exec
for liveness and readiness checks since kubelet is not part of the service mesh and doesn't have access to the TLS cert.SIGTERM
signal to every container and waits for period of time (30s by default) for all containers to exit gracefully. If your app doesn't handle the SIGTERM
signal or if it doesn't exit within the grace period, Kubernetes will kill the container and any inflight requests that your app is processing will fail.preStop
hook that delays the container shutdown. This will allow the service mesh to drain the traffic and remove this pod from all other Envoy sidecars before your app becomes unavailable.SIGTERM
and tries to complete the inflight requests before shutdown, that doesn't mean that the response will make it back to the caller. If the Envoy sidecar shuts down before your app, then the caller will receive a 503 error.preStop
hook to the Istio proxy and wait for the main app to exit before Envoy exits.preStop
directive.