Allow clusters that do not use kubeproxy to disable presleep

When I tried using "0", it was somehow converted to an integer in the yaml file
causing some failures during helm upgrade. So, this also adds quotes around the
preStopSleep.

Also, the changelog was missing the PR that added the preStopSleep, so add it,
and fix the order of another changelog entry to follow the merge order and
link to the PR instead of the issue.

Author: cognifloyd

CHANGELOG.md

@@ -1,6 +1,7 @@
 # Changelog
 
 ## Development
+* Allow clusters that do not use kubeproxy to disable presleep. (#416) (by @cognifloyd)
 
 ## v1.1.0
 * Fix syntax with ensure-packs-volumes-are-writable job (#403, #411) (by @skiedude)
@@ -25,8 +26,9 @@
 * Add `st2canary` job as a Helm Hook that runs before install/upgrade to ensure `st2.packs.volumes` is configured correctly (if `st2.packs.volumes.enabled`). (#323) (by @cognifloyd)
 * Enable using existing `st2-auth` secret. This allows users to manage this secret outside of the Helm process. (#359) (by @bmarick)
 * Add terminationGracePeriodSeconds to workflow and actionrunner pods to allow adjustment of grace period in k8 (#374) (by @guzzijones12)
+* Fix st2 client config issue affecting addon jobs using jobs.extra_hooks (#371) (by @cars)
 * Prevent duplicate init containers on helm upgrade (#375) (by @guzzijones12)
-* Fix st2 client config issue affecting addon jobs using jobs.extra_hooks (#370) (by @cars)
+* Workaround kubeproxy+kubelet race: Add presleep for st2auth, st2web, st2api, st2stream (#382) (by @guzzijones12)
 
 ## v0.110.0
 * Switch st2 to `v3.8` as a new default stable version (#347)

templates/deployments.yaml

@@ -100,11 +100,13 @@ spec:
           mountPath: /post-start.sh
           subPath: post-start.sh
         lifecycle:
+          {{- if .Values.st2auth.preStopSleep | toString | ne "0" }}
           preStop:
             exec: # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
               # kubeproxy and kubelet both race  
               # wait a bit to ensure kubeproxy has removed the iptables rule.
-              command: [ "sleep", {{ .Values.st2auth.preStopSleep | toString }} ]
+              command: [ "sleep", "{{ .Values.st2auth.preStopSleep | toString }}" ]
+          {{- end }}
           postStart:
             exec:
               command: ["/bin/bash", "/post-start.sh"]
@@ -233,11 +235,13 @@ spec:
           mountPath: /post-start.sh
           subPath: post-start.sh
         lifecycle:
+          {{- if .Values.st2api.preStopSleep | toString | ne "0" }}
           preStop:
             exec: # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
               # kubeproxy and kubelet both race  
               # wait a bit to ensure kubeproxy has removed the iptables rule.
-              command: [ "sleep", {{ .Values.st2api.preStopSleep | toString }} ]
+              command: [ "sleep", "{{ .Values.st2api.preStopSleep | toString }}" ]
+          {{- end }}
           postStart:
             exec:
               command: ["/bin/bash", "/post-start.sh"]
@@ -357,11 +361,13 @@ spec:
           mountPath: /post-start.sh
           subPath: post-start.sh
         lifecycle:
+          {{- if .Values.st2stream.preStopSleep | toString | ne "0" }}
           preStop:
             exec: # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
               # kubeproxy and kubelet both race  
               # wait a bit to ensure kubeproxy has removed the iptables rule.
-              command: [ "sleep", {{ .Values.st2stream.preStopSleep | toString }} ]
+              command: [ "sleep", "{{ .Values.st2stream.preStopSleep | toString }}" ]
+          {{- end }}
           postStart:
             exec:
               command: ["/bin/bash", "/post-start.sh"]
@@ -483,11 +489,13 @@ spec:
             mountPath: /post-start.sh
             subPath: post-start.sh
         lifecycle:
+          {{- if .Values.st2web.preStopSleep | toString | ne "0" }}
           preStop:
             exec: # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
               # kubeproxy and kubelet both race  
               # wait a bit to ensure kubeproxy has removed the iptables rule.
-              command: [ "sleep", {{ .Values.st2web.preStopSleep | toString }} ]
+              command: [ "sleep", "{{ .Values.st2web.preStopSleep | toString }}" ]
+          {{- end }}
           postStart:
             exec:
               command: ["/bin/bash", "/post-start.sh"]

values.yaml

@@ -391,6 +391,9 @@ st2web:
   # The pod will not be marked as "running" until this script completes successfully.
   # see: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
   postStartScript: ""
+  # preStopSleep works around iptables race conditions in kubeproxy and kubelet.
+  # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
+  # If you use an alternative to kubeproxy, like Calico, disable this by setting it to "0".
   preStopSleep: "10"
 
 # https://docs.stackstorm.com/reference/ha.html#st2auth
@@ -427,6 +430,9 @@ st2auth:
   # The pod will not be marked as "running" until this script completes successfully.
   # see: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
   postStartScript: ""
+  # preStopSleep works around iptables race conditions in kubeproxy and kubelet.
+  # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
+  # If you use an alternative to kubeproxy, like Calico, disable this by setting it to "0".
   preStopSleep: "10"
   # mount extra volumes on the st2auth pod(s) (primarily useful for custom logging conf)
   ## Note that Helm templating is supported in 'mount' and 'volume'
@@ -467,6 +473,9 @@ st2api:
   # The pod will not be marked as "running" until this script completes successfully.
   # see: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
   postStartScript: ""
+  # preStopSleep works around iptables race conditions in kubeproxy and kubelet.
+  # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
+  # If you use an alternative to kubeproxy, like Calico, disable this by setting it to "0".
   preStopSleep: "10"
   # mount extra volumes on the st2api pod(s) (primarily useful for custom logging conf)
   ## Note that Helm templating is supported in 'mount' and 'volume'
@@ -507,6 +516,9 @@ st2stream:
   # The pod will not be marked as "running" until this script completes successfully.
   # see: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
   postStartScript: ""
+  # preStopSleep works around iptables race conditions in kubeproxy and kubelet.
+  # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
+  # If you use an alternative to kubeproxy, like Calico, disable this by setting it to "0".
   preStopSleep: "10"
   # mount extra volumes on the st2stream pod(s) (primarily useful for custom logging conf)
   ## Note that Helm templating is supported in 'mount' and 'volume'