Merge main into dev-1.29 #44305
Merged
Merge main into dev-1.29 #44305
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Finalizers are a string array - Small grammar error
The "generate-csr" command is useful in cases users don't wish to use the default certificate duration that kubeadm has hardcoded to 1 year. The command can also be used when the certificate rotation process is done manually, out of bounds with an external CA.
…s of init containers and pod lifecycle.
Signed-off-by: xin.li <[email protected]>
Improve visibility for tutorial diagrams through color change
docs: Small fixes to the Resource deletion section of API Concept
Replace "Twitter" logo with "X" logo on Community page
Remove duplicate references to Docker Engine legacy container feature in "Service" page
Fix Broken voyager link in ingress-controllers.md
[zh-cn] sync secret cheatsheet php-apache.yaml
[pt] Update "Operator White Paper" link on operator.md page
* [zh-cn] Update KubeCon dates * [zh-cn] Update KubeCon dates
…kubeadm-generate-csr kubeadm: add section on how to use the "generate-csr" command
Add a new concept page for Sidecar containers
k8s-ci-robot
added
the
do-not-merge/work-in-progress
👷 Deploy Preview for kubernetes-io-vnext-staging processing.
|
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
the
size/XL
k8s-ci-robot
added
language/en
k8s-ci-robot
added
language/pt
This comment was marked as duplicate.
This comment was marked as duplicate.
sftim
commented
Dec 11, 2023
Comment on lines
-292
to
-332
| #### API for sidecar containers | ||
|
|
||
| {{< feature-state for_k8s_version="v1.29" state="beta" >}} | ||
|
|
||
| Enabled by default with Kubernetes 1.29, a feature gate named `SidecarContainers` | ||
| allows you to specify a `restartPolicy` for init containers which is independent of | ||
| the Pod and other init containers. Container [probes](/docs/concepts/workloads/pods/pod-lifecycle/#types-of-probe) | ||
| can also be added to control their lifecycle. | ||
|
|
||
| If an init container is created with its `restartPolicy` set to `Always`, it will | ||
| start and remain running during the entire life of the Pod, which is useful for | ||
| running supporting services separated from the main application containers. | ||
|
|
||
| If a `readinessProbe` is specified for this init container, its result will be used | ||
| to determine the `ready` state of the Pod. | ||
|
|
||
| Since these containers are defined as init containers, they benefit from the same | ||
| ordering and sequential guarantees as other init containers, allowing them to | ||
| be mixed with other init containers into complex Pod initialization flows. | ||
|
|
||
| Compared to regular init containers, sidecar-style init containers continue to | ||
| run and the next init container can begin starting once the kubelet has set | ||
| the `started` container status for the sidecar-style init container to true. | ||
| That status either becomes true because there is a process running in the | ||
| container and no startup probe defined, or | ||
| as a result of its `startupProbe` succeeding. | ||
|
|
||
| This feature can be used to implement the sidecar container pattern in a more | ||
| robust way, as the kubelet always restarts a sidecar container if it fails. | ||
|
|
||
| Here's an example of a Deployment with two containers, one of which is a sidecar: | ||
|
|
||
| {{% code_sample language="yaml" file="application/deployment-sidecar.yaml" %}} | ||
|
|
||
| This feature is also useful for running Jobs with sidecars, as the sidecar | ||
| container will not prevent the Job from completing after the main container | ||
| has finished. | ||
|
|
||
| Here's an example of a Job with two containers, one of which is a sidecar: | ||
|
|
||
| {{% code_sample language="yaml" file="application/job/job-sidecar.yaml" %}} |
sftim
force-pushed
the
20231211_dev_1.29_merge_main
branch
from
9ed3f6b to
e57cf32
Compare
sftim
commented
Dec 11, 2023
| five minutes. Once a container has executed for 10 minutes without any problems, the | ||
| kubelet resets the restart backoff timer for that container. | ||
| [Sidecar containers and Pod lifecycle](/docs/concepts/workloads/pods/sidecar-containers/#sidecar-containers-and-pod-lifecycle) | ||
| explains the behaviour of `init containers` when specify `restartpolicy` field on it. |
There was a problem hiding this comment.
nit: this needs a fix at some point
|
It was a bit rushed. |
|
Looks clean, other than the nit we can address later. /lgtm |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 739f35aa8802ac051f0ff539adfd003cbbf2f97d
|
natalisucks
approved these changes
Dec 11, 2023
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: natalisucks The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Account for the latest updates, including #43346.