@@ -843,24 +843,117 @@ examples:
843843
844844### Termination of containers
845845
846- In alpha sidecar containers will be terminated as regular containers. No special
846+ In Alpha sidecar containers will be terminated as regular containers. No special
847847or additional signals will be supported.
848848
849- We will collect feedback from alpha implementation and plan to improve
850- termination in Beta. When Pods with sidecars are terminated:
849+ In Beta we have thought about introducing additional termination grace period fields
850+ to manage termination duration
851+ ([ draft proposal] ( https://docs.google.com/document/d/1B01EdgWJAfkT3l6CIwNwoskQ71eyuwet3mjiQrMQbU8 ) )
852+ and leverage these fields to add reverse order termination of sidecar containers
853+ after the primary containers terminate.
854+
855+ However, we decided on an alternative that doesn't require additional fields or hooks while keeping
856+ the desired behaviors when Pods with sidecars are terminated. While original approach works better
857+ with truly graceful termination where consistency is more important than time taken, proposed approach
858+ works for that scenario as well as a more and more popular scenario of limited time to terminate when
859+ graceful termination is set by external requirement and Pods needs to do best to gracefully terminate
860+ as much as possible (think of a Spot Instances with 30 seconds notification).
861+
862+ Here is the proposed approach:
863+ 1 . Sidecar containers that have a ` PreStop ` hook will be notified when the Pod has begun terminating
864+ by executing the ` PreStop ` hook. This happens at the same time as regular containers, and begins
865+ the Pod's termination grace period countdown.
866+ 2 . Once the last primary container terminates, the last started sidecar container is notified by
867+ sending a ` SIGTERM ` signal.
868+ 3 . The next sidecar (in reverse order) is notified by sending a ` SIGTERM ` signal after the previous
869+ sidecar container terminates.
870+ 4 . This continues until all sidecar containers have terminated, or the Pod's termination grace period
871+ expires.
872+ 5 . In the latter case, all remaining containers are notified by a ` SIGTERM ` , followed by a fixed
873+ grace period of 2s and finally terminated.
874+ 6 . The Pod will be terminated after that.
875+
876+ Pseudocode for the above:
877+
878+ ```
879+ func terminatePod() {
880+ // notify all sidecar containers with preStop hook, asynchronously
881+ for sidecar in sidecarContainers {
882+ if sidecar has preStop hook {
883+ go execute preStop hook // async
884+ }
885+ }
886+ // notify all containers with preStop hook and then SIGTERM, asynchronously
887+ for container in containers {
888+ if container has preStop hook {
889+ go func(container) { // async
890+ execute preStop hook
891+ send SIGTERM
892+ }
893+ }
894+ }
895+ for {
896+ switch {
897+ case grace period expired:
898+ for anyContainer in sidecarContainers + containers {
899+ if anyContainer is running {
900+ send SIGTERM
901+ }
902+ }
903+ sleep 2s
904+ for anyContainer in sidecarContainer + containers {
905+ if anyContainer is running {
906+ send SIGKILL
907+ }
908+ }
909+ return
910+ case all containers are terminated:
911+ // sidecars are terminated in reverse order
912+ for sidecar in reverse(sidecarContainers) {
913+ // sidecar is already terminating, let it finish
914+ if sidecar is terminating {
915+ break
916+ }
917+ // next sidecar to terminate
918+ else if sidecar is running {
919+ send SIGTERM
920+ break
921+ }
922+ }
923+ sleep 1s
924+ case all sidecarContainers are terminated:
925+ return
926+ default:
927+ sleep 1s
928+ }
929+ }
930+ }
931+ ```
851932
933+ It is worth noting that, like with regular containers, ` PreStop ` hook must complete before the ` SIGTERM `
934+ signal to stop the sidecar container can be sent. Therefore, ordering and graceful termination of sidecars
935+ can only be guaranteed if the ` PreStop ` hook completes within the Pod's termination grace period.
936+
937+ Sidecars continue to be restarted until they enter the ` Terminated ` state which they are notified
938+ by a ` SIGTERM ` signal. This is to ensure that sidecars that fail are restarted until the TGPS expires.
939+
940+ We might postpone running the ` livenessProbe ` for restarted sidecar containers during termination
941+ until GA, depending on the implementation complexity.
942+
943+ If we compare this to the initial proposal, the following behaviors are preserved:
852944- Sidecars should not begin termination until all primary containers have
853945 terminated.
854946 - Implicit in this is that sidecars should continue to be restarted until all
855947 primary containers have terminated.
856948- Sidecars should terminate serially and in reverse order. I.e. the first
857949 sidecar to initialize should be the last sidecar to terminate.
858950
859- To address these needs, before promoting this enhancement to Beta, we introduce
860- additional termination grace period fields to manage termination duration
861- ([ draft proposal] ( https://docs.google.com/document/d/1B01EdgWJAfkT3l6CIwNwoskQ71eyuwet3mjiQrMQbU8 ) )
862- and leverage these fields to add reverse order termination of sidecar containers
863- after the primary containers terminate.
951+ The additional benefits of this approach comparing to initial proposal:
952+ - If graceful termination period is short, and mostly taken by the main container, the sidecar containers
953+ has more time to gracefully terminate, for example, clear up buffers of logging container.
954+ - There is absolutely no change in behavior of main containers - they start graceful termination at exact
955+ same time as before and can utilize as much of the graceful termination period as they need. The Pod graceful
956+ termination period semantic also stay unchanged.
864957
865958### Other
866959
0 commit comments