New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ability to set gateway container's lifecycle hooks #48956
Conversation
Signed-off-by: Denis Iskandarov <d.iskandarov@gmail.com>
😊 Welcome @den-is! This is either your first contribution to the Istio istio repo, or it's been You can learn more about the Istio working groups, Code of Conduct, and contribution guidelines Thanks for contributing! Courtesy of your friendly welcome wagon. |
Hi @den-is. Thanks for your PR. I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test You will probably want to add a release note for this |
@ymesika |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see my comments in #47779 is not the right approach. If the current way doesn't meet use cases we should enhance it.
I'm not going to argue. It is up to me whether enable it or not, and my responsibility - same way as if I insert it using kustomize, or cloning your chart and hosting altered version for myself. And yes, I'm using Also my PR is not setting any lifecycle by default keeping it blank/unset. |
Thanks I understand your point of view but the projects position (after much discussion)is to keep the helm charts opinionated. |
Adding a few @istio/wg-environments-maintainers for input. @den-is is the requirement/pain point to not have gateway ready too fast so you add pre-stop hook? In the past, we tend to approve helm values PRs when there are multiple people/vendors asking for it. |
I used to have preStop hook configured for Nginx Ingress + AWS ALB for zero downtime ingress updates. On receiving the SIGTERM I make health check to fail for ALB, while Nginx still accepting connections. Only once the target is down in AWS, the pod can be safely terminated. |
I think the actual feature - ability to configure drain duration - is a pretty important one. The implementation should also take into account the new way of creating Gateways - managed |
@den-is: The following test failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
🚧 This issue or pull request has been closed due to not having had activity from an Istio team member since 2024-03-10. If you feel this issue or pull request deserves attention, please reopen the issue. Please see this wiki page for more information. Thank you for your contributions. Created by the issue and PR lifecycle manager. |
Please re-open and let this PR through.
Yet, the helm chart allows configuration of several other fields such as tolerations, topologySpreadConstraints, affinity, etc.
There are tons of people in #47779 and #47265 asking for this. Having lifecycle hook support is critical for any ingress controller helm chart, they all have it except istio gateway.
This issue is still open because people can't agree on the fact the current way does not work. I would love it if there was native istio configuration to prevent this, but I don't believe it does from my testing. Whereas this lifecycle hook 100% works and is the simplest way for any ingress controller to avoid downtime.
@linsun , no this preStop helps avoid downtime during gateway terminations. Please see #47265 (comment) This PR will help your end users avoid downtime during rolling restarts. @howardjohn Please reconsider your "projects position" on this PR as it has no downsides, and only major upsides. |
@clayvan I can assure you there is no PR with no downsides 🙂. This PR or similar would make a lot more sense if someone could explain why FWIW comments may be more visible on #47779 (open issue vs closed PR) |
@howardjohn |
@ryanmac8 can you help walk me through why a prestop informs the LB but terminationDrainDuration? When envoy gets a SIGTERM it does not stop serving traffic. It immediately marks itself (or really, k8s does for us) as NotReady (which should stop the LB from sending it traffic). It also starts telling the LB to goaway directly with I would expect preStop to be worse because it doesn't send |
@howardjohn terminationDrainDuration and SIGTERM causes new connections to close. This means that connections now are being denied. We are trying to avoid denying connections because that causes downtime. A prestop can resolve this because when the prestop is excecuted we are telling the container to just wait before executing the SIGTERM. We need the additional time so that a LB can notice the health checks are failing and mark the node as unhealthy. Now new connections are routed away from the node that's terminating and we don't experience any connections getting a connection close message. It's all about ensure uptime and making sure new connections are routed properly. |
Can you provide more details? That is neither how it was designed, nor how it works in out testing. If it is, it is a bug. |
Please provide a description of this PR:
Fulfills #47265 #47779 kubernetes-sigs/aws-load-balancer-controller#2131
In my company, we do not have any
kustomize
workflows or the ability to add it to our CI/CD.The addition of the ability to set container
lifecycle
hooks does not interfere with any existing setups.Tests
Test values yaml
Render template
Output with enabled preStop lifecycle hook:
Output with empty
lifecycle: {}
var: