Merge changes If0c89cda,Ibd55d02d,Ib646e0cf * changes: Document that graceful shutdown does not work with ingresses Set terminationGracePeriodSeconds for Gerrit pods Set gracefulStopTimeout by default

commit: 0b601bd4982ed977c219b62b65e8b9570c582709 [log] [tgz]
author: Matthias Sohn <matthias.sohn@gmail.com> Thu Sep 30 13:35:22 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Sep 30 13:35:22 2021 +0000
tree: 0c48ed2a294138db3310b2dc1f591f9378ad3071
parent: b1972ecf00b216ad8407f1e3922e9f4c08ff4656 [diff]
parent: 73e0482484868f2ca01a8ddb598cd26fa53fddbf [diff]
diff --git a/helm-charts/gerrit-replica/README.md b/helm-charts/gerrit-replica/README.md
index a4e5194..6f057fc 100644
--- a/helm-charts/gerrit-replica/README.md
+++ b/helm-charts/gerrit-replica/README.md

@@ -273,6 +273,11 @@
 | `ingress.tls.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
 | `ingress.tls.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
 
+***note
+For graceful shutdown to work with an ingress, the ingress controller has to be
+configured to gracefully close the connections as well.
+***
+
 ### Promtail Sidecar
 
 To collect Gerrit logs, a Promtail sidecar can be deployed into the Gerrit replica
@@ -358,6 +363,7 @@
 | `gerritReplica.livenessProbe` | Configuration of the liveness probe timings | `{initialDelaySeconds: 60, periodSeconds: 5}` |
 | `gerritReplica.readinessProbe` | Configuration of the readiness probe timings | `{initialDelaySeconds: 10, periodSeconds: 10}` |
 | `gerritReplica.startupProbe` | Configuration of the startup probe timings | `{initialDelaySeconds: 10, periodSeconds: 5}` |
+| `gerritReplica.gracefulStopTimeout` | Time in seconds Kubernetes will wait until killing the pod during termination (has to be longer then Gerrit's httpd.gracefulStopTimeout to allow graceful shutdown of Gerrit) | `90` |
 | `gerritReplica.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 1` |
 |                           |                                                               | `requests.memory: 5Gi` |
 |                           |                                                               | `limits.cpu: 1` |
@@ -423,6 +429,12 @@
     depending of TLS is enabled in the Ingress or not, otherwise the Jetty
     servlet will run into an endless redirect loop.
 
+- `httpd.gracefulStopTimeout` / `sshd.gracefulStopTimeout`
+
+    To enable graceful shutdown of the embedded jetty server and SSHD, a timeout
+    has to be set with this option. This will be the maximum time, Gerrit will wait
+    for HTTP requests to finish before shutdown.
+
 - `container.user`
 
     The technical user in the Gerrit replica container is called `gerrit`. Thus, this

diff --git a/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml b/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml
index 277ea57..974af94 100644
--- a/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml
+++ b/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml

@@ -28,6 +28,7 @@
       annotations:
         chartRevision: "{{ .Release.Revision }}"
     spec:
+      terminationGracePeriodSeconds: {{ .Values.gerritReplica.gracefulStopTimeout }}
       securityContext:
         fsGroup: 100
       {{ if .Values.images.registry.ImagePullSecret.name -}}

diff --git a/helm-charts/gerrit-replica/values.yaml b/helm-charts/gerrit-replica/values.yaml
index e91b1c8..df33b67 100644
--- a/helm-charts/gerrit-replica/values.yaml
+++ b/helm-charts/gerrit-replica/values.yaml

@@ -247,6 +247,8 @@
     initialDelaySeconds: 10
     periodSeconds: 30
 
+  gracefulStopTimeout: 90
+
   # The memory limit has to be higher than the configures heap-size for Java!
   resources:
     requests:
@@ -320,8 +322,10 @@
           # If using an ingress use proxy-http or proxy-https
           listenUrl = proxy-http://*:8080/
           requestLog = true
+          gracefulStopTimeout = 1m
         [sshd]
           listenAddress = *:29418
+          gracefulStopTimeout = 1m
         [transfer]
           timeout = 120 s
         [user]

diff --git a/helm-charts/gerrit/README.md b/helm-charts/gerrit/README.md
index f9f49ac..1ee9ff3 100644
--- a/helm-charts/gerrit/README.md
+++ b/helm-charts/gerrit/README.md

