Propagate SIGTERM for graceful shutdown

If the process receiving the signal is PID 1, it gets special treatment by the kernel; if it hasn't registered a handler for the signal, the kernel won't fall back to default behavior, and nothing happens. Since this script is PID 1 in the container, we need to explictly let shell register a SIGTERM handler and forward it to the main process so that `docker stop` will work properly when trying to gracefully shutdown the container. Note: currently, we only handles SIGTERM so that `docker stop` would properly. Long term, we should switch to some better init like dump-init (https://github.com/Yelp/dumb-init).
mintel · Oct 22, 2019 · 0b73d6b · 0b73d6b
1 parent 6e97a37
commit 0b73d6b
Showing 1 changed file with 21 additions and 1 deletion.
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,9 +1,29 @@
 #!/bin/sh
 
+# If the process receiving the signal is PID 1, it gets special
+# treatment by the kernel; if it hasn't registered a handler for the
+# signal, the kernel won't fall back to default behavior, and nothing
+# happens. Since this script is PID 1 in the container, we need to
+# explictly let shell register a SIGTERM handler and forward it to the
+# main process so that `docker stop` will work properly when trying to
+# gracefully shutdown the container.
+#
+# Note: currently, we only handles SIGTERM so that `docker stop` would
+# work properly. Long term, we should switch to some better init like
+# dump-init (https://github.com/Yelp/dumb-init).
+_term() {
+  echo "Caught SIGTERM signal!"
+  kill -TERM "$child" 2>/dev/null
+}
+
+trap _term SIGTERM
+
 if [ ! -z "$(ls -A /certs)" ]; then
   cp -L /certs/*.crt /usr/local/share/ca-certificates/ 2>/dev/null
   update-ca-certificates
 fi
 
 # Execute dex-k8s-authenticator with any argument passed to docker run
-/app/bin/dex-k8s-authenticator $@
+/app/bin/dex-k8s-authenticator $@ &
+child=$!
+wait "$child"