Closed jieyu closed 4 years ago
Why not just update https://github.com/mintel/dex-k8s-authenticator/blob/master/entrypoint.sh#L9 to use:
exec /app/bin/dex-k8s-authenticator $@
@jimmidyson using exec is still not ideal. the go program might just assume using the default SIGTERM handler, which would kill itself if it's not PID1. But that behavior is not the case if it's running as PID 1. Plus, normally, a program won't do PID 1 things like reaping processes that reparented to it.
Thanks both - bit of an oversight on my part to not use this originally. 👍
If the process receiving the signal is PID 1, it gets special treatment by the kernel; if it hasn't registered a handler for the signal, the kernel won't fall back to default behavior, and nothing happens. Prior to this patch, the entrypoint script is PID 1 in the container, and by default, shell does not register SIGTERM handler. As a result,
docker stop
will not work properly when trying to gracefully shutdown the container.This patch adds
tini
to be the PID 1 in the container to do PID 1 things, and correctly propagate the SIGTERM signal.