Wire through CRI checkpoint RPC #6965
Conversation
|
Hi @adrianreber. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cc |
|
@bobbypage: GitHub didn't allow me to request PR reviews from the following users: bobbypage. Note that only containerd members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
adrianreber
force-pushed
the
2022-05-20-checkpoint-cri-rpc
branch
2 times, most recently
from
d0bc8d7
to
7b91762
Compare
adrianreber
force-pushed
the
2022-05-20-checkpoint-cri-rpc
branch
from
7b91762
to
aa373ec
Compare
|
Switching to ready for review after the corresponding CRI API changes have been merged and |
|
Not sure why the one CI run failed. |
|
Can you change the reference in your commit to the kubernetes/enhancements#2008? |
Done. |
adrianreber
force-pushed
the
2022-05-20-checkpoint-cri-rpc
branch
3 times, most recently
from
6338330
to
f63f1cf
Compare
|
The windows CI linter is timeouting and probably unrelated to my changes. Everything else seems happy. |
I've noticed that on some recent PRs; just opened #7356 to hopefully solve that. |
|
/ok-to-test |
adrianreber
force-pushed
the
2022-05-20-checkpoint-cri-rpc
branch
from
f63f1cf
to
b7fda3f
Compare
|
@adrianreber needs rebase |
|
@cpuguy83 I didn't want to dismiss your stale review without your input; that file is no longer part of the commit, so I assume your concerns are handled, but if you have any other concerns let me know |
adrianreber
force-pushed
the
2022-05-20-checkpoint-cri-rpc
branch
from
57c62d5
to
80e6b92
Compare
@dims I must say I have no idea how solve this. It seems really difficult to install anything on COS which is not statically linked. Which is easy for Go application, but CRIU is not easily statically linked. So I cannot really build CRIU on the host where containerd is built and then transfer it to GCE host, because all libraries would be missing. I suppose I cannot build it on COS because that seems not doable based on the existing setup which builds containerd on another host. Not sure how to get a CRIU binary into a COS image. |
@dims Would it be possible to install CRIU in Dockerfile.test? |
adrianreber
force-pushed
the
2022-05-20-checkpoint-cri-rpc
branch
from
80e6b92
to
20b656e
Compare
|
I added code to containerd to check if there is a version of CRIU installed at all and if it has the minimum version needed for Kubernetes (3.16). If no CRIU version is found I am returning the same error message to the kubelet as if containerd would not implement this interface. This is not perfect as the error message is wrong, but this will make the test work on the Kubernetes side and once that is done I can change Kubernetes to handle an error message like "CRIU is not installed or too old correctly". I just saw I broke the windows build. Will fix it. |
adrianreber
force-pushed
the
2022-05-20-checkpoint-cri-rpc
branch
2 times, most recently
from
27f1193
to
168bd16
Compare
|
All tests are happy now. |
adrianreber
force-pushed
the
2022-05-20-checkpoint-cri-rpc
branch
2 times, most recently
from
b27107f
to
60ed9af
Compare
adrianreber
force-pushed
the
2022-05-20-checkpoint-cri-rpc
branch
2 times, most recently
from
6a442b4
to
f4435d8
Compare
|
The remaining CI errors seem unrelated as far as I can tell. |
This connects the new CRI ContainerCheckpoint RPC to the existing internal checkpoint functions. With this commit it is possible to checkpoint a container in Kubernetes using the Forensic Container Checkpointing KEP (containerd#2008): # curl X POST "https://localhost:10250/checkpoint/namespace/podId/container" Which will result in containerd creating a checkpoint in the location specified by Kubernetes (usually /var/lib/kubelet/checkpoints). This is a Linux only feature because CRIU only exists on Linux. Rewritten with the help of Phil Estes. Signed-off-by: Phil Estes <estesp@gmail.com> Signed-off-by: Adrian Reber <areber@redhat.com>
adrianreber
force-pushed
the
2022-05-20-checkpoint-cri-rpc
branch
from
f4435d8
to
f25770e
Compare
|
@adrianreber: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@dims This new |
Yep! |
This connects the new CRI ContainerCheckpoint RPC to the existing internal checkpoint functions. With this commit it is possible
to checkpoint a container in Kubernetes using the Forensic Container Checkpointing KEP (kubernetes/enhancements#2008):
Which will result in containerd creating a checkpoint in the location specified by Kubernetes (usually /var/lib/kubelet/checkpoints).
The latest version of
crictlalready supports creating checkpoints viacrictl checkpoint.