From a7bcf7a655dad59478f6fb0a332b9ce348539e63 Mon Sep 17 00:00:00 2001
From: Marco Donadoni <marco.donadoni@cern.ch>
Date: Thu, 11 Apr 2024 14:37:10 +0200
Subject: [PATCH] fix(kerberos): stop ticket renewal when pod is terminated
 (#454)

Closes reanahub/reana-job-controller#449
---
 reana_commons/k8s/kerberos.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/reana_commons/k8s/kerberos.py b/reana_commons/k8s/kerberos.py
index 0f348ff8..f9cf4561 100644
--- a/reana_commons/k8s/kerberos.py
+++ b/reana_commons/k8s/kerberos.py
@@ -126,6 +126,12 @@ def get_kerberos_k8s_config(
         "volumeMounts": [secrets_volume_mount] + volume_mounts,
         "env": env,
         "securityContext": {"runAsUser": kubernetes_uid},
+        "lifecycle": {
+            # make sure we stop the sidecar container when the pod is stopped,
+            # for example when the run-batch pod is terminated by reana-workflow-controller
+            # after the workflow finishes (either successfully or with an error)
+            "preStop": {"exec": {"command": ["touch", KRB5_STATUS_FILE_LOCATION]}}
+        },
     }
 
     return KerberosConfig(