Checkpoint Restoration Failing in kubeadm

ContainerCheckpointt · December 30, 2022, 6:23am

Followed this blog Forensic container checkpointing in Kubernetes | Kubernetes

Facing issues when checkpointing nginx

Cluster information:

Kubernetes version: 1.25
Cloud being used: bare-metal
Installation method: Kubeadm
Host OS: Ubuntu 22.04.1 LTS(ubuntu/jammy64)
CNI and version: Calico v3.24.0
CRI and version: cri-o v1.25.0

Steps taken for enabling checkpoint

Enabled feature gates in all three components of k8s

Checked manifests file .They are enabled
root@kubemaster:/etc/kubernetes/manifests# grep -E 'feature-gates' *.yaml

kube-apiserver.yaml: - --feature-gates=ContainerCheckpoint=true
kube-controller-manager.yaml: - --feature-gates=ContainerCheckpoint=true
kube-scheduler.yaml: - --feature-gates=ContainerCheckpoint=true

2)Enabled enable_criu_support and drop_infra_ctr
root@kubemaster:/etc/crio# grep -E 'enable_criu_support = true|drop_infra_ctr = false' *.conf

drop_infra_ctr = false
enable_criu_support = true

3)Ensure nodes are using crio 1.25 and k8s 1.25

root@kubemaster:/# kubectl get no -o wide

NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
kubemaster Ready control-plane 28m v1.25.0 192.168.56.2 Ubuntu 22.04.1 LTS 5.15.0-56-generic cri-o://1.25.0

Steps to replicate

Created nginx pod
kubectl run webserver --image=nginx -n default
Tried to checkpoint it

curl -sk -X POST  "https://localhost:10250/checkpoint/default/webserver/webserver" \
>   --key /etc/kubernetes/pki/apiserver-kubelet-client.key \
>   --cacert /etc/kubernetes/pki/ca.crt \
>   --cert /etc/kubernetes/pki/apiserver-kubelet-client.crt

Getting the error

checkpointing of default/webserver/webserver failed (rpc error: code = Unknown desc = checkpoint/restore support not available)

Please help

abdelghanimeliani · May 19, 2023, 4:44pm

i had the same problem before because i have not runc installed

Tobeabellwether · July 12, 2023, 8:26am

I put the “drop_infra_ctr = false
enable_criu_support = true” simply in the end of crio.conf, which was wrong, it should be behind the [crio.runtime] table, for details: https://github.com/cri-o/cri-o/blob/main/docs/crio.conf.5.md

Topic		Replies	Views
Calico Readiness Probe Failures After Kubeadm Init General Discussions network	4	4567	January 12, 2024
Kubeadm feature-gates for CSI General Discussions	2	853	March 6, 2019
Kube join failing General Discussions	0	976	February 6, 2020
Feature Gates? General Discussions	7	814	December 30, 2020
Kube-proxy not listening port 80 on CentOS 8 General Discussions	0	1265	February 6, 2020

Checkpoint Restoration Failing in kubeadm

Cluster information:

Related topics