Skip to content

Commit

Permalink
Add prestop sleep, until we resolve knative#1370.
Browse files Browse the repository at this point in the history
  • Loading branch information
Nghia Tran committed Jul 26, 2018
1 parent e2ade44 commit 20ca8e5
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 45 deletions.
3 changes: 3 additions & 0 deletions third_party/istio-1.0-prerelease/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,6 @@ This istio.yaml file is is generated by running
```
./download-istio.sh
```

and modify `istio.yaml` to add a prestop hook to keep `istio-proxy` alive longer
after container receiving prestop request.
97 changes: 52 additions & 45 deletions third_party/istio-1.0-prerelease/istio.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ metadata:
heritage: Tiller
istio: mixer
data:
validatingwebhookconfiguration.yaml: |-
validatingwebhookconfiguration.yaml: |-
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
Expand Down Expand Up @@ -159,7 +159,7 @@ metadata:
heritage: Tiller
istio: mixer
data:
custom-resources.yaml: |-
custom-resources.yaml: |-
apiVersion: "config.istio.io/v1alpha2"
kind: attributemanifest
metadata:
Expand Down Expand Up @@ -270,7 +270,7 @@ data:
valueType: STRING
request.api_key:
valueType: STRING
---
apiVersion: "config.istio.io/v1alpha2"
kind: attributemanifest
Expand Down Expand Up @@ -778,7 +778,7 @@ data:
- tcpbytesent.metric
- tcpbytereceived.metric
---
apiVersion: "config.istio.io/v1alpha2"
kind: kubernetesenv
metadata:
Expand All @@ -791,7 +791,7 @@ data:
# $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig
#
# kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig"
---
apiVersion: "config.istio.io/v1alpha2"
kind: rule
Expand Down Expand Up @@ -851,7 +851,7 @@ data:
destination.workload.uid: $out.destination_workload_uid | "unknown"
destination.workload.name: $out.destination_workload_name | "unknown"
destination.workload.namespace: $out.destination_workload_namespace | "unknown"
---
# Configuration needed by Mixer.
# Mixer cluster is delivered via CDS
Expand Down Expand Up @@ -882,19 +882,19 @@ data:
http2MaxRequests: 10000
maxRequestsPerConnection: 10000
---
run.sh: |-
run.sh: |-
#!/bin/sh
set -x
if [ "$#" -ne "1" ]; then
echo "first argument should be path to custom resource yaml"
exit 1
fi
pathToResourceYAML=${1}
/kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null
if [ "$?" -eq 0 ]; then
echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready"
Expand All @@ -914,7 +914,7 @@ data:
fi
sleep 5
/kubectl apply -f ${pathToResourceYAML}
---
# Source: istio/charts/security/templates/configmap.yaml
Expand All @@ -931,18 +931,18 @@ metadata:
istio: security
data:
custom-resources.yaml: |-
run.sh: |-
run.sh: |-
#!/bin/sh
set -x
if [ "$#" -ne "1" ]; then
echo "first argument should be path to custom resource yaml"
exit 1
fi
pathToResourceYAML=${1}
/kubectl get validatingwebhookconfiguration istio-galley 2>/dev/null
if [ "$?" -eq 0 ]; then
echo "istio-galley validatingwebhookconfiguration found - waiting for istio-galley deployment to be ready"
Expand All @@ -962,7 +962,7 @@ data:
fi
sleep 5
/kubectl apply -f ${pathToResourceYAML}
---
# Source: istio/templates/configmap.yaml
Expand Down Expand Up @@ -996,9 +996,9 @@ data:
ingressService: istio-ingress
# Unix Domain Socket through which envoy communicates with NodeAgent SDS to get
# key/cert for mTLS. Use secret-mount files instead of SDS if set to empty.
# key/cert for mTLS. Use secret-mount files instead of SDS if set to empty.
sdsUdsPath: ""
# How frequently should Envoy fetch key/cert from NodeAgent.
sdsRefreshDelay: 15s
Expand Down Expand Up @@ -1109,9 +1109,18 @@ data:
- NET_ADMIN
privileged: true
restartPolicy: Always
containers:
- name: istio-proxy
# PATCH #2: Add a prestop sleep.
# TODO(#1370) Remove this.
lifecycle:
preStop:
exec:
command:
- /bin/sleep
- "20"
# PATCH #2 ends.
image: [[ if (isset .ObjectMeta.Annotations "sidecar.istio.io/proxyImage") -]]
"[[ index .ObjectMeta.Annotations "sidecar.istio.io/proxyImage" ]]"
[[ else -]]
Expand Down Expand Up @@ -1188,7 +1197,7 @@ data:
[[ else -]]
requests:
cpu: 10m
[[ end -]]
volumeMounts:
- mountPath: /etc/istio/proxy
Expand Down Expand Up @@ -3003,7 +3012,7 @@ spec:
resources:
requests:
cpu: 10m

