Is it possible to initiate kill process from the prestop hook in k8s-CodePudding

I have a situation where my process (pid 1) in a pod sometimes is not responding to the SIGTERM signal due to it has entered a really bad state. This means that it will not be killed by k8s after the prestop hook is run until the grace period is over (which has to be long in my case for other reasons).

In the prestop I'm able to detect this state fairly accurate but the problem is then how to initiate a forceful kill of the process. I cannot for instance kill -9 1 because that is not allowed on pid 1.

So the question is if there are other options to do that. If I have read documentation correctly, k8s does not care about the exit code from the prestop hook (otherwise that could have been an option to indicate back to k8s that it should force kill the process directly without waiting for the grace period). Changing the grace period dynamically for this specific pod when this happens does not possible either. Any ideas?

CodePudding user response：

You can package your image with tini and let tini spawn your application. tini will not miss SIGTERM and it ensure stale child process is removed during termination. tini is incorporated in docker with --init flag, too. There is no need of preStop hook to manually terminate process in this case.

CodePudding user response：

From k8s documentations

By default, all deletes are graceful within 30 seconds. The kubectl delete command supports the --grace-period= option which allows you to override the default and specify your own value.

If you want to forcefully terminate from the prestop hook...

Setting the grace period to 0 forcibly and immediately deletes the Pod from the API server. If the pod was still running on a node, that forcible deletion triggers the kubelet to begin immediate cleanup.

Note: You must specify an additional flag --force along with --grace-period=0 in order to perform force deletions. When a force deletion is performed, the API server does not wait for confirmation from the kubelet that the Pod has been terminated on the node it was running on. It removes the Pod in the API immediately so a new Pod can be created with the same name. On the node, Pods that are set to terminate immediately will still be given a small grace period before being force killed.

Is this what you are looking for?