Skip to content

Commit

Permalink
feat(ingress) support terminationGracePeriodSeconds
Browse files Browse the repository at this point in the history 
There are cases where due to network load balancer (NLB) configuration
that a delay needs to be introduced to the containers during shutdown.
This delay is configurable for the Kong Proxy container through the helm
chart, however it is not possible to configure this delay for the
ingress controller. This can result in stale upstreams during NLB
draining and downtime for services. Making this delay configurable seems
the easiest approach to addressing this limitation.

We have a PR for the kong-ingress-controller which will [update its
behaviour](Kong/kubernetes-ingress-controller#2494)
so we can configure the termination delay.

This PR adds the ability to set a concomitant value in the helm chart.
  • Loading branch information
@chazdnato
chazdnato committed May 24, 2022
1 parent 8af6326 commit 81458a6
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 23 deletions.
47 changes: 24 additions & 23 deletions charts/kong/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -667,29 +667,30 @@ are configured using an array of objects under `proxy.stream` and `udpProxy.stre
All of the following properties are nested under the `ingressController`
section of `values.yaml` file:

| Parameter | Description | Default |
|-----------------------------------------|---------------------------------------------------------------------------------------------------------------------| ---------------------------------------------------------------------------- |
| enabled | Deploy the ingress controller, rbac and crd | true |
| image.repository | Docker image with the ingress controller | kong/kubernetes-ingress-controller |
| image.tag | Version of the ingress controller | 2.0 |
| image.effectiveSemver | Version of the ingress controller used for version-specific features when image.tag is not a valid semantic version | |
| readinessProbe | Kong ingress controllers readiness probe | |
| livenessProbe | Kong ingress controllers liveness probe | |
| installCRDs | Creates managed CRDs. | false |
| env | Specify Kong Ingress Controller configuration via environment variables | |
| customEnv | Specify custom environment variables (without the CONTROLLER_ prefix) | |
| ingressClass | The name of this controller's ingressClass | kong |
| ingressClassAnnotations | The ingress-class value for controller | kong |
| args | List of ingress-controller cli arguments | [] |
| watchNamespaces | List of namespaces to watch. Watches all namespaces if empty | [] |
| admissionWebhook.enabled | Whether to enable the validating admission webhook | false |
| admissionWebhook.failurePolicy | How unrecognized errors from the admission endpoint are handled (Ignore or Fail) | Fail |
| admissionWebhook.port | The port the ingress controller will listen on for admission webhooks | 8080 |
| admissionWebhook.certificate.provided | Whether to generate the admission webhook certificate if not provided | false |
| admissionWebhook.certificate.secretName | Name of the TLS secret for the provided webhook certificate | |
| admissionWebhook.certificate.caBundle | PEM encoded CA bundle which will be used to validate the provided webhook certificate | |
| deployment.userDefinedVolumes | Create volumes. Please go to Kubernetes doc for the spec of the volumes | |
| deployment.userDefinedVolumeMounts | Create volumeMounts. Please go to Kubernetes doc for the spec of the volumeMounts | |
| Parameter | Description | Default |
|-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------|
| enabled | Deploy the ingress controller, rbac and crd | true |
| image.repository | Docker image with the ingress controller | kong/kubernetes-ingress-controller |
| image.tag | Version of the ingress controller | 2.0 |
| image.effectiveSemver | Version of the ingress controller used for version-specific features when image.tag is not a valid semantic version | |
| readinessProbe | Kong ingress controllers readiness probe | |
| livenessProbe | Kong ingress controllers liveness probe | |
| installCRDs | Creates managed CRDs. | false |
| env | Specify Kong Ingress Controller configuration via environment variables | |
| customEnv | Specify custom environment variables (without the CONTROLLER_ prefix) | |
| ingressClass | The name of this controller's ingressClass | kong |
| ingressClassAnnotations | The ingress-class value for controller | kong |
| args | List of ingress-controller cli arguments | [] |
| watchNamespaces | List of namespaces to watch. Watches all namespaces if empty | [] |
| admissionWebhook.enabled | Whether to enable the validating admission webhook | false |
| admissionWebhook.failurePolicy | How unrecognized errors from the admission endpoint are handled (Ignore or Fail) | Fail |
| admissionWebhook.port | The port the ingress controller will listen on for admission webhooks | 8080 |
| admissionWebhook.certificate.provided | Whether to generate the admission webhook certificate if not provided | false |
| admissionWebhook.certificate.secretName | Name of the TLS secret for the provided webhook certificate | |
| admissionWebhook.certificate.caBundle | PEM encoded CA bundle which will be used to validate the provided webhook certificate | |
| deployment.userDefinedVolumes | Create volumes. Please go to Kubernetes doc for the spec of the volumes | |
| deployment.userDefinedVolumeMounts | Create volumeMounts. Please go to Kubernetes doc for the spec of the volumeMounts | |
| terminationGracePeriodSeconds | Sets the [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution) for Deployment pod | 30 |

#### The `env` section
For a complete list of all configuration values you can set in the
Expand Down
1 change: 1 addition & 0 deletions charts/kong/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -614,6 +614,7 @@ The name of the service used for the ingress controller's validation webhook
{{- end }}
resources:
{{ toYaml .Values.ingressController.resources | indent 4 }}
terminationGracePeriodSeconds: {{ .Values.ingressController.terminationGracePeriodSecond }}
volumeMounts:
{{- if .Values.ingressController.admissionWebhook.enabled }}
- name: webhook-cert
Expand Down
4 changes: 4 additions & 0 deletions charts/kong/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -458,6 +458,10 @@ ingressController:
effectiveSemver:
args: []

# Sets the termination grace period for pods spawned by the Kubernetes Deployment.
# Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution
terminationGracePeriodSeconds: 30

# Specify individual namespaces to watch for ingress configuration. By default,
# when no namespaces are set, the controller watches all namespaces and uses a
# ClusterRole to grant access to Kubernetes resources. When you list specific
Expand Down

0 comments on commit 81458a6

Please sign in to comment.