✨ Introduce pprof server to manager #1943
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
Hi @zqzten. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
size/L
|
TBH, I'm against this one. This is very tempting to add functionality such as this to your solution, but enabling it on production might cause a sensitive information leakage. I suggest adding a "hint" in your "DEVELOPMENT.MD" file as I did here: |
That's true if we enable pprof and bind it to |
|
@AlmogBaku Thanks for the security remind, but I don't think it as a blocking issue as we have ways to protect it:
Security is very important indeed, I'll add some doc comments on it, also we can put best practice usage in kubebuilder after this feature is added. |
|
/ok-to-test /cc @alvaroaleman |
k8s-ci-robot
added
ok-to-test
|
what about adding a build tag as a solution? |
I'm not sure whether this solution is appropriate in this project. Let's just wait for opinions from other maintainers. |
|
Kind of torn here. Not having pprof is extremely annoying in production, but it definitely exposes sensitive information. @AlmogBaku what is the reason why you would prefer build tags over off-by-default, i.E. what is the problem you see from having it compiled in but disabled? |
|
Exposing this setting using a build tag is like having a “remote debugger” - possible, but should be allowed implicitly and temporary on production mode |
I actually disagree with that. Pprof needs to always be enabled or it is useless. If it requires a binary restart of any kind it becomes impossible to debug in situations where there is no clear reproducer. The remaining concern here is that we can't tell if ppl properly wall off connectivity to their controllers, which is why it might be problematic to enable by default. |
zqzten
force-pushed
the
pprof
branch
4 times, most recently
from
a15d1eb to
833a6e6
Compare
k8s-ci-robot
removed
the
needs-rebase
|
@alvaroaleman @vincepri @FillZpp Mind give some further points on this? It would be very appreciated. There're many ppl around calling for this feature. |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vincepri, zqzten The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
A dumb question here, it would be released in the next version, right? |
|
Yes, that's the plan |
Could I know the next release date please since we want to introduce this change in our code for some deadline? thanks! |
|
There is no fixed date as far as I know. But I think we want to get #2189 in first |
This PR introduces a configurable standalone server for serving pprof to manager, just like the health and metrics server.
fixes #1779
Additional thoughts:
I've been aware of
metricsExtraHandlersintroduced in #824 which might be an alternative for end users to serve pprof, but I don't think it's quite appropriate to do so, mainly for these two reasons:metricsExtraHandlersbind all handlers to metrics listener which is not that general and flexible, it cannot meet cases that user want to expose metrics and pprof by different listeners (common use case: a 0.0.0.0: listener for serving metrics and a 127.0.0.1: listener for serving pprof).