@@ -843,24 +843,57 @@ examples:
843843
844844### Termination of containers
845845
846- In alpha sidecar containers will be terminated as regular containers. No special
846+ In Alpha sidecar containers will be terminated as regular containers. No special
847847or additional signals will be supported.
848848
849- We will collect feedback from alpha implementation and plan to improve
850- termination in Beta. When Pods with sidecars are terminated:
849+ In Beta we have thought about introducing additional termination grace period fields
850+ to manage termination duration
851+ ([ draft proposal] ( https://docs.google.com/document/d/1B01EdgWJAfkT3l6CIwNwoskQ71eyuwet3mjiQrMQbU8 ) )
852+ and leverage these fields to add reverse order termination of sidecar containers
853+ after the primary containers terminate.
851854
855+ However, we decided on an alternative that doesn't require additional fields or hooks while keeping
856+ the desired behaviors when Pods with sidecars are terminated. While original approach works better
857+ with truly graceful termination where consistency is more important than time taken, proposed approach
858+ works for that scenario as well as a more and more popular scenario of limited time to terminate when
859+ graceful termination is set by external requirement and Pods needs to do best to gracefully terminate
860+ as much as possible (think of a Spot Instances with 30 seconds notification).
861+
862+ Here is the proposed approach:
863+ 1 . Sidecar containers that have a ` PreStop ` hook will be notified when the Pod has begun terminating
864+ by executing the ` PreStop ` hook. This happens at the same time as regular containers, and begins
865+ the Pod's termination grace period countdown.
866+ 2 . Sidecar containers enter the ` Terminated ` state and are no longer restarted if they fail.
867+ 3 . Once the last primary container terminates, the last started sidecar container is notified by
868+ sending a ` SIGTERM ` signal.
869+ 4 . The next sidecar (in reverse order) is notified by sending a ` SIGTERM ` signal after the previous
870+ sidecar container terminates.
871+ 5 . This continues until all sidecar containers have terminated, or the Pod's termination grace period
872+ expires. In the latter case, all containers are terminated with minimum grace period and the Pod
873+ will be terminated after that.
874+
875+ It is worth noting that, like with regular containers, ` PreStop ` hook must complete before the ` SIGTERM `
876+ signal to stop the sidecar container can be sent. Therefore, ordering and graceful termination of sidecars
877+ can only be guaranteed if the ` PreStop ` hook completes within the Pod's termination grace period.
878+
879+ If we compare this to the initial proposal, the following behaviors are preserved:
852880- Sidecars should not begin termination until all primary containers have
853881 terminated.
854- - Implicit in this is that sidecars should continue to be restarted until all
855- primary containers have terminated.
856882- Sidecars should terminate serially and in reverse order. I.e. the first
857883 sidecar to initialize should be the last sidecar to terminate.
858884
859- To address these needs, before promoting this enhancement to Beta, we introduce
860- additional termination grace period fields to manage termination duration
861- ([ draft proposal] ( https://docs.google.com/document/d/1B01EdgWJAfkT3l6CIwNwoskQ71eyuwet3mjiQrMQbU8 ) )
862- and leverage these fields to add reverse order termination of sidecar containers
863- after the primary containers terminate.
885+ The additional benefits of this approach comparing to initial proposal:
886+ - If graceful termination period is short, and mostly taken by the main container, the sidecar containers
887+ has more time to gracefully terminate, for example, clear up buffers of logging container.
888+ - There is absolutely no change in behavior of main containers - they start graceful termination at exact
889+ same time as before and can utilize as much of the graceful termination period as they need. The Pod graceful
890+ termination period semantic also stay unchanged.
891+
892+ However, the following behaviors is not preserved:
893+ - Sidecars should continue to be restarted until all primary containers have terminated.
894+
895+ We think this is a reasonable tradeoff and consistent with the best effort nature of keeping
896+ sidecar containers running during the Pod's lifetime.
864897
865898### Other
866899
0 commit comments