KEP-5823: Pod-Level Checkpoint/Restore

[rst0git]

• One-line PR description: Enable support for Pod-level checkpoint and restore.

• Issue link: Pod-Level Checkpoint/Restore #5823

• Other comments: Related to Forensic Container Checkpointing #2008 and Checkpointing API #5091

[k8s-ci-robot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: rst0git
Once this PR has been reviewed and has the lgtm label, please assign dchen1107 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• keps/sig-node/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[fals]

@rst0git can we somehow make the checkpointing and restore tool more generic. I can see the word CRIU few times on the document and as other members asked last meeting, we should consider a proposal that would also enable gVisor, kata-containers or any other qemu/KVM based runtime to profit of this implementation on Kubernetes, as different tools might not use CRIU to C/R.

For GPU other runtimes also use cuda-checkpoint as for example gVisor, but no Criu involved as they implement everything on runsc instead.

[haircommander]

can you enumerate what is out of scope here?

[haircommander]

this may be tricker than this bullet implies, may need to be stateless and not hold pod IP to start.

[haircommander]

is restore in scope for this KEP

[haircommander]

@fals what does this look like for other non CRIU checkpointing options?

[fals]

gVisor does not bump in same format as CRIU and QEMU/kvm based are even less aligned as it just snapshots the whole microVM which has all pods and containers inside.

[haircommander]

i don't think we need to specifically say what the runtime does here. I would like to find a way that we can phrase this KEP in a way that is implementation agnostic, while still maintaining shared pieces (if we pass an option down, we need to find a way that option can be passed to the various implementations, if relevant)

[fals]

I would say we should phrase that the

Checkpoint can be generated by different tools depending on the runtime used by the pod. The same tool should be used to restore as there's no backwards compatibility between them. The high level CRD holding information about the checkpointed pod MUST contain details about the tool used during checkpoint and it will be passed downstream from API server to CRI during restoration. The solution must be tool agnostic and any additional param needed by specific tools can be passed during C/R using command-line arguments from API.

[haircommander]

we'll need to loop in sig networking here for pod IP saving, I think we should do that as a follow-on

[haircommander]

I'd even go so far as to say a checkpointed pod should be stateless for the first iteration, and then we address stateful pods in a follow-on kep

[haircommander]

"running" is not a pod state though, there's a lot of pod states and the state machine is pretty complex. can we checkpoint if a pod is being resized in place? how about if the init containers are still running? I think we need to muscle through this a bit more

[dfeigin-nv]

Aren't this also participating sigs?

• sig-storage
• sig-api-machinery

[wendy-ha18]

Hi @rst0git , I'm Wendy from SIG Node KEP Wrangler and this KEP is at risk for PRR deadline at the moment, are you still aiming for this KEP in v1.36? The PRR deadline is approaching tomorrow (Wednesday 4th February 2026 (AoE) / Thursday 5th February 2026, 12:00 UTC).

This is checklist we need to meet to be able to pass PRR, do you think we can land these requirements before deadline or you need more time for it? (considering for exception request in advance).

PR open or merged with the KEP's PRR questionnaire filled out. - PENDING

PR open or merged with kep.yaml updated with the stage, latest-milestone, and milestone struct filled out. - PENDING

PR open or merged with a PRR approval file with the PRR approver listed for the stage the KEP is targeting.- PENDING

[rst0git]

@wendy-ha18 Thank you for your message! I've updated the pull request with the KEP's PRR questionnaire and kep.yaml filled out.

[wendy-ha18]

Thank @rst0git , one thing left to ensure we can safely pass PRR deadline is I'm not really sure who is PRR reviewer (and PRR shadow) for this KEP.

I have asked in #prod-readiness channel in Slack here. Please feel free to follow up further with it when you have time.