Kubernetes Liveness and Readiness Probes in a Real-Time System

Expectation vs. Reality

Everyone who got to work with Kubernetes, especially as a deployment system, probably noticed the option of `liveness` checks to their system, got very excited for the opportunity to make the system even more robust, but then realized it is not always amazing. Liveness and readiness failures can be confusing and frustrating while trying to understand what causes your system to keep crashing constantly.

The probes Kubernetes offers are necessary but need to be an exact match with your system. It takes time and effort to implement the right for your needs and keep it suitable while the program is changing. As discussed in many blogs, you have to be familiar with the difference between the probes and how they work to get started. One blog post by Colin Breck has helped me understand how to continue working until I reach my goal.

Let’s talk Real-Time

The blog I mentioned before, and many others I could find, introduce implementations for health checks for a web application. In Greeneye Technology, we are developing a Real-Time system that, by definition, is completely different than a web application, with obvious differences in properties and limitations. Most importantly, in a real-time application, we can’t afford to have any of our containers down or stuck for a long time.

Kubernetes has three types of probes: an HTTP GET request on the container’s IP, a TCP connection to the specified container, or running an “exec probe” that as a command inside the container. For a system that has to be efficient in memory and resources, running an internal server specifically for probing is less wanted. Moreover, the realtime

From the description in Kubernetes docs, the “exec command” works as follows:

Command is the command line to execute inside the container, the 
working directory for the command is root ('/') in the container's 
filesystem. The command is simply exec'd, it is not run inside a shell, 
so traditional shell instructions ('|', etc) won't work. To use a 
shell, you need to explicitly call out to that shell. Exit status of 0 
is treated as live/healthy and non-zero is unhealthy.

Now all is left is to decide what command will be running inside the container. This command will decide if the container is healthy or not. The most common example you can find, is the one kubernetes suggests - the container writes (touch) to a file every period time, and the command kubernetes runs is to check if this file exists.

spec:
  containers:
  - name: container-1
    ...
    livenessProbe:
      exec:
        command:
        - cat
        - /tmp/healthy

This can be a neat solution, but is it a solution for a real-time system? Definitely not. We can’t afford an additional I\O command from the container side, especially if it needs to be run every few seconds.

So our command for aliveness check has to be:

Fast with no additional I\O operations.
Executed every second or even less.
Reliable, meaning it won’t fail when the container is actually healthy.

Our solution: Shared memory to the rescue!

Our multi-process system communicates between each process by a shared-memory object, memory saved in a specific place in the system’s memory, where every process can read and write to. Access to an object in the shared memory cost as accessing any variable in the global scope.

How can shared memory help us with liveness and readiness checks? Exactly as writing to a file, but instead, writing to a shared memory object dedicated to this purpose. Implementing a short program that reads from that memory can be our command to execute inside the container.

The full flow:

Every process (aka container in our program) is responsible for reporting liveness to the shared memory object, every period of time, for example, every cycle in the main loop. Kubernetes runs a short program that does the following:

It checks the current state in the shared memory.
According to that-the probing command decides to exit with code 0 (healthy) or otherwise (not healthy).
The decision can be simply comparing the timestamp of the last live report to the timestamp now.

Conclusion

With the exec command type Kubernetes has, there are almost no limits to what we can run as a liveness check. You can use any script or command, as long as it can be executed inside the container, and that’s it!

We can use this necessary feature with shared memory, make the program more robust, without major run time costs, and still be precise about the container’s status.

Make sure you understand the limits of your system and how these checks can beneficial instead of harmful.

Some tips:

First, define what it means that a process is alive or ready, and after you understand that, add in each place in the program a liveness report.
Add logs to the command! They will help you understand quickly where it fails and on which container. You can see if a health check fails by seeing the events in the pod by one of these commands:

- kubectl get events
- kubectl describe pod

Get to know where these checks can fail and whether there’s a difference between the containers. You can try to find loops or places the process can be stuck for a long time, as the processor won’t report live, and therefore Kubernetes will restart your container.

Use all the parameters Kubernetes has for health probes, and define them carefully: initialDelaySeconds, periodSeconds, successThreshold and more. Full description here.

Good Luck!

Shelly Bekhor,
Realtime Developer @ Greeneye Technology