fix: ensure istio sidecar is killed if job fails #813
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mjnagel
approved these changes
Sep 24, 2024
UnicornChance
approved these changes
Sep 24, 2024
noahpb
pushed a commit
that referenced
this pull request
Sep 25, 2024
## Description
Ensure Istio sidecar is killed if Job pod exits with non-zero exit
status.
Tested with Jobs (exit code zero and non-zero)
```yaml
apiVersion: batch/v1
kind: Job
metadata:
name: failing-job
namespace: keycloak
spec:
template:
spec:
containers:
- name: fail-container
image: quay.io/keycloak/keycloak:25.0.6
command: ["sh", "-c", "echo 'This will fail'; exit 1"]
restartPolicy: Never
backoffLimit: 3
---
apiVersion: batch/v1
kind: Job
metadata:
name: success-job
namespace: keycloak
spec:
template:
spec:
containers:
- name: succeed-container
image: quay.io/keycloak/keycloak:25.0.6
command: ["sh", "-c", "echo 'This will succeed'; exit 0"]
restartPolicy: Never
backoffLimit: 3
```
## Related Issue
Fixes #687
## Type of change
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)
## Checklist before merging
- [ ] Test, docs, adr added or updated as needed
- [ ] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
docandrew
pushed a commit
that referenced
this pull request
Sep 25, 2024
## Description
Ensure Istio sidecar is killed if Job pod exits with non-zero exit
status.
Tested with Jobs (exit code zero and non-zero)
```yaml
apiVersion: batch/v1
kind: Job
metadata:
name: failing-job
namespace: keycloak
spec:
template:
spec:
containers:
- name: fail-container
image: quay.io/keycloak/keycloak:25.0.6
command: ["sh", "-c", "echo 'This will fail'; exit 1"]
restartPolicy: Never
backoffLimit: 3
---
apiVersion: batch/v1
kind: Job
metadata:
name: success-job
namespace: keycloak
spec:
template:
spec:
containers:
- name: succeed-container
image: quay.io/keycloak/keycloak:25.0.6
command: ["sh", "-c", "echo 'This will succeed'; exit 0"]
restartPolicy: Never
backoffLimit: 3
```
## Related Issue
Fixes #687
## Type of change
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)
## Checklist before merging
- [ ] Test, docs, adr added or updated as needed
- [ ] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
UnicornChance
pushed a commit
that referenced
this pull request
Sep 26, 2024
## Description
Ensure Istio sidecar is killed if Job pod exits with non-zero exit
status.
Tested with Jobs (exit code zero and non-zero)
```yaml
apiVersion: batch/v1
kind: Job
metadata:
name: failing-job
namespace: keycloak
spec:
template:
spec:
containers:
- name: fail-container
image: quay.io/keycloak/keycloak:25.0.6
command: ["sh", "-c", "echo 'This will fail'; exit 1"]
restartPolicy: Never
backoffLimit: 3
---
apiVersion: batch/v1
kind: Job
metadata:
name: success-job
namespace: keycloak
spec:
template:
spec:
containers:
- name: succeed-container
image: quay.io/keycloak/keycloak:25.0.6
command: ["sh", "-c", "echo 'This will succeed'; exit 0"]
restartPolicy: Never
backoffLimit: 3
```
## Related Issue
Fixes #687
## Type of change
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)
## Checklist before merging
- [ ] Test, docs, adr added or updated as needed
- [ ] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
mjnagel
pushed a commit
that referenced
this pull request
Sep 27, 2024
