K
Q

Is there some kind of a lifecycle hook for Knative services?

6/18/2021

I am facing this problem: services deployed with Knative serving shall be registered with an API gateway when installed (i.e. kn service create some-service ...) and un-registered when the service is removed (i.e. kn service delete some-service).

Since the first part can easily be implemented in the start procedure of the service code, this is not an issue. But detecting when a service is removed altogether, not just scaled down, seems very tricky. At least I could not find any working solution. Kubernetes lifecycle hooks don't do the job because they are called when a pod (not the service) is stopped/killed.

Does anyone have an idea how the service deletion can be intercepted to get a custom command to execute? Thanks for any help.

-- Claudio S
knative
kubernetes
lifecycle

Similar Questions

What is the recommended way to get the pods of a Kubernetes deployment?
Specify scheduling order of a Kubernetes DaemonSet
Use kubectl context in kubernetes client-go
hostnetwork pod - only 1 container should expose to the internet
Azure: Microsoft.Compute resource provider stuck 'Registering' for about a day

1 Answer

6/18/2021

If you want to do this server-side, rather than with a client script, you'll probably need to implement a small Kubernetes controller. There's are also two halfway solutions, each with some trade-offs.

If you implement a controller, you'll basically have a single process (Pod/StatefulSet if running it on Kubernetes) which performs a Watch on all Knative Services. It could handle both the create and delete aspects if you want, or you could keep your current creation code.

A second option is to add a finalizer to each service and run a periodic job to look for all Services with a deletionTimestamp and your finalizer set. For reach of these Services, the job can unregister the Service with the API registry then remove the finalizer. This is similar to the controller approach, but instead of a constantly-running Watch, the finalizer delays the delete until the cleanup job runs. The drawback is that this means it may take up to N minutes (the frequency of the job running) for deletes to happen.

The last option is to use a validating admission webhook or an audit webhook to be notified of delete events. Each of these has trade-offs:

  • Validating admission controls run before the delete happens, which means a failed delete could still remove the API registration. Also, validating admission controllers are part of the control plane, and a failing admission controller can make it hard to manage objects at all.
  • Audit webhook configuration is a global flag setting on the apiserver, so you can only have one webhook for the whole cluster and you need to configure each apiserver with the flags manually.

Two more non-controller solutions that popped to mind:

  1. Add a "heartbeat" check on the API registration that includes the URL of the having resource. If the registration has a having URL and the object no longer exists, remove the registration. This may be fairly simple to implement.

  2. You can use the apiserver source to set up a trigger on Knative Services. You'd be watching for the dev.knative.apiserver.ref.delete or dev.knative.apiserver.resource.delete events, and the could have a single Knative Service (or other URL) handle these POSTs and do a cleanup of the resources. Unfortunately, I'm not sure there's a good example of this on the web yet.

-- E. Anderson
Source: StackOverflow