Q-11 โ Sidecar Logging (Final, Updated for Kubernetes v1.33 GA)
โญ Kubernetes v1.33 โ Official Sidecar Model (GA)
Starting from Kubernetes v1.33, the Native Sidecar Containers feature is GA (Generally Available). This means:
- Sidecars are no longer defined under
containers:. - Sidecars are defined under
initContainers:. - Sidecars use
restartPolicy: Always. - This causes the init container to run alongside the main container permanently, not just during startup.
Because the CKA exam environment runs on v1.33, this is now the expected and correct method for implementing sidecars.
The old (classic) pattern under containers: still works, but it is now considered legacy.
๐ Question Summary
A Deployment named synergy-deployment runs a main application container. The application writes logs to:
/var/log/synergy-deployment.log
You must:
- Add a sidecar that continuously tails this log file.
- Use image:
busybox:stable. - Command:
tail -n+1 -f /var/log/synergy-deployment.log
โ Native Sidecar Pattern (v1.33 GA) โ Primary Solution
This is the correct approach for CKA 2025.
๐ Step-by-Step Solution
1. Edit the Deployment
kubectl edit deployment synergy-deployment
2. Add a shared volume at pod level
volumes:
- name: logs
emptyDir: {}
3. Mount the volume into the main container
volumeMounts:
- name: logs
mountPath: /var/log
4. Add the sidecar under initContainers with restartPolicy: Always
This is what transforms it into a native sidecar.
initContainers:
- name: sidecar
image: busybox:stable
restartPolicy: Always
command: ["/bin/sh", "-c"]
args:
- tail -n+1 -f /var/log/synergy-deployment.log
volumeMounts:
- name: logs
mountPath: /var/log
5. Save and allow rollout
Kubernetes will restart pods automatically.
6. Verify
kubectl get pods -l app=synergy
kubectl logs <pod> -c sidecar -f
You should see the live log stream.
๐งพ Full Final Deployment Manifest (Native Sidecar, v1.33 GA)
apiVersion: apps/v1
kind: Deployment
metadata:
name: synergy-deployment
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: synergy
template:
metadata:
labels:
app: synergy
spec:
volumes:
- name: logs
emptyDir: {}
initContainers:
- name: sidecar
image: busybox:stable
restartPolicy: Always
command: ["/bin/sh", "-c"]
args:
- tail -n+1 -f /var/log/synergy-deployment.log
volumeMounts:
- name: logs
mountPath: /var/log
containers:
- name: legacy-app
image: busybox:stable
command: ["/bin/sh", "-c"]
args:
- |
while true; do
echo "$(date) - legacy app log entry" >> /var/log/synergy-deployment.log;
sleep 5;
done
volumeMounts:
- name: logs
mountPath: /var/log
๐ฆ Legacy Pattern (For Reference Only)
Not recommended for CKA 2025, but included here for completeness.
Sidecar defined under containers::
containers:
- name: sidecar
image: busybox:stable
command: ["/bin/sh", "-c"]
args:
- tail -n+1 -f /var/log/synergy-deployment.log
volumeMounts:
- name: logs
mountPath: /var/log
โ ๏ธ Important Volume Handling Rules (Common Exam Traps)
These points MUST be remembered because this is where most students fail โ and this is exactly what confused you in the exam.
โ 1. If the Deployment already has a volume, you MUST reuse that same volume
- Do NOT create a new volume if one is already defined.
- Kubernetes questions often give an existing volume so you attach it to the sidecar + main container.
- Using a different or new volume would result in an empty directory โ sidecar reads nothing.
Rule:
If a volume exists โ reuse it.
โ 2. If the Deployment has no existing volume, you MUST create one
- Use
emptyDir: {}unless the question explicitly requires persistence. -
Mount it into BOTH:
-
the main container (so it writes logs into the shared volume)
- the sidecar (so it can read the logs)
Rule:
If no volume exists โ create one AND mount it in both containers.
โ 3. Why BOTH containers must mount the volume
- Without mounting the volume in the main container, the main container writes logs to its own container filesystem.
- The sidecar would mount the volume, but the directory would be empty.
- Therefore, double-mounting is mandatory.
Rule:
A shared log file MUST come from a shared volume. Otherwise the sidecar cannot see it.
โ 4. Where to write the volumeMounts in Native Sidecar Pattern
- Main container โ under
containers: - Sidecar โ under
initContainers:withrestartPolicy: Always - Both mount the same path (e.g.,
/var/log).
๐ฏ Exam Strategy for CKA 2025
- ALWAYS use native sidecar pattern (initContainers + restartPolicy: Always).
- ONLY use the classic method if the question explicitly says: โUse a second container inside
containers:to tail logs.โ - For all general sidecar tasks: Native Sidecar = Correct Answer.
controlplane ~ โ k get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
synergy-deployment 1/1 1 1 35m
controlplane ~ โ k edit deploy synergy-deployment -o yaml
apiVersion: apps/v1
kind: Deployment
metadata:
generation: 4
name: synergy-deployment
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: synergy
strategy: {}
template:
metadata:
labels:
app: synergy
spec:
containers:
- command:
- sh
- -c
- tail -n+1 -f /var/log/synergy-deployment.log
image: busybox
name: sidecar
volumeMounts:
- mountPath: /var/log
name: logs
- args:
- |
while true; do
echo "$(date) - legacy app log entry" >> /var/log/synergy-deployment.log;
sleep 5;
done
command:
- /bin/sh
- -c
image: busybox:stable
name: legacy-app
volumeMounts:
- mountPath: /var/log
name: logs
restartPolicy: Always
volumes:
- emptyDir: {}
name: logs
controlplane ~ โ k logs deployments/synergy-deployment -c sidecar
Sat Nov 15 20:08:39 UTC 2025 - legacy app log entry