Add restart_policy attribute to container spec (#2786)

Author: jrhouston

.changelog/2786.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+* Add support for sidecar containers via restart_policy field in init_container spec
+````

docs/data-sources/pod_v1.md

@@ -868,6 +868,7 @@ Read-Only:
 - `tty` (Boolean)
 - `volume_mount` (List of Object) (see [below for nested schema](#nestedobjatt--spec--init_container--volume_mount))
 - `working_dir` (String)
+- `restart_policy` (String) 
 
 <a id="nestedobjatt--spec--init_container--env"></a>
 ### Nested Schema for `spec.init_container.env`

docs/resources/daemon_set_v1.md

@@ -978,6 +978,8 @@ Optional:
 - `volume_mount` (Block List) Pod volumes to mount into the container's filesystem. Cannot be updated. (see [below for nested schema](#nestedblock--spec--template--spec--init_container--volume_mount))
 - `volume_device` (Block List) Raw volume devices to attach into the container's filesystem as raw block devices. Cannot be updated. More info: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#volumes-1 (see [below for nested schema](#nestedblock--spec--template--spec--init_container--volume_device))
 - `working_dir` (String) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+- `restart_policy` (String) Restart policy for designating init container as a sidecar. Can only be `Always`. More info: https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/#pod-sidecar-containers. 
+ 
 
 <a id="nestedblock--spec--template--spec--init_container--env"></a>
 ### Nested Schema for `spec.template.spec.init_container.env`

docs/resources/deployment_v1.md

@@ -986,6 +986,8 @@ Optional:
 - `volume_mount` (Block List) Pod volumes to mount into the container's filesystem. Cannot be updated. (see [below for nested schema](#nestedblock--spec--template--spec--init_container--volume_mount))
 - `volume_device` (Block List) Raw volume devices to attach into the container's filesystem as raw block devices. Cannot be updated. More info: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#volumes-1 (see [below for nested schema](#nestedblock--spec--template--spec--init_container--volume_device))
 - `working_dir` (String) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+- `restart_policy` (String) Restart policy for designating init container as a sidecar. Can only be `Always`. More info: https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/#pod-sidecar-containers.  
+
 
 <a id="nestedblock--spec--template--spec--init_container--env"></a>
 ### Nested Schema for `spec.template.spec.init_container.env`

docs/resources/pod_v1.md

@@ -375,6 +375,7 @@ Optional:
 - `volume_device` (Block List) Raw volume devices to attach into the container's filesystem as raw block devices. Cannot be updated. More info: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#volumes-1 (see [below for nested schema](#nestedblock--spec--container--volume_device))
 - `working_dir` (String) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
 
+
 <a id="nestedblock--spec--container--env"></a>
 ### Nested Schema for `spec.container.env`
 
@@ -936,6 +937,7 @@ Optional:
 - `volume_mount` (Block List) Pod volumes to mount into the container's filesystem. Cannot be updated. (see [below for nested schema](#nestedblock--spec--init_container--volume_mount))
 - `volume_device` (Block List) Raw volume devices to attach into the container's filesystem as raw block devices. Cannot be updated. More info: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#volumes-1 (see [below for nested schema](#nestedblock--spec--init_container--volume_device))
 - `working_dir` (String) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+- `restart_policy` (String) Restart policy for designating init container as a sidecar. Can only be `Always`. More info: https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/#pod-sidecar-containers.  
 
 <a id="nestedblock--spec--init_container--env"></a>
 ### Nested Schema for `spec.init_container.env`

docs/resources/stateful_set_v1.md

@@ -1009,6 +1009,7 @@ Optional:
 - `volume_mount` (Block List) Pod volumes to mount into the container's filesystem. Cannot be updated. (see [below for nested schema](#nestedblock--spec--template--spec--init_container--volume_mount))
 - `volume_device` (Block List) Raw volume devices to attach into the container's filesystem as raw block devices. Cannot be updated. More info: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#volumes-1 (see [below for nested schema](#nestedblock--spec--template--spec--init_container--volume_device))
 - `working_dir` (String) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+- `restart_policy` (String) Restart policy for designating init container as a sidecar. Can only be `Always`. More info: https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/#pod-sidecar-containers. 
 
 <a id="nestedblock--spec--template--spec--init_container--env"></a>
 ### Nested Schema for `spec.template.spec.init_container.env`

kubernetes/resource_kubernetes_deployment_v1_test.go

@@ -146,10 +146,12 @@ func TestAccKubernetesDeploymentV1_initContainerForceNew(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "spec.0.template.0.spec.0.init_container.0.image", imageName),
 					resource.TestCheckResourceAttr(resourceName, "spec.0.template.0.spec.0.init_container.0.resources.0.requests.memory", "64Mi"),
 					resource.TestCheckResourceAttr(resourceName, "spec.0.template.0.spec.0.init_container.0.env.2.value", "testvar"),
+					resource.TestCheckResourceAttr(resourceName, "spec.0.template.0.spec.0.init_container.0.restart_policy", "Always"),
 					resource.TestCheckResourceAttr(resourceName, "spec.0.template.0.spec.0.init_container.1.name", "initcontainer2"),
 					resource.TestCheckResourceAttr(resourceName, "spec.0.template.0.spec.0.init_container.1.image", imageName1),
 					resource.TestCheckResourceAttr(resourceName, "spec.0.template.0.spec.0.init_container.1.command.2", initCommand),
 					resource.TestCheckResourceAttr(resourceName, "spec.0.template.0.spec.0.init_container.1.image_pull_policy", "IfNotPresent"),
+					resource.TestCheckResourceAttr(resourceName, "spec.0.template.0.spec.0.init_container.1.restart_policy", ""),
 				),
 			},
 			{ // Test for non-empty plans. No modification.
@@ -1615,10 +1617,11 @@ resource "kubernetes_deployment_v1" "test" {
           name              = "initcontainer1"
           image             = "%s"
           image_pull_policy = "IfNotPresent"
+          restart_policy    = "Always"
           command = [
             "sh",
             "-c",
-            "printenv SECRETENV CONFIGENV LIMITS_CPU CUSTOM",
+            "tail -F /dev/null",
           ]
           env {
             name = "SECRETENV"

