Merge changes If0c89cda,Ibd55d02d,Ib646e0cf
* changes:
Document that graceful shutdown does not work with ingresses
Set terminationGracePeriodSeconds for Gerrit pods
Set gracefulStopTimeout by default
diff --git a/helm-charts/gerrit-replica/README.md b/helm-charts/gerrit-replica/README.md
index a4e5194..6f057fc 100644
--- a/helm-charts/gerrit-replica/README.md
+++ b/helm-charts/gerrit-replica/README.md
@@ -273,6 +273,11 @@
| `ingress.tls.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
| `ingress.tls.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
+***note
+For graceful shutdown to work with an ingress, the ingress controller has to be
+configured to gracefully close the connections as well.
+***
+
### Promtail Sidecar
To collect Gerrit logs, a Promtail sidecar can be deployed into the Gerrit replica
@@ -358,6 +363,7 @@
| `gerritReplica.livenessProbe` | Configuration of the liveness probe timings | `{initialDelaySeconds: 60, periodSeconds: 5}` |
| `gerritReplica.readinessProbe` | Configuration of the readiness probe timings | `{initialDelaySeconds: 10, periodSeconds: 10}` |
| `gerritReplica.startupProbe` | Configuration of the startup probe timings | `{initialDelaySeconds: 10, periodSeconds: 5}` |
+| `gerritReplica.gracefulStopTimeout` | Time in seconds Kubernetes will wait until killing the pod during termination (has to be longer then Gerrit's httpd.gracefulStopTimeout to allow graceful shutdown of Gerrit) | `90` |
| `gerritReplica.resources` | Configure the amount of resources the pod requests/is allowed | `requests.cpu: 1` |
| | | `requests.memory: 5Gi` |
| | | `limits.cpu: 1` |
@@ -423,6 +429,12 @@
depending of TLS is enabled in the Ingress or not, otherwise the Jetty
servlet will run into an endless redirect loop.
+- `httpd.gracefulStopTimeout` / `sshd.gracefulStopTimeout`
+
+ To enable graceful shutdown of the embedded jetty server and SSHD, a timeout
+ has to be set with this option. This will be the maximum time, Gerrit will wait
+ for HTTP requests to finish before shutdown.
+
- `container.user`
The technical user in the Gerrit replica container is called `gerrit`. Thus, this
diff --git a/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml b/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml
index 277ea57..974af94 100644
--- a/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml
+++ b/helm-charts/gerrit-replica/templates/gerrit-replica.deployment.yaml
@@ -28,6 +28,7 @@
annotations:
chartRevision: "{{ .Release.Revision }}"
spec:
+ terminationGracePeriodSeconds: {{ .Values.gerritReplica.gracefulStopTimeout }}
securityContext:
fsGroup: 100
{{ if .Values.images.registry.ImagePullSecret.name -}}
diff --git a/helm-charts/gerrit-replica/values.yaml b/helm-charts/gerrit-replica/values.yaml
index e91b1c8..df33b67 100644
--- a/helm-charts/gerrit-replica/values.yaml
+++ b/helm-charts/gerrit-replica/values.yaml
@@ -247,6 +247,8 @@
initialDelaySeconds: 10
periodSeconds: 30
+ gracefulStopTimeout: 90
+
# The memory limit has to be higher than the configures heap-size for Java!
resources:
requests:
@@ -320,8 +322,10 @@
# If using an ingress use proxy-http or proxy-https
listenUrl = proxy-http://*:8080/
requestLog = true
+ gracefulStopTimeout = 1m
[sshd]
listenAddress = *:29418
+ gracefulStopTimeout = 1m
[transfer]
timeout = 120 s
[user]
diff --git a/helm-charts/gerrit/README.md b/helm-charts/gerrit/README.md
index f9f49ac..1ee9ff3 100644
--- a/helm-charts/gerrit/README.md
+++ b/helm-charts/gerrit/README.md
@@ -198,6 +198,11 @@
| `ingress.tls.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
| `ingress.tls.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
+***note
+For graceful shutdown to work with an ingress, the ingress controller has to be
+configured to gracefully close the connections as well.
+***
+
### Git garbage collection
| Parameter | Description | Default |
@@ -248,6 +253,7 @@
| `gerrit.livenessProbe` | Configuration of the liveness probe timings | `{initialDelaySeconds: 30, periodSeconds: 5}` |
| `gerrit.readinessProbe` | Configuration of the readiness probe timings | `{initialDelaySeconds: 5, periodSeconds: 1}` |
| `gerrit.startupProbe` | Configuration of the startup probe timings | `{initialDelaySeconds: 10, periodSeconds: 5}` |
+| `gerrit.gracefulStopTimeout` | Time in seconds Kubernetes will wait until killing the pod during termination (has to be longer then Gerrit's httpd.gracefulStopTimeout to allow graceful shutdown of Gerrit) | `90` |
| `gerrit.networkPolicy.ingress` | Custom ingress-network policy for gerrit pods | `nil` |
| `gerrit.networkPolicy.egress` | Custom egress-network policy for gerrit pods | `nil` |
| `gerrit.service.type` | Which kind of Service to deploy | `NodePort` |
@@ -317,6 +323,12 @@
depending of TLS is enabled in the Ingress or not, otherwise the Jetty
servlet will run into an endless redirect loop.
+- `httpd.gracefulStopTimeout` / `sshd.gracefulStopTimeout`
+
+ To enable graceful shutdown of the embedded jetty server and SSHD, a timeout
+ has to be set with this option. This will be the maximum time, Gerrit will wait
+ for HTTP requests to finish before shutdown.
+
- `container.user`
The technical user in the Gerrit container is called `gerrit`. Thus, this
diff --git a/helm-charts/gerrit/templates/gerrit.stateful-set.yaml b/helm-charts/gerrit/templates/gerrit.stateful-set.yaml
index 6f031b2..81b245f 100644
--- a/helm-charts/gerrit/templates/gerrit.stateful-set.yaml
+++ b/helm-charts/gerrit/templates/gerrit.stateful-set.yaml
@@ -28,6 +28,7 @@
annotations:
chartRevision: "{{ .Release.Revision }}"
spec:
+ terminationGracePeriodSeconds: {{ .Values.gerrit.gracefulStopTimeout }}
securityContext:
fsGroup: 100
{{ if .Values.images.registry.ImagePullSecret.name -}}
diff --git a/helm-charts/gerrit/values.yaml b/helm-charts/gerrit/values.yaml
index 691d6ad..7d7c4b0 100644
--- a/helm-charts/gerrit/values.yaml
+++ b/helm-charts/gerrit/values.yaml
@@ -142,6 +142,8 @@
initialDelaySeconds: 10
periodSeconds: 30
+ gracefulStopTimeout: 90
+
# The general NetworkPolicy rules implemented by this chart may be too restrictive
# for some setups, e.g. when trying to replicate to a Gerrit replica. Here
# custom rules may be added to whitelist some additional connections.
@@ -221,6 +223,7 @@
# If using an ingress use proxy-http or proxy-https
listenUrl = proxy-http://*:8080/
requestLog = true
+ gracefulStopTimeout = 1m
[sshd]
listenAddress = off
[transfer]