You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
without a finalizer, to a terminal phase (`Failed` or `Succeeded` depending on
98
98
the exit statuses of the pod containers) before their deletion from the API server.
99
99
@@ -219,13 +219,13 @@ status:
219
219
...
220
220
```
221
221
222
-
The Pod conditions you add must have names that meet the Kubernetes[label key format](/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set).
223
-
222
+
The Pod conditions you add must have names that meet the Kubernetes
Startup probes are useful for Pods that have containers that take a long time to
412
406
come into service. Rather than set a long liveness interval, you can configure
413
407
a separate configuration for probing the container as it starts up, allowing
@@ -436,69 +430,77 @@ shutdown.
436
430
Typically, the container runtime sends a TERM signal to the main process in each
437
431
container. Many container runtimes respect the `STOPSIGNAL` value defined in the container
438
432
image and send this instead of TERM.
439
-
Once the grace period has expired, the KILL signal is sent to any remaining
440
-
processes, and the Pod is then deleted from the
441
-
{{< glossary_tooltip text="API Server" term_id="kube-apiserver" >}}. If the kubelet or the
442
-
container runtime's management service is restarted while waiting for processes to terminate, the
443
-
cluster retries from the start including the full original grace period.
433
+
Once the grace period has expired, the KILL signal is sent to any remaining processes, and the Pod
434
+
is then deleted from the {{< glossary_tooltip text="API Server" term_id="kube-apiserver" >}}.
435
+
If the kubelet or the container runtime's management service is restarted while waiting for
436
+
processes to terminate, the cluster retries from the start including the full original grace period.
444
437
445
438
An example flow:
446
439
447
440
1. You use the `kubectl` tool to manually delete a specific Pod, with the default grace period
448
441
(30 seconds).
442
+
449
443
1. The Pod in the API server is updated with the time beyond which the Pod is considered "dead"
450
444
along with the grace period.
451
-
If you use `kubectl describe` to check on the Pod you're deleting, that Pod shows up as
452
-
"Terminating".
445
+
If you use `kubectl describe` to check the Pod you're deleting, that Pod shows up as "Terminating".
453
446
On the node where the Pod is running: as soon as the kubelet sees that a Pod has been marked
454
447
as terminating (a graceful shutdown duration has been set), the kubelet begins the local Pod
455
448
shutdown process.
449
+
456
450
1. If one of the Pod's containers has defined a `preStop`
457
451
[hook](/docs/concepts/containers/container-lifecycle-hooks) and the `terminationGracePeriodSeconds`
458
452
in the Pod spec is not set to 0, the kubelet runs that hook inside of the container.
459
453
The default `terminationGracePeriodSeconds` setting is 30 seconds.
454
+
460
455
If the `preStop` hook is still running after the grace period expires, the kubelet requests
461
456
a small, one-off grace period extension of 2 seconds.
457
+
462
458
{{< note >}}
463
459
If the `preStop` hook needs longer to complete than the default grace period allows,
464
460
you must modify `terminationGracePeriodSeconds` to suit this.
465
461
{{< /note >}}
462
+
466
463
1. The kubelet triggers the container runtime to send a TERM signal to process 1 inside each
467
464
container.
468
465
{{< note >}}
469
466
The containers in the Pod receive the TERM signal at different times and in an arbitrary
470
467
order. If the order of shutdowns matters, consider using a `preStop` hook to synchronize.
471
468
{{< /note >}}
472
-
1. At the same time as the kubelet is starting graceful shutdown of the Pod, the control plane evaluates whether to remove that shutting-down Pod from EndpointSlice (and Endpoints) objects, where those objects represent
473
-
a {{< glossary_tooltip term_id="service" text="Service" >}} with a configured
1. At the same time as the kubelet is starting graceful shutdown of the Pod, the control plane
471
+
evaluates whether to remove that shutting-down Pod from EndpointSlice (and Endpoints) objects,
472
+
where those objects represent a {{< glossary_tooltip term_id="service" text="Service" >}}
473
+
with a configured {{< glossary_tooltip text="selector" term_id="selector" >}}.
475
474
{{< glossary_tooltip text="ReplicaSets" term_id="replica-set" >}} and other workload resources
476
-
no longer treat the shutting-down Pod as a valid, in-service replica. Pods that shut down slowly
477
-
should not continue to serve regular traffic and should start terminating and finish processing open connections.
478
-
Some applications need to go beyond finishing open connections and need more graceful termination -
479
-
for example: session draining and completion. Any endpoints that represent the terminating pods
480
-
are not immediately removed from EndpointSlices,
481
-
and a status indicating [terminating state](/docs/concepts/services-networking/endpoint-slices/#conditions)
482
-
is exposed from the EndpointSlice API (and the legacy Endpoints API). Terminating
483
-
endpoints always have their `ready` status
484
-
as `false` (for backward compatibility with versions before 1.26),
485
-
so load balancers will not use it for regular traffic.
486
-
If traffic draining on terminating pod is needed, the actual readiness can be checked as a condition `serving`.
487
-
You can find more details on how to implement connections draining
488
-
in the tutorial [Pods And Endpoints Termination Flow](/docs/tutorials/services/pods-and-endpoint-termination-flow/)
475
+
no longer treat the shutting-down Pod as a valid, in-service replica.
