Allow clusters that do not use kubeproxy to disable presleep

CHANGELOG.md

@@ -3,6 +3,7 @@
 ## Development
 * Updated our tests/unit to support `unittests` v0.5.1 (#414, #421) (by @jk464)
 * Migrate to kubeconform for k8s linting, as kubeval is now deprecated (#420) (by @jk464)
+* Allow clusters that do not use kubeproxy to disable presleep. (#416) (by @cognifloyd)
 
 ## v1.1.0
 * Fix syntax with ensure-packs-volumes-are-writable job (#403, #411) (by @skiedude)
@@ -27,8 +28,9 @@
 * Add `st2canary` job as a Helm Hook that runs before install/upgrade to ensure `st2.packs.volumes` is configured correctly (if `st2.packs.volumes.enabled`). (#323) (by @cognifloyd)
 * Enable using existing `st2-auth` secret. This allows users to manage this secret outside of the Helm process. (#359) (by @bmarick)
 * Add terminationGracePeriodSeconds to workflow and actionrunner pods to allow adjustment of grace period in k8 (#374) (by @guzzijones12)
+* Fix st2 client config issue affecting addon jobs using jobs.extra_hooks (#371) (by @cars)
 * Prevent duplicate init containers on helm upgrade (#375) (by @guzzijones12)
-* Fix st2 client config issue affecting addon jobs using jobs.extra_hooks (#370) (by @cars)
+* Workaround kubeproxy+kubelet race: Add presleep for st2auth, st2web, st2api, st2stream (#382) (by @guzzijones12)
 
 ## v0.110.0
 * Switch st2 to `v3.8` as a new default stable version (#347)

templates/deployments.yaml

@@ -100,11 +100,13 @@ spec:
           mountPath: /post-start.sh
           subPath: post-start.sh
         lifecycle:
+          {{- if .Values.st2auth.preStopSleep | toString | ne "0" }}
           preStop:
             exec: # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
               # kubeproxy and kubelet both race  
               # wait a bit to ensure kubeproxy has removed the iptables rule.
-              command: [ "sleep", {{ .Values.st2auth.preStopSleep | toString }} ]
+              command: [ "sleep", "{{ .Values.st2auth.preStopSleep | toString }}" ]
+          {{- end }}
           postStart:
             exec:
               command: ["/bin/bash", "/post-start.sh"]
@@ -233,11 +235,13 @@ spec:
           mountPath: /post-start.sh
           subPath: post-start.sh
         lifecycle:
+          {{- if .Values.st2api.preStopSleep | toString | ne "0" }}
           preStop:
             exec: # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
               # kubeproxy and kubelet both race  
               # wait a bit to ensure kubeproxy has removed the iptables rule.
-              command: [ "sleep", {{ .Values.st2api.preStopSleep | toString }} ]
+              command: [ "sleep", "{{ .Values.st2api.preStopSleep | toString }}" ]
+          {{- end }}
           postStart:
             exec:
               command: ["/bin/bash", "/post-start.sh"]
@@ -357,11 +361,13 @@ spec:
           mountPath: /post-start.sh
           subPath: post-start.sh
         lifecycle:
+          {{- if .Values.st2stream.preStopSleep | toString | ne "0" }}
           preStop:
             exec: # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
               # kubeproxy and kubelet both race  
               # wait a bit to ensure kubeproxy has removed the iptables rule.
-              command: [ "sleep", {{ .Values.st2stream.preStopSleep | toString }} ]
+              command: [ "sleep", "{{ .Values.st2stream.preStopSleep | toString }}" ]
+          {{- end }}
           postStart:
             exec:
               command: ["/bin/bash", "/post-start.sh"]
@@ -483,11 +489,13 @@ spec:
             mountPath: /post-start.sh
             subPath: post-start.sh
         lifecycle:
+          {{- if .Values.st2web.preStopSleep | toString | ne "0" }}
           preStop:
             exec: # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
               # kubeproxy and kubelet both race  
               # wait a bit to ensure kubeproxy has removed the iptables rule.
-              command: [ "sleep", {{ .Values.st2web.preStopSleep | toString }} ]
+              command: [ "sleep", "{{ .Values.st2web.preStopSleep | toString }}" ]
+          {{- end }}
           postStart:
             exec:
               command: ["/bin/bash", "/post-start.sh"]

values.yaml

@@ -391,6 +391,9 @@ st2web:
   # The pod will not be marked as "running" until this script completes successfully.
   # see: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
   postStartScript: ""
+  # preStopSleep works around iptables race conditions in kubeproxy and kubelet.
+  # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
+  # If you use an alternative to kubeproxy, like Calico, disable this by setting it to "0".
   preStopSleep: "10"
 
 # https://docs.stackstorm.com/reference/ha.html#st2auth
@@ -427,6 +430,9 @@ st2auth:
   # The pod will not be marked as "running" until this script completes successfully.
   # see: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
   postStartScript: ""
+  # preStopSleep works around iptables race conditions in kubeproxy and kubelet.
+  # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
+  # If you use an alternative to kubeproxy, like Calico, disable this by setting it to "0".
   preStopSleep: "10"
   # mount extra volumes on the st2auth pod(s) (primarily useful for custom logging conf)
   ## Note that Helm templating is supported in 'mount' and 'volume'
@@ -467,6 +473,9 @@ st2api:
   # The pod will not be marked as "running" until this script completes successfully.
   # see: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
   postStartScript: ""
+  # preStopSleep works around iptables race conditions in kubeproxy and kubelet.
+  # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
+  # If you use an alternative to kubeproxy, like Calico, disable this by setting it to "0".
   preStopSleep: "10"
   # mount extra volumes on the st2api pod(s) (primarily useful for custom logging conf)
   ## Note that Helm templating is supported in 'mount' and 'volume'
@@ -507,6 +516,9 @@ st2stream:
   # The pod will not be marked as "running" until this script completes successfully.
   # see: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
   postStartScript: ""
+  # preStopSleep works around iptables race conditions in kubeproxy and kubelet.
+  # https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
+  # If you use an alternative to kubeproxy, like Calico, disable this by setting it to "0".
   preStopSleep: "10"
   # mount extra volumes on the st2stream pod(s) (primarily useful for custom logging conf)
   ## Note that Helm templating is supported in 'mount' and 'volume'