Skip to content

Commit b426652

Browse files
committed
docs: Elaborate on cert lifetimes
1 parent b80cea6 commit b426652

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

docs/modules/trino/pages/operations/graceful-shutdown.adoc

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,8 @@ noticed that all tasks are complete
1717
5. The `PreStop` hook will never return, but the JVM will be shut down by the graceful shutdown mechanism.
1818
6. When the graceful shutdown is not quick enough (e.g. a query runs longer than the graceful shutdown period), after `<graceful shutdown period> + 60s of step 2 + 60s of step 4 + 30s safety overhead` the Pod gets killed, regardless if it has shut down gracefully or not. This is achieved by setting `terminationGracePeriodSeconds` on the worker Pods.
1919

20+
WARNING: As of 23.7, the secret-operator issues TLS certificates with a lifetime of 24h. It also adds an annotation to the Pod, so that it is restarted 30 minutes before the certificate expires (23.5h hours in this case). Bot can not be configured. This results in all Pod using https (both coordinator and workers in a typical setup) restarting every 23.5 hours. This problem will be addressed in a future release by e.g. making the certification lifetime configurable.
21+
2022
== Implications
2123
All queries that take less than the graceful shutdown period are guaranteed to not be disturbed by regular termination of Pods.
2224
They can obviously still fail when e.g. a Kubernetes node dies completely or the Pod does not get the time it takes (e.g. 1h by default) to properly gracefully shut down.

0 commit comments

Comments
 (0)