proposal of coredump detector #1311
Conversation
k8s-ci-robot
added
size/L
| ``` | ||
|
|
||
| # coredump-controller | ||
| Now CRD in kubernetes doesn't support quota, so we deploy a controller to work as |
There was a problem hiding this comment.
the plan is to support this soon once we can have a shared cache with garbage collection.
so in your case, we would just quota: count/coredumps.coredump
There was a problem hiding this comment.
Hi, I will update this according to the new feature.
Does quota for crd support resource.Quantity?
For example: we allow 2Gi coredump files in namespace A.
But not: we allow 200 coredump files in namespace A.
|
/cc @vishh for suggestions. |
|
/assign @dchen1107 |
| To determine whether a core file is generated for process in a k8s container, we | ||
| override /proc/sys/kernel/core_pattern kernel parameter in kubelet node. | ||
| ``` | ||
| |/coredump/coredump-detector -P=%P -p=%p -e=%e -t=%t -c=/coredump/config --log_dir=/coredump/ |
There was a problem hiding this comment.
Which mount namespace would this /coredump path belongs to? In particular, are you assuming that this is going to be in the pod-app mount namespace, in the kubelet mount namespace or in the kernel-init/host one?
There was a problem hiding this comment.
kernel does not support namespace for coredump.
So this would be kernel-init/host namespace.
|
@luxas Do you have some suggestions about this? |
| When coredump happens, linux kernel will call coredump-detector and give core | ||
| dump file as standard input to coredump-detector. | ||
| coredump-detector will: | ||
| * access the docker api and distinguish where(which container) the core dump comes from |
There was a problem hiding this comment.
Good suggestion.
Now kubelet is supporting container runtimes, so I need to update this and support different container runtimes too.
CaoShuFeng
force-pushed
the
coredump-daemonset
branch
from
93a9b85
to
b003587
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: CaoShuFeng Assign the PR to them by writing The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
the
kind/design
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
lifecycle/rotten
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
removed
the
lifecycle/stale
k8s-ci-robot
added
the
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
|
@fejta-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This is a proposal which implements coredump isolation in kubernetes cluster.
It will work as an add-on which could be deployed in kubernetes cluster.
A demonstrate for this design has been implemented and put here
With this add-on deployed into kubernetes, when coredump happens in pods, users may get coredump info with
kubectlcommand:and check the quota:
Partial-fix: kubernetes/kubernetes#48787