🤖 I have created a release *beep* *boop* --- ## [0.28.0](v0.27.3...v0.28.0) (2024-09-27) ### ⚠ BREAKING CHANGES * Promtail has been removed from UDS Core and replaced by Vector. If you were previously using overrides to setup additional log targets/endpoints for Promtail this configuration will need to be updated to Vector's chart/config formats. See Vector's [Sources and Sinks](https://vector.dev/components/) as well as the [helm chart values](https://github.com/defenseunicorns/uds-core/blob/1bf29582f9c5b1fe01763e86e56c19b6e17aef85/src/vector/values/values.yaml#L4) for guidance in configuration. ### Features * add support for keycloak saml attributes ([#806](#806)) ([b312b7d](b312b7d)) * exposes tls version for dev bundles ([#809](#809)) ([e1a2b55](e1a2b55)) * switch from promtail to vector (#724) ([1bf2958](1bf2958)) ### Bug Fixes * eks iac issues, document storage class pre-reqs ([#812](#812)) ([df514bd](df514bd)) * ensure istio sidecar is killed if job fails ([#813](#813)) ([34ffc0a](34ffc0a)) * revert test app version to fix CI failures ([#815](#815)) ([2ec6ad6](2ec6ad6)) ### Miscellaneous * add runtime group to renovate config ([#799](#799)) ([1bf2c69](1bf2c69)) * **deps:** update dependency defenseunicorns/uds-common to v0.13.0 ([#790](#790)) ([8bfcdc0](8bfcdc0)) * **deps:** update dependency defenseunicorns/uds-common to v0.13.1 ([#810](#810)) ([eedb551](eedb551)) * **deps:** update istio to v1.23.2 ([#796](#796)) ([039d89c](039d89c)) * **deps:** update keycloak to v25.0.6 ([#771](#771)) ([9864059](9864059)) * **deps:** update pepr to v0.13.1 ([#811](#811)) ([bc05b04](bc05b04)) * **deps:** update prometheus operator to v0.77.0 ([#783](#783)) ([8f383d8](8f383d8)) * **deps:** update runtime to v0.5.0 ([#834](#834)) ([edc068d](edc068d)) * **deps:** update setup-node to v4.0.4 ([#801](#801)) ([34dbc44](34dbc44)) * **deps:** update uds to v0.16.0 ([#802](#802)) ([d07670b](d07670b)) * **deps:** update uds-common to v0.13.0 ([#792](#792)) ([c24e833](c24e833)) * **deps:** update zarf to v0.40.1 ([#793](#793)) ([db93a7e](db93a7e)) * fix github-actions renovate ([#800](#800)) ([3ab2add](3ab2add)) * pepr policies doc table ([#803](#803)) ([440e4e1](440e4e1)) * pepr policy doc ([#814](#814)) ([8b10b86](8b10b86)) * updated pepr watch limit to 60s ([#840](#840)) ([85f3f41](85f3f41)) * use kfc WatchPhase enum ([#787](#787)) ([df4d2da](df4d2da)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
docandrew
pushed a commit
that referenced
this pull request
Sep 27, 2024
🤖 I have created a release *beep* *boop* --- ## [0.28.0](v0.27.3...v0.28.0) (2024-09-27) ### ⚠ BREAKING CHANGES * Promtail has been removed from UDS Core and replaced by Vector. If you were previously using overrides to setup additional log targets/endpoints for Promtail this configuration will need to be updated to Vector's chart/config formats. See Vector's [Sources and Sinks](https://vector.dev/components/) as well as the [helm chart values](https://github.com/defenseunicorns/uds-core/blob/1bf29582f9c5b1fe01763e86e56c19b6e17aef85/src/vector/values/values.yaml#L4) for guidance in configuration. ### Features * add support for keycloak saml attributes ([#806](#806)) ([b312b7d](b312b7d)) * exposes tls version for dev bundles ([#809](#809)) ([e1a2b55](e1a2b55)) * switch from promtail to vector (#724) ([1bf2958](1bf2958)) ### Bug Fixes * eks iac issues, document storage class pre-reqs ([#812](#812)) ([df514bd](df514bd)) * ensure istio sidecar is killed if job fails ([#813](#813)) ([34ffc0a](34ffc0a)) * revert test app version to fix CI failures ([#815](#815)) ([2ec6ad6](2ec6ad6)) ### Miscellaneous * add runtime group to renovate config ([#799](#799)) ([1bf2c69](1bf2c69)) * **deps:** update dependency defenseunicorns/uds-common to v0.13.0 ([#790](#790)) ([8bfcdc0](8bfcdc0)) * **deps:** update dependency defenseunicorns/uds-common to v0.13.1 ([#810](#810)) ([eedb551](eedb551)) * **deps:** update istio to v1.23.2 ([#796](#796)) ([039d89c](039d89c)) * **deps:** update keycloak to v25.0.6 ([#771](#771)) ([9864059](9864059)) * **deps:** update pepr to v0.13.1 ([#811](#811)) ([bc05b04](bc05b04)) * **deps:** update prometheus operator to v0.77.0 ([#783](#783)) ([8f383d8](8f383d8)) * **deps:** update runtime to v0.5.0 ([#834](#834)) ([edc068d](edc068d)) * **deps:** update setup-node to v4.0.4 ([#801](#801)) ([34dbc44](34dbc44)) * **deps:** update uds to v0.16.0 ([#802](#802)) ([d07670b](d07670b)) * **deps:** update uds-common to v0.13.0 ([#792](#792)) ([c24e833](c24e833)) * **deps:** update zarf to v0.40.1 ([#793](#793)) ([db93a7e](db93a7e)) * fix github-actions renovate ([#800](#800)) ([3ab2add](3ab2add)) * pepr policies doc table ([#803](#803)) ([440e4e1](440e4e1)) * pepr policy doc ([#814](#814)) ([8b10b86](8b10b86)) * updated pepr watch limit to 60s ([#840](#840)) ([85f3f41](85f3f41)) * use kfc WatchPhase enum ([#787](#787)) ([df4d2da](df4d2da)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
docandrew
pushed a commit
that referenced
this pull request
Oct 17, 2024
🤖 I have created a release *beep* *boop* --- [0.28.0](v0.27.3...v0.28.0) (2024-09-27) * Promtail has been removed from UDS Core and replaced by Vector. If you were previously using overrides to setup additional log targets/endpoints for Promtail this configuration will need to be updated to Vector's chart/config formats. See Vector's [Sources and Sinks](https://vector.dev/components/) as well as the [helm chart values](https://github.com/defenseunicorns/uds-core/blob/1bf29582f9c5b1fe01763e86e56c19b6e17aef85/src/vector/values/values.yaml#L4) for guidance in configuration. * add support for keycloak saml attributes ([#806](#806)) ([b312b7d](b312b7d)) * exposes tls version for dev bundles ([#809](#809)) ([e1a2b55](e1a2b55)) * switch from promtail to vector (#724) ([1bf2958](1bf2958)) * eks iac issues, document storage class pre-reqs ([#812](#812)) ([df514bd](df514bd)) * ensure istio sidecar is killed if job fails ([#813](#813)) ([34ffc0a](34ffc0a)) * revert test app version to fix CI failures ([#815](#815)) ([2ec6ad6](2ec6ad6)) * add runtime group to renovate config ([#799](#799)) ([1bf2c69](1bf2c69)) * **deps:** update dependency defenseunicorns/uds-common to v0.13.0 ([#790](#790)) ([8bfcdc0](8bfcdc0)) * **deps:** update dependency defenseunicorns/uds-common to v0.13.1 ([#810](#810)) ([eedb551](eedb551)) * **deps:** update istio to v1.23.2 ([#796](#796)) ([039d89c](039d89c)) * **deps:** update keycloak to v25.0.6 ([#771](#771)) ([9864059](9864059)) * **deps:** update pepr to v0.13.1 ([#811](#811)) ([bc05b04](bc05b04)) * **deps:** update prometheus operator to v0.77.0 ([#783](#783)) ([8f383d8](8f383d8)) * **deps:** update runtime to v0.5.0 ([#834](#834)) ([edc068d](edc068d)) * **deps:** update setup-node to v4.0.4 ([#801](#801)) ([34dbc44](34dbc44)) * **deps:** update uds to v0.16.0 ([#802](#802)) ([d07670b](d07670b)) * **deps:** update uds-common to v0.13.0 ([#792](#792)) ([c24e833](c24e833)) * **deps:** update zarf to v0.40.1 ([#793](#793)) ([db93a7e](db93a7e)) * fix github-actions renovate ([#800](#800)) ([3ab2add](3ab2add)) * pepr policies doc table ([#803](#803)) ([440e4e1](440e4e1)) * pepr policy doc ([#814](#814)) ([8b10b86](8b10b86)) * updated pepr watch limit to 60s ([#840](#840)) ([85f3f41](85f3f41)) * use kfc WatchPhase enum ([#787](#787)) ([df4d2da](df4d2da)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Ensure Istio sidecar is killed if Job pod exits with non-zero exit status.
Tested with Jobs (exit code zero and non-zero)
Related Issue
Fixes #687
Type of change
Checklist before merging