kubernetes sidecar not working(InitContainerRestartPolicyForbidden)

Question

I want to make sidecar container

・my kubernetes version

$ kubectl version
Client Version: v1.28.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.6

・pod yaml file

apiVersion: v1
kind: Pod
metadata:
  name: sidecar
spec:
  initContainers:
  - command:
    - tail
    - -f
    - /dev/null
    image: alpine
    name: sidecar
    restartPolicy: Always
  containers:
  - image: alpine
    name: main
    command:
    - tail
    - -f
    - /dev/null

I enabled the SidecarContainers feature　gates as below ・Add 「--feature-gates=SidecarContainers=true」 to 「kube-*.yaml」

$ sudo grep feature /etc/kubernetes/manifests/*
/etc/kubernetes/manifests/kube-apiserver.yaml:    - --feature-gates=SidecarContainers=true
/etc/kubernetes/manifests/kube-controller-manager.yaml:    - --feature-gates=SidecarContainers=true
/etc/kubernetes/manifests/kube-scheduler.yaml:    - --feature-gates=SidecarContainers=true

・Also added to 10-kubeadm.conf

Even if I applied each one of the two lines at the bottom that are commented out, I failed to create a sidecar container.

# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/default/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
#KUBELET_EXTRA_ARGS=--feature-gates=SidecarContainers=true
#Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --feature-gates=SidecarContainers=true"

but, When I deploy a pod, it becomes InitContainerRestartPolicyForbidden and I don't know the reason.

$ kubectl get pod sidecar
NAME      READY   STATUS                                RESTARTS   AGE
sidecar   0/2     InitContainerRestartPolicyForbidden   0          2m52s


$ kubectl describe pod sidecar |tail -5
Events:
  Type     Reason                               Age    From               Message
  ----     ------                               ----   ----               -------
  Warning  InitContainerRestartPolicyForbidden  3m24s  kubelet            Init container "sidecar" may not have a non-default restartPolicy
  Normal   Scheduled                            3m24s  default-scheduler  Successfully assigned default/sidecar to choi-k8s-test-node

Can somebody help me on this? Thanks!

Answer 1

(Moved this from the user's question to an answer):

I solved it by creating a sidecar using the following method:

1. (in worker node)edit /var/lib/kubelet/kubeadm-flags.env

$ vi /var/lib/kubelet/kubeadm-flags.env

KUBELET_KUBEADM_ARGS="--container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --pod-infra-container-image=registry.k8s.io/pause:3.9"
↓
KUBELET_KUBEADM_ARGS="--container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --pod-infra-container-image=registry.k8s.io/pause:3.9 --feature-gates=SidecarContainers=true"

2. (in worker node)restart kubelet

systemctl restart kubelet

3. (in master node)Add 「--feature-gates=SidecarContainers=true」 to 「/etc/kubernetes/manifests/kube-*.yaml」

$ sudo grep feature /etc/kubernetes/manifests/*
/etc/kubernetes/manifests/kube-apiserver.yaml:    - --feature-gates=SidecarContainers=true
/etc/kubernetes/manifests/kube-controller-manager.yaml:    - --feature-gates=SidecarContainers=true
/etc/kubernetes/manifests/kube-scheduler.yaml:    - --feature-gates=SidecarContainers=true

4. (in master node)check that SidecarContainers are enabled

$ kubectl get --raw "/api/v1/nodes/<worker node name>/proxy/configz" | jq |grep -i -e side -e feat
    "featureGates": {
      "SidecarContainers": true