fix: add graceful shutdown (#57)

fix: add graceful shutdown
devops-ia · Sep 5, 2024 · 10f23b4 · 10f23b4
1 parent 7fa1219
commit 10f23b4
Show file tree

Hide file tree

Showing 6 changed files with 96 additions and 21 deletions.
diff --git a/charts/opencti/README.md b/charts/opencti/README.md
@@ -97,6 +97,7 @@ helm show values opencti/opencti
 | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion |
 | imagePullSecrets | list | `[]` | Global Docker registry secret names as an array |
 | ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration to expose app </br> Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ |
+| lifecycle | object | `{}` | Configure lifecycle hooks </br> Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ </br> Ref: https://learnk8s.io/graceful-shutdown |
 | livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure liveness checker </br> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes |
 | livenessProbeCustom | object | `{}` | Custom livenessProbe |
 | minio | object | `{"auth":{"rootPassword":"ChangeMe","rootUser":"ChangeMe"},"enabled":true,"mode":"standalone","persistence":{"enabled":false}}` | MinIO subchart deployment </br> Ref: https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml |
@@ -140,11 +141,12 @@ helm show values opencti/opencti
 | serviceMonitor.enabled | bool | `false` | Enable or disable |
 | startupProbe | object | `{"enabled":true,"failureThreshold":30,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure startupProbe checker </br> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes |
 | startupProbeCustom | object | `{}` | Custom startupProbe |
+| terminationGracePeriodSeconds | int | `30` | Configure Pod termination grace period </br> Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination |
 | testConnection | bool | `false` | Enable or disable test connection |
 | tolerations | list | `[]` | Tolerations for pod assignment </br> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
 | volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition |
 | volumes | list | `[]` | Additional volumes on the output Deployment definition |
-| worker | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80},"enabled":true,"env":{"WORKER_LOG_LEVEL":"info","WORKER_TELEMETRY_ENABLED":true},"envFromSecrets":{},"image":{"pullPolicy":"IfNotPresent","repository":"opencti/worker","tag":""},"networkPolicy":{"egress":[],"enabled":false,"ingress":[],"policyTypes":[]},"nodeSelector":{},"podDisruptionBudget":{"enabled":false,"maxUnavailable":1,"minAvailable":null},"readyChecker":{"enabled":true,"retries":30,"timeout":5},"replicaCount":1,"resources":{},"serviceMonitor":{"enabled":false,"interval":"30s","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s"},"tolerations":[],"volumeMounts":[],"volumes":[]}` | OpenCTI worker deployment configuration </br> Ref: https://docs.opencti.io/latest/deployment/overview/#workers |
+| worker | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80},"enabled":true,"env":{"WORKER_LOG_LEVEL":"info","WORKER_TELEMETRY_ENABLED":true},"envFromSecrets":{},"image":{"pullPolicy":"IfNotPresent","repository":"opencti/worker","tag":""},"lifecycle":{},"networkPolicy":{"egress":[],"enabled":false,"ingress":[],"policyTypes":[]},"nodeSelector":{},"podDisruptionBudget":{"enabled":false,"maxUnavailable":1,"minAvailable":null},"readyChecker":{"enabled":true,"retries":30,"timeout":5},"replicaCount":1,"resources":{},"serviceMonitor":{"enabled":false,"interval":"30s","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s"},"terminationGracePeriodSeconds":30,"tolerations":[],"volumeMounts":[],"volumes":[]}` | OpenCTI worker deployment configuration </br> Ref: https://docs.opencti.io/latest/deployment/overview/#workers |
 | worker.affinity | object | `{}` | Affinity for pod assignment </br> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity |
 | worker.autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Autoscaling with CPU or memory utilization percentage </br> Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ |
 | worker.enabled | bool | `true` | Enable or disable worker |
@@ -154,6 +156,7 @@ helm show values opencti/opencti
 | worker.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image |
 | worker.image.repository | string | `"opencti/worker"` | Repository of the image |
 | worker.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion |
+| worker.lifecycle | object | `{}` | Configure lifecycle hooks </br> Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ </br> Ref: https://learnk8s.io/graceful-shutdown |
 | worker.networkPolicy | object | `{"egress":[],"enabled":false,"ingress":[],"policyTypes":[]}` | NetworkPolicy configuration </br> Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ |
 | worker.networkPolicy.enabled | bool | `false` | Enable or disable NetworkPolicy |
 | worker.networkPolicy.policyTypes | list | `[]` | Policy types |
@@ -167,6 +170,7 @@ helm show values opencti/opencti
 | worker.resources | object | `{}` | The resources limits and requested </br> Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
 | worker.serviceMonitor | object | `{"enabled":false,"interval":"30s","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s"}` | Enable ServiceMonitor to get metrics </br> Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor |
 | worker.serviceMonitor.enabled | bool | `false` | Enable or disable |
+| worker.terminationGracePeriodSeconds | int | `30` | Configure Pod termination grace period </br> Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination |
 | worker.tolerations | list | `[]` | Tolerations for pod assignment </br> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
 | worker.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition |
 | worker.volumes | list | `[]` | Additional volumes on the output Deployment definition |
diff --git a/charts/opencti/ci/ci-common-values.yaml b/charts/opencti/ci/ci-common-values.yaml
@@ -22,6 +22,22 @@ env:
 
