Feature Overview (aka. Goal Summary)
Forensic Container Checkpointing is a feature of Kubernetes that enables the creation of a checkpoint of a running container. This checkpoint can be used for forensic analysis to understand the state of the container at a specific point in time. This can be useful in situations where there may be a security breach or other issue that requires investigation.
When a checkpoint is created, the container is paused and its state is saved to disk. This includes the container's memory, file system, and network state. Once the checkpoint is saved, the container can be resumed and continue running as normal.
Forensic Container Checkpointing is implemented using the CRIU (Checkpoint/Restore In Userspace) tool, which is a Linux tool that enables checkpointing and restoring of running processes. Kubernetes uses CRIU to create and restore container checkpoints.
Overall, Forensic Container Checkpointing is a useful feature for maintaining the security and integrity of Kubernetes clusters, as it enables administrators to investigate issues and understand the state of containers at specific points in time.
KEP:
https://github.com/kubernetes/enhancements/pull/1990
https://github.com/kubernetes/enhancements/issues/2008
Goals (aka. expected user outcomes)
To activate support for Forensic Container Checkpointing as a tech preview it is necessary to enable the "ContainerCheckpoint" feature gate in Kubernetes.
Requirements (aka. Acceptance Criteria):
To Be Done.
Use Cases (Optional):
- Security Breaches: If a security breach is suspected, administrators can use Forensic Container Checkpointing to create a checkpoint of the affected container. This can be used to analyze the container's state at the time of the breach, and help determine the cause of the breach and the extent of any damage.
- Debugging Issues: Sometimes, an application running in a container may encounter issues that are difficult to diagnose. In such cases, Forensic Container Checkpointing can be used to create a checkpoint of the container at the time the issue occurred. This checkpoint can then be used for forensic analysis to understand what caused the issue and how it can be fixed.
Out of Scope
To Be Done.
Background
Related to following document: https://issues.redhat.com/browse/OSDOCS-5477
Customer Considerations
To Be Done.
Interoperability Considerations
To Be Done.
- relates to
-
RFE-6542 ContainerCoreDump without ContainerCheckPoint (Kubelet Checkpoint API)
- Backlog
-
OCPSTRAT-302 Checkpoint/Restore In Userspace
- New
- links to