571
edits
Changes
mLine 1:
Line 1: − + − + + + + + Line 181:
Line 185: + + + + + + + + + + + + + + + + + +
→Related Publications, Talks & Blog Posts
[[Image:K8s-cr-arch-v2.png|right|795px|frame|border|link=|Overview of container checkpoint/restore in Kubernetes.]]
[[Image:K8s-cr-arch-v2.png|right|500px|thumb|Overview of container checkpoint/restore in Kubernetes.]]
Container checkpointing was introduced as an alpha feature in Kubernetes v1.25 and graduated to beta in Kubernetes v1.30. This functionality allows running containers to be transparently checkpointed to persistent storage and later restored to resume execution, or migrated across nodes and clusters. The content of container checkpoints can be further analyzed with the [https://github.com/checkpoint-restore/checkpointctl checkpointctl] tool. This allows to perform forensic analysis in case of security incidents (e.g., suspected compromise, data exfiltration) or application failures by inspecting the saved process memory, open files, sockets, and execution context captured in the checkpoint.
Container checkpointing was introduced as an alpha feature in Kubernetes v1.25 and graduated to beta in Kubernetes v1.30. This functionality allows running containers to be transparently checkpointed to persistent storage and later restored to resume execution, or migrated across nodes and clusters.
The content of container checkpoints can be further analyzed with the [https://github.com/checkpoint-restore/checkpointctl checkpointctl] tool. This allows to perform forensic analysis in case of security incidents (e.g., suspected compromise, data exfiltration) or application failures by inspecting the saved process memory, open files, sockets, and execution context captured in the checkpoint.
This feature is developed as a community-driven effort at the [https://github.com/kubernetes/community/tree/master/wg-checkpoint-restore Kubernetes Checkpoint/Restore Working Group]. If you want to get more involved by contributing to Kubernetes, join our [https://groups.google.com/a/kubernetes.io/g/wg-checkpoint-restore mailing list] and Slack channel at [https://kubernetes.slack.com/messages/wg-checkpoint-restore #wg-checkpoint-restore].
== Kubelet Checkpoint API ==
== Kubelet Checkpoint API ==
kubectl apply -f restore-pod.yaml
kubectl apply -f restore-pod.yaml
</pre>
</pre>
== Related Publications, Talks & Blog Posts ==
* Research Papers
** [https://radostin.io/files/vspisakova-jsspp25.pdf Kubernetes Scheduling with Checkpoint/Restore: Challenges and Open Problems]
** [https://doi.org/10.48550/arXiv.2502.16631 CRIUgpu: Transparent Checkpointing of GPU-Accelerated Workloads]
** [https://doi.org/10.1145/3678015.3680477 Towards Efficient End-to-End Encryption for Container Checkpointing Systems]
* KubeCon & CloudNative Talks
** [https://kccnceu2025.sched.com/event/1tx7i Efficient Transparent Checkpointing of AI ML Workloads in Kubernetes]
** [https://sched.co/1dCVs End-to-End Encryption for Container Checkpointing in Kubernetes]
** [https://sched.co/1YeT4 Enabling Coordinated Checkpointing for Distributed HPC Applications]
* Kubernetes Blog Articles
** [https://kubernetes.io/blog/2023/03/10/forensic-container-analysis/ Forensic Container Analysis]
** [https://kubernetes.io/blog/2022/12/05/forensic-container-checkpointing-alpha/ Forensic Container Checkpointing in Kubernetes]
* NVIDIA Technical Blog
** [https://developer.nvidia.com/blog/checkpointing-cuda-applications-with-criu Checkpointing CUDA Applications with CRIU]