Skip to content

Commit

Permalink
fix: ensure istio sidecar is killed if job fails (#813)
Browse files Browse the repository at this point in the history
## Description
Ensure Istio sidecar is killed if Job pod exits with non-zero exit
status.

Tested with Jobs (exit code zero and non-zero)
```yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: failing-job
  namespace: keycloak
spec:
  template:
    spec:
      containers:
      - name: fail-container
        image: quay.io/keycloak/keycloak:25.0.6 
        command: ["sh", "-c", "echo 'This will fail'; exit 1"]
      restartPolicy: Never
  backoffLimit: 3
---
apiVersion: batch/v1
kind: Job
metadata:
  name: success-job
  namespace: keycloak
spec:
  template:
    spec:
      containers:
      - name: succeed-container
        image: quay.io/keycloak/keycloak:25.0.6 
        command: ["sh", "-c", "echo 'This will succeed'; exit 0"]
      restartPolicy: Never
  backoffLimit: 3
  ```
## Related Issue

Fixes #687

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [ ] Test, docs, adr added or updated as needed
- [ ] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed

Co-authored-by: Micah Nagel <[email protected]>
  • Loading branch information
2 people authored and noahpb committed Sep 25, 2024
1 parent dfb586b commit 97cba4b
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/pepr/istio/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ When(a.Pod)
const shouldTerminate = pod.status.containerStatuses
// Ignore the istio-proxy container
.filter(c => c.name != "istio-proxy")
// and if ALL are terminated AND have exit code 0, then shouldTerminate is true
.every(c => c.state?.terminated && c.state.terminated.exitCode == 0);
// and if ALL are terminated then shouldTerminate is true
.every(c => c.state?.terminated);

if (shouldTerminate) {
// Mark the pod as seen
Expand Down

0 comments on commit 97cba4b

Please sign in to comment.