 testConnection: true
 
+lifecycle:
+  preStop:
+    exec:
+      command: ["sh", "-c", "sleep 10"]
+
+terminationGracePeriodSeconds: 40
+
+networkPolicy:
+  enabled: true
+
+podDisruptionBudget:
+  enabled: true
+
+autoscaling:
+  enabled: true
+
 secrets:
   APP__ADMIN__TOKEN: "b1976749-8a53-4f49-bf04-cafa2a3458c1"
   RABBITMQ__PASSWORD: ChangeMe
@@ -37,6 +53,30 @@ envFromSecrets:
     name: opencti-ci-credentials
     key: RABBITMQ__PASSWORD
 
+worker:
+  enabled: true
+
+  readyChecker:
+    enabled: true
+    retries: 40
+    timeout: 10
+
+  lifecycle:
+    preStop:
+      exec:
+        command: ["sh", "-c", "sleep 10"]
+
+  terminationGracePeriodSeconds: 40
+
+  networkPolicy:
+    enabled: true
+
+  podDisruptionBudget:
+    enabled: true
+
+  autoscaling:
+    enabled: true
+
 connectors:
 - name: opencti
   enabled: true
@@ -51,6 +91,11 @@ connectors:
     enabled: true
     retries: 40
     timeout: 10
+  lifecycle:
+    preStop:
+      exec:
+        command: ["sh", "-c", "sleep 10"]
+  terminationGracePeriodSeconds: 40
   deploymentAnnotations:
     ci: "true"
   podAnnotations:
@@ -65,26 +110,6 @@ connectors:
       name: opencti-ci-credentials
       key: APP__ADMIN__TOKEN
 
-networkPolicy:
-  enabled: true
-
-autoscaling:
-  enabled: true
-
-worker:
-  enabled: true
-
-  readyChecker:
-    enabled: true
-    retries: 40
-    timeout: 10
-
-  networkPolicy:
-    enabled: false
-
-  autoscaling:
-    enabled: true
-
 elasticsearch:
   fullnameOverride: opencti-ci-elasticsearch
   master:

diff --git a/charts/opencti/templates/connector/deployment.yaml b/charts/opencti/templates/connector/deployment.yaml
@@ -73,6 +73,10 @@ spec:
             {{- toYaml .securityContext | nindent 12 }}
           image: "{{- if and .image (hasKey .image "repository") }}{{ .image.repository }}{{- else if $.Values.global.imageRegistry }}{{ printf "%s/opencti/%s" $.Values.global.imageRegistry .name }}{{- else }}{{ printf "opencti/%s" .name }}{{- end }}:{{ if and .image (hasKey .image "tag") }}{{ .image.tag | default $.Chart.AppVersion }}{{ else }}{{ $.Chart.AppVersion }}{{ end }}"
           imagePullPolicy: {{ if and .image (hasKey .image "pullPolicy") }}{{ .image.pullPolicy }}{{ else }}IfNotPresent{{ end }}
+          lifecycle:
+            {{- with .lifecycle }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
           env:
           # Variables from secrets have precedence
           {{- $envList := dict -}}
@@ -118,6 +122,7 @@ spec:
           {{- end }}
           resources:
             {{- toYaml .resources | nindent 12 }}
+      terminationGracePeriodSeconds: {{ .terminationGracePeriodSeconds | default 30 }}
       {{- with .nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/opencti/templates/server/deployment.yaml b/charts/opencti/templates/server/deployment.yaml
@@ -83,6 +83,10 @@ spec:
               containerPort: {{ .Values.env.APP__TELEMETRY__METRICS__EXPORTER_PROMETHEUS | default 14269 }}
               protocol: TCP
             {{- end }}
+          lifecycle:
+            {{- with .Values.lifecycle }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
           {{- if .Values.livenessProbe.enabled }}
           livenessProbe:
             {{- if .Values.livenessProbeCustom }}
@@ -163,6 +167,7 @@ spec:
           volumeMounts:
             {{- toYaml . | nindent 12 }}
           {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
       {{- with .Values.volumes }}
       volumes:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/opencti/templates/worker/deployment.yaml b/charts/opencti/templates/worker/deployment.yaml
@@ -74,6 +74,10 @@ spec:
               containerPort: {{ .Values.worker.env.WORKER_PROMETHEUS_TELEMETRY_PORT | default 14269 }}
               protocol: TCP
             {{- end }}
+          lifecycle:
+            {{- with .Values.worker.lifecycle }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
           env:
           # Variables from secrets have precedence
           {{- $envList := dict -}}
@@ -123,6 +127,7 @@ spec:
           volumeMounts:
             {{- toYaml . | nindent 12 }}
           {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.worker.terminationGracePeriodSeconds }}
       {{- with .Values.worker.volumes }}
       volumes:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/opencti/values.yaml b/charts/opencti/values.yaml
@@ -143,6 +143,18 @@ serviceMonitor:
   metricRelabelings: []
   relabelings: []
 
+# -- Configure lifecycle hooks
+# </br> Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+# </br> Ref: https://learnk8s.io/graceful-shutdown
+lifecycle: {}
+  # preStop:
+  #   exec:
+  #     command: ["sh", "-c", "sleep 10"]
+
+# -- Configure Pod termination grace period
+# </br> Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
+terminationGracePeriodSeconds: 30
+
 # -- Configure liveness checker
 # </br> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
 livenessProbe:
@@ -352,6 +364,13 @@ connectors: []
 #     retries: 30
 #     # -- Timeout for each check
 #     timeout: 5
+#   # -- Lifecycle configuration
+#   lifecycle: {}
+#     # preStop:
+#     #   exec:
+#     #     command: ["sh", "-c", "sleep 10"]
+#   # -- Configure Pod termination grace period
+#   terminationGracePeriodSeconds: 30
 #   # -- Environment variables to configure application
 #   env: {}
 #   # foo: bar
@@ -400,6 +419,18 @@ worker:
     # -- Timeout for each check
     timeout: 5
 
+  # -- Configure lifecycle hooks
+  # </br> Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  # </br> Ref: https://learnk8s.io/graceful-shutdown
+  lifecycle: {}
+    # preStop:
+    #   exec:
+    #     command: ["sh", "-c", "sleep 10"]
+
+  # -- Configure Pod termination grace period
+  # </br> Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
+  terminationGracePeriodSeconds: 30
+
   # -- Image registry configuration for the base service
   image:
     # -- Repository of the image