Kubernetes container probes: Liveness, readiness and startup

Learn how Kubernetes container probes work with complete YAML examples for liveness, readiness and startup probes. Covers httpGet, tcpSocket and exec probe types with timing parameters.

9 lessons · 27 min · Intermediate

3 minutes reading time

Written by

Civo Team
Civo Team

Marketing Team at Civo

When a pod starts, Kubernetes begins sending traffic to it immediately once the container process is running. This creates two problems. First, the application might not be ready yet. It could still be loading configuration or waiting for a database connection. Second, the application might be running but deadlocked. The process is alive but not responding. Container probes solve both problems.

The three probe types

probe-types-comparison

Liveness probe

A liveness probe checks whether the container is alive. If it fails beyond the failure threshold, Kubernetes kills the container and restarts it. Use liveness probes to detect deadlocks or unresponsive states where the process is running but the application is not functioning correctly.

Readiness probe

A readiness probe checks whether the container is ready to receive traffic. If it fails, Kubernetes removes the pod from the Service endpoints so no traffic is sent to it. The container is not restarted. When the probe passes again, the pod is added back to the endpoints. Use readiness probes for applications that have a slow startup or that periodically become temporarily unavailable.

Startup probe

A startup probe is for applications that take a long time to start. It disables the liveness probe until it succeeds. Without a startup probe, you would need a large initialDelaySeconds on the liveness probe to accommodate a slow startup, and that same delay would then apply to every subsequent liveness check during normal operation. With a startup probe, the liveness probe only activates once the application has finished starting.

The three probe mechanisms

MechanismHow it worksSuccess condition

httpGet

Sends an HTTP GET to a path and port

Response status between 200 and 399

tcpSocket

Attempts a TCP connection to a port

Connection succeeds

exec

Runs a command inside the container

Command exits with code 0

Timing parameters

ParameterWhat it controls

initialDelaySeconds

How long to wait after the container starts before the first probe check

periodSeconds

How often to run the probe check

timeoutSeconds

How long to wait for a probe response before counting it as a failure

successThreshold

How many consecutive successes are needed to mark the probe as passing

failureThreshold

How many consecutive failures before taking action (restart for liveness/startup, remove from endpoints for readiness)

Liveness probe examples

httpGet liveness probe

Checks that nginx responds with a 2xx or 3xx status on port 80. If the path does not exist or the server is unresponsive, the probe fails.

apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
failureThreshold: 3
kubectl apply -f liveness.yaml
kubectl get pods

Describe the pod to see probe results:

kubectl describe pod nginx

Look for the Liveness section in the container description and the Events section at the bottom. If the probe is passing, no liveness-related events appear. If it fails, you will see:

Warning Unhealthy kubelet Liveness probe failed: ...

tcpSocket liveness probe

Checks that a port is accepting TCP connections. Useful for non-HTTP services:

livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 5
periodSeconds: 10
failureThreshold: 3

If you specify a port that is not open, the probe fails and Kubernetes restarts the container after failureThreshold failures.

exec liveness probe

Runs a command inside the container. Exit code 0 means healthy, anything else means unhealthy:

livenessProbe:
exec:
command:
- cat
- /usr/share/nginx/html/index.html
initialDelaySeconds: 5
periodSeconds: 10
failureThreshold: 3

To demonstrate a failure, exec into the pod and remove the file:

kubectl exec -it nginx -- sh
rm /usr/share/nginx/html/index.html
exit

Describe the pod:

kubectl describe pod nginx

After three failures (by default every 10 seconds), you will see in the Events section:

Warning Unhealthy kubelet Liveness probe failed: cat: /usr/share/nginx/html/index.html: No such file or directory
Normal Killing kubelet Container nginx failed liveness probe, will be restarted

The container is killed and restarted. After the restart the file is restored from the image and the probe passes again.

Readiness probe example

A readiness probe uses the same mechanisms as liveness but controls Service endpoint membership rather than container restarts:

apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 3
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 15
periodSeconds: 10
failureThreshold: 3

Note the different initialDelaySeconds values. The readiness probe starts checking sooner (after 5 seconds) to determine when to add the pod to the Service. The liveness probe waits longer (15 seconds) to give the application time to fully start before Kubernetes considers restarting it.

Startup probe example

Use a startup probe for slow-starting applications. The liveness probe is disabled until the startup probe succeeds:

apiVersion: v1
kind: Pod
metadata:
name: slow-app
spec:
containers:
- name: app
image: my-slow-starting-app
startupProbe:
httpGet:
path: /health
port: 8080
failureThreshold: 30
periodSeconds: 10
livenessProbe:
httpGet:
path: /health
port: 8080
periodSeconds: 10
failureThreshold: 3

With this configuration, the application has up to 300 seconds (30 failures x 10 seconds) to complete startup. Once the startup probe succeeds, the liveness probe takes over with a tighter failure threshold of 3.

Civo Team
Civo Team

Marketing Team at Civo

Civo is the Sovereign Cloud and AI platform designed to help developers and enterprises build without limits. We bridge the gap between the openness of the public cloud and the rigorous security of private environments, delivering full cloud parity across every deployment. As a team, we are dedicated to providing scalable compute, lightning-fast Kubernetes, and managed services that are ready in minutes. Through CivoStack Enterprise and our FlexCore appliance, we empower organizations to maintain total data sovereignty on their own hardware.

Our mission is to make the cloud faster, simpler, and fairer. By providing enterprise-grade NVIDIA GPUs and streamlined model management, we ensure that high-performance AI and machine learning are accessible to everyone. Built for transparency and performance, the Civo Team is here to give you total control over your infrastructure, your data, and your spend.

View author profile