OpenKruise v0.8.0 Highlights: DaemonSets, Image Pre‑Pull, and SidecarSet Overhaul

Background

OpenKruise is an open‑source cloud‑native application automation suite hosted by the CNCF Sandbox. It extends Kubernetes with standard components that have been battle‑tested in Alibaba’s large‑scale production environments.

New Version Overview

On March 4, 2021, OpenKruise released version v0.8.0 . The release adds several major features and many refinements.

1. New kruise-daemon Component

Previously OpenKruise ran only the kruise-manager Operator, which is a centrally deployed controller. v0.8.0 adds kruise-daemon, a DaemonSet that runs on every node. This enables use‑cases such as image pre‑heat and container restart on a per‑node basis.

Supported architectures for the official images are amd64 , arm64 , and arm/v7 . Nodes with other architectures cannot run kruise-daemon unless a new image is provided.

When installing via Helm, the daemon’s node affinity can be customized with the daemon.affinity parameter.

2. Scalable Image Pre‑Heat (ImagePullJob)

OpenKruise now offers the first open‑source, large‑scale image pre‑heat solution for Kubernetes. The feature is exposed through the ImagePullJob custom resource.

apiVersion: apps.kruise.io/v1alpha1
kind: ImagePullJob
metadata:
  name: job-nginx
spec:
  image: nginx:1.9.1   # required, full image name
  parallelism: 10      # optional, max concurrent nodes (default 1)
  selector:            # optional, node names or label selector
    names:
    - node-1
    - node-2
    matchLabels:
      node-type: xxx
  completionPolicy:
    type: Always                  # Always or Never
    activeDeadlineSeconds: 1200  # optional, only for Always
    ttlSecondsAfterFinished: 300 # optional, only for Always
  pullPolicy:
    backoffLimit: 3
    timeoutSeconds: 300

The completionPolicy.type can be: Always: the job runs once and finishes regardless of success or failure. Never: the job runs continuously, re‑pulling the image on matching nodes each day.

Additional fields such as activeDeadlineSeconds and ttlSecondsAfterFinished control job deadline and automatic cleanup.

3. SidecarSet Full Refactor

SidecarSet manages sidecar containers for Pods. The v0.8.0 rewrite adds many new capabilities:

Namespace scoping via spec.namespace to limit injection to a specific namespace.

Injection policies: podInjectPolicy: choose whether the sidecar is inserted before or after the original containers. shareVolumePolicy: share volumes between sidecar and main containers. transferEnv: select which environment variables are shared from the original Pod.

In‑place upgrade strategies: maxUnavailable: maximum number of Pods unavailable during upgrade. partition: number of old replicas to keep (canary or staged rollout). selector: upgrade only Pods matching a selector (canary rollout). scatter: disperse upgrades across Pods based on labels.

4. New Feature‑Gate Mechanism

Previously, OpenKruise used the CUSTOM_RESOURCE_ENABLE environment variable and scattered command‑line flags. v0.8.0 consolidates these controls into a feature‑gate system.

Two feature gates are introduced: PodWebhook: disables the Pod creation webhook and also turns off SidecarSet when disabled. KruiseDaemon: disables deployment of the kruise-daemon and the image pre‑heat feature when turned off.

Future releases will migrate remaining flags to this mechanism.

5. Additional Changes

Logic optimizations for CloneSet and AdvancedStatefulSet.

Added Alibaba Cloud image registry as an alternative to Docker Hub for Chinese users.

Refined user‑agent strings for apiserver calls per controller.

Clientset now includes GetScale and UpdateScale methods for CRDs that support the scale sub‑resource.

Conclusion and Outlook

OpenKruise v0.8.0 is the first CNCF‑sandbox project to provide open‑source, large‑scale image pre‑heat. The team plans to extend pre‑heat for faster releases, security hardening, and granular controller rollout, aiming for a v1.0 release mid‑year.

Adoption examples include Alibaba’s massive Kruise workloads, Ctrip’s CloneSet/AdvancedStatefulSet usage, OPPO’s backend services, and many other Chinese and international companies.

Related Open‑Source News

Alibaba Cloud recently open‑sourced DADI (Data Accelerator for Disaggregated Infrastructure), a container image accelerator that replaces download and decompression with fine‑grained block pulling, reducing startup latency. The project introduces the overlaybd block‑device image format and is available on GitHub.