| *** LinuxMe_ has joined #kata-general | 00:55 | |
| *** LinuxMe_ has quit IRC | 01:06 | |
| *** dlw1 has joined #kata-general | 01:15 | |
| *** LinuxMe_ has joined #kata-general | 01:22 | |
| *** LinuxMe_ has quit IRC | 01:33 | |
| *** LinuxMe has joined #kata-general | 01:56 | |
| *** LinuxMe has quit IRC | 01:56 | |
| *** LinuxMe has joined #kata-general | 03:00 | |
| *** LinuxMe has quit IRC | 03:18 | |
| *** Razva has quit IRC | 03:44 | |
| *** jbryce has quit IRC | 03:44 | |
| *** LinuxMe has joined #kata-general | 04:18 | |
| *** LinuxMe has quit IRC | 04:22 | |
| *** dlw1 has quit IRC | 04:51 | |
| *** dlw has joined #kata-general | 04:52 | |
| *** dlw1 has joined #kata-general | 06:13 | |
| *** dlw has quit IRC | 06:14 | |
| *** dlw1 is now known as dlw | 06:14 | |
| *** LinuxMe has joined #kata-general | 06:19 | |
| *** LinuxMe has quit IRC | 06:23 | |
| *** dlw1 has joined #kata-general | 06:42 | |
| *** dlw has quit IRC | 06:44 | |
| *** dlw1 is now known as dlw | 06:44 | |
| *** jodh has joined #kata-general | 06:44 | |
| *** jodh has joined #kata-general | 06:44 | |
| *** LinuxMe has joined #kata-general | 07:28 | |
| *** LinuxMe has quit IRC | 07:33 | |
| *** dlw has quit IRC | 07:45 | |
| *** Razva has joined #kata-general | 07:47 | |
| *** jbryce has joined #kata-general | 07:47 | |
| *** gwhaley has joined #kata-general | 08:05 | |
| *** LinuxMe has joined #kata-general | 09:29 | |
| *** LinuxMe has quit IRC | 09:33 | |
| kata-dev-irc-bot | <james.o.hunt> @channel - If you're not signed up to the mailing list, but are wondering how you can get involved... http://lists.katacontainers.io/pipermail/kata-dev/2018-June/000180.html | 11:00 |
|---|---|---|
| kata-dev-irc-bot | <vizard561> thanks | 11:01 |
| *** gwhaley has quit IRC | 11:21 | |
| kata-dev-irc-bot | <vizard561> Team, if i have to join other nodes to k8s cluster, i have to use --cri-socket flag for containerd.sock or not? | 11:25 |
| *** GonZo2000 has joined #kata-general | 11:31 | |
| *** GonZo2000 has joined #kata-general | 11:31 | |
| *** GonZo2000 has quit IRC | 11:39 | |
| *** GonZo2000 has joined #kata-general | 11:42 | |
| *** GonZo2000 has joined #kata-general | 11:42 | |
| *** GonZo2000 has quit IRC | 12:01 | |
| *** gwhaley has joined #kata-general | 12:12 | |
| *** LinuxMe has joined #kata-general | 12:19 | |
| kata-dev-irc-bot | <eric.ernst> This is how I’ve done it, @vizard561 | 12:35 |
| kata-dev-irc-bot | <vizard561> @eric.ernst thank you:) | 12:35 |
| *** LinuxMe has quit IRC | 12:58 | |
| kata-dev-irc-bot | <vizard561> metadata: name: nginx-untrusted annotations: io.kubernetes.cri.untrusted-workload: "true" For use containerd i have to add annotations lines to all yaml files? | 12:59 |
| *** LinuxMe has joined #kata-general | 12:59 | |
| kata-dev-irc-bot | <vizard561> Can k8s+kata works containerd and docker together? Docker for kube-system pods, and containerd for production pods? | 13:20 |
| kata-dev-irc-bot | <yench.kata> Hi, I have a question in the overview deck: What is 'VM template' at the page 'Small as a Container'? It seems a feature of runV, but how does it minimize memory footprint? | 13:32 |
| kata-dev-irc-bot | <eric.ernst> @vizard561 - I wouldn't think of it as docker in this case. | 13:46 |
| kata-dev-irc-bot | <eric.ernst> You can use both runc and kata-runtime containers in containerd. | 13:46 |
| kata-dev-irc-bot | <eric.ernst> which gets you the same mix, i think, that you're describing with kube-system. | 13:46 |
| kata-dev-irc-bot | <eric.ernst> However, in the past i have setup clusters which are a mix of CRI-shim implementations (i.e.: dockershim, crio, containerd) | 13:47 |
| kata-dev-irc-bot | <eric.ernst> I think what you're describing would be running dockershim on the master node and containerd on the worker nodes. Again, I think you'd just want to run the priv. kube-system pods using runc and the new workloads with kata. | 13:48 |
| kata-dev-irc-bot | <eric.ernst> I know in CRIO you can set the default to use kata. Otherwise you can have teh default be something like runc and patch each workload to include an annotation. | 13:48 |
| kata-dev-irc-bot | <eric.ernst> see https://github.com/kata-containers/documentation/blob/master/architecture.md#mixing-vm-based-and-namespace-based-runtimes | 13:49 |
