jimmidyson
commented
4 years ago Why not just update https://github.com/mintel/dex-k8s-authenticator/blob/master/entrypoint.sh#L9 to use:
exec /app/bin/dex-k8s-authenticator $@Closed jieyu closed 4 years ago
jimmidyson
commented
4 years ago Why not just update https://github.com/mintel/dex-k8s-authenticator/blob/master/entrypoint.sh#L9 to use:
exec /app/bin/dex-k8s-authenticator $@
jieyu
commented
4 years ago @jimmidyson using exec is still not ideal. the go program might just assume using the default SIGTERM handler, which would kill itself if it's not PID1. But that behavior is not the case if it's running as PID 1. Plus, normally, a program won't do PID 1 things like reaping processes that reparented to it.
nabadger
commented
4 years ago Thanks both - bit of an oversight on my part to not use this originally. 👍
If the process receiving the signal is PID 1, it gets special treatment by the kernel; if it hasn't registered a handler for the signal, the kernel won't fall back to default behavior, and nothing happens. Prior to this patch, the entrypoint script is PID 1 in the container, and by default, shell does not register SIGTERM handler. As a result,
docker stopwill not work properly when trying to gracefully shutdown the container.This patch adds
tinito be the PID 1 in the container to do PID 1 things, and correctly propagate the SIGTERM signal.