[MOSIP-43648] Configure graceful pod termination with lifecycle hooks#229
Conversation
Signed-off-by: Ivanmeneges <ivan.anil016@gmail.com>
Signed-off-by: Ivanmeneges <ivan.anil016@gmail.com>
Signed-off-by: Ivanmeneges <ivan.anil016@gmail.com>
|
Warning Rate limit exceeded@Ivanmeneges has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 5 minutes and 57 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (1)
WalkthroughThis PR updates the auditmanager Helm chart with multiple configuration refinements: corrects a .gitignore entry capitalization, adds pod termination grace period configuration to the Deployment template, and updates readiness probe timings, resource limits, Java memory options, lifecycle hooks, and container image references in values.yaml. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes
Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Signed-off-by: Ivanmeneges <ivan.anil016@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
helm/auditmanager/values.yaml (1)
227-227: Minor: Fix typo in comment.Line 227 has a typo: "perios" should be "periods".
-## Termination grace perios : the maximum amount of time (in seconds) Kubernetes will wait for a container to gracefully shut down +## Termination grace period: the maximum amount of time (in seconds) Kubernetes will wait for a container to gracefully shut down
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
helm/auditmanager/.gitignore(1 hunks)helm/auditmanager/templates/deployment.yaml(1 hunks)helm/auditmanager/values.yaml(4 hunks)
🔇 Additional comments (6)
helm/auditmanager/.gitignore (1)
2-2: LGTM—correct Helm lock file name.The capitalization fix from "Charts.lock" to "Chart.lock" aligns with Helm's standard lock file naming convention.
helm/auditmanager/templates/deployment.yaml (1)
37-37: Graceful termination config correctly templated.The terminationGracePeriodSeconds setting enables a configurable grace period for pods to shut down gracefully, preventing forcible termination after a timeout. The template correctly references the values with a sensible default that matches the values.yaml configuration.
helm/auditmanager/values.yaml (4)
102-104: Readiness probe timings adjusted for graceful termination.The increased initialDelaySeconds (0→30), periodSeconds (10→15), and timeoutSeconds (5→10) are reasonable adjustments given the significant resource limit increases. These longer tolerances help the service stay marked as ready during graceful shutdown scenarios.
129-130: Verify heap-to-memory ratio is intentional.The container memory limit increased 3.2× (2500Mi→8000Mi) while Java heap increased 1.74× (1750M→3050M). This results in a ~38% heap-to-total-memory ratio. Best practice recommends keeping the JVM heap to container memory ratio no higher than 0.5 (50%), as higher ratios are known to be unstable and may cause unexpected restarts due to JVM off-heap usage. The current ratio is within safe bounds (~4950Mi available for non-heap overhead), but please confirm this resource scaling aligns with performance testing and actual application needs.
Also applies to: 138-138
219-228: LGTM—lifecycle hooks and grace period well-coordinated.The preStop hook executes at the container level before SIGTERM is sent, allowing the deregistration process to complete before the container begins shutdown. The 30-second sleep in preStop combined with 60-second terminationGracePeriodSeconds provides appropriate time windows: 30s for endpoint removal propagation, then 30s for application shutdown. Research suggests 5–10 seconds is often sufficient for most cases, so 30 seconds is conservative and well-suited for a Java service.
357-358: Verify volumePermissions image availability and maintenance.The image reference changed from the community-maintained
bitnami/bitnami-shell:10to an internal registry imagemosipid/os-shell:12-debian-12-r46. Confirm that:
- The mosipid registry image is available and accessible to the cluster
- The image is actively maintained and receives security updates
- The Debian 12 base is compatible with existing initialization scripts (if any)
- Image pull credentials are properly configured (if the registry requires authentication)
Signed-off-by: Ivanmeneges <ivan.anil016@gmail.com>
Summary by CodeRabbit