kubernetes: Stop timeout isn't respected at shutdown/reboot
What happened:
Containers are getting terminated by systemd without respecting the terminationGracePeriodSeconds set in the pod yaml on reboot or shutdown of a node.
What you expected to happen:
terminationGracePeriodSeconds is respected by systemd when using systemd as the cgroup manager.
How to reproduce it (as minimally and precisely as possible):
- Use systemd as the cgroup manager in your container runtime.
- Create a pod yaml with
terminationGracePeriodSecondsset to120seconds. - Reboot the node.
- You will notice that the containers get SIGTERM, followed by systemd default stop timeout (typically 90 seconds) and then they are SIGKILLed.
Anything else we need to know?:
This can be fixed by passing the stop timeout to the containers as part of the CreateContainer CRI API. This will allow the container runtimes to set the systemd property for the scope to override the default stop timeout to the value set through terminationGracePeriodSeconds.
This needs changes across the stack as runc doesn’t currently provide a way to set the TimeoutStopUSec for the systemd scope created for a container.
The behavior with cgroupfs cgroup manager will need further investigation.
Environment:
- Kubernetes version (use
kubectl version): All versions.
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 1
- Comments: 23 (16 by maintainers)
Commits related to this issue
- CreateContainer: pass TerminationGracePeriod Enable passing of sandbox's termination grace period down to OCI runtime, as an annotation for systemd. This is a glue between * https://github.com/kuber... — committed to kolyshkin/cri-o by kolyshkin 4 years ago
- CreateContainer: pass TerminationGracePeriod Enable passing of kubernetes termination grace period down to OCI runtime, as an annotation for systemd. This builds on top of * https://github.com/open... — committed to kolyshkin/cri-o by kolyshkin 4 years ago
- CreateContainer: pass TerminationGracePeriod Enable passing of kubernetes termination grace period down to OCI runtime, as an annotation for systemd. This builds on top of * https://github.com/open... — committed to kolyshkin/cri-o by kolyshkin 4 years ago
- CreateContainer: pass TerminationGracePeriod Enable passing of kubernetes termination grace period down to OCI runtime, as an annotation for systemd. This builds on top of * https://github.com/open... — committed to kolyshkin/cri-o by kolyshkin 4 years ago
- CreateContainer: pass TerminationGracePeriod Enable passing of kubernetes termination grace period down to OCI runtime, as an annotation for systemd. This builds on top of * https://github.com/open... — committed to kolyshkin/cri-o by kolyshkin 4 years ago
- CreateContainer: pass TerminationGracePeriod Enable passing of kubernetes termination grace period down to OCI runtime, as an annotation for systemd. This builds on top of * https://github.com/open... — committed to kolyshkin/cri-o by kolyshkin 4 years ago
- CreateContainer: pass TerminationGracePeriod Enable passing of kubernetes termination grace period down to OCI runtime, as an annotation for systemd. This builds on top of * https://github.com/open... — committed to kolyshkin/cri-o by kolyshkin 4 years ago
/reopen
while this impacts all pods, it is particularly an issue with static pods or daemon set backed pods which typically are not drained before a maintenance action.
/milestone v1.15