476
+
477
+
Pods that shut down slowly should not continue to serve regular traffic and should start
478
+
terminating and finish processing open connections. Some applications need to go beyond
479
+
finishing open connections and need more graceful termination, for example, session draining
480
+
and completion.
481
+
482
+
Any endpoints that represent the terminating Pods are not immediately removed from
483
+
EndpointSlices, and a status indicating [terminating state](/docs/concepts/services-networking/endpoint-slices/#conditions)
484
+
is exposed from the EndpointSlice API (and the legacy Endpoints API).
485
+
Terminating endpoints always have their `ready` status as `false` (for backward compatibility
486
+
with versions before 1.26), so load balancers will not use it for regular traffic.
487
+
488
+
If traffic draining on terminating Pod is needed, the actual readiness can be checked as a
489
+
condition `serving`. You can find more details on how to implement connections draining in the
490
+
tutorial [Pods And Endpoints Termination Flow](/docs/tutorials/services/pods-and-endpoint-termination-flow/)
489
491
490
492
{{<note>}}
491
493
If you don't have the `EndpointSliceTerminatingCondition` feature gate enabled
492
-
in your cluster (the gate is on by default from Kubernetes 1.22, and locked to default in 1.26), then the Kubernetes control
493
-
plane removes a Pod from any relevant EndpointSlices as soon as the Pod's
494
+
in your cluster (the gate is on by default from Kubernetes 1.22, and locked to default in 1.26),
495
+
then the Kubernetes control plane removes a Pod from any relevant EndpointSlices as soon as the Pod's
494
496
termination grace period _begins_. The behavior above is described when the
495
497
feature gate `EndpointSliceTerminatingCondition` is enabled.
496
498
{{</note>}}
497
499
498
500
1. When the grace period expires, the kubelet triggers forcible shutdown. The container runtime sends
499
501
`SIGKILL` to any processes still running in any container in the Pod.
500
502
The kubelet also cleans up a hidden `pause` container if that container runtime uses one.
501
-
1. The kubelet transitions the pod into a terminal phase (`Failed` or `Succeeded` depending on
503
+
1. The kubelet transitions the Pod into a terminal phase (`Failed` or `Succeeded` depending on
502
504
the end state of its containers). This step is guaranteed since version 1.27.
503
505
1. The kubelet triggers forcible removal of Pod object from the API server, by setting grace period
504
506
to 0 (immediate deletion).
@@ -515,11 +517,12 @@ the `--grace-period=<seconds>` option which allows you to override the default a
515
517
own value.
516
518
517
519
Setting the grace period to `0` forcibly and immediately deletes the Pod from the API
518
-
server. If the pod was still running on a node, that forcible deletion triggers the kubelet to
520
+
server. If the Pod was still running on a node, that forcible deletion triggers the kubelet to
519
521
begin immediate cleanup.
520
522
521
523
{{< note >}}
522
-
You must specify an additional flag `--force` along with `--grace-period=0` in order to perform force deletions.
524
+
You must specify an additional flag `--force` along with `--grace-period=0`
525
+
in order to perform force deletions.
523
526
{{< /note >}}
524
527
525
528
When a force deletion is performed, the API server does not wait for confirmation
@@ -529,7 +532,8 @@ name. On the node, Pods that are set to terminate immediately will still be give
529
532
a small grace period before being force killed.
530
533
531
534
{{< caution >}}
532
-
Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
535
+
Immediate deletion does not wait for confirmation that the running resource has been terminated.
536
+
The resource may continue to run on the cluster indefinitely.
533
537
{{< /caution >}}
534
538
535
539
If you need to force-delete Pods that are part of a StatefulSet, refer to the task
@@ -542,21 +546,24 @@ For failed Pods, the API objects remain in the cluster's API until a human or
542
546
{{< glossary_tooltip term_id="controller" text="controller" >}} process
543
547
explicitly removes them.
544
548
545
-
The Pod garbage collector (PodGC), which is a controller in the control plane, cleans up terminated Pods (with a phase of `Succeeded` or
546
-
`Failed`), when the number of Pods exceeds the configured threshold
547
-
(determined by `terminated-pod-gc-threshold` in the kube-controller-manager).
549
+
The Pod garbage collector (PodGC), which is a controller in the control plane, cleans up
550
+
terminated Pods (with a phase of `Succeeded` or `Failed`), when the number of Pods exceeds the
551
+
configured threshold (determined by `terminated-pod-gc-threshold` in the kube-controller-manager).
548
552
This avoids a resource leak as Pods are created and terminated over time.
549
553
550
554
Additionally, PodGC cleans up any Pods which satisfy any of the following conditions:
551
-
1. are orphan pods - bound to a node which no longer exists,
552
-
2. are unscheduled terminating pods,
553
-
3. are terminating pods, bound to a non-ready node tainted with [`node.kubernetes.io/out-of-service`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-out-of-service), when the `NodeOutOfServiceVolumeDetach` feature gate is enabled.
555
+
556
+
1. are orphan Pods - bound to a node which no longer exists,
557
+
1. are unscheduled terminating Pods,
558
+
1. are terminating Pods, bound to a non-ready node tainted with
0 commit comments