proposal of coredump detector #1311
Conversation
``` | ||
|
||
# coredump-controller | ||
Now CRD in kubernetes doesn't support quota, so we deploy a controller to work as |
derekwaynecarr
Nov 1, 2017
Member
the plan is to support this soon once we can have a shared cache with garbage collection.
so in your case, we would just quota: count/coredumps.coredump
the plan is to support this soon once we can have a shared cache with garbage collection.
so in your case, we would just quota: count/coredumps.coredump
CaoShuFeng
Nov 2, 2017
Author
Contributor
Hi, I will update this according to the new feature.
Does quota for crd support resource.Quantity?
For example: we allow 2Gi coredump files in namespace A.
But not: we allow 200 coredump files in namespace A.
Hi, I will update this according to the new feature.
Does quota for crd support resource.Quantity?
For example: we allow 2Gi coredump files in namespace A.
But not: we allow 200 coredump files in namespace A.
/cc @vishh for suggestions. |
/assign @dchen1107 |
To determine whether a core file is generated for process in a k8s container, we | ||
override /proc/sys/kernel/core_pattern kernel parameter in kubelet node. | ||
``` | ||
|/coredump/coredump-detector -P=%P -p=%p -e=%e -t=%t -c=/coredump/config --log_dir=/coredump/ |
lucab
Dec 19, 2017
Which mount namespace would this /coredump
path belongs to? In particular, are you assuming that this is going to be in the pod-app mount namespace, in the kubelet mount namespace or in the kernel-init/host one?
Which mount namespace would this /coredump
path belongs to? In particular, are you assuming that this is going to be in the pod-app mount namespace, in the kubelet mount namespace or in the kernel-init/host one?
CaoShuFeng
Dec 19, 2017
Author
Contributor
kernel does not support namespace for coredump.
So this would be kernel-init/host namespace.
kernel does not support namespace for coredump.
So this would be kernel-init/host namespace.
@luxas Do you have some suggestions about this? |
When coredump happens, linux kernel will call coredump-detector and give core | ||
dump file as standard input to coredump-detector. | ||
coredump-detector will: | ||
* access the docker api and distinguish where(which container) the core dump comes from |
vikaschoudhary16
Jan 22, 2018
Member
s/docker/runtime
s/docker/runtime
CaoShuFeng
Jan 22, 2018
Author
Contributor
Good suggestion.
Now kubelet is supporting container runtimes, so I need to update this and support different container runtimes too.
Good suggestion.
Now kubelet is supporting container runtimes, so I need to update this and support different container runtimes too.
93a9b85
to
b003587
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: CaoShuFeng Assign the PR to them by writing The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@fejta-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This is a proposal which implements coredump isolation in kubernetes cluster.
It will work as an add-on which could be deployed in kubernetes cluster.
A demonstrate for this design has been implemented and put here
With this add-on deployed into kubernetes, when coredump happens in pods, users may get coredump info with

kubectl
command:and check the quota:

Partial-fix: kubernetes/kubernetes#48787