fix: Kong - gracefully shutdown and ensure stopped before Envoy started; Envoy - check if ports 80 or 443 already in use #896
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The comment is now in `start-envoy.sh`.
`kong quit` is already used within `start-kong.sh` for the all-in-one image. The sole purpose of `start-kong.sh` is to trap exit to run `kong quit`, perhaps `stopsignal=QUIT` in the supervisord config would be equivalent, but it ain't broke.
Per https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Before=, "Given two units with any ordering dependency between them, if one unit is shut down and the other is started up, the shutdown is ordered before the start-up. It doesn't matter if the ordering dependency is After= or Before=, in this case. It also doesn't matter which of the two is shut down, as long as one is shut down and the other is started up; the shutdown is ordered before the start-up in all cases. If two units have no ordering dependencies between them, they are shut down or started up simultaneously, and no ordering takes place." Also ensures that Envoy will take priority over Kong on reboot if both are enabled.
Envoy doesn't exit if it can't bind ports for all its listeners, and I couldn't find any configuration option to make it do so. With this, auto-restart will kick in until both ports are no longer in use. May not be necessary after the previous fix to ensure that Kong service is stopped before Envoy service is started, but doesn't hurt to have multiple defensive measures, since it's somewhat unexpected that Envoy doesn't exit on such failures.
darora
approved these changes
Feb 29, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fix: gracefully shutdown Kong on service stop
kong quitis already used withinstart-kong.shfor the all-in-one image. The sole purpose ofstart-kong.shis to trap exit to runkong quit, perhapsstopsignal=QUITin the supervisord config would be equivalent, but it ain't broke.fix: ensure that Kong service is stopped before Envoy service is started
Per https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Before=, "Given two units with any ordering dependency between them, if one unit is shut down and the other is started up, the shutdown is ordered before the start-up. It doesn't matter if the ordering dependency is After= or Before=, in this case. It also doesn't matter which of the two is shut down, as long as one is shut down and the other is started up; the shutdown is ordered before the start-up in all cases. If two units have no ordering dependencies between them, they are shut down or started up simultaneously, and no ordering takes place."
Also ensures that Envoy will take priority over Kong on reboot if both are enabled.
fix: check if port 80 or 443 is already in use before starting Envoy
Envoy doesn't exit if it can't bind ports for all its listeners, and I couldn't find any configuration option to make it do so.
With this, auto-restart will kick in until both ports are no longer in use.
May not be necessary after the previous fix to ensure that Kong service is stopped before Envoy service is started, but doesn't hurt to have multiple defensive measures, since it's somewhat unexpected that Envoy doesn't exit on such failures.