Skip to content

/ community

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal of coredump detector #1311

Closed
wants to merge 2 commits into from
Closed

proposal of coredump detector #1311

wants to merge 2 commits into from

Conversation

@CaoShuFeng
Copy link
Contributor

@CaoShuFeng CaoShuFeng commented Nov 1, 2017
edited

This is a proposal which implements coredump isolation in kubernetes cluster.
It will work as an add-on which could be deployed in kubernetes cluster.

A demonstrate for this design has been implemented and put here

With this add-on deployed into kubernetes, when coredump happens in pods, users may get coredump info with kubectl command:
coredump-metadata

and check the quota:
coredump-quota

Partial-fix: kubernetes/kubernetes#48787
@derekwaynecarr
derekwaynecarr reviewed Nov 1, 2017
View changes
contributors/design-proposals/add-on/coredump-daemonset.md
```

# coredump-controller
Now CRD in kubernetes doesn't support quota, so we deploy a controller to work as

This comment has been minimized.

Sign in to view
@derekwaynecarr

derekwaynecarr Nov 1, 2017
Member

the plan is to support this soon once we can have a shared cache with garbage collection.

so in your case, we would just quota: count/coredumps.coredump

This comment has been minimized.

Sign in to view
@CaoShuFeng

CaoShuFeng Nov 2, 2017
Author Contributor

Hi, I will update this according to the new feature.

Does quota for crd support resource.Quantity?
For example: we allow 2Gi coredump files in namespace A.
But not: we allow 200 coredump files in namespace A.
@CaoShuFeng CaoShuFeng mentioned this pull request Nov 2, 2017
Closed
@CaoShuFeng
Copy link
Contributor Author

@CaoShuFeng CaoShuFeng commented Dec 4, 2017
edited

/cc @vishh for suggestions.
@CaoShuFeng
Copy link
Contributor Author

@CaoShuFeng CaoShuFeng commented Dec 13, 2017

/assign @dchen1107
@lucab
lucab reviewed Dec 19, 2017
View changes
contributors/design-proposals/add-on/coredump-daemonset.md
To determine whether a core file is generated for process in a k8s container, we
override /proc/sys/kernel/core_pattern kernel parameter in kubelet node.
```
|/coredump/coredump-detector -P=%P -p=%p -e=%e -t=%t -c=/coredump/config --log_dir=/coredump/

This comment has been minimized.

Sign in to view
@lucab

lucab Dec 19, 2017

Which mount namespace would this /coredump path belongs to? In particular, are you assuming that this is going to be in the pod-app mount namespace, in the kubelet mount namespace or in the kernel-init/host one?

This comment has been minimized.

Sign in to view
@CaoShuFeng

CaoShuFeng Dec 19, 2017
Author Contributor

kernel does not support namespace for coredump.
So this would be kernel-init/host namespace.
@CaoShuFeng
Copy link
Contributor Author

@CaoShuFeng CaoShuFeng commented Jan 22, 2018

@luxas Do you have some suggestions about this?
@vikaschoudhary16
vikaschoudhary16 reviewed Jan 22, 2018
View changes
contributors/design-proposals/add-on/coredump-daemonset.md Outdated
When coredump happens, linux kernel will call coredump-detector and give core
dump file as standard input to coredump-detector.
coredump-detector will:
* access the docker api and distinguish where(which container) the core dump comes from

This comment has been minimized.

Sign in to view
@vikaschoudhary16

vikaschoudhary16 Jan 22, 2018
Member

s/docker/runtime

This comment has been minimized.

Sign in to view
@CaoShuFeng

CaoShuFeng Jan 22, 2018
Author Contributor

Good suggestion.
Now kubelet is supporting container runtimes, so I need to update this and support different container runtimes too.
CaoShuFeng added 2 commits Nov 1, 2017
@CaoShuFeng
proposal of coredump detector
Loading status checks…
ef5ae3e
@CaoShuFeng
add descrition about container runtime
Loading status checks…
b003587
@CaoShuFeng CaoShuFeng force-pushed the CaoShuFeng:coredump-daemonset branch from 93a9b85 to b003587 Jan 30, 2018
@k8s-ci-robot
Copy link
Contributor

@k8s-ci-robot k8s-ci-robot commented Jan 30, 2018

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: CaoShuFeng
We suggest the following additional approver: brendandburns

Assign the PR to them by writing /assign @brendandburns in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment
@kmova kmova mentioned this pull request Feb 5, 2018
Closed
@fejta-bot
Copy link

@fejta-bot fejta-bot commented Apr 30, 2018

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
@fejta-bot
Copy link

@fejta-bot fejta-bot commented May 30, 2018

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
/remove-lifecycle stale
@jkryl jkryl mentioned this pull request Jun 14, 2018
Merged
@fejta-bot
Copy link

@fejta-bot fejta-bot commented Aug 28, 2018

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
@fejta-bot
Copy link

@fejta-bot fejta-bot commented Sep 27, 2018

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
@fejta-bot
Copy link

@fejta-bot fejta-bot commented Nov 21, 2018

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
@k8s-ci-robot
Copy link
Contributor

@k8s-ci-robot k8s-ci-robot commented Nov 21, 2018

@fejta-bot: Closed this PR.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucab lucab

@derekwaynecarr derekwaynecarr

@vikaschoudhary16 vikaschoudhary16

Assignees

@jbeda jbeda

@brendandburns brendandburns

@vishh vishh

@dchen1107 dchen1107

Labels
cncf-cla: yes kind/design lifecycle/rotten size/L
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

New daemon set to support isolated coredump for namespaces/users