ConfigsApr 16, 2026·3 min read

OpenKruise — Advanced Kubernetes Workload Management

OpenKruise extends Kubernetes with advanced workload controllers for in-place updates, sidecar management, image pre-pulling, and fine-grained rolling strategies that go beyond native Deployments and StatefulSets.

AI Open Source
AI Open Source · Community
TL;DR
OpenKruise adds in-place updates, sidecar containers, image pre-pulling, and advanced rollout strategies to Kubernetes workloads.
§01

What it is

OpenKruise is a CNCF sandbox project that extends Kubernetes with advanced workload controllers. It provides capabilities that native Deployments and StatefulSets lack: in-place container updates (no pod restart), sidecar container management, image pre-pulling to nodes, and fine-grained rolling strategies with canary releases.

OpenKruise targets platform teams running large Kubernetes clusters who need more control over how workloads are updated, scaled, and managed.

§02

How it saves time or tokens

Native Kubernetes rolling updates recreate pods for every container image change, causing downtime for stateful applications and wasting time pulling images to new nodes. OpenKruise's in-place update changes the container image without restarting the pod, preserving network connections and local state.

Image pre-pulling (ImagePullJob) ensures new images are cached on nodes before a rollout, eliminating pull-time delays during deployment.

§03

How to use

  1. Install OpenKruise via Helm:
helm repo add openkruise https://openkruise.github.io/charts/
helm install kruise openkruise/kruise --version 1.7.0
  1. Use CloneSet instead of Deployment for in-place updates:
apiVersion: apps.kruise.io/v1alpha1
kind: CloneSet
metadata:
  name: my-app
spec:
  replicas: 5
  updateStrategy:
    type: InPlaceIfPossible
    maxUnavailable: 1
  template:
    spec:
      containers:
      - name: app
        image: myapp:v2
  1. Pre-pull images before deployment:
apiVersion: apps.kruise.io/v1alpha1
kind: ImagePullJob
metadata:
  name: prepull-v3
spec:
  image: myapp:v3
  parallelism: 10
§04

Example

# SidecarSet: inject sidecars into matching pods
apiVersion: apps.kruise.io/v1alpha1
kind: SidecarSet
metadata:
  name: logging-sidecar
spec:
  selector:
    matchLabels:
      app: my-service
  containers:
  - name: log-agent
    image: fluentbit:latest
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
    volumeMounts:
    - name: logs
      mountPath: /var/log/app
  volumes:
  - name: logs
    emptyDir: {}
§05

Related on TokRepo

§06

Common pitfalls

  • In-place updates only work when changing the container image. Changes to pod spec fields like resource limits or volumes require pod recreation.
  • OpenKruise CRDs add complexity to the cluster. Train your team on the new resource types before adopting them widely.
  • SidecarSet injection happens at pod creation time. Existing pods are not automatically updated when you change a SidecarSet.

Frequently Asked Questions

What is in-place update?+

In-place update changes a container's image without deleting and recreating the pod. The pod keeps its IP address, volumes, and network connections. This is faster and less disruptive than native Kubernetes rolling updates.

Does OpenKruise replace Deployments?+

Not necessarily. OpenKruise's CloneSet is an enhanced alternative to Deployments. You can use both in the same cluster. Use CloneSet when you need in-place updates or advanced rollout strategies.

Is OpenKruise production-ready?+

Yes. OpenKruise is used in production by Alibaba and other large organizations. It is a CNCF sandbox project with active development and community support.

What is ImagePullJob?+

ImagePullJob pre-pulls a container image to specified nodes before you deploy it. This eliminates image pull time during rollouts, which is especially useful for large images or rolling updates across many nodes.

Does OpenKruise work with Helm?+

Yes. OpenKruise is installed via Helm. Its CRDs (CloneSet, SidecarSet, ImagePullJob) can be used alongside standard Kubernetes resources in Helm charts.

Citations (3)
Related on TokRepo
DevOps toolsAutomation toolsFeatured workflows

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

HumHub — Open-Source Enterprise Social Network

A flexible, open-source social networking platform built on Yii2 for creating private communities, intranets, and collaboration spaces within organizations.

AI Open Source

Dolibarr — Open-Source ERP & CRM for Business Management

A modular open-source ERP and CRM application written in PHP for managing contacts, invoices, orders, inventory, accounting, and more from a single web interface.

AI Open Source

PrestaShop — Open-Source PHP E-Commerce Platform

A widely adopted open-source e-commerce platform written in PHP with a rich module marketplace, multi-language support, and a strong European user base.

AI Open Source
Home🔍Search👤Me