From a7fb5b1f05b0b0a3c7b1f964c673604f99e5fff6 Mon Sep 17 00:00:00 2001 From: Muvaffak Onus Date: Sat, 16 Mar 2024 16:34:32 +0300 Subject: [PATCH] update dependencies Signed-off-by: Muvaffak Onus --- README.md | 23 +++++++++++++++++++---- go.mod | 4 ++-- go.sum | 4 ++-- 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 5a70354..1367741 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ # Checkpoint and Restore in Kubernetes - crik `crik` is a project that aims to provide checkpoint and restore functionality for Kubernetes pods mainly targeted for -node shutdown and restart scenarios. Under the hood, it utilizes [`criu`](https://github.com/checkpoint-restore/criu) to -checkpoint and restore process trees. +node shutdown and restart scenarios. It is a command wrapper that, under the hood, utilizes +[`criu`](https://github.com/checkpoint-restore/criu) to checkpoint and restore process trees in a `Pod`. It is a work in progress and is not ready for production use. -`crik` has two componenets: +`crik` has two components: - `crik` - a command wrapper that executes given command and checkpoints it when SIGTERM is received and restores from checkpoint when image directory contains a checkpoint. - `manager` - a kubernetes controller that watches `Node` objects and updates its internal map of states so that `crik` @@ -66,7 +66,7 @@ RUN curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x4E2A48715C45AE && apt-get update \ && apt-get install --no-install-recommends --yes criu iptables -# Install crik \ +# Install crik COPY --from=ghcr.io/qawolf/crik:v0.1.0 /usr/local/bin/crik /usr/local/bin/crik # Copy your application @@ -148,6 +148,21 @@ Build `crik`: docker build -t crik:v1 -f cmd/crik/Dockerfile . ``` +## Why not upstream? + +Taking checkpoints of processes and restoring them from within the container requires quite a few privileges to be given +to the container. The best approach is to execute these operations at the container runtime level and today, container +engines such as CRI-O and Podman do have native support for using `criu` to checkpoint and restore the whole containers +and there is an ongoing effort to bring this functionality to Kubernetes as well. The first use case being the forensic +analysis via checkpoints as described [here](https://kubernetes.io/blog/2023/03/10/forensic-container-analysis/). + +While it is the better approach, since it's such a low-level change, it's expected to take a while to be available in +mainstream Kubernetes in an easily consumable way. For example, while taking a checkpoint is possible through `kubelet` +API if you're using CRI-O, restoring it as another `Pod` in a different `Node` is not natively supported yet. + +`crik` allows you to use `criu` to checkpoint and restore a `Pod` to another `Node` today without waiting for the native +support in Kubernetes. Once the native support is available, `crik` will utilize it under the hood. + ## License This project is licensed under the Apache License, Version 2.0 - see the [LICENSE](LICENSE) file for details. \ No newline at end of file diff --git a/go.mod b/go.mod index 3a2691e..97f6e8c 100644 --- a/go.mod +++ b/go.mod @@ -9,10 +9,12 @@ require ( github.com/go-logr/logr v1.4.1 github.com/pkg/errors v0.9.1 go.uber.org/zap v1.26.0 + google.golang.org/protobuf v1.33.0 k8s.io/api v0.29.1 k8s.io/apimachinery v0.29.1 k8s.io/client-go v0.29.1 sigs.k8s.io/controller-runtime v0.17.0 + sigs.k8s.io/yaml v1.4.0 ) require ( @@ -56,7 +58,6 @@ require ( golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/protobuf v1.32.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect @@ -67,5 +68,4 @@ require ( k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect - sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 0a765a9..47b108f 100644 --- a/go.sum +++ b/go.sum @@ -185,8 +185,8 @@ google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAs google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=