►
From YouTube: SIG Node Sidecar WG 2023-09-12
Description
Meeting notes and agenda: https://docs.google.com/document/d/1E1guvFJ5KBQIGcjCrQqFywU9_cBQHRtHvjuqcVbCXvU/edit#heading=h.m8xoiv5t6qma
GMT20230905-160425_Recording_1920x1018.mp4
B
C
C
C
C
So
then
we
can
just
terminate
gracefully.
That
is
the
happy
case,
and
the
second
case
is
if
the
application
cannot
handle
that
victim
in
within
the
deadline
or
it
doesn't
handle
it
at
all,
then
it
will
receive
the
CQ
signal,
so
it
ensure
that
the
container
termination
can
finish
within
the
termination
grade
through
period
seconds,
and
if
the
container
has
Crystal
Brook,
then
the
container
termination
starts
with
executing
the
Chris
topic
Handler
and
then
the
app
receive
the
system
after
it
finish
the
prista
proc.
C
If,
if
you
have,
if
the
container
has
the
free
stuff,
then
the
application
will
get
the
remaining
time
so
it
it
may
not
handle
the
signal
gracefully
and
get
killed
by
CQ,
because
Christopher
will
consume
the
termination
grasswork
period
and
if
Christopher
takes
longer
than
termination
graceful
period,
then
it
will.
The
cubelet
will
just
ignore
that
pristaprook
and
and
terminate
the
container
with
minimum
graceful
period,
which
is
2
seconds.
C
C
C
So
if
we
say
that
if
someone
say
that
terminate,
we
will
terminate
sidecars
after
all,
regular
containers
and
in
reverse
order,
then
to
me
the
most
predictable
way
is
just
moving.
The
container
termination
start
time
to
backwards,
not
changing
the
termination
duration
there
to
me,
there's
no
reason
to
change
each
containers,
termination,
duration.
C
C
So
my
proposals
are,
we
can
just
make
each
content
current
part.
Dot
termination
gracefully
appear
seconds
applies
to
each
container.
So
if
you
want
a
specific
container
to
have
different
termination
graphs
period
Then,
we
can
introduce
new
field
like
termination
grace
period
for
a
container
or
other
way
is.
C
We
can
just
introduce
the
part
level
termination
period
because
we
don't
have
it
now.
So
that
is,
there
is
the
second
solution
and
third
one
is
I,
think
each
one
is
independent
to
each
other.
So
third,
one
is:
we
can
introduce
the
termination
policy
like
if
you
want
to
terminate
all
containers
in
parallel
or
reverse
ordered.
B
Great
presentation,
I
think
my
immediate
thought
on
that
is.
We
really
need
to
talk
about
scenarios
rather
than
what
is
logical,
but
otherwise
you
practically
you
have
to
use
cases
first
use
cases
you
want
container
to
germinate,
gracefully
and
you're
ready
to
give
as
much
time
for
this
graceful
determination
as
possible.
B
So
you
have
30
seconds
to
terminate
do
whatever
you
want,
but,
like
you,
don't
get
any
more.
So
first
scenario
with
please
terminate,
terminate,
gracefully
and
I
will
give
you
as
much
time
as
possible.
This
picture
feels
perfect,
so
you
can
terminate
main
containers
and
like
inside
the
first
side,
car
second
like
sort
of
like
last
side,
car
previous
side,
car
and,
like
so
forth.
This
is
certifies.
B
A
B
Is
I,
don't
think
it's
as
far
as
it's
not
at
all
and
I
think,
like
whatever
solution
we
will
propose,
we
need
to
think
about
this
scenario
like
how
does
swipe
Boston
that
is
first
and
then
second,
how
well
this
study
will
be
working,
so
I
think
proposals
that
we
had
on
last
meeting
with
Sikh
term
interruption.
Pre-Stop
satisfy
bostonitos
but
like
it
satisfies
first
scenario
in
not
ideal
way.
C
B
I
think
all
three
that
you
said
is
pretty
much
the
same
time.
So
when
deletion
timestamp
was
set
then
like
in
the
closest
thing,
I
will
send
like
we'll
either
start
with
stops
or
six
terms
for
all
the
containers,
including
sidecars,
and
then,
when
all
the
main
candidates
are
gone,
we
will
send
a
sixth
term
to
a
rest
of
sidecar
containers.
