Tuesday, 2018-03-20

« Monday, 2018-03-19 Index Wednesday, 2018-03-21 »
*** mylinux has joined #kata-general00:10
*** mylinux has quit IRC00:12
*** mylinux has joined #kata-general00:12
*** mylinux has quit IRC00:19
kata-dev-irc-bot<raravena80> folks, the aws slack is https://awsdevelopers.slack.com/ you can DM https://twitter.com/abbyfuller with your email for an invite.00:55
*** oikiki has joined #kata-general01:25
*** liujiong has joined #kata-general02:57
*** oikiki has quit IRC03:12
*** mylinux has joined #kata-general04:20
*** liujiong has quit IRC04:22
*** liujiong has joined #kata-general04:23
*** mylinux has quit IRC04:24
*** liujiong has quit IRC04:58
*** liujiong has joined #kata-general04:59
*** oikiki has joined #kata-general05:38
*** sjas_ has joined #kata-general05:45
*** sjas has quit IRC05:48
*** mylinux has joined #kata-general06:37
*** mylinux has quit IRC06:42
*** oikiki has quit IRC06:44
*** jodh has joined #kata-general07:47
*** jodh has joined #kata-general07:47
*** liujiong has quit IRC07:57
*** gwhaley has joined #kata-general08:55
*** oikiki has joined #kata-general09:03
*** oikiki has quit IRC09:19
*** mylinux has joined #kata-general09:43
*** mylinux has quit IRC09:47
*** sjas_ is now known as sjas10:54
*** gwhaley has quit IRC11:58
*** mylinux has joined #kata-general12:32
*** gwhaley has joined #kata-general12:42
kata-dev-irc-bot<james.brennan> Question: we are currently using docker with --net=host.  I noticed in the ClearContainers limitations document that this is not supported.  Are there any plans to support --net=host, or something equivalent, in Kata?14:01
kata-dev-irc-bot<samuel.ortiz> @james.brennan Not to my knowledge14:04
kata-dev-irc-bot<samuel.ortiz> You can't really get full access to the host netns from a VM.14:04
*** mylinux has quit IRC14:07
*** mylinux has joined #kata-general14:09
kata-dev-irc-bot<eric.ernst> @james.brennan this isn't really feasible.  You can use a mix of runc and Kata based containers on a system, however.14:09
*** mylinux has quit IRC14:19
*** mylinux has joined #kata-general14:37
kata-dev-irc-bot<james.brennan> Thanks!  We were thinking that we would need IPV6 to make this work then - so we can assign “real” IPs to each kata container.    We don’t actually need them all to be unique - we are currently using “host” mode afterall.  Is there a way to setup an overlay network with a single IP shared by all kata containers running on a system, or would this also fail (documentation for CC seems to suggest you can’t share).15:16
kata-dev-irc-bottypically running 60+ containers per node.15:16
kata-dev-irc-bot<anne> Sorry all for the spam on the dev list--not sure why that wasn't caught. If anyone needs assistance with their international freight logistics, please reach out to Kelvin ;) In the mean time, I'll check out why those are getting through15:25
kata-dev-irc-bot<samuel.ortiz> @james.brennan I'll defer that question to @manohar.r.castelino15:30
kata-dev-irc-bot<james.o.hunt> @anne - Morning! Do you have a github account?16:52
kata-dev-irc-bot<anne> i sure do! annabellebertooch.16:53
kata-dev-irc-bot<anne> it's a bad riff on my last name being mispronounced that hasn't aged well :slightly_smiling_face:16:53
kata-dev-irc-bot<samuel.ortiz> @anne it's the "ooch" part that's mispronounced, right ?16:56
*** gwhaley has quit IRC16:57
kata-dev-irc-bot<anne> si :slightly_smiling_face:16:58
kata-dev-irc-bot<manohar.r.castelino> @james.brennan what do you mean by all the containers having the same IP. Do you mean a mode where the IP of the container does not matter as it will always be NATed out, and there is no container to container connectivity needed?17:13
kata-dev-irc-bot<manohar.r.castelino> I have been looking at a way to support a configuration where17:14
kata-dev-irc-bot<manohar.r.castelino> 1. The container IP is never visible outside the container17:14
kata-dev-irc-bot<manohar.r.castelino> 2. There is no need for inter container connectivity within the same host17:14
kata-dev-irc-bot<manohar.r.castelino> 3. All container traffic is outbound17:14
kata-dev-irc-bot<manohar.r.castelino> 4. There never a need to reach the container from the external network17:15
kata-dev-irc-bot<manohar.r.castelino> We can support that mode if you want. But that breaks the CNI, Container network paradigm. But it will be a custom mode. Not quite --net=host, but more like --net=host-client-only17:16
*** gwhaley has joined #kata-general17:36
*** mylinux has quit IRC17:42
*** mylinux has joined #kata-general17:46
*** jodh has quit IRC18:05
*** oikiki has joined #kata-general18:06
kata-dev-irc-bot<james.brennan> @manohar.r.castelino, thanks for your reply!  The apps running in our containers need to have an IP address that is visible outside the container, both to other containers running on the same or  other nodes, and to other gateway machines.  They need to be able to handle outbound and inbound traffic.   We also have no control over which ephemeral ports they may be using.18:18
kata-dev-irc-bot<manohar.r.castelino> @james.brennan so you need a true --net=host mode then. I assume in this case the containers do not really access the IP's of other container but ephemeral ports. In that case how are the ports published? Some out of band mechanism?18:20
kata-dev-irc-bot<james.brennan> @manohar.r.castelino that is correct.  The apps have a lot of freedom in how they choose to communicate with other apps running on the cluster.   As I mentioned above, we are currently thinking that if we move to IPV6, we will be able to manage having separate fully accessible IPs in each container.   We haven’t determined if that’s a viable path yet.18:30
*** gwhaley has quit IRC19:49
*** mylinux has quit IRC20:05
*** oikiki has quit IRC22:43
*** oikiki has joined #kata-general22:50
*** oikiki has quit IRC23:06
« Monday, 2018-03-19 Index Wednesday, 2018-03-21 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!