| *** igordc has quit IRC | 02:16 | |
| *** stackedsax has joined #kata-general | 03:56 | |
| *** fiddletwix has joined #kata-general | 04:02 | |
| kata-irc-bot | <jgwinn> @raravena80 thanks for the response! For my requirement, I need to run K8s for prod -- HA, self-healing etc. I'm not good enough yet with K8s for custom provisioning, and I would prefer to use a managed solution like GKE or its competitors. Only issue there is that its only available with non-nested virt instances. | 05:25 |
|---|---|---|
| kata-irc-bot | <jgwinn> So I'd like to know if anybody is aware of provisioning tools that CAN work with nested virt instances/images out of the box. Or are people generally using custom builds only? | 05:27 |
| kata-irc-bot | <bergwolf> Hi Kata devs/users: We have just published the first KCSA (Kata Containers Security Advisories) about the impact of cve-2019-5736 on Kata Containers. The CVE-2019-5736 does not affect Kata Containers. Kata Containers does use the runc libcontainer library as part of its 'kata-agent' to launch container workloads, but the kata-agent executable is a permanently running application within the Kata Containers VM. Thus, the | 05:52 |
| kata-irc-bot | exit/re-execute cycle utilised by CVE-2019-5736 to execute the injected code is never undertaken. It should be noted, if the exploit had escaped from the kata-agent, the exploit code would have been executing inside the Kata Containers VM as root, and would not have direct access to either the host system or other container/pods. It is highly likely Kata Containers will vendor in and adopt all relevant libcontainer updates and changes, but | 05:52 |
| kata-irc-bot | given the 'copying' nature of some fixes, a performance and resource impact review will be undertaken. For details about the KCSA, please see https://github.com/kata-containers/community/blob/master/VMT/KCSA/KCSA-CVE-2019-5736.md | 05:52 |
| kata-irc-bot | <raravena80> Generally custom things like kubeadm. You can actually use GKE with nested virtualized nodes | 06:06 |
| kata-irc-bot | <jgwinn> Hmm, I could not find how to do this. Any pointers or links? I'll dig some more, but I only found that support for nested virt isnt there yet. Thanks! | 06:34 |
| *** sgarzare has joined #kata-general | 07:53 | |
| *** sameo has joined #kata-general | 08:36 | |
| *** tmhoang has joined #kata-general | 08:37 | |
| *** gwhaley has joined #kata-general | 09:07 | |
| *** sgarzare_ has joined #kata-general | 12:03 | |
| *** sgarzare has quit IRC | 12:06 | |
| *** sgarzare__ has joined #kata-general | 13:18 | |
| *** sgarzare_ has quit IRC | 13:21 | |
| *** sgarzare_ has joined #kata-general | 13:36 | |
| *** sgarzare__ has quit IRC | 13:38 | |
| *** sgarzare_ has quit IRC | 13:38 | |
| *** sgarzare has joined #kata-general | 13:41 | |
| kata-irc-bot | <raravena80> This is the link for nested virtualization: https://cloud.google.com/compute/docs/instances/enable-nested-virtualization-vm-instances | 15:11 |
| *** tmhoang has quit IRC | 16:03 | |
| *** lcastell has joined #kata-general | 16:39 | |
| *** spotz has joined #kata-general | 17:10 | |
| *** sgarzare_ has joined #kata-general | 17:21 | |
| *** sameo has quit IRC | 17:23 | |
| *** sgarzare has quit IRC | 17:24 | |
| *** sgarzare_ has quit IRC | 18:08 | |
| *** gwhaley has quit IRC | 18:12 | |
| *** tmhoang has joined #kata-general | 18:28 | |
| *** igordc has joined #kata-general | 19:07 | |
| *** eguan has quit IRC | 20:09 | |
| *** eguan has joined #kata-general | 20:11 | |
| *** sameo has joined #kata-general | 21:19 | |
| *** sameo has quit IRC | 22:18 | |
| *** tmhoang has quit IRC | 23:29 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!