Feature: Add --term-delay option to CLI
#2494
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This will make it possible to pass in a time duration to be used as a SIGTERM signal delay, which will make it possible to configure if the ingress-controller should wait before shutting down.
|
|
Context: there are cases where due to network load balancer configuration that a delay needs to be introduced to the containers, this delay is configurable for the Kong Proxy container through the helm chart, however it is not possible to configure this delay for the ingress-controller. This can result in stale upstreams during NLB draining and downtime for services. Making this delay configurable seems the easiest approach to addressing this limitation. This makes multiple changes: 1. Adjusts where the SignalHandler is called: Originally this was in the entry point to the controller manager, however in order to pass through the CLI argument and make the term-delay configurable, this needed moved down into the rootcmd package. 2. Supports adding a delay to the SignalHandler This takes the original SetupSignalHandler, and modifies the logic to support setting a time delay. It should still support overriding that timedelay by sending a second signal.
shaneutt
suggested changes
May 17, 2022
This is great stuff! Instead of doing it via GH, I'll add all these to my local branch and push a change. I'll also make sure the linter runs successfully locally first (I'm using |
Addressed some PR comments on wording/docs
chazdnato
reviewed
May 20, 2022
|
Just checking in? |
|
Hi @shaneutt, thanks for following up! We'll have the remaining updates available shortly, our team has had some vacation time which has resulted in a longer turnaround from us. 馃檪 |
A second signal can come in during the termination delay, or after the `cancel()` has run and the rest of the ingress controller's graceful shutdown process has started. This will log when those take place. Note the addition of `<-c` for the second case, as we were not correctly capturing a signal here.
Apologies for the delay! Wanted to ensure I had the necessary helm chart changes tested (a PR in that repo forthcoming). We can rebase / squash these commit as well if you'd like, just let me know your preference. We believe we have this in the state that we'd like! |
chazdnato
added a commit
to chazdnato/kong-charts
that referenced
this pull request
May 24, 2022
There are cases where due to network load balancer (NLB) configuration that a delay needs to be introduced to the containers during shutdown. This delay is configurable for the Kong Proxy container through the helm chart, however it is not possible to configure this delay for the ingress controller. This can result in stale upstreams during NLB draining and downtime for services. Making this delay configurable seems the easiest approach to addressing this limitation. We have a PR for the kong-ingress-controller which will [update its behaviour](Kong/kubernetes-ingress-controller#2494) so we can configure the termination delay. This PR adds the ability to set a concomitant value in the helm chart.
4 tasks
shaneutt
approved these changes
May 24, 2022
There was a problem hiding this comment.
I like it, thank you for the contribution 馃憤
If you haven't done so before, please do feel free to grab yourself a free Kong contributor's t-shirt (each of you), we give these out once per contributor: https://github.com/Kong/kong/blob/master/CONTRIBUTING.md#contributor-t-shirt
Thank you for your contribution, we appreciate it 馃枛
|
Thank you so much! Two more questions @shaneutt 馃檪
|
Yes please.
Most likely this is going into |
chazdnato
added a commit
to chazdnato/docs.konghq.com
that referenced
this pull request
May 25, 2022
This was introduced in Kong/kubernetes-ingress-controller#2494 and should be released as part of v2.4.0
shaneutt
added a commit
to Kong/charts
that referenced
this pull request
Jun 1, 2022
* feat(ingress) support terminationGracePeriodSeconds There are cases where due to network load balancer (NLB) configuration that a delay needs to be introduced to the containers during shutdown. This delay is configurable for the Kong Proxy container through the helm chart, however it is not possible to configure this delay for the ingress controller. This can result in stale upstreams during NLB draining and downtime for services. Making this delay configurable seems the easiest approach to addressing this limitation. We have a PR for the kong-ingress-controller which will [update its behaviour](Kong/kubernetes-ingress-controller#2494) so we can configure the termination delay. This PR adds the ability to set a concomitant value in the helm chart. * Add PR to CHANGELOG.md (unreleased) * Update charts/kong/CHANGELOG.md Co-authored-by: Shane Utt <shane@shaneutt.com> * Update CHANGELOG.md Co-authored-by: Shane Utt <shane@shaneutt.com>
lena-larionova
added a commit
to Kong/docs.konghq.com
that referenced
this pull request
Jun 1, 2022
* Copy 2.3.x directory for upcoming 2.4.x release * Documenting --term-delay parameter This was introduced in Kong/kubernetes-ingress-controller#2494 and should be released as part of v2.4.0 * Make 2.4.x latest version * remove duplicate directory for 2.4.x; move 2.3.x to /src/; create 2.3.x and 2.4.x navigation files * set 2.4.x filter on term-delay * backticks for cli flags so they render accurately; capitalization/punctuation * Fix if_version space rendering Co-authored-by: lena.larionova <yelena.larionova@gmail.com> Co-authored-by: Michael Heap <m@michaelheap.com> Co-authored-by: lena-larionova <54370747+lena-larionova@users.noreply.github.com>
