Rakesh's Brain

CKA Day 11 — Multi Container Pod Kubernetes: Sidecar vs Init Container

6 min read

CKA Day 11 — Multi Container Pod Kubernetes: Sidecar vs Init Container

Day 11/40 of the Certified Kubernetes Administrator (CKA) Full Course by Tech Tutorials with Piyush. This video explores multi-container Pods in Kubernetes — covering environment variables, init containers, sidecar patterns, commands/arguments in Pod YAML, live demos, and troubleshooting.

Overview

While Day 7 introduced the Pod as the smallest deployable unit, Day 11 goes deeper into the multi-container patterns that make Pods more than just single-container wrappers. The video covers:

  • How to inject configuration via environment variables
  • The three container roles inside a Pod: main app, sidecar, and init
  • How init containers run to completion before the main app starts
  • How sidecar containers run alongside the main app to provide auxiliary services
  • How commands and arguments override container defaults
  • Live demo and troubleshooting common multi-container Pod failures

Source Details

Key Takeaways

1. Environment Variables in Kubernetes

Environment variables are the simplest way to inject configuration into containers without baking secrets into images.

Inline value:

spec:
  containers:
  - name: my-app
    image: nginx
    env:
    - name: ENVIRONMENT
      value: "production"

From ConfigMap:

env:
- name: LOG_LEVEL
  valueFrom:
    configMapKeyRef:
      name: app-config
      key: log_level

From Secret:

env:
- name: DB_PASSWORD
  valueFrom:
    secretKeyRef:
      name: db-secret
      key: password

Exam Tip: Know the difference between value (literal), configMapKeyRef (non-sensitive config), and secretKeyRef (sensitive data). Secrets are base64-encoded at rest but not encrypted by default. Source: CKA Day 11

2. Multi-Container Pods

A Pod can run multiple containers that share:

  • Network namespace (same localhost, same IP)
  • Storage volumes (shared filesystems via emptyDir, hostPath, or persistent volumes)
  • IPC namespace (optional inter-process communication)

Common multi-container patterns:

PatternPurposeExample
SidecarAuxiliary service alongside main appLogging agent, monitoring exporter, reverse proxy
InitPre-start setup/validationDatabase migration, config generation, permission fix
AdapterTransform output formatMetrics normalizer, log parser
AmbassadorProxy external connectionsService mesh proxy, database connection pooler

CKA Trap: Init containers run serially and must complete successfully before any regular container starts. If an init container fails, the Pod is stuck in Init:Error or Init:CrashLoopBackOff. Source: CKA Day 11

3. Init Containers

Init containers are defined under spec.initContainers and execute in order before the main containers start.

apiVersion: v1
kind: Pod
metadata:
  name: init-demo
spec:
  initContainers:
  - name: wait-for-service
    image: busybox:1.36
    command: ['sh', '-c', 'until wget -qO- http://backend:8080/health; do sleep 2; done']
  - name: init-migrate
    image: migrate/migrate
    command: ["migrate", "-path", "/migrations", "-database", "postgres://db:5432/app?sslmode=disable", "up"]
  containers:
  - name: app
    image: my-app:1.0
    ports:
    - containerPort: 8080

Key behaviors:

  • Init containers run sequentiallywait-for-service must finish before init-migrate starts
  • If any init container fails, Kubernetes restarts the Pod according to restartPolicy
  • Init containers do not support livenessProbe, readinessProbe, or startupProbe
  • Resource limits for init containers affect Pod scheduling (highest value wins)

Troubleshooting init containers:

kubectl describe pod init-demo          # Check Init Container States
kubectl logs init-demo -c wait-for-service  # Logs from a specific init container
kubectl get pod init-demo -o yaml       # Full spec and status

4. Sidecar Containers

Sidecars run concurrently with the main application container(s) inside the same Pod.

apiVersion: v1
kind: Pod
metadata:
  name: sidecar-demo
spec:
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80
    volumeMounts:
    - name: shared-logs
      mountPath: /var/log/nginx
  - name: log-shipper
    image: fluentd
    volumeMounts:
    - name: shared-logs
      mountPath: /var/log/nginx
  volumes:
  - name: shared-logs
    emptyDir: {}

Sidecar use cases:

  • Log shipping: Read application logs from a shared volume and forward to centralized store
  • Monitoring: Expose Prometheus metrics or run a health-check proxy
  • TLS termination: Terminate TLS before traffic reaches the main app
  • Configuration reload: Watch for ConfigMap/Secret changes and signal the main app to reload

Best practice: Sidecars should be lightweight. A heavy sidecar can starve the main app of CPU/memory and trigger OOMKills. Always set resource requests/limits for both containers. Source: CKA Day 11

5. Commands and Arguments in Pod YAML

Containers have a default command and args defined in their image (Dockerfile ENTRYPOINT and CMD). Kubernetes allows overriding both.

Kubernetes FieldDocker EquivalentPurpose
commandENTRYPOINTThe executable to run
argsCMDArguments passed to the executable

Override example:

spec:
  containers:
  - name: sleeper
    image: busybox
    command: ["sleep"]           # Overrides ENTRYPOINT
    args: ["3600"]               # Overrides CMD

Using shell form:

spec:
  containers:
  - name: init-db
    image: postgres:15
    command: ["/bin/sh"]
    args: ["-c", "psql -U admin -d mydb -f /schema.sql"]

Exam Tip: command and args are not combined with the image defaults — they fully replace them. To append to the image default, you must know what the default is and reproduce it. Source: CKA Day 11

6. Live Demo & Troubleshooting

The video demonstrates creating a multi-container Pod, observing init container execution, verifying shared volumes, and debugging common failures:

SymptomCauseFix
Pod stuck in Init:0/1Init container hasn’t finished yetCheck logs: kubectl logs <pod> -c <init-container>
Pod stuck in Init:ErrorInit container exited non-zeroFix the command/script; ensure dependencies are reachable
CrashLoopBackOffMain container exits repeatedlyCheck kubectl describe pod, kubectl logs
Sidecar not sharing dataVolume not mounted at same path in both containersVerify volumeMounts.mountPath alignment
OOMKilledContainer exceeded memory limitIncrease resources.limits.memory or optimize app

7. Why This Matters for CKA

  • The CKA exam tests Pod spec fluency — you must write multi-container Pod YAML from memory
  • Init containers appear in troubleshooting scenarios (Pods stuck pending)
  • Sidecars appear in networking and storage questions (shared volumes, proxy patterns)
  • Environment variables are tested in configuration and security contexts
  • Command/args override is tested when customizing standard images

See Also

Wiki Concepts

Creator / Entity

Ingested: 2026-06-03

Graph View

Latest Blog Posts

  • Loading posts...
Read more on Medium →

Backlinks