Describe the bug
iris process profile threads and iris process profile mem fail on the K8s controller with Permission denied (os error 13). py-spy and memray both require ptrace, which is blocked by the controller pod's security context.
Error: Profiling failed: py-spy dump failed: Error: Permission denied (os error 13)
Task pods have SYS_PTRACE in their security context (tasks.py:395), but the controller Deployment does not (controller.py:_build_controller_deployment).
To Reproduce
- Deploy Iris on CoreWeave K8s.
- Run
uv run iris process profile threads or uv run iris process profile mem.
- Observe:
Permission denied (os error 13).
Expected behavior
Profiling should work on the controller pod, same as it does on task pods.
Additional context
Fix: add SYS_PTRACE capability to the controller container spec in _build_controller_deployment (controller.py:163):
"securityContext": {"capabilities": {"add": ["SYS_PTRACE"]}},Task pods already have this at tasks.py:395-398.
Describe the bug
iris process profile threadsandiris process profile memfail on the K8s controller withPermission denied (os error 13). py-spy and memray both require ptrace, which is blocked by the controller pod's security context.Task pods have
SYS_PTRACEin their security context (tasks.py:395), but the controller Deployment does not (controller.py:_build_controller_deployment).To Reproduce
uv run iris process profile threadsoruv run iris process profile mem.Permission denied (os error 13).Expected behavior
Profiling should work on the controller pod, same as it does on task pods.
Additional context
Fix: add
SYS_PTRACEcapability to the controller container spec in_build_controller_deployment(controller.py:163):Task pods already have this at
tasks.py:395-398.