Thank you for confirming, please let us know if there will be more issues with this feature.

It doesn't seem to work in GKE 1.29.4-gke.1043002. The kubectl get raw metrics shows that the feature is enabled. However, restartPolicy: Aways is being ignored. 
This example doesn't seem to work also: https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/application/deployment...

Tested with 2 clusters, both running 1.29.4-gke.1043002

Hi @mdzigurski ,

Thank you for the report. When you are saying that the restartPolicy is ignored, what do you see? Does Pod get stuck in initialization stage forever?

Also, did you check that both - cluster and node versions are 1.29+?

@SergeyKanzhelev All nodes were on the same 1.29.4-gke.1043002 version. Correct, the pod is stuck in the initialization stage forever. The sidecar container had status running and ready false forever. The main container was waiting for the sidecar container to become ready. Initially, I had a readiness probe defined on the sidecar container together with restartPolicy Always. GKE UI showed an error saying the readiness probe could only be defined on init containers with restartPolicy Always. Hence, I mentioned that the restartPolicy setting was ignored.  One of the clusters had a Berglas mutation webhook, but the other one did not; that made no difference, it seems.

I will be testing more on my side. Can you confirm a few things:

1. It doesn't work for you even with the https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/application/deployment...

2. When you look in cloud console and check for Pod's yaml, does it show restartPolicy:Always on init container there? If you do kubectl describe pod (use a fresh version of kubectl) - does it show this field?

3. Do you have any other webhooks installed in your cluster that might have updated the Pod Spec by stripping this field? Maybe istio or something like this? It is not uncommon if the webhook is compiled against the old k8s API.

Just confirmed I was able to get sidecar working on that exact version of GKE cluster. I cannot discount that there may be some GKE settings that can make sidecar broken, but based on all the work and usage we have, I wouldn't think of this as a likely issue. There might be some third party tooling you use incompatible  with the sidecars. I would be interested to learn what it is so we can think of ways to improve experience. 

@SergeyKanzhelev Thanks for providing the steps to debug further and confirming that it worked for you. You were right about a webhook stripping the field. I discovered that both clusters had Berglas webhook installed. After disabling it, the example you provided worked fine. Berglas logs also confirmed that. Further looking into Berglas source code, I saw it was compiled against 0.27.2 API [ref] , which, as you mentioned, is where the problem could be. I will look into rebuilding it with a more recent version of K8s API. 

time="2024-06-14T05:10:39Z" level=debug msg="Webhook mutating review finished with: '[{\"op\":\"remove\",\"path\":\"/spec/initContainers/0/restartPolicy\"}]' JSON Patch" dry-run=false kind=v1/Pod name= ns=staging-west op=create path=/ trace-id= webhhok-type=mutating webhook-id=berglasSecrets webhook-kind=mutating wh-version=v1