C
B
C
C
A
Yeah,
are
you
going
to
the
kernel
protection
again,
async
calls
that
like
a
kill
pot
or
whatever,
and
then
basically,
they
all
the
run
and
go
routines,
the
weight
group
and
they
all
run
the
pre-stop
book
and
then
end
up
calling
the
stock
container
or
whatever
but
yeah
like
in
there.
It
would
have
to
wait
basically
just
realize
the
termination
order
and.
D
A
And
now
you
can't
you
know:
I
put
100
of
them
in
there
and
now
I
have
like
a
3
000
seconds
per
month
for
my
workload
to
run
and
I'll
just
run
it
as
a
side
caller
and
I
can
run
for
much
longer.
Basically,
so
it's
some
side
effects
of
multiplying
that
plot
termination
grace
period
I,
don't
think
you
can
change
the
semantics
of
the
poly
termination
base
period
really.
A
C
A
Entire
pod
has
to
be
gone
in
that
second
sergey's,
like
spot
Interruption
I.
Think
it's
a
really
good
use
case
of
you
get
30
seconds
and
the
machine's
going
down
like
we're,
taking
it
away
from
you
so
finishing
that
time
or
not
your
processes
or
get
killed
or
shutting
the
BM
off
and
that
sort
of
works
and
then,
like
the
other
case
of
if
you
could
just
multiply
that
out,
like
I,
don't
know
if
they're
like
multi-tenant
kubernetes
users,
that
sort
of
enforce
like
all
right
you're
out
of
time.
A
C
A
C
A
C
C
Didn't
get
like
like
current
behavior
is
if
the
cube
plus
sync
starts
after,
like
cupid
is
too
late
to
terminate
container
after
five
seconds,
then
it
will
get
more
five
seconds
termination
duration
period.
But
if
we
decide
to
to
terminate
container
from
deletion
timestamp,
then
it
will
be
the
breaking
change
for
the
users
like
before
we.
We
will
get
35
seconds
of
termination
grace
period
if
the
cubelet
is
delayed.
B
B
So
the
only
question
is
how
we
distributed
and
I
think
the
I
will
always
like
in
distributed
systems,
you
always
have
some
delays
and
like
inconsistencies
and
timestamps,
but
I
think
what
is
implemented
right
now,
working
for
most
scenarios.
So
even
if
there
is
a
delay,
then
I
haven't
heard
many
complaints
about
this
delay.
Yet
I
don't
know
if
you
have
any
Radio.
B
I,
don't
think
we
want
to
change
it
like
we
just
want
like
so
initial
deletion
will
be
the
same
if
sidecar
has
a
pre-stop
cook,
we'll
start
executing
this
free
stop
hook,
and
then
we
will
send
a
sixth
term
at
the
moment
when
all
the
main
containers
are
gone
and
key
like
Port
will
be
killed,
no
matter
what,
when
Grace
determination
is
completed.
So
there
is
like
no
inconsistency
here.
C
A
So
I
read
that
one
I
think
that
one
was
really
about
just
an
easier
way
of
adding
a
sleep
as
a
freestyle
book,
and
so
it
was
the
primary
jobber.
Is
that
so
that
when
you
delete
the
pod,
the
endpoints
sort
of
get
dropped?
Basically,
so
you
quit
routing
new
traffic
to
it,
and
it's
just
so.
You
can
use
a
like
distortless
container
and
don't
even
have
to
put
a
sleep
in
there
or
something.
A
C
B
B
B
A
I
guess
if
you
just
change
the
like
and
just
say
like
well,
Sig
term
for
sad
cars
comes
after
the
pre-store
after
the
pre-stop
hook
finishes
or
after
all,
the
main
containers
complete.
Whichever
occurs
last.
Is
that
solve
it?
Because
then,
if
your
sleep
extends
further
in
the
pre-stop
book,
you'll
still
get
it
when
it's
finished,
basically,
sidecars
can
always
assume
if
they
got
a
Sig
term.
B
Yeah
it
may
work,
but
it
may
delays.
There's
many
like
if
you
implement
some
generic
sidecar
like
shutter
smash.
