Implement KEP753 initContainer restartPolicy=Always sidecar #11461
Labels
Comments
|
My initial results just moving the proxy container into initContainers looks good so far! https://github.com/teejaded/linkerd2/commits/native-sidecar ❯ kubectl get pod nginx-5bf8965ddf-948qs -o yaml | yq '.status.initContainerStatuses[1]'
containerID: containerd://18d6acc27364f8c9118a7fa27dd8bd28f437c65cda3b05f5fdb9e41ec76a9c3d
image: cr.l5d.io/linkerd/proxy:stable-2.14.0
imageID: cr.l5d.io/linkerd/proxy@sha256:8bdf507a00c154b3fa0916acc98d80bfdcb0fb8ca1fa3d1e12cbba82604ef23e
lastState: {}
name: linkerd-proxy
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2023-10-06T19:17:18Z" |
teejaded
added a commit
to teejaded/linkerd2
that referenced
this issue
Oct 6, 2023
Kubernetes has introduced native sidecar support in version 1.28. This feature improves network proxy sidecar compatability for jobs and initContainers. Introduce a new annotation config.alpha.linkerd.io/proxy-enable-native-sidecar and configuration option Proxy.NativeSidecar that causes the proxy container to run as an init-container. Fixes: linkerd#11461 Signed-off-by: T.J. Miller <[email protected]>
teejaded
added a commit
to teejaded/linkerd2
that referenced
this issue
Oct 9, 2023
Kubernetes has introduced native sidecar support in version 1.28. This feature improves network proxy sidecar compatability for jobs and initContainers. Introduce a new annotation config.alpha.linkerd.io/proxy-enable-native-sidecar and configuration option Proxy.NativeSidecar that causes the proxy container to run as an init-container. Fixes: linkerd#11461 Signed-off-by: TJ Miller <[email protected]>
|
Can't wait for it! |
teejaded
added a commit
to teejaded/linkerd2
that referenced
this issue
Nov 3, 2023
Kubernetes has introduced native sidecar support in version 1.28. This feature improves network proxy sidecar compatability for jobs and initContainers. Introduce a new annotation config.alpha.linkerd.io/proxy-enable-native-sidecar and configuration option Proxy.NativeSidecar that causes the proxy container to run as an init-container. Fixes: linkerd#11461 Signed-off-by: TJ Miller <[email protected]>
alpeb
pushed a commit
that referenced
this issue
Nov 22, 2023
* Add native sidecar support Kubernetes will be providing beta support for native sidecar containers in version 1.29. This feature improves network proxy sidecar compatibility for jobs and initContainers. Introduce a new annotation config.alpha.linkerd.io/proxy-enable-native-sidecar and configuration option Proxy.NativeSidecar that causes the proxy container to run as an init-container. Fixes: #11461 Signed-off-by: TJ Miller <[email protected]>
Merged
hawkw
added a commit
that referenced
this issue
Nov 22, 2023
## edge-23.11.4 This edge release introduces support for the native sidecar containers entering beta support in Kubernetes 1.29. This improves the startup and shutdown ordering for the proxy relative to other containers, fixing the long-standing shutdown issue with injected `Job`s. Furthermore, traffic from other `initContainer`s can now be proxied by Linkerd. In addition, this edge release includes Helm chart improvements, and improvements to the multicluster extension. * Added a new `config.alpha.linkerd.io/proxy-enable-native-sidecar` annotation and `Proxy.NativeSidecar` Helm option that causes the proxy container to run as an init-container (thanks @teejaded!) (#11465; fixes #11461) * Fixed broken affinity rules for the multicluster `service-mirror` when running in HA mode (#11609; fixes #11603) * Added a new check to `linkerd check` that ensures all extension namespaces are configured properly (#11629; fixes #11509) * Updated the Prometheus Docker image used by the `linkerd-viz` extension to v2.48.0, resolving a number of CVEs in older Prometheus versions (#11633) * Added `nodeAffinity` to `deployment` templates in the `linkerd-viz` and `linkerd-jaeger` Helm charts (thanks @naing2victor!) (#11464; fixes #10680)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
What problem are you trying to solve?
Now that we have kubernetes/enhancements#753 (aka native sidecar containers https://kubernetes.io/blog/2023/08/25/native-sidecar-containers/) can the proxy injector be updated to support it when it is available or via flag?
I would comment in #1869, but it is locked.
This would greatly simplify adopting linkerd with jobs.
How should the problem be solved?
Implement support for the new sidecar pattern into the proxy-injector process and linkerd cli.
Any alternatives you've considered?
Adding the shutdown hook call to all jobs is not easy. This is especially true when you're consuming public helm charts.
How would users interact with this feature?
Either opt-in or opt-out of the new sidecar behavior with a flag gated on a k8s api version check.
Would you like to work on this feature?
maybe
The text was updated successfully, but these errors were encountered: