
     NonPreemptingPriority feature.

   priority     <integer>
     The priority value. Various system components use this field to find the
     priority of the pod. When Priority Admission Controller is enabled, it
     prevents users from setting this field. The admission controller populates
     this field from PriorityClassName. The higher the value, the higher the
     priority.

   priorityClassName    <string>
     If specified, indicates the pod's priority. "system-node-critical" and
     "system-cluster-critical" are two special keywords which indicate the
     highest priorities with the former being the highest priority. Any other
     name must be defined by creating a PriorityClass object with that name. If
     not specified, the pod priority will be default or zero if there is no
     default.

   readinessGates       <[]Object>
     If specified, all readiness gates will be evaluated for pod readiness. A
     pod is ready when all its containers are ready AND all conditions specified
     in the readiness gates have status equal to "True" More info:
     https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

   restartPolicy        <string>
     Restart policy for all containers within the pod. One of Always, OnFailure,
     Never. Default to Always. More info:
     https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

   runtimeClassName     <string>
     RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,
     which should be used to run this pod. If no RuntimeClass resource matches
     the named class, the pod will not be run. If unset or empty, the "legacy"
     RuntimeClass will be used, which is an implicit class with an empty
     definition that uses the default runtime handler. More info:
     https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a
     beta feature as of Kubernetes v1..

   schedulerName        <string>
     If specified, the pod will be dispatched by specified scheduler. If not
     specified, the pod will be dispatched by default scheduler.

   securityContext      <Object>
     SecurityContext holds pod-level security attributes and common container
     settings. Optional: Defaults to empty. See type description for default
     values of each field.

   serviceAccount       <string>
     DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
     Deprecated: Use serviceAccountName instead.

   serviceAccountName   <string>
     ServiceAccountName is the name of the ServiceAccount to use to run this
     pod. More info:
     https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

   shareProcessNamespace        <boolean>
     Share a single process namespace between all of the containers in a pod.
     When this is set containers will be able to view and signal processes from
     other containers in the same pod, and the first process in each container
     will not be assigned PID . HostPID and ShareProcessNamespace cannot both
     be set. Optional: Default to false. This field is beta-level and may be
     disabled with the PodShareProcessNamespace feature.

   subdomain    <string>
     If specified, the fully qualified Pod hostname will be
     "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not
     specified, the pod will not have a domainname at all.

   terminationGracePeriodSeconds        <integer>
     Optional duration in seconds the pod needs to terminate gracefully. May be
     decreased in delete request. Value must be non-negative integer. The value
     zero indicates delete immediately. If this value is nil, the default grace
     period will be used instead. The grace period is the duration in seconds
     after the processes running in the pod are sent a termination signal and
     the time when the processes are forcibly halted with a kill signal. Set
     this value longer than the expected cleanup time for your process. Defaults
     to  seconds.

   tolerations  <[]Object>
     If specified, the pod's tolerations.

   topologySpreadConstraints    <[]Object>
     TopologySpreadConstraints describes how a group of pods ought to spread
     across topology domains. Scheduler will schedule pods in a way which abides
     by the constraints. This field is alpha-level and is only honored by
     clusters that enables the EvenPodsSpread feature. All
     topologySpreadConstraints are ANDed.

   volumes      <[]Object>
     List of volumes that can be mounted by containers belonging to the pod.
     More info: https://kubernetes.io/docs/concepts/storage/volumes

status字段

status字段是反映着当前pod的状态，而status当中的数据会无限接近于spec定义所期望的状态，从而满足用户需要，一般而言，status由k8s自行管理，无需人为操作

定义一个简单的自主式pod如下：

[root@master ~]# cat demo-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  labels:
    app: os
  namespace: default
  name: busybox
spec:
  nodeName: node2
  containers:
  - name: myos
    image: busybox
    imagePullPolicy: Always
    command:
    - "/bin/sh"
    - "-c"
    - "sleep 3600"
    ports:
    - containerPort:
  - name: myweb
    image: nginx
    imagePullPolicy: Always
    ports:
    - containerPort: 

针对此yaml文件运行pod如下：

[root@master ~]# kubectl create -f demo-pod.yaml
pod/busybox created
[root@master ~]# kubectl get pods --show-labels
NAME                     READY   STATUS    RESTARTS   AGE     LABELS
busybox                  /     Running             24s     app=os

针对于一个pod两个容器，如何进入到容器的交互界面呢？-c指定容器名称，如下：

[root@master ~]# kubectl exec -it busybox -c myweb -- /bin/sh
# exit
[root@master ~]# kubectl exec -it busybox -c myos -- /bin/sh
/ # ifconfig -a
eth0      Link encap:Ethernet  HWaddr ::D6:CD:0B:
          inet addr:10.244.2.32  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:  Metric:
          RX packets: errors: dropped: overruns: frame:
          TX packets: errors: dropped: overruns: carrier:
          collisions: txqueuelen:
          RX bytes: (690.0 B)  TX bytes: (42.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:  Metric:
          RX packets: errors: dropped: overruns: frame:
          TX packets: errors: dropped: overruns: carrier:
          collisions: txqueuelen:
          RX bytes: (0.0 B)  TX bytes: (0.0 B)