You
want
to
know
when
termination
started,
but
then
you
also
want
to
know
all
the
maker
has
a
gun
because
you
are
not
useful.
After
all,
containers
are
gone,
so,
whatever
your
pre-stop
duration,
you
want
to
interrupt
it
and
get
out
of
it.
B
A
Yeah,
because
you're
using
sleep
I
mean
the
reason
is
to
give
your
thing
to
give
your
container
more
time
to
process
existing
connections
and
parasite
car
like
use
it.
If
you
want
to,
it,
probably
doesn't
make
a
whole
lot
of
sense,
because
by
the
time
we
by
the
time
we
send
you
like
we're,
already
delaying
your
Sig
term
anyway,
like
we've,
we've
got
more
information
than
you
do.
We
know
all
the
containers
were
dead.
Basically,.
A
A
We're
sort
of
constrained
by
the
fact
that
you
have
like
the
Pod
level
termination
grace
period.
You
don't
want
to
extend
that
for
reasons
and
then,
but
you
do
want
to
try
to
give
a
stock
market
standards
as
much
notice
as
possible,
but
they
also
need
to
know
when
all
the
maintainers
are
dead,
so
they
can
actually
quit
early.
B
Yeah
I
remember
it
is
in
a
bug,
but
I,
don't
remember
the
exact
Behavior.
If
you
trying
to
delete
port
with
the
graceful
determination
of
like
five
minutes,
and
then
you
said
it's
too
long
too
long,
it's
taking
too
long
and
you
start
another
deletion
with
like
one.
Second,
then
I
think
what
you
expect
to
have
is
Port
being
deleted
in
one
second,
so
I
think
you
would
expect
that
sick
term
from
second
deletion
will
interrupt
sleep,
foreign.
A
C
C
There's
no
way
to
just
terminate
in
the
same
termination
duration
seconds
with
using
the
cycle
container
I.
Think
users
should
know
that
they
will
get
longer
termination
duration.
Second,
if
it
if
we
want
their
sidecars
terminate
after
all,
regular
containers,
so
I
just
want
to
I
just
want
to
make
a
way
for
a
user
to
just
change.
Each
containers
termination
duration
seconds.
C
B
Mind
we
need
to
implement
it
right
now
in
this
you
know
we
already
have
one
termination
period
that
we
write
in
a
live
on
this
probe.
You
can
specify
grace
period
every
right,
so
if
your
liveness
profile,
then
we
can
apply
different
termination
period
for
the
entire
port.
So
this
is
implemented.
So
you
can
say
that
if
loudness
probe
failed,
it's
a
catastrophic
failure
and
we
don't
know
how
to
gracefully
terminate
you
need
to
just
kill
the
port
completely.
B
C
B
C
B
Do
you
have
specific
sidecar
container
in
mind
that
you
have
problems
to
implement
because
I
talked
to
Easter
people
and
they
said
like
even
today,
behavior
is
fine
with
them.
If
we'll
make
it
better
by
separating
two
signals,
then
it
will
be
ideal
for
them
and
they
they
done
like
they.
They
happy
for
logging.
B
B
B
B
A
D
D
B
A
Yeah
I
think
like,
if
you
had
to
do
it
today,
like
I'm
looking
at
this
kill
container
method.
Like
you
probably
end
up,
you
probably
end
up
with
some
sort
of
state,
something
that
maintains
State
object
that
you
pass
through
the
kill
container
method,
so
they
can
each
update
and
then
everything
sort
of
Waits
on
it.
A
So
we
can
kind
of
get
the
correct
ordering
and
correct
timing,
but
it's
solely
to
sort
of
handle
the
case
of
I'm
trying
to
shut
down
the
entire
pod
and
I
need
to
just
realize
the
termination
of
these
things.
The
only
issue
I've
seen
is
like
kill,
Tanner's
called
in
a
few
other
places
and
in
those
cases
you
just
wouldn't
pass
that
in.
In
which
case
the
containers
gets
killed
like
in
GC
and
containers.
You
don't
care
about
ordering
somewhere
else.
D
D
A
D
D
B
C
D
B
D
D
D
B
I
can
see
that
in
this
case,
if
you
have
login
container,
then
it
start
like
it
try
to
send
as
much
information
clear
all
the
buffers
as
soon
as
possible,
but
then,
when
all
the
maintenance
is
done,
it
knows
that
no
more
containers.
