Difference between revisions of "Kubernetes"
m |
m |
||
| Line 1: | Line 1: | ||
| − | Container checkpointing was introduced as an alpha feature in Kubernetes v1.25 and graduated to beta in Kubernetes v1.30. This functionality allows running containers to be transparently checkpointed to persistent storage and later restored to resume execution, or migrated across nodes and clusters. The content of container checkpoints | + | Container checkpointing was introduced as an alpha feature in Kubernetes v1.25 and graduated to beta in Kubernetes v1.30. This functionality allows running containers to be transparently checkpointed to persistent storage and later restored to resume execution, or migrated across nodes and clusters. The content of container checkpoints can be further analyzed with the [https://github.com/checkpoint-restore/checkpointctl checkpointctl] tool. This allows to perform forensic analysis in case of security incidents (e.g., suspected compromise, data exfiltration) or application failures by inspecting the saved process memory, open files, sockets, and execution context captured in the checkpoint. |
| + | |||
| + | == Kubelet Checkpoint API == | ||
| + | |||
| + | This functionality is exposed through a node-local kubelet [https://kubernetes.io/docs/reference/node/kubelet-checkpoint-api/ checkpoint API] (enabled by default in Kubernetes v1.30) that allows you to create a snapshot of a running container. | ||
Revision as of 13:58, 7 November 2025
Container checkpointing was introduced as an alpha feature in Kubernetes v1.25 and graduated to beta in Kubernetes v1.30. This functionality allows running containers to be transparently checkpointed to persistent storage and later restored to resume execution, or migrated across nodes and clusters. The content of container checkpoints can be further analyzed with the checkpointctl tool. This allows to perform forensic analysis in case of security incidents (e.g., suspected compromise, data exfiltration) or application failures by inspecting the saved process memory, open files, sockets, and execution context captured in the checkpoint.
Kubelet Checkpoint API
This functionality is exposed through a node-local kubelet checkpoint API (enabled by default in Kubernetes v1.30) that allows you to create a snapshot of a running container.