This repository has been archived by the owner on Jan 18, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 223
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use sidecar to monitor events on timescaledb container, then cleanup …
…(hopefully last pattern to be tried) Given a few peculiarities with how liveness probes work, and the fact that the underlying timescaledb container could end up being removed by the underlying kubelet before the liveness probe has a change to perform its cleanup logic, it appears as though this pattern provides the most robust approach. The fact that we are monitoring the K8s API for events related to the specific target container, and that we are using timestamps of the events to maintain event stream offsets, should ensure that this pattern is the most robust pattern for guaranteeing that a specific cleanup routine is performed when the timescaledb container exits, all without touching the timescaledb container itself.
- Loading branch information
Showing
5 changed files
with
91 additions
and
70 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
68 changes: 68 additions & 0 deletions
68
charts/timescaledb-single/scripts/sidecar_events_monitor.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
#!/bin/bash | ||
# | ||
# Monitor Kubernetes events related to this pod (determined via HOSTNAME env var), | ||
# in order to determine when some target container of this pod has stopped according | ||
# to Kubernetes. | ||
|
||
# Get the pod service account token. | ||
TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) | ||
# Set the Kubernetes API server address. | ||
API_SERVER="https://kubernetes.default.svc" | ||
# Get the pod name. | ||
POD_NAME=$HOSTNAME | ||
# Construct the authorization header | ||
AUTH_HEADER="Authorization: Bearer $TOKEN" | ||
# Last seen event timestamp (for paging). | ||
LAST_EVENT_TIME="$(date +'%Y-%m-%dT%H:%M:%SZ')" | ||
# The namespace in which this pod is running. | ||
TARGET_NS="${1}" | ||
# The container for which events are being monitored, in order to | ||
# determine when the target container has stopped according to Kubernetes. | ||
TARGET_CONTAINER="${2}" | ||
|
||
function process_events() { | ||
while true; do | ||
# Construct the URL with paging parameters. | ||
URL="$API_SERVER/api/v1/namespaces/savannah-system/events?fieldSelector=involvedObject.name=$POD_NAME&limit=500&since=$LAST_EVENT_TIME" | ||
|
||
# Fetch a batch of events for the current pod. | ||
EVENTS=$(curl -s -k -H "$AUTH_HEADER" "$URL") | ||
|
||
# Check for "ContainerStopped" event related to the "timescaledb" container. | ||
if [[ $(echo "$EVENTS" | jq -r '.items[] | select(.reason == "ContainerStopped" and .involvedObject.name == "timescaledb")') ]]; then | ||
echo "timescaledb container in pod $POD_NAME has stopped, will call linkerd-shutdown now" | ||
fi | ||
|
||
# Extract timestamp of the latest event for next iteration. | ||
LAST_EVENT_TIME=$(echo "$EVENTS" | jq -r '.items[0].lastTimestamp') | ||
|
||
# Sleep for a short interval before checking again. | ||
sleep 5 | ||
done | ||
|
||
# Execute custom cleanup routine. | ||
custom_cleanup | ||
} | ||
|
||
function custom_cleanup() { | ||
echo "executing custom cleanup routine: shutting down local linkerd-proxy" | ||
curl -s -m 5 -X POST http://localhost:4191/shutdown | ||
} | ||
|
||
function main() { | ||
# This trap ensures that this container will not shutdown based on SIGTERM. | ||
# It will do its absolute damnedest to detect when the target container is shutdown first | ||
# in order to ensure that it can execute its custom shutdown logic. | ||
trap process_events SIGTERM | ||
if [[ $TARGET_NS == "" || $TARGET_CONTAINER == "" ]]; then | ||
echo "missing input, can not proceed" | ||
echo "usage: $0 <namespace> <pod>" | ||
exit 1 | ||
fi | ||
process_events | ||
} | ||
|
||
# Execute main if this script is being executed, not sourced. | ||
# | ||
# Though this script should never be sourced, we employ some defensive programming here. | ||
if [ "${BASH_SOURCE[0]}" == "$0" ]; then main "$@"; fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters