Kubernetes Container Healthcheck and Graceful Termination
Contents
Implementing container health checks and graceful termination in Kubernetes with application-specific configurations enhances production stability, reduces deployment incidents and false alarms.
Parameters
terminationGracePeriodSeconds: Global setting for Pod termination grace period; must greater than lifecycle.preStop. If containers aren’t terminated within this period, the Pod will be forcibly terminated.lifecycle.preStop: Hook to execute commands before container stops, delaying termination to release connections for pending requests.startupProbe: Checks container startup status, providing additional preparation time.livenessProbe: Checks if the container is alive; kubelet kills and restarts the container if the check fails.readinessProbe: Checks if the container is ready to accept traffic; kubelet adds the Pod to the Service’s load balancer pool only if this check passes.
Practice
Kubernetes deployment configurations with health checks and graceful termination:
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: default
name: myapp
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
# default: 30
terminationGracePeriodSeconds: 120
imagePullSecrets:
- name: mysecret
containers:
- name: myapp
image: registry.example.com/myapp:1.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
startupProbe:
tcpSocket:
port: 8080
# default: 0
initialDelaySeconds: 30
# default: 10
periodSeconds: 30
# default: 3
failureThreshold: 10
# default: 1 and must be 1 by design
successThreshold: 1
# default: 1
timeoutSeconds: 2
livenessProbe:
tcpSocket:
port: 8080
# default: 0
initialDelaySeconds: 30
# default: 10
periodSeconds: 30
# default: 3
failureThreshold: 3
# default: 1 and must be 1 by design
successThreshold: 1
# default: 1
timeoutSeconds: 2
readinessProbe:
tcpSocket:
port: 8080
# default: 0
initialDelaySeconds: 30
# default: 10
periodSeconds: 30
# default: 3
failureThreshold: 3
# default: 1
successThreshold: 2
# default: 1
timeoutSeconds: 2
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 60"]
env:
- name: TZ
value: Asia/Shanghai
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 500m
memory: 1GiExplanation
Default Kubernetes configurations:
- Startup Check:
None - Container Readiness: Minimum
0seconds - Container State:
Failure determination23-33secondsfailureThreshold(3) * timeoutSeconds(1) + ( failureThreshold(3) - 1 ) * periodSeconds(10)
Recovery determination0-10secondsperiodSeconds(10) - Container Termination: Minimum
0seconds, Maximum30secondsterminationGracePeriodSeconds(30)
Practice configurations:
- Startup Check:
Minimum30secondsinitialDelaySeconds(30)
Maximum320secondsinitialDelaySeconds(30) + failureThreshold(10) * timeoutSeconds(2) + ( failureThreshold(10) - 1 ) * periodSeconds(30)
Note: The design purpose and working principle determine thatstartupProbe.successThresholdcan only be set to1 - Container Readiness:
Minimum90secondsStartup Check(30)+initialDelaySeconds(30) + periodSeconds(30) * ( readinessProbe.successThreshold(2) - 1 )
Note: The design purpose and working principle determine thatlivenessProbe.successThresholdcan only be set to1 - Container State:
Failure determination66-96secondsfailureThreshold(3) * timeoutSeconds(2) + ( failureThreshold(3) - 1 ) * periodSeconds(30)
Recovery determination30-60secondsperiodSeconds(30) * ( successThreshold(2) - 1 ) - Container Termination:
Minimum60secondssleep 60
Maximum120secondsterminationGracePeriodSeconds(120)
Summary
Optimizations compared to default Kubernetes configurations:
- Startup Check: Add 30-320 seconds for application startup.
- Container Readiness: Add a 90 seconds buffer during deployment.
- Container State: Add 66-96 seconds for failure determination and 30-60 seconds for recovery, improve accuracy.
- Container Termination: Add 60 seconds to ensure connections are properly released.
Optimization
Further optimization:
- Create a
/healthzendpoint for accurate health checks. - Upgrade from
tcpSockettohttpGethealth checks for precise assessments.
Optimized Practice
Kubernetes deployment configurations enables the /healthz endpoint:
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
# default: 30
terminationGracePeriodSeconds: 120
imagePullSecrets:
- name: mysecret
containers:
- name: myapp
image: myapp:1.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
startupProbe:
tcpSocket:
port: 8080
# default: 0
initialDelaySeconds: 30
# default: 10
periodSeconds: 30
# default: 3
failureThreshold: 10
# default: 1 and must be 1 by design
successThreshold: 1
# default: 1
timeoutSeconds: 2
livenessProbe:
httpGet:
path: /healthz
port: 8080
# default: 0
initialDelaySeconds: 30
# default: 10
periodSeconds: 30
# default: 3
failureThreshold: 3
# default: 1 and must be 1 by design
successThreshold: 1
# default: 1
timeoutSeconds: 2
readinessProbe:
httpGet:
path: /healthz
port: 8080
# default: 0
initialDelaySeconds: 30
# default: 10
periodSeconds: 30
# default: 3
failureThreshold: 3
# default: 1
successThreshold: 2
# default: 1
timeoutSeconds: 2
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 60"]
env:
- name: TZ
value: Asia/Shanghai
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 500m
memory: 1Gi