search

opencontainers / runtime-spec

OCI Runtime Specification
http://www.opencontainers.org
Apache License 2.0
3.23k stars 550 forks source link

runtime: fail when a poststop hook fails #1265

Open abel-von opened 3 months ago

abel-von commented 3 months ago

If a poststop hook run failed(maybe because the resource is still not ready to be recycled), we expect that the delete operation could fail and be retried util all poststop hooks run succeed.

In the current runtime spec, when a poststop hook failed, runtime can not get the error, so that docker or kubernetes also can not get the error, this is easy to leave the resource residual.

I think this is similar to the situation of poststart hook. #1262

Also please refer to the PR in runc: https://github.com/opencontainers/runc/pull/4364

giuseppe commented 3 months ago

after this change poststop hooks are now required to be idempotent, even existing ones, as they can be called multiple times. Won't existing hooks fail in most cases when called multiple times. Possibly they can misbehave and remove the wrong resources.

I wonder if this behavior should be configurable to not affect existing installations. We could have a flag for each hook to say whether a failure should be ignored or reported immediately (with the default being ignore as it is currently documented)