So
it
will
take
another
like
couple
seconds
to
send
all
the
rest
of
the
data
that
it
accumulated
during
shutdown
and
then
istio
will
be
the
next
like
first
container
and
it
will
terminate
immediately
so
yeah
I
can
see
it
helping
yeah
and
then.
D
D
A
No
yeah
I
agree,
yes
and
I
wonder
if
users
can
use
the
freestyle
book
to
like
work
around
these
badly
behaving
sidecars
sleep
for
10
seconds
on.
You
know
whatever
kill
all
that's
not
on
whatever
process
inside
there
as
as
their
pre-stop
book.
Basically,
and
you
can
sort
of
implement
whatever
you
want.
I
think
that
way
like
if
you
wanted
to
give
all
right
container
a
gets
10
like
sidebar
a
gets
or
like
in
this
case
Type
R
A
gets
20
seconds.
A
It's
like
our
two
gets
10
seconds
or
whatever
you
can
change
your
values
and
basically
use
your
pre-stop
book.
Send
your
own
Sig
term,
basically
and
set
your
own
Sig
kill
and
your
freestyle
book
it's
kind
of
ugly,
but,
like
you
could
you
could
work
around
some
stuff
for
these
badly
behave
inside
cars
until
you
get
around
to
fixing
the
code.
B
Yeah,
so
within
the
signal
is
not
necessarily
needed.
You
can
just
Implement
whatever
logic
you
want
and
your
freestyle
yeah,
it's,
the
only
complication
is
it's
a
scenario
of
login
container
and
H2O
like
and
serious
mesh.
So
Logan
wants
couple
more
seconds
and
it
wants
Network
to
be
up.
How
does
they
tell
istio
that
it
needs
to
be
out
for
two
seconds
and
so
on?
The
complication
and
I
wanted
to
ignore
that
I
wanted
to
say
that,
like
it's,
not
our
problem
like
we're,
not
solving
this
problem
but
I
think
my
tears
have
a
point.
A
B
B
C
C
B
D
I
will
and
actually
we
need.
We
need
this
one
if,
if
we
want
to
to
use
studs
determination
using
the
pre-stop
hook,
because
imagine
if
we
kill
a
sidecar
before
it
gets
thermal
C
kill
using
your
sleep
in
the
crystal
book
and
then
sending
your
own.
But
then
we
don't
want
the
cubelete
to
restart
the
sidecar
because
we
wanted
to
kill
it.
D
A
I
think
it's
consistent
with
like
everything
else
about
sidecars
it's
best
effort.
We
try
to
keep
it
running
and
like
if
your
sidecar
starts
failing.
We
don't
stop
everything
else
anyway,
right
if
your
sidecar's
just
repeatedly
crashing,
we
don't
stop
them
in
containers.
Sort
of
the
same
thing
for
me.
A
A
D
D
B
B
And
if
you
have
a
login
side,
cars
and
it's
supposed
to
be
working
all
this
time,
so
the
way
you
implement
the
login
containers
this
way
in
case
you
on
pre-stop,
you
say
like:
oh,
maybe
I
will
be
terminated
soon.
So
let
me
send
off
all
the
buffers
and
then
it
went
into
this
mode
of
sending
all
the
logs
immediately
without
like
buffering
its
without
buffering
too
much
so
I
think
it's
fine.
B
The
problem
with
that
is
typically,
you
give
this
condition
a
very
long
time
to
terminate
like,
let's
say,
30
minutes,
but
then,
if
driver
install,
an
installation
took
only
15
minutes.
You
wanted
to
complete,
like
you,
don't
want
to
wait
for
a
Whole
30
minutes,
so
you
want
the
sidecars
to
extend
it
to
insignificant
amount
of
time
instead
of
for
the
whole
duration,
foreign.
A
You
have
a
long
grace
period
and
istio
crashes
right
after
that
grace
period
starts
basically
and
since
it's
the
side
part
we're
not
going
to
restart
it
and
there's
something
else
after
it,
a
logging
container
that
needs
it
to
be
able
to
actually
communicate.
It's
logged
off
in
a
case
logged
here,
logging
pair
is
just
going
to
fail.