Skip to content

Commit

Permalink
Updated KEP 2008 to target 1.25
Browse files Browse the repository at this point in the history
Signed-off-by: Adrian Reber <areber@redhat.com>
  • Loading branch information
adrianreber committed Apr 8, 2022
1 parent de37257 commit c0d84f0
Show file tree
Hide file tree
Showing 2 changed files with 59 additions and 7 deletions.
56 changes: 54 additions & 2 deletions keps/sig-node/2008-forensic-container-checkpointing/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
- [Non-Goals](#non-goals)
- [Proposal](#proposal)
- [Implementation](#implementation)
- [CRI Updates](#cri-updates)
- [User Stories](#user-stories)
- [Risks and Mitigations](#risks-and-mitigations)
- [Design Details](#design-details)
Expand Down Expand Up @@ -106,14 +107,64 @@ For the first implementation we do not want to support restore in the
outside of Kubernetes. The restore is a container engine only operation
in this first step.

The forensic use case is targeted to be part of the next (1.24) release.

Although this KEP only adds checkpointing support to the kubelet the CRI API in
the corresponding code pull request is extended to support *checkpoint* and
*restore* in the CRI API. The reason to add *restore* to the CRI API without
implementing it in the kubelet is to make development and especially testing
easier on the container engine level.

#### CRI Updates

The CRI API will be extended to introduce two new RPC APIs:
```
// CheckpointContainer checkpoints a container
rpc CheckpointContainer(CheckpointContainerRequest) returns (CheckpointContainerResponse) {}
// RestoreContainer restores a container
rpc RestoreContainer(RestoreContainerRequest) returns (RestoreContainerResponse) {}
```
with the following parameters:
```
// Common options used for checkpointing and restoring.
message CheckpointRestoreOptions {
// Location of the checkpoint archive used for export/import
string archive_location = 1;
}
message CheckpointContainerOptions {
CheckpointRestoreOptions common_options = 1;
}
message CheckpointContainerRequest {
// ID of the container to be checkpointed.
string container_id = 1;
// Options for checkpointing.
CheckpointContainerOptions options = 2;
}
message CheckpointContainerResponse {
}
message RestoreContainerOptions {
CheckpointRestoreOptions common_options = 1;
// ID of the sandbox into which the container should be restored
// If this is not specified the container will be restored
// in the sandbox it was checkpointed from.
string pod_sandbox_id = 2;
}
message RestoreContainerRequest {
// Options for restoring.
RestoreContainerOptions options = 1;
}
message RestoreContainerResponse {
// ID of the restored container
string id = 1;
}
```
As mentioned above the remote procedure call `RestoreContainer` is introduced
to enable container engines to implement restore even it is not available via
the kubelet.

### User Stories

To analyze unusual activities in a container, the container should
Expand Down Expand Up @@ -268,6 +319,7 @@ does not compress the checkpoint archive on disk.
* 2021-09-22: Removed everything which is not directly related to the forensic use case
* 2022-01-06: Reworked based on review
* 2022-01-20: Reworked based on review and renamed feature gate to `ContainerCheckpoint`
* 2022-04-05: Added CRI API section and targeted 1.25

## Drawbacks

Expand Down
10 changes: 5 additions & 5 deletions keps/sig-node/2008-forensic-container-checkpointing/kep.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ participating-sigs:
- TBD
status: implementable
creation-date: 2020-09-16
last-updated: 2022-01-20
last-updated: 2022-05-05
reviewers:
- "@mrunalp"
- "@elfinhe"
Expand All @@ -22,13 +22,13 @@ stage: alpha
# The most recent milestone for which work toward delivery of this KEP has been
# done. This can be the current (upcoming) milestone, if it is being actively
# worked on.
latest-milestone: "v1.24"
latest-milestone: "v1.25"

# The milestone at which this feature was, or is targeted to be, at each stage.
milestone:
alpha: "v1.24"
beta: "v1.25"
stable: "v1.27"
alpha: "v1.25"
beta: "v1.26"
stable: "v1.28"

# The following PRR answers are required at alpha release
# List the feature gate name and the components for which it must be enabled
Expand Down

0 comments on commit c0d84f0

Please sign in to comment.