volumeMounts:
- name: config-volume
mountPath: /etc/statsd
Expand Down Expand Up @@ -3136,15 +3145,15 @@ spec:
resources:
requests:
cpu: 10m

volumes:
- name: certs
secret:
secretName: istio.istio-galley-service-account
- name: config
configMap:
name: istio-galley-configuration
affinity:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
Expand Down Expand Up @@ -3239,7 +3248,7 @@ spec:
resources:
requests:
cpu: 10m

env:
- name: POD_NAME
valueFrom:
Expand Down Expand Up @@ -3283,7 +3292,7 @@ spec:
secret:
secretName: "istio-egressgateway-ca-certs"
optional: true
affinity:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
Expand Down Expand Up @@ -3378,7 +3387,7 @@ spec:
resources:
requests:
cpu: 10m

env:
- name: POD_NAME
valueFrom:
Expand Down Expand Up @@ -3422,7 +3431,7 @@ spec:
secret:
secretName: "istio-ingressgateway-ca-certs"
optional: true
affinity:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
Expand Down Expand Up @@ -3488,7 +3497,7 @@ spec:
optional: true
- name: uds-socket
emptyDir: {}
affinity:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
Expand Down Expand Up @@ -3537,7 +3546,7 @@ spec:
resources:
requests:
cpu: 10m

volumeMounts:
- name: uds-socket
mountPath: /sock
Expand Down Expand Up @@ -3580,7 +3589,7 @@ spec:
resources:
requests:
cpu: 10m

volumeMounts:
- name: istio-certs
mountPath: /etc/certs
Expand Down Expand Up @@ -3639,7 +3648,7 @@ spec:
resources:
requests:
cpu: 10m

volumeMounts:
- name: uds-socket
mountPath: /sock
Expand Down Expand Up @@ -3682,7 +3691,7 @@ spec:
resources:
requests:
cpu: 10m

volumeMounts:
- name: istio-certs
mountPath: /etc/certs
Expand All @@ -3696,7 +3705,7 @@ spec:
initialDelaySeconds: 5
periodSeconds: 5

---
---

---
# Source: istio/charts/pilot/templates/deployment.yaml
Expand Down Expand Up @@ -3761,7 +3770,7 @@ spec:
resources:
requests:
cpu: 10m

volumeMounts:
- name: config-volume
mountPath: /etc/istio/config
Expand Down Expand Up @@ -3803,7 +3812,7 @@ spec:
resources:
requests:
cpu: 10m

volumeMounts:
- name: istio-certs
mountPath: /etc/certs
Expand All @@ -3815,7 +3824,7 @@ spec:
- name: istio-certs
secret:
secretName: istio.istio-pilot-service-account
affinity:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
Expand Down Expand Up @@ -3886,8 +3895,8 @@ spec:
resources:
requests:
cpu: 10m
affinity:

affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
Expand Down Expand Up @@ -3985,7 +3994,7 @@ spec:
resources:
requests:
cpu: 10m

volumes:
- name: config-volume
configMap:
Expand All @@ -3999,7 +4008,7 @@ spec:
items:
- key: config
path: config
affinity:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
Expand Down Expand Up @@ -4139,5 +4148,3 @@ webhooks:

---
# Source: istio/templates/install-custom-resources.sh.tpl


0 comments on commit 20ca8e5

Please sign in to comment.