Overview #
Liveness Probe:
- Checks if the application is alive. If it fails, the container is restarted.
Readiness Probe:
- Checks if the application is ready to serve requests. If it fails, traffic is stopped until it’s ready.
Readiness Probe #
Readiness probes are used to determine whether a container is ready to accept incoming traffic.
TCP Readiness Probe #
Pod Manifest #
Kubernetes will periodically check if the container is able to accept TCP connections on port 80:
vi readinessprobe-tcp.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-readinessprobe-tcp
spec:
containers:
- name: nginx-readinessprobe
image: nginx:latest
ports:
- containerPort: 80
readinessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 15 # Time after the container has started before readiness probes are initiated
periodSeconds: 10 # Frequency in seconds with which to perform the probe
timeoutSeconds: 1 # How long to wait for a response
failureThreshold: 3 # Number of failures before marking the container as Unready
kubectl apply -f readinessprobe-tcp.yaml
Verify Pod #
# List pods
kubectl get pods
# Shell output: (Wait till READY)
NAME READY STATUS RESTARTS AGE
nginx-readinessprobe-tcp 1/1 Running 0 31s
Verify Readiness Status #
# List pod details
kubectl describe pod nginx-readinessprobe-tcp
# Shell output:
Containers:
nginx-readinessprobe:
Container ID: containerd://f1ca30235e5685294e356f01ef694e0952f0e002dc56740fe4a1b4c2b7d876e8
Image: nginx:latest
Image ID: docker.io/library/nginx@sha256:447a8665cc1dab95b1ca778e162215839ccbb9189104c79d7ec3a81e14577add
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Fri, 16 Aug 2024 12:03:51 +0000
Ready: True
Restart Count: 0
Readiness: tcp-socket :80 delay=15s timeout=1s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-cv67l (ro)
# Kubernetes is now checking the pod's readiness using the specified tcpSocket probe on port "80"
Readiness: tcp-socket :80 delay=15s timeout=1s period=10s #success=1 #failure=3
Details:
-
delay=15sThe probe waits 15 seconds before starting the first check -
timeout=1sEach check must complete within 1 second -
period=10sThe check is repeated every 10 seconds -
#success=1The pod needs to pass 1 ongoing check to be marked as ready -
#failure=3The pod can fail up to 3 consecutive checks before being marked as unready
List Logs #
# List logs
kubectl logs nginx-readinessprobe-tcp
Delete Pod #
kubectl delete -f readinessprobe-tcp.yaml
TCP Readiness Probe: 2 Pod Version #
Pod 1 Manifest #
vi nginx-1.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-1
labels:
run: nginx-1
spec:
containers:
- name: nginx-1
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-1
spec:
selector:
run: nginx-1
ports:
- protocol: TCP
port: 80
targetPort: 80
kubectl apply -f nginx-1.yaml
Pod 1 ClusterIP #
# List services
kubectl get svc
# Shell ouput:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 23m
nginx-1 ClusterIP 10.43.32.31 <none> 80/TCP 22m
Pod 2 Manifest #
vi nginx-2.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-2
spec:
containers:
- name: nginx-2
image: nginx:latest
ports:
- containerPort: 80
readinessProbe:
tcpSocket:
host: 10.43.32.31 # Use ClusterIP of Nginx-1
port: 80
initialDelaySeconds: 15
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
kubectl apply -f nginx-2.yaml
Verify Pods #
# List pods
kubectl get pods
# Shell output:
NAME READY STATUS RESTARTS AGE
nginx-1 1/1 Running 0 19m
nginx-2 1/1 Running 0 30s
Verify Readiness Probe #
# Delete pod "nginx-1"
kubectl delete pod nginx-1
# Verify "nginx-2" pod readiness
kubectl get pod nginx-2
# Shell output:
NAME READY STATUS RESTARTS AGE
nginx-2 0/1 Running 0 6m23s
Explanation:
-
The nginx-2 pod’s readiness probe will fail if nginx-1 is no longer available, because the probe is configured to check connectivity to nginx-1 on port 80.
-
When the readiness probe fails, Kubernetes will mark the nginx-2 pod as not ready. The pod is still running, but it won’t receive any traffic from services that rely on pod readiness.