| kata-dev-irc-bot | <vizard561> just not sure, why we use containerd, when deploy use docker.io images. now i try to deploy dashboard on k8s, but have some errors | 13:52 |
| kata-dev-irc-bot | <vizard561> https://github.com/kata-containers/documentation/blob/master/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md Now i'm done with this, but i don't understand what's different between kata-nginx and docker-nginx deploy in k8s? | 14:09 |
| kata-dev-irc-bot | <vizard561> can someone help me with this?:$ | 14:10 |
| kata-dev-irc-bot | <eric.ernst> can you point me at the yaml files? | 14:12 |
| kata-dev-irc-bot | <eric.ernst> docker images are just container images. | 14:12 |
| kata-dev-irc-bot | <eric.ernst> it doesn't mean you must use runc. They are just a nice hub for placing oci compliant images | 14:12 |
| kata-dev-irc-bot | <vizard561> ``` kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml ``` | 14:22 |
| kata-dev-irc-bot | <vizard561> you ask me about this? | 14:22 |
| *** LinuxMe has quit IRC | 14:23 | |
| *** LinuxMe_ has joined #kata-general | 14:32 | |
| *** LinuxMe_ has quit IRC | 14:42 | |
| *** annabelleB has joined #kata-general | 14:43 | |
| kata-dev-irc-bot | <vizard561> how i can to check list of VMs, that created by kata? i create nginx on the doc steps, nginx ready as quemu, but ctr does not see him | 14:59 |
| gwhaley | @jodh - does 'kata-runtime list' do that? | 15:00 |
| *** LinuxMe_ has joined #kata-general | 15:03 | |
| kata-dev-irc-bot | <james.o.hunt> @vizard561 / @graham.whaley - Yep `kata-runtime list --kata-all` gives you quite a lot of info (but not the VM pids). | 15:09 |
| kata-dev-irc-bot | <vizard561> @james.o.hunt thanks a lot | 15:10 |
| kata-dev-irc-bot | <vizard561> @james.o.hunt VM pids will be in the next updates? | 15:13 |
| gwhaley | @vizard561 - patches/PRs most welcome to add them ;-) | 15:15 |
| kata-dev-irc-bot | <james.o.hunt> @vizard561 - what @graham.whaley said! :) Please do raise an issue so we don't forget. | 15:16 |
| kata-dev-irc-bot | <vizard561> @james.o.hunt thx for a tip;) | 15:17 |
| kata-dev-irc-bot | <vizard561> it seems, kata-runtime list is show vm.img only only on node where vm is deployed Or im wrong? | 15:23 |
| *** LinuxMe_ has quit IRC | 15:31 | |
| *** LinuxMe_ has joined #kata-general | 15:34 | |
| kata-dev-irc-bot | <james.o.hunt> @vizard561 - yes, it only works on the system where the VMs live ;) | 15:44 |
| *** annabelleB has quit IRC | 15:46 | |
| kata-dev-irc-bot | <vizard561> @james.o.hunt i need to create a issue about this? If DevOps have 1000hosts with kata, it sadly, how he have to check kata-runtime list ?):O | 15:46 |
| kata-dev-irc-bot | <james.o.hunt> @vizard561 - the `list` command used to be part of the OCI runtime spec (I think?): https://github.com/opencontainers/runtime-spec/blob/master/runtime.md. However, as you probably know, there is "the spec" and "runc" (the reference implementation of the spec), but they differ :slightly_smiling_face: | 15:48 |
| kata-dev-irc-bot | <vizard561> since k8s need to add a new feature for your runtime to check VMs | 15:49 |
| kata-dev-irc-bot | <james.o.hunt> kata-runtime attempts to adhere to *both* the spec and the runc behaviour. runc provides a `list` command so so do we. Both versions only work on the local system. OCI does the scenarios you are talking about. | 15:49 |
| *** annabelleB has joined #kata-general | 15:49 | |
| *** fiddletwix has quit IRC | 15:49 | |
| kata-dev-irc-bot | <james.o.hunt> @vizard561 - I mean the OCI does *not* really cover the scenarios you are talking about. But as we keep saying, please raise issues so we can discuss these things more widely :slightly_smiling_face: | 15:50 |
| kata-dev-irc-bot | <vizard561> @james.o.hunt anyway, thanks for your answer | 15:51 |
| kata-dev-irc-bot | <vizard561> @james.o.hunt maybe you can describe me, how i can to delegate cluster resouses to VM? Example: i have 2 nodes master-worker k8s. I want to set limit for CPU, RAM, Volumes to my VM apps. It is real? | 15:56 |
| kata-dev-irc-bot | <vizard561> i think this is one of top goals kata | 15:59 |
| kata-dev-irc-bot | <james.o.hunt> I'm afraid I'm not the expert you are looking for, so I'll pass you to @eric.ernst;) | 16:03 |
