From 9fd621b1b97dccb9625c34a33c54e43d19133fae Mon Sep 17 00:00:00 2001 From: germangarces Date: Wed, 13 May 2026 11:17:12 +0200 Subject: [PATCH 1/2] fix(api): close graceful-shutdown gap behind LB Signed-off-by: germangarces --- charts/flagsmith/values.yaml | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/charts/flagsmith/values.yaml b/charts/flagsmith/values.yaml index 5a67bd1..d678949 100644 --- a/charts/flagsmith/values.yaml +++ b/charts/flagsmith/values.yaml @@ -74,10 +74,19 @@ api: nodeSelector: {} tolerations: [] affinity: {} - # Container lifecycle hooks (e.g. preStop for graceful shutdown) - lifecycle: {} - # Pod termination grace period in seconds - terminationGracePeriodSeconds: null + # Container lifecycle hooks. Default preStop delays SIGTERM so the + # LB / endpoints controller has time to deregister the pod before + # gunicorn closes its listen socket. Without this, rolling deploys + # and HPA scale-down can cause a short 5xx spike on traffic that + # the LB routes to the pod after it has stopped accepting connections. + lifecycle: + preStop: + exec: + command: ["sleep", "20"] + # Pod termination grace period in seconds. Must exceed the LB's + # connection-draining timeout so the kubelet does not SIGKILL + # the pod while the LB is still draining in-flight connections. + terminationGracePeriodSeconds: 75 podSecurityContext: {} defaultPodSecurityContext: enabled: true @@ -461,7 +470,7 @@ hpa: enabled: false minReplicas: 2 maxReplicas: 10 - targetCPUUtilization: 50 + targetCPUUtilization: 50 sse: enabled: true minReplicas: 1 From a3d2e1164b26335ca3b3812671fcdabc4dc823f3 Mon Sep 17 00:00:00 2001 From: germangarces Date: Wed, 13 May 2026 15:45:29 +0200 Subject: [PATCH 2/2] fix(api,task-processor): Name container ports for direct scraping The api and task-processor container ports were unnamed, so any PodMonitoring (or other) resource referencing them by name (e.g. `port: http`) could not resolve them and silently scraped nothing. Name the existing container port `http`, and declare the Prometheus port 9100 as `prom` when `prometheus.enabled` is true. Service and ServiceMonitor resources are unaffected: both reference ports by numeric value or by the Service's own port name. --- charts/flagsmith/templates/deployment-api.yaml | 7 ++++++- charts/flagsmith/templates/deployment-task-processor.yaml | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/charts/flagsmith/templates/deployment-api.yaml b/charts/flagsmith/templates/deployment-api.yaml index 9b2d23a..28ed46e 100644 --- a/charts/flagsmith/templates/deployment-api.yaml +++ b/charts/flagsmith/templates/deployment-api.yaml @@ -126,7 +126,12 @@ spec: {{- end }} {{- end }} ports: - - containerPort: {{ .Values.service.api.port }} + - name: http + containerPort: {{ .Values.service.api.port }} + {{- if .Values.prometheus.enabled }} + - name: prom + containerPort: 9100 + {{- end }} env: {{ include (print $.Template.BasePath "/_api_environment.yaml") . | nindent 8 }} livenessProbe: {{- if .Values.api.livenessProbe.exec }} diff --git a/charts/flagsmith/templates/deployment-task-processor.yaml b/charts/flagsmith/templates/deployment-task-processor.yaml index d6b3e3e..82196cf 100644 --- a/charts/flagsmith/templates/deployment-task-processor.yaml +++ b/charts/flagsmith/templates/deployment-task-processor.yaml @@ -93,7 +93,12 @@ spec: - run-task-processor {{- end }} ports: - - containerPort: {{ .Values.service.taskProcessor.port }} + - name: http + containerPort: {{ .Values.service.taskProcessor.port }} + {{- if .Values.prometheus.enabled }} + - name: prom + containerPort: 9100 + {{- end }} env: {{ include (print $.Template.BasePath "/_task_processor_environment.yaml") . | nindent 8 }} livenessProbe: {{- $exec := .Values.taskProcessor.livenessProbe.exec | default .Values.api.livenessProbe.exec }}