Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-3915

Forensic container checkpointing availability in RHOCP.


    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • Node
    • False
    • None
    • False
    • Not Selected
    • 0% To Do, 0% In Progress, 100% Done

      Feature Overview (aka. Goal Summary)  

      Forensic Container Checkpointing is a feature of Kubernetes that enables the creation of a checkpoint of a running container. This checkpoint can be used for forensic analysis to understand the state of the container at a specific point in time. This can be useful in situations where there may be a security breach or other issue that requires investigation.

      When a checkpoint is created, the container is paused and its state is saved to disk. This includes the container's memory, file system, and network state. Once the checkpoint is saved, the container can be resumed and continue running as normal.

      Forensic Container Checkpointing is implemented using the CRIU (Checkpoint/Restore In Userspace) tool, which is a Linux tool that enables checkpointing and restoring of running processes. Kubernetes uses CRIU to create and restore container checkpoints.

      Overall, Forensic Container Checkpointing is a useful feature for maintaining the security and integrity of Kubernetes clusters, as it enables administrators to investigate issues and understand the state of containers at specific points in time.




      Goals (aka. expected user outcomes)

      To activate support for Forensic Container Checkpointing as a tech preview it is necessary to enable the "ContainerCheckpoint" feature gate in Kubernetes.

      Based on https://docs.openshift.com/container-platform/4.12/nodes/clusters/nodes-cluster-enabling-features.html

      Requirements (aka. Acceptance Criteria):

      To Be Done.

      Use Cases (Optional):

      • Security Breaches: If a security breach is suspected, administrators can use Forensic Container Checkpointing to create a checkpoint of the affected container. This can be used to analyze the container's state at the time of the breach, and help determine the cause of the breach and the extent of any damage.
      • Debugging Issues: Sometimes, an application running in a container may encounter issues that are difficult to diagnose. In such cases, Forensic Container Checkpointing can be used to create a checkpoint of the container at the time the issue occurred. This checkpoint can then be used for forensic analysis to understand what caused the issue and how it can be fixed.

      Out of Scope

      To Be Done.


      Related to following document: https://issues.redhat.com/browse/OSDOCS-5477

      Customer Considerations

      To Be Done.


      Interoperability Considerations

      To Be Done.

            rh-ee-masimonm Maria Simon Marcos
            rhn-support-dahernan David Hernandez Fernandez
            4 Vote for this issue
            22 Start watching this issue