coredump-detector

module
v0.0.0-...-193f477 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 24, 2019 License: Apache-2.0

README

k8s-coredump-detector


K8s-coredump-detector is an open source tool for managing core dump feature in kubernetes. It enables stable, controllable core dump feature when jobs inside k8s containers were crashed. This feature mainly generate, store, distribute core files which generated by the apps inside pods, it could ease investigation of crashed application in multi-tenancy k8s environment. And tenant could download this core files like they are using any other original k8s functions.


Motivation and Goals

As we know, bugs are inevitable in software development, some bugs could be solved by investigating app logs, but some serious bugs like deep null point exception is very hard to debug without core files.However, Kubernetes has no mechanism to manage core files when job inside pods crashed.

This feature mainly collects, stores, distributes core files which generated by the apps inside pods. It supports any filesystem storage as backend storage, and it embeds the K8s' own authorization mechanism like RBAC to control tenant authorities. Tenants could download those core files they want like they are using any other original K8s resources.    

Design

 

Components
Backend storage

The bakcend storage is an independent filesystem storage to store core files. This storage could be either ceph filesystem storage, nfs storage or any other filesystem storage. For test purpose, you can also use local host[https://kubernetes.io/docs/concepts/storage/volumes/#hostpath] storage to store core files.

Coredump DaemonSet

To control core files generation behavior, a DaemonSet is necessary which would launch each node an admin-pod. Those pods make sure everything will go as we expected when job crashed in other work pods. Each pod will execute following steps:

a. Copy a exectuable file called hanlder to host, it be invoked when any process crashed in that host. It will distinguish if the crashed job was from a pod. If so, it collects realted information and store core file to backend storage.

b. Modify && maintain core_pattern settings on each node which usually exist as a file located in /proc/sys/kernel/core_pattern. This setting is for control the behavior when process crashed. In our case, the admin-pod will modify it so the handler will be invoked.

For detail information, please see https://github.com/fenggw-fnst/coredump-node-detector

Coredump Apiserver

This component is the bridge between backend storge and users. In nature it is a aggregation api layer which is an offical mechanism to implement users’ own business logical. It contains service, self-defined api-server running in pod and etcd storage. It will register APIs and Objects to k8s cluster. Users should download core files by those APIs and Objects.

Group Version Kind Subresource
coredump.fujitsu.com v1alpha1 CoredumpEndpoint dump

For a typical case, user wants to download all core files generated by container test-container in Pod test-namespace/test-pod. User should do like this:

kubectl get --raw=/apis/coredump.fujitsu.com/v1alpha1/namespaces/test-namespace/coredumpendpoints/test-pod/dump?container=test-container>>coredump.tar.gz

tar -zxvf coredump.tar.gz -C ./coredump-files

If everyting works as expected, user could observe all core files in coredump-files.

 

Flow
Core file generation

The core file generation part generates core files when job inside containers crashed. In each node that supports core dump feature, a admin-pod will be deployed by DaemonSet to handle this job. Each admin-pod inject an executable file called handler into node, it also modifies[core-pattern] to let kernel call that handler to store core files into backend storage.

Downloding core files

An aggregation api layer will register a self-defined API called coredump.fujitsu.com. This api is a bridge between backend storage and users. User could download core files by this api. Admin can control users' access to core files by native way like RBAC, ABAC.

 

Warning

The core_pattern would be modified to let our components handle core dump events.

The k8s cluster must boot with allow-privileged option enabled.

   

Deployment

From script

Please See deploy.md

From source code

TBD

Test

After deploying all the components successfully, you could test the function is working by test script

   

Download core files

This section gives examples of how to download corefiles after coredump detector deployed. The coredumpendpoint_template.yaml file under test floder will be used.

From exist pod

Suppose users want to download core files from a container called test-container in exist pod default/test-pod, they should do like:

cat test/coredumpendpoint_template.yaml |sed "s/__NAMESPACE__/default/g" | sed "s/__NAME__/test-pod/g"| kubectl create -f -
kubectl get --raw=/apis/coredump.fujitsu.com/v1alpha1/namespaces/default/coredumpendpoints/test-pod/dump?container=test-container>>coredump.tar.gz
From non-exist pod

When users want to download core files from a pod that has been deleted, pod's uid must be provided. Suppose users want to download core files from a container called test-container in exist pod default/test-pod, and the uid of that pod is 1234-5678, they should do like:

cat test/coredumpendpoint_template.yaml |sed "s/__NAMESPACE__/default/g" | sed "s/__NAME__/test-pod/g"| sed "s/__UID__/1234-5678/g"|kubectl create -f -
kubectl get --raw=/apis/coredump.fujitsu.com/v1alpha1/namespaces/default/coredumpendpoints/test-pod/dump?container=test-container>>coredump.tar.gz

Directories

Path Synopsis
cmd
gc
pkg
apis/coredump
Package api is the internal version of the API.
Package api is the internal version of the API.
apis/coredump/v1alpha1
+k8s:openapi-gen=true +k8s:deepcopy-gen=package,register +k8s:conversion-gen=github.com/WanLinghao/fujitsu-coredump/pkg/apis/coredump +k8s:defaulter-gen=TypeMeta +groupName=coredump.fujitsu.com
+k8s:openapi-gen=true +k8s:deepcopy-gen=package,register +k8s:conversion-gen=github.com/WanLinghao/fujitsu-coredump/pkg/apis/coredump +k8s:defaulter-gen=TypeMeta +groupName=coredump.fujitsu.com
client/clientset_generated/clientset
This package has the automatically generated clientset.
This package has the automatically generated clientset.
client/clientset_generated/clientset/fake
This package has the automatically generated fake clientset.
This package has the automatically generated fake clientset.
client/clientset_generated/clientset/scheme
This package contains the scheme of the automatically generated clientset.
This package contains the scheme of the automatically generated clientset.
client/clientset_generated/clientset/typed/coredump/v1alpha1
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
client/clientset_generated/clientset/typed/coredump/v1alpha1/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
gc

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL