The base of this repo was originally forked from https://github.com/nrmitchi/k8s-controller-sidecars
This is a custom Kubernetes controller for the purpose of watching running pods, and sending a SIGTERM to sidecar containers when the "main" application container has exited (and the sidecars are the only non-terminated containers).
This is a response to kubernetes/kubernetes#25908.
- Deploy the controller into your cluster.
- Add the
riskified.com/main_sidecars
annotation to your pods, with a comma-seperated list of main container names.
Example:
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: test-job
spec:
schedule: "*/5 * * * *"
startingDeadlineSeconds: 240
failedJobsHistoryLimit: 5
successfulJobsHistoryLimit: 1
concurrencyPolicy: "Replace"
jobTemplate:
spec:
activeDeadlineSeconds: 300 # 5 min
template:
metadata:
annotations:
riskified.com/main_sidecars: test-job
spec:
restartPolicy: Never
containers:
- name: test-job
image: ubuntu:latest
command: ["sleep", "5"]
- name: istio-proxy
image: istio-proxy:latest
- name: another-sidecar
image: busybox:lates
- Supports also annotation
riskified.com/sidecars
, list of sidecars containers , comma-seperated (is not working withriskified.com/main_sidecars
annotation)
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: test-job
spec:
schedule: "*/5 * * * *"
startingDeadlineSeconds: 240
failedJobsHistoryLimit: 5
successfulJobsHistoryLimit: 1
concurrencyPolicy: "Replace"
jobTemplate:
spec:
activeDeadlineSeconds: 300 # 5 min
template:
metadata:
annotations:
riskified.com/sidecars: istio-proxy,
spec:
restartPolicy: Never
containers:
- name: test-job
image: ubuntu:latest
command: ["sleep", "5"]
- name: istio-proxy
image: istio-proxy:latest
- name: another-job-that-need-to-finish-himself
image: busybox:lates