check initContainers for the kubernetes sidecar implementation

[pritidesai]

Changes

This code checks if all containers in a Pod, including init containers, have completed their execution before marking a TaskRun as complete when kubernetes native sidecar is enabled. It's part of the TaskRun status determination logic.

/kind bug

Closes #8987

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

• Has Docs if any changes are user facing, including updates to minimum requirements e.g. Kubernetes version bumps
• Has Tests included if any functionality added or changed
• pre-commit Passed
• Follows the commit message standard
• Meets the Tekton contributor standards (including functionality, content, code)
• Has a kind label. You can add one by adding a comment on this PR that contains /kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tep
• Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings). See some examples of good release notes.
• Release notes contains the string "action required" if the change requires additional action from users switching to the new release

Release Notes

Updated the sidecar implementation to check the completion status of initContainers before marking the taskRun complete. 

[tekton-robot]

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage-df to re-run this coverage report

File	Old Coverage	New Coverage	Delta
pkg/pod/status.go	92.2%	92.4%	0.2

[pritidesai]

/retest

[pritidesai]

With these changes:

kubectl get tr  dind-sidecar-cddsd -o json | jq .status.sidecars
[
  {
    "container": "sidecar-server",
    "imageID": "docker.io/library/docker@sha256:74e78208fc18da48ddf8b569abe21563730845c312130bd0f0b059746a7e10f5",
    "name": "server",
    "terminated": {
      "containerID": "containerd://aa7e848e7949b614ad853f4fbac749be579b0f3521f8c3b6d107b4d780eeac82",
      "exitCode": 0,
      "finishedAt": "2025-08-21T20:21:39Z",
      "reason": "Completed",
      "startedAt": "2025-08-21T20:20:40Z"
    }
  }
]

[tekton-robot]

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage-df to re-run this coverage report

File	Old Coverage	New Coverage	Delta
pkg/pod/status.go	92.2%	92.4%	0.2

[pritidesai]

/retest

[pritidesai]

/cc @kgcarr @say5

Tagging contributors who have previously worked on this feature for visibility and input.

[tekton-robot]

@pritidesai: GitHub didn't allow me to request PR reviews from the following users: kgcarr, say5.

Note that only tektoncd members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @kgcarr @say5

Tagging contributors who have previously worked on this feature for visibility and input.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[waveywaves]

This looks great. The feature is very useful, and it makes sense to take the initContainer statuses into account when we think of the overall completion status. This implementation is closely tied to the sidecar feature right now, it might be better to have this decoupled into another config setting and a annotation which would help users disable this feature if necessary.

cc @twoGiants @vdemeester

[AlanGreene]

it might be better to have this decoupled into another config setting and a annotation which would help users disable this feature if necessary.

I'm not sure I agree, this is a bug fix for the existing feature rather than adding a new feature.

Without this check, the TaskRun status is incorrect / incomplete as it does not reflect an accurate status for the sidecars.

[tekton-robot]

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage-df to re-run this coverage report

File	Old Coverage	New Coverage	Delta
pkg/pod/status.go	92.2%	92.4%	0.2

[pritidesai]

/retest

[pritidesai]

@waveywaves, this is ready for review - let me know if you have any feedback, appreciate your time!

[afrittoli]

Thanks, this looks good to me
/approve

[afrittoli]

NIT: I wonder if this could be checked in all cases (even if sidecar is not enabled).
That said, having the check helps reducing the scope of the patch and makes it a better candidate for backporting.

[tekton-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: afrittoli

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [afrittoli]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[waveywaves]

Without this check, the TaskRun status is incorrect/incomplete as it does not reflect an accurate status for the sidecars.

@AlanGreene makes sense, was thinking about this in a more holistic way, where this initContainer completion is something we should add apart from just checking it for the sidecar. @afrittoli also hinted at this here. I will capture this in a separate issue for now.

[pritidesai]

Without this check, the TaskRun status is incorrect/incomplete as it does not reflect an accurate status for the sidecars.

@AlanGreene makes sense, was thinking about this in a more holistic way, where this initContainer completion is something we should add apart from just checking it for the sidecar. @afrittoli also hinted at this here. I will capture this in a separate issue for now.

yes, lets create a separate issue. All tekton internal processing runs as initContainers when Kubernetes native sidecars are not enabled. This setup has been working as intended since its implementation, and we haven't received any reports indicating issues with its design in this context.

Traditionally, we have determined the taskRun status based on steps and this PR does not change that behaviour. With the new issue created, we can consider including the sidecar's status in the taskRun.

[pritidesai]

@vdemeester @waveywaves I will appreciate it if you could review the changes in this PR, looking for one more review, thanks!

[waveywaves]

/lgtm

this looks good, I am still working on a issue for this, shall create it soon

[pritidesai]

/cherry-pick release-v1.3.x

[pritidesai]

/cherrypick release-v1.3.x