@@ -198,6 +198,11 @@
 | `ingress.tls.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
 | `ingress.tls.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
 
+***note
+For graceful shutdown to work with an ingress, the ingress controller has to be
+configured to gracefully close the connections as well.
+***
+
 ### Git garbage collection
 
 | Parameter | Description | Default |
@@ -248,6 +253,7 @@
 | `gerrit.livenessProbe` | Configuration of the liveness probe timings | `{initialDelaySeconds: 30, periodSeconds: 5}` |
 | `gerrit.readinessProbe` | Configuration of the readiness probe timings | `{initialDelaySeconds: 5, periodSeconds: 1}` |
 | `gerrit.startupProbe` | Configuration of the startup probe timings | `{initialDelaySeconds: 10, periodSeconds: 5}` |
+| `gerrit.gracefulStopTimeout` | Time in seconds Kubernetes will wait until killing the pod during termination (has to be longer then Gerrit's httpd.gracefulStopTimeout to allow graceful shutdown of Gerrit) | `90` |
 | `gerrit.networkPolicy.ingress` | Custom ingress-network policy for gerrit pods | `nil` |
 | `gerrit.networkPolicy.egress` | Custom egress-network policy for gerrit pods | `nil` |
 | `gerrit.service.type` | Which kind of Service to deploy | `NodePort` |
@@ -317,6 +323,12 @@
     depending of TLS is enabled in the Ingress or not, otherwise the Jetty
     servlet will run into an endless redirect loop.
 
+- `httpd.gracefulStopTimeout` / `sshd.gracefulStopTimeout`
+
+    To enable graceful shutdown of the embedded jetty server and SSHD, a timeout
+    has to be set with this option. This will be the maximum time, Gerrit will wait
+    for HTTP requests to finish before shutdown.
+
 - `container.user`
 
     The technical user in the Gerrit container is called `gerrit`. Thus, this

diff --git a/helm-charts/gerrit/templates/gerrit.stateful-set.yaml b/helm-charts/gerrit/templates/gerrit.stateful-set.yaml
index 6f031b2..81b245f 100644
--- a/helm-charts/gerrit/templates/gerrit.stateful-set.yaml
+++ b/helm-charts/gerrit/templates/gerrit.stateful-set.yaml

@@ -28,6 +28,7 @@
       annotations:
         chartRevision: "{{ .Release.Revision }}"
     spec:
+      terminationGracePeriodSeconds: {{ .Values.gerrit.gracefulStopTimeout }}
       securityContext:
         fsGroup: 100
       {{ if .Values.images.registry.ImagePullSecret.name -}}

diff --git a/helm-charts/gerrit/values.yaml b/helm-charts/gerrit/values.yaml
index 691d6ad..7d7c4b0 100644
--- a/helm-charts/gerrit/values.yaml
+++ b/helm-charts/gerrit/values.yaml

@@ -142,6 +142,8 @@
     initialDelaySeconds: 10
     periodSeconds: 30
 
+  gracefulStopTimeout: 90
+
   # The general NetworkPolicy rules implemented by this chart may be too restrictive
   # for some setups, e.g. when trying to replicate to a Gerrit replica. Here
   # custom rules may be added to whitelist some additional connections.
@@ -221,6 +223,7 @@
           # If using an ingress use proxy-http or proxy-https
           listenUrl = proxy-http://*:8080/
           requestLog = true
+          gracefulStopTimeout = 1m
         [sshd]
           listenAddress = off
         [transfer]
commit	0b601bd4982ed977c219b62b65e8b9570c582709	[log] [tgz]
author	Matthias Sohn <matthias.sohn@gmail.com>	Thu Sep 30 13:35:22 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Sep 30 13:35:22 2021 +0000
tree	0c48ed2a294138db3310b2dc1f591f9378ad3071
parent	b1972ecf00b216ad8407f1e3922e9f4c08ff4656 [diff]
parent	73e0482484868f2ca01a8ddb598cd26fa53fddbf [diff]