删除pod

[root@master ~]# kubectl delete pod busybox
pod "busybox" deleted

或者

[root@master ~]# kubectl delete -f demo-pod.yaml
pod "busybox" deleted

探针

为什么要有探针，因为探针可以探测pod当中的容器是否正常运行，我们知道容器启动，业务程序未必正常，因此，我们可以用livenessProbe探针来探测业务是否正常，而对于我们新建的pod如果不做就绪性探测，会被前端的service立刻关联，这样有可能导致部分客户端无法正常访问，所欲对于k8s探针主要分为两种，

• 一种为存活性探测（livenessProbe）
• 一种为就绪性探测（readinessProbe）

两者探测手段有三种：

• ExecAction
• TCPSocketAction
• HttpGetAction

livenessProbe

例1：ExecAction

[root@master ~]# cat livenessprobe-exec.yaml
apiVersion: v1
kind: Pod
metadata:
  name: livenessprobe-pod
  namespace: default
  labels:
    app: liveness
spec:
  containers:
  - name: livenessprobe-container
    image: busybox
    imagePullPolicy: IfNotPresent
    command: ["/bin/sh","-c","touch /tmp/test.txt;sleep 20; rm -rf /tmp/test.txt;sleep 3600"]
    livenessProbe:
      exec:
        command: ["test","-e","/tmp/test.txt"]
      initialDelaySeconds:
      periodSeconds:
      failureThreshold: 

验证：可以看到由于文件被删除已经crash了，并且重启了6次
[root@master ~]# kubectl get pods
NAME                        READY   STATUS             RESTARTS   AGE
livenessprobe-pod           /     CrashLoopBackOff   6          10m

例2：HttpGetAction

[root@master ~]# cat livenessprobe-gethttp.yaml
apiVersion: v1
kind: Pod
metadata:
  name: livenessprobe-gethttp-pod
  namespace: default
  labels:
    app: liveness-gethttp
spec:
  containers:
  - name: livenessprobe-gethttp-container
    image: nginx
    imagePullPolicy: IfNotPresent
    livenessProbe:
      initialDelaySeconds:
      periodSeconds:
      failureThreshold:
      httpGet:
        port:
        path: /index.html
容器跑起来之后删除/usr/share/nginx/html/index.html文件，然后稍等片刻

验证：可以看到容器被重启了一次然后就一直正常运行
[root@master ~]# kubectl get pods
NAME                        READY   STATUS             RESTARTS   AGE
livenessprobe-gethttp-pod   /     Running                      14m

readinessProbe

[root@master ~]# cat readinessprobe-gethttp.yaml
apiVersion: v1
kind: Pod
metadata:
  name: livenessprobe-gethttp-pod
  namespace: default
  labels:
    app: liveness-gethttp
spec:
  containers:
  - name: livenessprobe-gethttp-container
    image: nginx
    imagePullPolicy: IfNotPresent
    readinessProbe:
      initialDelaySeconds:
      periodSeconds:
      failureThreshold:
      httpGet:
        port:
        path: /index.html

验证：
1.连入容器删除index.html文件
[root@master ~]# kubectl exec -it livenessprobe-gethttp-pod -- /bin/bash
root@livenessprobe-gethttp-pod:/# cd /usr/share/nginx/html/
root@livenessprobe-gethttp-pod:/usr/share/nginx/html# ls
50x.html  index.html
root@livenessprobe-gethttp-pod:/usr/share/nginx/html# rm -rf index.html
root@livenessprobe-gethttp-pod:/usr/share/nginx/html# exit
2.查看pod状态
[root@master ~]# kubectl get pods -o wide -w
NAME                        READY   STATUS    RESTARTS   AGE   IP            NODE    NOMINATED NODE   READINESS GATES
livenessprobe-gethttp-pod   /     Running             6s    10.244.1.38   node1   <none>           <none>
livenessprobe-gethttp-pod   /     Running             24s   10.244.1.38   node1   <none>           <none>
3.随后我们在在容器里创建出index.html文件，然后在观察pod
[root@master ~]# kubectl get pods -o wide -w
NAME                        READY   STATUS    RESTARTS   AGE   IP            NODE    NOMINATED NODE   READINESS GATES
livenessprobe-gethttp-pod   /     Running             6s    10.244.1.38   node1   <none>           <none>
livenessprobe-gethttp-pod   /     Running             24s   10.244.1.38   node1   <none>           <none>
livenessprobe-gethttp-pod   /     Running             2m48s   10.244.1.38   node1   <none>           <none>