feat(openfga): Allow lifecycle hook specific to pods

[flex-seongbok]

This PR provides the ability to add lifecycle hook to openfga pods.

Description

Some mechanisms such as preStop or postStart hooks uses the concept of Lifecycle.
This PR adds a lifecycle value next to the resources so that lifecycle hook can be added to the openfga pods.

We use lifecycle to add preStop hook that waits few seconds before terminating pod to make sure iptable update completion.

Below screenshot is result of helm template lifecycle-test . with lifecycle value of

lifecycle:
  preStop:
    exec:
      command:
        - sh
        - -c
        - sleep 10

References

Review Checklist

• I have clicked on "allow edits by maintainers".
• I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
• The correct base branch is being used, if not main
• I have added tests to validate that the change in functionality is working as expected

[jeremy-albuixech]

thanks, just one small comment about the description, otherwise this looks good.

Would you mind adding to the description a screenshot of an example of the rendered chart that includes this, as proof of testing?

Thanks for the contribution :)

[flex-seongbok]

thanks, just one small comment about the description, otherwise this looks good.

Would you mind adding to the description a screenshot of an example of the rendered chart that includes this, as proof of testing?

Thanks for the contribution :)

Added screenshot of lifecycle value usage.

Thanks for the review :)

[flex-seongbok]

@jeremy-albuixech Hi, I rebased on main.
How can this PR merged to main?
Please let me know if there is something I should do. Thank you.

[jeremy-albuixech]

it should be possible to merge it soon, I just approved the testing, once all statuses are green feel free to merge.

[flex-seongbok]

@jeremy-albuixech Sorry but I can't find merge button.
Can you see it? Could you merge this PR for me?

[rhamzeh]

Thanks for your contribution @flex-seongbok - can you give maintainers edit access to this PR so we can get it merged?

[flex-seongbok]

Thanks for your contribution @flex-seongbok - can you give maintainers edit access to this PR so we can get it merged?

Sorry it's forked to our private org not personal fork. I can't find button for give access to maintainer.
It seems like GitHub's limitation. 😭
Merged main. Could you merge if there is no conflict? If not I will make a new fork.
@rhamzeh

[jeremy-albuixech]

I can merge it now, thank you for your contribution @flex-seongbok !

[flex-seongbok]

FYI.
As openfga uses distroless image as base, it doesn't contains shell or sleep command.
So we had to find other command to pause termination process.
And we ended up using grpc health check binary.
All the network errors disappeared when restarting pod after applying 😄

  lifecycle:
    preStop:
      exec:
        command:
          - '/usr/local/bin/grpc_health_probe'
          - '-connect-timeout=10s'
          - '-addr=9999'

[danielloader]

Also Kubernetes 1.30+ has https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-implementations available for sleeping without needing an in container shell/sleep binary.

lifecycle:
  preStop:
    sleep:
      seconds: 10