Comments (6)
Thinking about this a bit more for the spike, I would rather use a label than an annotation. A label can be queried easily and also shows up in (prometheus) monitoring. The timestamp and "no-evict-overwrite" should be annotations though.
from k-rail.
This is a good idea. Can you elaborate on the OPs process you have in mind that works with the label?
from k-rail.
I assume #18 should cleanup the the tainted pod. I missed the issue when reading this.
For the grace periodic of the reconciliation task would need to know another timestamp to compare the elapsed time.
It can either be the first or last exec into the pod for example. First probably makes more sense.
This timestamp could be stored in a custom annotation so that it is easily available, when iterating though the tainted pods.
🤔 there is probably a good reason to exec into a pod. Can you imagine any reason you still want to keep the pod running to preserve state? Maybe forensic analysis?
In this case another annotation may make sense to prevent the reconciliation task to evict the pod. This annotation must be set manually though.
from k-rail.
Yes, #18 is related. I was thinking the same thing during the WIP mentioned in the other issue. There is an exec taint annotation and the value is a timestamp.
Eventually it would be pretty nice to have a DaemonSet that could automatically capture forensic information on a Pod prior to it getting evicted. Until then, I like your idea of an annotation that could prevent the post-exec eviction.
from k-rail.
PR 47 was closed in favor of: #54
from k-rail.
👋 The k-rail project has been deprecated and is no longer under active development. We recommend taking a look at OPA Gatekeeper to see if it might meet your needs going forward.
Thanks for your contribution(s) to the project!
from k-rail.
Related Issues (20)
- Question: how to change the values.yaml file?
- helm install --debug k-rail k-rail/k-rail --namespace k-rail fails HOT 2
- Unable to delete pod HOT 10
- Exemptions do not cover DaemonSets HOT 1
- "runAsNonRoot: true" should be in Pod and Container SecurityContexts HOT 5
- exemptions on container level HOT 2
- Helm Install: no matches for kind "PodDisruptionBudget" in version "policy/v1beta1" HOT 1
- [FR] Emergency stop button. Prevent all changes when toggled. HOT 3
- exempt_policies pod_no_exec and execute to pod/container fails HOT 5
- Can we use regexs in exemptions? HOT 2
- [FR] Make terminationMessagePolicy: FallbackToLogsOnError default HOT 1
- EmptyDir sizelimits no longer applied via mutation HOT 2
- Include violating image in logs produced by pod_trusted_repository policy HOT 2
- Bug in Namespace Process Sharing HOT 1
- Pod policy check inconsistencies HOT 3
- [FR] Add policy to enforce unique Istio VirtualServices (like unique Ingress policy) HOT 3
- [Question] Is there a way to enforce only matching resources on a set of nodes? HOT 3
- Update deprecated api group admissionregistration.k8s.io/v1beta1 HOT 1
- k-rail Webhook Fails Due to TLS SANs Issue + Temporary Workaround HOT 1
- Exemptions and Fuzzy Matching - Possible Bug HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k-rail.