In Kubernetes, we can run more than one container in a Pod, but as a practice, we run only one application container. Along with an application container, we can also run one or more init containers.
Kubernetes init containers run in the same Pod as the main application container, though with a separate life cycle. The pattern is often used to initialize a state or configuration for the application running in the main container.
Overview on Kubernetes init containers
- An init container is an additional container in a Pod that completes a task before the "regular" container is started
- The regular container will only be started once the init container has been started
- An init container in a Pod must run and complete before any other application containers in the Pod start.
- This is a great way to initialize a Kubernetes Pod. You can pull any files (keystores, policies, and so forth), configurations, and so on with an init container.
- Just as with any other application container, we can have more than one init container in a given Pod; but unlike an application container, each init container must run to completion before the next init container starts.
Create a Pod with initContainers
In this example we will create a Pod with initContainers
which will act as a pre-requisite to start the main container in the same Pod.
[root@controller ~]# cat pod-init-container.yml
apiVersion: v1
kind: Pod
metadata:
name: init-container-example-1
spec:
initContainers:
- name: sleepy
image: alpine
command: ['sleep', '60']
containers:
- name: web
image: nginx
Next we will create a Pod using kubectl
command with this YAML file:
[root@controller ~]# kubectl create -f pod-init-container.yml
pod/init-container-example-1 created
Once the Pod is created, we verify the status of this pod:
[root@controller ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
init-container-example-1 0/1 Init:0/1 0 3s
nginx 1/1 Running 3 34h
pod-as-user-guest 1/1 Running 3 33h
pod-drop-chown-capability 1/1 Running 3 32h
pod-privileged 1/1 Running 4 33h
It shows that the Pod is in initialization stage i.e. the task from the initContainers
is being executed currently, and once the init container is done it should be starting the nginx web server.
[root@controller ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
init-container-example-1 1/1 Running 0 8m
nginx 1/1 Running 3 34h
pod-as-user-guest 1/1 Running 3 33h
pod-drop-chown-capability 1/1 Running 3 33h
pod-privileged 1/1 Running 4 33h
So our nginx
web server has started in the init-container-example-1
Pod.
How initContainers work
- During Pod startup, the
kubelet
delays running init containers until the networking and storage are ready. Then the kubelet runs the Pod's init containers in the order they appear in the Pod's spec. - Each init container must exit successfully before the next container starts. If a container fails to start due to the runtime or exits with failure, it is retried according to the Pod
restartPolicy
. However, if the PodrestartPolicy
is set toAlways
, the init containers userestartPolicy
OnFailure
. - A Pod cannot be Ready until all init containers have succeeded. The ports on an init container are not aggregated under a Service. A Pod that is initializing is in the Pending state but should have a condition Initialized set to true.
- If the Pod restarts, or is restarted, all init containers must execute again.
How initContainers are different from normal Containers
- Init containers support all the fields and features of app containers, including resource limits, volumes, and security settings. However, the resource requests and limits for an init container are handled differently
- Also, init containers do not support lifecycle, livenessProbe, readinessProbe, or startupProbe because they must run to completion before the Pod can be ready.
- If you specify multiple init containers for a Pod, Kubelet runs each init container sequentially. Each init container must succeed before the next can run. When all of the init containers have run to completion, Kubelet initializes the application containers for the Pod and runs them as usual
Conclusion
In this Kubernetes tutorial we learned about initContainer
and it's usage in Kubernetes Cluster nodes. A Pod can have multiple containers running apps within it, but it can also have one or more init containers, which are run before the app containers are started. Init containers are exactly like regular containers, except:
- Init containers always run to completion.
- Each init container must complete successfully before the next one starts.