OpenKruise v1.4 Highlights: Sidecar Terminator and CloneSet Enhancements

OpenKruise v1.4 Highlights

Stable capabilities are enabled by default: ResourcesDeletionProtection, WorkloadSpread, PodUnavailableBudgetDeleteGate, InPlaceUpdateEnvFromMetadata, StatefulSetAutoDeletePVC, and PodProbeMarkerGate. They can be disabled during upgrade if not required.

Kruise‑Manager leader election switches from configmaps to configmapsleases, preparing for migration to the leases API and enabling smooth upgrades.

Job Sidecar Terminator

Kubernetes Jobs with long‑running sidecar containers may keep Pods in a running state after the main container exits. OpenKruise provides a SidecarTerminator controller that automatically terminates sidecars when the main container completes, without requiring invasive changes.

Usage on regular nodes

kind: Job
spec:
  template:
    spec:
      containers:
        - name: sidecar
          env:
            - name: KRUISE_TERMINATE_SIDECAR_WHEN_JOB_EXIT
              value: "true"
        - name: main
          # ... main container spec ...

Usage on virtual nodes (e.g., ECI, Fargate)

When the Kruise Daemon cannot run on virtual nodes, replace the sidecar with a lightweight “quick‑exit” image that exits immediately with code 0.

kind: Job
spec:
  template:
    spec:
      containers:
        - name: sidecar
          env:
            - name: KRUISE_TERMINATE_SIDECAR_WHEN_JOB_EXIT_WITH_IMAGE
              value: "example/quick-exit:v1.0.0"
        - name: main
          # ... main container spec ...

Important notes

The sidecar must handle SIGTERM and exit with code 0.

The feature works for Jobs whose restartPolicy is Never or OnFailure.

Only containers with the KRUISE_TERMINATE_SIDECAR_WHEN_JOB_EXIT (or the image variant) are treated as sidecars; all others are main containers.

For Never policy, the main container’s exit marks the Pod as completed; for OnFailure, the exit code must be 0.

CloneSet Enhancements

Performance optimization

Enable the feature‑gate CloneSetEventHandlerOptimization to reduce unnecessary reconcile loops caused by frequent Pod updates, which is especially beneficial in large clusters.

Disable PVC reuse

Set disablePVCReuse=true in the CloneSet spec to automatically delete PVCs when a Pod is evicted or deleted, preventing reuse failures on problematic nodes.

apiVersion: apps.kruise.io/v1alpha1
kind: CloneSet
spec:
  replicas: 4
  scaleStrategy:
    disablePVCReuse: true

PreNormal lifecycle hook

A new PreNormal hook allows custom checks before a Pod is considered Available. Define either a finalizer handler or a label handler.

apiVersion: apps.kruise.io/v1alpha1
kind: CloneSet
spec:
  lifecycle:
    preNormal:
      finalizersHandler:
      - example.io/unready-blocker

# or using labels
  lifecycle:
    preNormal:
      labelsHandler:
        example.io/block-unready: "true"

When a Pod satisfies the PreNormal hook, it is marked Available only after the hook succeeds, enabling post‑creation checks such as confirming service registration before the Pod enters the Normal state.

ContainerRecreateRequest forceRecreate

By default, a ContainerRecreateRequest does not restart containers that are still starting up. Set forceRecreate=true to force a restart.

apiVersion: apps.kruise.io/v1alpha1
kind: ContainerRecreateRequest
spec:
  strategy:
    forceRecreate: true

ImagePullJob metadata support

Kruise’s image pre‑heat now attaches custom metadata to the CRI interface, allowing image registries to apply business‑level throttling based on tags and labels.

apiVersion: apps.kruise.io/v1alpha1
kind: ImagePullJob
spec:
  image: nginx:1.9.1
  sandboxConfig:
    annotations:
      io.kubernetes.image.metrics.tags: "cluster=cn-shanghai"
    labels:
      io.kubernetes.image.app: "foo"

OpenKruise repository: https://github.com/openkruise/kruise