Overview #
Init-Containers #
-
Are specialized containers that run before the application containers in a pod.
-
A Pod can have multiple containers running apps within it, but it can also have one or more init containers, which are run before the app containers are started.
-
Init containers always run to completion.
-
Each init container must complete successfully before the next one starts.
-
The main container does not start until all the init containers have successfully completed.
-
If a pods init container fails, the kubelet repeatedly restarts that init container until it succeeds. Unless the pods restartPolicy is
Neverand an init container fails during startup of that pod, Kubernetes treats the overall Pod as failed. -
Init containers can securely run utilities or custom code that would otherwise make an application container image less secure.
Example Usecases:
-
Create a database schema.
-
Establishing network connections to external services.
-
Clone Git repositories or write files into attached pod volumes.
-
Retrieving secrets from a vault
-
Creating directories, applying permissions, or running custom scripts to set up the environment for the main application.
-
Wait for a service to start before the main application starts.
Sidecar-Containers #
- Is a container that starts before the main application container and continues to run.
Init Container Example #
ExamplePod: Environment Setup (Write to Volume) #
Create Pod #
The following init container will create an index.html file, that is used by the Nginx main application container:
# Create a manifest for the pod
vi volume-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: volume-pod
spec:
initContainers:
- name: write-index-html
image: busybox
command: ["sh", "-c", "echo 'Hello from the init container!' > /data/index.html"]
volumeMounts:
- name: data-volume
mountPath: /data
containers:
- name: main-app
image: nginx
ports:
- containerPort: 80
volumeMounts:
- name: data-volume
mountPath: /usr/share/nginx/html
volumes:
- name: data-volume
emptyDir: {}
# Create the pod
kubectl create -f volume-pod.yaml
Verify Nginx Output #
# Create a port-forwarding
kubectl port-forward pod/volume-pod 8080:80
# Curl the Nginx container (in a new shell)
curl localhost:8080
# Shell output:
Hello from the init container!
Delete the Pod #
# Delete the pod:
kubectl delete pod volume-pod
ExamplePod: Wait for Service #
Create Pod #
# Create a manifest for the pod
vi example-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: example-pod
labels:
app: some-app
spec:
containers:
- name: app-container
image: busybox:1.28
command: ['sh', '-c', 'echo The app is running! && sleep 3600']
initContainers:
- name: init-myservice
image: busybox:1.28
command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"]
# Create the pod
kubectl create -f example-pod.yaml
Verify the Pod Status #
The Init-Container will wait till the services is available:
# List pods
kubectl get pod example-pod
# Shell output:
NAME READY STATUS RESTARTS AGE
example-pod 0/1 Init:0/1 0 11s
Create Service for the Init-Containers #
# Create a manifest for the service
vi myservice.yaml
apiVersion: v1
kind: Service
metadata:
name: myservice
spec:
ports:
- protocol: TCP
port: 80
targetPort: 9376
# Create the service
kubectl create -f myservice.yaml
Verify the Pod Status #
# List pods
kubectl get pod example-pod
# Shell output:
NAME READY STATUS RESTARTS AGE
example-pod 1/1 Running 0 113s
Delete the Resources #
# Delete the pod and service
kubectl delete pod example-pod
kubectl delete svc myservice
Links #
# Official Documentation
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/