Secret Fetcher Sidecar Lacks Signal Handling

Question

Secret Fetcher Sidecar Lacks Signal Handling

Closed this issue 4 years ago · 4 comments

We discovered a few minutes ago that the secret fetcher doesn't actually respond to SIGTERM. This seems poor. We should probably fix that.

Answer 1 · 2021-03-01T18:50:58.000Z

What do you mean by "respond to SIGTERM"? Do you expect it to do something other than immediately exit when receiving that signal?

Answer 2 · 2021-03-01T18:55:05.000Z

That's exactly what I expect it to do. Another engineer reported this. Apparently something is swallowing the signal though, preventing the container from being killed. Maybe this would be a better fit issue for the actual repo that builds the images instead of the code.

Answer 3 · 2021-03-01T18:56:16.000Z

Got it, yeah, the process itself does not swallow any signals and I've confirmed that a non-containerized one dies immediately on SIGTERM. My gut says this sounds like the CMD shell syntax goes here vs CMD ["raw", "args"] problem we've run into in a few other places.

Answer 4 · 2021-03-01T18:56:42.000Z

Yep, you're almost certainly right. I'll close this out and open it on the other repo.