andrewgkew
pushed a commit
to andrewgkew/charts
that referenced
this pull request
Jun 6, 2022
* feat(ingress) support terminationGracePeriodSeconds There are cases where due to network load balancer (NLB) configuration that a delay needs to be introduced to the containers during shutdown. This delay is configurable for the Kong Proxy container through the helm chart, however it is not possible to configure this delay for the ingress controller. This can result in stale upstreams during NLB draining and downtime for services. Making this delay configurable seems the easiest approach to addressing this limitation. We have a PR for the kong-ingress-controller which will [update its behaviour](Kong/kubernetes-ingress-controller#2494) so we can configure the termination delay. This PR adds the ability to set a concomitant value in the helm chart. * Add PR to CHANGELOG.md (unreleased) * Update charts/kong/CHANGELOG.md Co-authored-by: Shane Utt <shane@shaneutt.com> * Update CHANGELOG.md Co-authored-by: Shane Utt <shane@shaneutt.com>
lena-larionova
added a commit
to Kong/docs.konghq.com
that referenced
this pull request
Jun 16, 2022
* Copy 2.3.x directory for upcoming 2.4.x release * Documenting --term-delay parameter This was introduced in Kong/kubernetes-ingress-controller#2494 and should be released as part of v2.4.0 * Make 2.4.x latest version * remove duplicate directory for 2.4.x; move 2.3.x to /src/; create 2.3.x and 2.4.x navigation files * set 2.4.x filter on term-delay * backticks for cli flags so they render accurately; capitalization/punctuation * Fix if_version space rendering Co-authored-by: lena.larionova <yelena.larionova@gmail.com> Co-authored-by: Michael Heap <m@michaelheap.com> Co-authored-by: lena-larionova <54370747+lena-larionova@users.noreply.github.com>
rainest
pushed a commit
to Kong/docs.konghq.com
that referenced
this pull request
Jun 16, 2022
* Copy 2.3.x directory for upcoming 2.4.x release * Documenting --term-delay parameter This was introduced in Kong/kubernetes-ingress-controller#2494 and should be released as part of v2.4.0 * Make 2.4.x latest version * remove duplicate directory for 2.4.x; move 2.3.x to /src/; create 2.3.x and 2.4.x navigation files * set 2.4.x filter on term-delay * backticks for cli flags so they render accurately; capitalization/punctuation * Fix if_version space rendering Co-authored-by: lena.larionova <yelena.larionova@gmail.com> Co-authored-by: Michael Heap <m@michaelheap.com> Co-authored-by: lena-larionova <54370747+lena-larionova@users.noreply.github.com>
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
This PR adds a
--term-delayoption to the CLI for the ingress-controller.Context:
There are cases where due to network load balancer (NLB) configuration that a delay needs to be introduced to the containers, this delay is configurable for the Kong Proxy container through the helm chart, however it is not possible to configure this delay for the ingress-controller. This can result in stale upstreams during NLB draining and downtime for services. Making this delay configurable seems the easiest approach to addressing this limitation.
With the ingress-controller gone, any changes to the underlying services that the proxy is routing to would be missed. Due to limitations with AWS NLB deregistration delays, we've had to configure a sleep of up to 4 minutes for the proxy container before shutting down. This currently means when we are scaling down, or rolling Kong pods there is a 3-4 minute window where the proxy container is running with no ingress-controller to monitor for updates with our underlying services.
Impact: This can result in stale upstreams, and errors for clients during this window. 馃槥
This PR makes multiple changes:
Adds a new
--term-delayargument to the CLIThis makes it possible for users to configure the SIGTERM delay value by passing a CLI argument, or an environment variable. The default is set to zero so it won't impact existing users.
Adjusts where the SignalHandler is called:
Originally this was in the entry point to the controller manager, however in order to pass through the CLI argument and make the term-delay configurable, this needed moved down into the rootcmd package.
Supports adding a delay to the SignalHandler
This takes the original SetupSignalHandler, and modifies the logic to support setting a time delay. It should still support overriding that time-delay by sending a second signal. This involved copying and altering the existing k8s controller-runtime signal package.
Special notes for your reviewer:
Alternative option considered:
kong.lifecyclerather thankong.proxy.lifecycle. It would also require a sleep binary in the proxy container which doesn鈥檛 currently exist from the distroless/static base image - we could mount one from an initContainer but it would be fiddly.Testing
I've tested this locally, running with the following commands:
From this I've been able to exercise trying to CTRL + C to kill the process, and validated that the delay is working as expected. I've also validated that by sending a second signal it does exit with code 1.
PR Readiness Checklist:
Complete these before marking the PR as
ready to review:CHANGELOG.mdrelease notes have been updated to reflect any significant (and particularly user-facing) changes introduced by this PR