Delete Pod #
kubectl delete -f nginx-2.yaml
HTTP Readiness Probe #
Pod Manifest #
vi readinessprobe-http.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-readinessprobe-http
spec:
containers:
- name: nginx-readinessprobe
image: nginx:latest
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 15 # Time after the container has started before readiness probes are initiated
periodSeconds: 10 # Frequency in seconds with which to perform the probe
timeoutSeconds: 1 # How long to wait for a response
failureThreshold: 3 # Number of failures before marking the container as Unready
kubectl apply -f readinessprobe-http.yaml
Verify Pod #
# List pods
kubectl get pods
# Shell output: (Wait till READY)
NAME READY STATUS RESTARTS AGE
nginx-readinessprobe-http 1/1 Running 0 40s
Verify Readiness Status #
# List pod details
kubectl describe pod nginx-readinessprobe-http
# Shell output:
Containers:
nginx-readinessprobe:
Container ID: containerd://6aef76936106193c27a877f281a4532d2d24ee46f1954e0fceeba15afe645f8f
Image: nginx:latest
Image ID: docker.io/library/nginx@sha256:447a8665cc1dab95b1ca778e162215839ccbb9189104c79d7ec3a81e14577add
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Fri, 16 Aug 2024 12:25:35 +0000
Ready: True
Restart Count: 0
Readiness: http-get http://:80/ delay=15s timeout=1s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-dsbcg (ro)
# Kubernetes does perform an HTTP GET request on port 80, targeting the root path /
Readiness: http-get http://:80/ delay=15s timeout=1s period=10s #success=1 #failure=3
Details:
-
delay=15sThe probe waits 15 seconds before starting the first check -
timeout=1sEach check must complete within 1 second -
period=10sThe check is repeated every 10 seconds -
#success=1The pod needs to pass 1 ongoing check to be marked as ready -
#failure=3The pod can fail up to 3 consecutive checks before being marked as unready
Delete Pod #
kubectl delete -f readinessprobe-http.yaml
Liveness Probe #
The kubelet uses liveness probes to know when to restart a container.
If the configured liveness probe is successful, no action is taken, and no logs are recorded. If it fails, the event is logged, and the kubelet kills the container according to the configured restartPolicy.
TCP Liveness Probe #
Pod Manifest #
vi livenessprobe-tcp.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-livenessprobe-tcp
spec:
containers:
- name: nginx-livenessprobe
image: nginx:latest
ports:
- containerPort: 80
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 15 # Time after the container has started before liveness probes are initiated
periodSeconds: 10 # Frequency in seconds with which to perform the probe
timeoutSeconds: 1 # How long to wait for a response
failureThreshold: 3 # Number of failures before marking the container as Unready
kubectl apply -f livenessprobe-tcp.yaml
Verify Pod #
# List pods
kubectl get pods
# Shell output: (Wait till READY)
NAME READY STATUS RESTARTS AGE
nginx-livenessprobe-tcp 1/1 Running 0 26s
Verify Liveness Status #
# List pod details
kubectl describe pod nginx-livenessprobe-tcp
# Shell output:
Containers:
nginx-livenessprobe:
Container ID: containerd://7badd7c84248aa78c43d7859324d30d97759059ff85fd886c3b7f1262bf65218
Image: nginx:latest
Image ID: docker.io/library/nginx@sha256:447a8665cc1dab95b1ca778e162215839ccbb9189104c79d7ec3a81e14577add
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Fri, 16 Aug 2024 12:54:31 +0000
Ready: True
Restart Count: 0
Liveness: tcp-socket :80 delay=15s timeout=1s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-c28x6 (ro)
# Kubernetes is now checking the pod's readiness using the specified tcpSocket probe on port "80"
Liveness: tcp-socket :80 delay=15s timeout=1s period=10s #success=1 #failure=3
Details:
-
delay=15sThe probe waits 15 seconds before starting the first check -
timeout=1sEach check must complete within 1 second -
period=10sThe check is repeated every 10 seconds -
#success=1The pod needs to pass 1 ongoing check to be marked as ready -
#failure=3The pod can fail up to 3 consecutive checks before being marked as unready
Verify Liveness Probe #
Continuously watch the pod status:
# Continuously watch the pod status
kubectl get pod nginx-livenessprobe-tcp -w
Trigger pod failure: (In a seperate terminal)
# Access container terminal
kubectl exec -it nginx-livenessprobe-tcp -- sh
# Stop Nginx / make port 80 unavailable
nginx -s stop
Verify the pod status
# (Continuously watch the pod status)
kubectl get pod nginx-livenessprobe-tcp -w
# Shell output:
NAME READY STATUS RESTARTS AGE
nginx-livenessprobe-tcp 1/1 Running 0 2m23s
nginx-livenessprobe-tcp 0/1 Completed 0 3m17s
nginx-livenessprobe-tcp 1/1 Running 1 (3s ago) 3m19s
Note: Even without a liveness probe configured, Kubernetes still expects the main process inside the container to be running. If the main process inside the container stops, the container will exit, and Kubernetes will automatically restart the pod.
Delete Pod #
kubectl delete -f livenessprobe-tcp.yaml