| gwhaley | the way forwards is probably to see how/what native (runc) k8s does, and if kata is not doing something there or does not support a tool that handles large node clusters, then we raise an Issue with the details | 16:08 |
| kata-dev-irc-bot | <eric.ernst> Hey @vizard561 - I understand your point. | 16:14 |
| kata-dev-irc-bot | <eric.ernst> s/jessfraz/kata? | 16:14 |
| kata-dev-irc-bot | <eric.ernst> I think some of your concerns will be resolved once there is more formal support at the node level for 'secure runtimes' | 16:14 |
| kata-dev-irc-bot | <eric.ernst> where secure is not the right term, but the general idea ;) | 16:15 |
| kata-dev-irc-bot | <eric.ernst> ie: see @tallclair propsals @ https://docs.google.com/document/d/1WzO_QjJFfedhsiBtfcVB2QzTWRXHEPX1xOyqDGXxO-0/edit#heading=h.xfg2yxulj9w7 | 16:16 |
| kata-dev-irc-bot | <eric.ernst> and https://docs.google.com/document/d/1mpjPTZkoeFV3tG59149KaIuI8LhIE-cekjFq8rRmNoQ/edit# | 16:16 |
| kata-dev-irc-bot | <eric.ernst> K8S isn't aware of the actual runtime executing (ie, kata-runtime in this case) | 16:16 |
| kata-dev-irc-bot | <eric.ernst> So, you can say kubectl get pods, describe pods, etc, but you won't see it at this level. You indeed would need to do a kata-runtime list on the particular node | 16:17 |
| kata-dev-irc-bot | <eric.ernst> Same as you would need to do with runc list | 16:17 |
| kata-dev-irc-bot | <raravena80> I think what @vizard561 is referring to is having cpu and memory hotplug in your Kata VMs, or a way for k8s to control those resources in Kata VMs. I don't think that's supported yet, is it? | 16:29 |
| kata-dev-irc-bot | <eric.ernst> I just addressed his first q. @julio.montes @sebastien.boeuf - see @vizard561’s question about constraining. | 16:42 |
| kata-dev-irc-bot | <eric.ernst> It should be done in the same way you'd do in standard k8s case. | 16:42 |
| kata-dev-irc-bot | <niteshkonkar007> @anne: What would be the right place to declare support for new host architecture ? Example: Kata-containers is now supported on POWER arch. | 16:44 |
| kata-dev-irc-bot | <sebastien.boeuf> @vizard561 if you want to constraint your containers running on your pod, we already apply cgroups regarding CPU inside the VM. We're planning to add an extra layer of cgroup on the qemu(hypervisor) process itself, but this is not done yet. We also plan to do that for memory, but the first step is to add memory hotplug support to Kata, otherwise, we cannot update the VM memory constraint when a new container is added | 16:47 |
| kata-dev-irc-bot | <anne> @niteshkonkar007 once we've got the kata ci testing on that, you'll want to edit the documentation to reflect that, particularly the Platform Support section here: https://github.com/kata-containers/runtime#platform-support | 16:50 |
| kata-dev-irc-bot | <niteshkonkar007> @anne: Thanks. | 16:51 |
| *** annabelleB has quit IRC | 16:53 | |
| *** annabelleB has joined #kata-general | 16:55 | |
| *** gwhaley has quit IRC | 16:57 | |
| *** jodh has quit IRC | 17:04 | |
| *** annabelleB has quit IRC | 17:16 | |
| *** annabelleB has joined #kata-general | 17:24 | |
| kata-dev-irc-bot | <vizard561> Hi team, i'm glad to hear so many answers, and yes, @raravena80 was right about my question. We all understand, what Kata isn't a hypervisor for orchestrating thousands of vm, sure. But if it is possible, this project can to change a whole world of virtualization. Exuse me if i missed some architecture things, i'll be wait a good news:upside_down_face: | 17:55 |
| *** annabelleB has quit IRC | 19:38 | |
| *** indy21 has joined #kata-general | 20:08 | |
| *** annabelleB has joined #kata-general | 20:47 | |
| *** LinuxMe_ has quit IRC | 21:25 | |
| *** LinuxMe has joined #kata-general | 21:31 | |
| *** LinuxMe has quit IRC | 21:36 | |
| *** LinuxMe has joined #kata-general | 21:42 | |
| *** LinuxMe has quit IRC | 21:46 | |
| *** annabelleB has quit IRC | 21:46 | |
| *** annabelleB has joined #kata-general | 22:06 | |
| *** annabelleB has quit IRC | 22:38 | |
| *** annabelleB has joined #kata-general | 23:46 | |
| *** annabelleB has quit IRC | 23:50 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!