Paul Bastide

Playing with Container Lifecycle Hooks and ContainerStopSignals

Written by

Paul Bastide

in

,

DRAFT This is not a complete article. I haven’t yet fully tested and vetted the steps I built. I will come back and hopefully update.

Kubernetes orchestrates Pods across multiple nodes. When a Pod lands on a node, the Kubelet admits the Pod and its containers, and manages the lifecycle of the containers. When the Pod is terminated, the kubelet sends a SIGTERM signal to the running processes. In Kubernetes Enhancement – Container Stop Signals #4960, custom Pod stopSignal is allowed: spec.containers[].lifecycle.stopSignal and you can use one of sixty-five additional stop signals to stop the Pod. While behind a feature gate, you can see supportedStopSignalsLinux.

For example, a user may use SIGQUIT signal to stop a container in the Pod. To do so with kind,

  1. Enable the ContainerStopSignals featuregate in a kind config called kind-cluster-config.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
featureGates:
  ContainerStopSignals: true
nodes:
- role: control-plane
  kubeadmConfigPatches:
  - |
    kind: ClusterConfiguration
    apiServer:
        extraArgs:
          v: "1"
    scheduler:
        extraArgs:
          v: "1"
    controllerManager:
        extraArgs:
          v: "1"
  - |
    kind: InitConfiguration
    nodeRegistration:
      kubeletExtraArgs:
        v: "1"
- role: worker
  kubeadmConfigPatches:
  - |
    kind: JoinConfiguration
    nodeRegistration:
      kubeletExtraArgs:
        v: "1"
  1. Download kind
mkdir -p dev-cache
GOBIN=$(PWD)/dev-cache/ go install sigs.k8s.io/kind@v0.29.0
  1. Start the kind cluster
KIND_EXPERIMENTAL_PROVIDER=podman dev-cache/kind create cluster \
		--image quay.io/powercloud/kind-node:v1.33.1 \
		--name test \
		--config kind-cluster-config.yaml\
		--wait 5m
  1. Create a namespace
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kubernetes.io/metadata.name: lifecycle-test
    pod-security.kubernetes.io/audit: restricted
    pod-security.kubernetes.io/audit-version: v1.24
    pod-security.kubernetes.io/enforce: restricted
    pod-security.kubernetes.io/warn: restricted
    pod-security.kubernetes.io/warn-version: v1.24
  name: lifecycle-test
  1. Create a Pod
apiVersion: v1
kind: Pod
metadata:
  name: test
  namespace: lifecycle-test
spec:
  containers:
  - name: test
    command: ["/bin/sh", "-c"]
    args:
      - function cleanup() { echo "CALLED SIGQUIT"; };
        trap cleanup SIGQUIT;
        sleep infinity
    image: registry.access.redhat.com/ubi9/ubi
    lifecycle:
      stopSignal: SIGQUIT
  1. Check kubectl describe pod/test -n lifecycle-test

You’ve seen how this feature functions with Kubernetes and can take advantage of ContainerStopSignals in your environment.

References

  1. Tracker: Kubernetes Enhancement – Container Stop Signals #4960 issue 30051
  2. KEP-4960: Container Stop Signals
  3. Kubernetes Documentation: Container Lifecycle Hooks
  4. An Introductory Guide to Managing the Kubernetes Pods Lifecycle
  5. Stop Signals

More posts