kubernetes/schema_container.go

@@ -615,6 +615,16 @@ func containerFields(isUpdatable bool) map[string]*schema.Schema {
 			Description: "Security options the pod should run with. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/",
 			Elem:        securityContextSchema(isUpdatable),
 		},
+		"restart_policy": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Computed:    true,
+			ForceNew:    !isUpdatable,
+			Description: "Restart policy for designating init container as a sidecar. Can only be `Always`. More info: https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/#pod-sidecar-containers.",
+			ValidateFunc: validation.StringInSlice([]string{
+				string(api.RestartPolicyAlways),
+			}, false),
+		},
 		"startup_probe": {
 			Type:        schema.TypeList,
 			Optional:    true,
@@ -749,7 +759,6 @@ func probeSchema() *schema.Resource {
 	return &schema.Resource{
 		Schema: h,
 	}
-
 }
 
 func securityContextSchema(isUpdatable bool) *schema.Resource {

kubernetes/structures_container.go

@@ -53,7 +53,6 @@ func flattenContainerSecurityContext(in *v1.SecurityContext) []interface{} {
 		att["se_linux_options"] = flattenSeLinuxOptions(in.SELinuxOptions)
 	}
 	return []interface{}{att}
-
 }
 
 func flattenSecurityCapabilities(in *v1.Capabilities) []interface{} {
@@ -289,11 +288,9 @@ func flattenContainerVolumeMounts(in []v1.VolumeMount) []interface{} {
 
 		if v.MountPath != "" {
 			m["mount_path"] = v.MountPath
-
 		}
 		if v.Name != "" {
 			m["name"] = v.Name
-
 		}
 		if v.SubPath != "" {
 			m["sub_path"] = v.SubPath
@@ -428,7 +425,6 @@ func flattenContainers(in []v1.Container, serviceAccountRegex string) ([]interfa
 		if v.Lifecycle != nil {
 			c["lifecycle"] = flattenLifeCycle(v.Lifecycle)
 		}
-
 		if v.SecurityContext != nil {
 			c["security_context"] = flattenContainerSecurityContext(v.SecurityContext)
 		}
@@ -441,6 +437,9 @@ func flattenContainers(in []v1.Container, serviceAccountRegex string) ([]interfa
 		if len(v.EnvFrom) > 0 {
 			c["env_from"] = flattenContainerEnvFroms(v.EnvFrom)
 		}
+		if v.RestartPolicy != nil {
+			c["restart_policy"] = string(*v.RestartPolicy)
+		}
 
 		if len(v.VolumeMounts) > 0 {
 			for num, m := range v.VolumeMounts {
@@ -581,6 +580,11 @@ func expandContainers(ctrs []interface{}) ([]v1.Container, error) {
 		if v, ok := ctr["working_dir"].(string); ok && v != "" {
 			cs[i].WorkingDir = v
 		}
+
+		if v, ok := ctr["restart_policy"].(string); ok && v != "" {
+			policy := v1.ContainerRestartPolicy(v)
+			cs[i].RestartPolicy = &policy
+		}
 	}
 	return cs, nil
 }
@@ -613,6 +617,7 @@ func expandHTTPHeaders(l []interface{}) []v1.HTTPHeader {
 	}
 	return headers
 }
+
 func expandContainerSecurityContext(l []interface{}) (*v1.SecurityContext, error) {
 	if len(l) == 0 || l[0] == nil {
 		return &v1.SecurityContext{}, nil
@@ -787,8 +792,8 @@ func expandLifecycleHandlers(l []interface{}) *v1.LifecycleHandler {
 		obj.TCPSocket = expandTCPSocket(v)
 	}
 	return &obj
-
 }
+
 func expandLifeCycle(l []interface{}) *v1.Lifecycle {
 	if len(l) == 0 || l[0] == nil {
 		return &v1.Lifecycle{}
@@ -945,8 +950,8 @@ func expandConfigMapKeyRef(r []interface{}) *v1.ConfigMapKeySelector {
 		obj.Optional = ptr.To(v.(bool))
 	}
 	return obj
-
 }
+
 func expandFieldRef(r []interface{}) *v1.ObjectFieldSelector {
 	if len(r) == 0 || r[0] == nil {
 		return &v1.ObjectFieldSelector{}
@@ -962,6 +967,7 @@ func expandFieldRef(r []interface{}) *v1.ObjectFieldSelector {
 	}
 	return obj
 }
+
 func expandResourceFieldRef(r []interface{}) (*v1.ResourceFieldSelector, error) {
 	if len(r) == 0 || r[0] == nil {
 		return &v1.ResourceFieldSelector{}, nil
@@ -1045,7 +1051,6 @@ func expandEnvValueFrom(r []interface{}) (*v1.EnvVarSource, error) {
 		}
 	}
 	return obj, nil
-
 }
 
 func expandConfigMapRef(r []interface{}) *v1.ConfigMapEnvSource {