diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates.md b/content/en/docs/reference/command-line-tools-reference/feature-gates.md index 7b89d9b29d58c..bb880e597b6d1 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates.md @@ -63,6 +63,7 @@ different Kubernetes components. | `AllowInsecureBackendProxy` | `true` | Beta | 1.17 | | | `AnyVolumeDataSource` | `false` | Alpha | 1.18 | | | `AppArmor` | `true` | Beta | 1.4 | | +| `CheckpointContainer` | `false` | Alpha | 1.24 | | | `ControllerManagerLeaderMigration` | `false` | Alpha | 1.21 | 1.21 | | `ControllerManagerLeaderMigration` | `true` | Beta | 1.22 | | | `CPUManager` | `false` | Alpha | 1.8 | 1.9 | @@ -607,6 +608,8 @@ Each feature gate is designed for enabling/disabling a specific feature: extended tokens by starting `kube-apiserver` with flag `--service-account-extend-token-expiration=false`. Check [Bound Service Account Tokens](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1205-bound-service-account-tokens/README.md) for more details. +- `CheckpointContainer`: Enables the kubelet `checkpoint` API. + See [Kubelet Checkpoint API](/docs/reference/node/kubelet-checkpoint-api/) for more details. - `ControllerManagerLeaderMigration`: Enables Leader Migration for [kube-controller-manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/#initial-leader-migration-configuration) and [cloud-controller-manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/#deploy-cloud-controller-manager) which allows a cluster operator to live migrate diff --git a/content/en/docs/reference/node/kubelet-checkpoint-api.md b/content/en/docs/reference/node/kubelet-checkpoint-api.md new file mode 100644 index 0000000000000..1f1fc8f7a2fea --- /dev/null +++ b/content/en/docs/reference/node/kubelet-checkpoint-api.md @@ -0,0 +1,75 @@ +--- +content_type: "reference" +title: Kubelet Checkpoint API +weight: 10 +--- + + +{{< feature-state for_k8s_version="v1.24" state="alpha" >}} + +Checkpointing a container is the functionality to create a stateful copy of a +running container. Once you have a stateful copy of a container, you could +move it to a different computer for debugging or similar purposes. + +If you move the checkpointed container data to a computer that's able to restore +it, that restored container continues to run at exactly the same +point it was checkpointed. You can also inspect the saved data, provided that you +have suitable tools for doing so. + +## Operations {#operations} + +### `post` checkpoint the specified container {#post-checkpoint} + +Tell the kubelet to checkpoint a specific container from the specified Pod. + +Consult the [Kubelet authentication/authorization reference](/docs/reference/command-line-tools-reference/kubelet-authentication-authorization) +for more information about how access to the kubelet checkpoint interface is +controlled. + +The kubelet will request a checkpoint from the underlying +{{}} implementation. In the checkpoint +request the kubelet will specify the name of the checkpoint archive as +`.tar` and also request to store the checkpoint archive in the +`checkpoints` directory below its root directory (as defined by `--root-dir`). +This defaults to `/var/lib/kubelet/checkpoints`. If an existing checkpoint +archive will be overwritten depends on the underlying CRI implementation. + +The checkpoint archive is in _tar_ format, and could be listed using an implementation of +[`tar`](https://pubs.opengroup.org/onlinepubs/7908799/xcu/tar.html). The contents of the +archive depend on the underlying CRI implementation (the container runtime on that node). + +#### HTTP Request {#post-checkpoint-request} + +POST /checkpoint/{namespace}/{pod}/{container} + +#### Parameters {#post-checkpoint-params} + +- **namespace** (*in path*): string, required + + {{< glossary_tooltip term_id="namespace" >}} + +- **pod** (*in path*): string, required + + {{< glossary_tooltip term_id="pod" >}} + +- **container** (*in path*): string, required + + {{< glossary_tooltip term_id="container" >}} + +#### Response {#post-checkpoint-response} + +200: OK + +401: Unauthorized + +404: Not Found (if the `CheckpointContainer` feature gate is disabled) + +404: Not Found (if the specified `namespace`, `pod` or `container` cannot be found) + +500: Internal Server Error (if the CRI implementation encounter an error during checkpointing (see error message for further details)) + +500: Internal Server Error (if the CRI implementation does not implement the checkpoint CRI API (see error message for further details)) + +{{< comment >}} +TODO: Add more information about return codes once CRI implementation have checkpoint/restore. +{{< /comment >}}