Native K8s Sidecar Containers with gluetunยถ
I tried to use the new Kubernetes native
Sidecar Containers
introduced since v1.29. The initContainers
and pod were stuck in
PodInitializing
state and the other containers were not starting up.
If an
init container
is created with its restartPolicy
set to Always
, it will then be a native
Sidecar Conainer, it will start and remain running during the entire life of the
Pod. When restartPolicy
is not set it is an init container that will die once
itโs task is completed before the next init container is started.
In my case I incorrectly thought I had added the restartPolicy
to
gluetun, omitting this turned it back into
an init container and since it will never exit zero, the rest of my application
was forever stuck in PodInitializing
waiting for gluetun to finish. This was
easily fixed once I corrected the false memory and actually added the
restartPolicy
.
Here is an example of gluetun behaving as a K8s native sidecar container which connects to Nord VPN and causes all pod traffic to egress via the VPN. There are three containers involved:
gluetun
is the native sidecar and will continue to run for the lifetime of the deployment.The
ping
container is a normal init container and the main container will not start until this one completes (which will happen once the gluetun VPN is online).curlpod
is the main application container, in this case will continuously check itโs IP address to ensure traffic is going out via the VPN, you would replace this with an actual application container.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gluetun-deployment
namespace: torrent
labels:
app: gluetun
spec:
replicas: 1
selector:
matchLabels:
app: gluetun
template:
metadata:
labels:
app: gluetun
spec:
initContainers:
- name: gluetun
# if you do not add restartPolicy the other init containers will never start
# it will be an initContainer and not a native sidecar container https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/
restartPolicy: Always
image: ghcr.io/qdm12/gluetun
imagePullPolicy: Always
securityContext:
capabilities:
add:
- 'NET_ADMIN'
env:
- name: TZ
value: 'UTC'
- name: VPN_SERVICE_PROVIDER
value: nordvpn
- name: VPN_TYPE
value: openvpn
- name: SERVER_COUNTRIES
value: Netherlands
- name: OPENVPN_USER
value: USR
- name: OPENVPN_PASSWORD
value: PWD
- name: ping
image: busybox
command:
- sh
- -c
- |
while ! ping -c 1 8.8.8.8; do
echo "Ping failed, retrying in 5"
sleep 5
done
echo "ping successful, exiting"
containers:
- name: curlpod
image: curlimages/curl
args:
- /bin/sh
- -c
- while true; do curl checkip.amazonaws.com; sleep 15;
done
imagePullPolicy: Always
This K8s Blog on Native Sidecar Containers has some good background.
Comments
comments powered by Disqus