| *** tmhoang has joined #kata-general | 07:06 | |
| *** tmhoang has quit IRC | 07:12 | |
| *** sameo has joined #kata-general | 07:23 | |
| *** gwhaley has joined #kata-general | 07:58 | |
| kata-irc-bot | <jzc001> hello | 08:27 |
|---|---|---|
| kata-irc-bot | <jzc001> hello everyone when I try to run kata with Firecracker,I have met some trouble. I use docker to run it,and when i use ps -aux | grep firecracker ,I can see the process [firecracker_rel] <defunct> and after a few time,I have got the message "Failed to check if grpc server is working: context deadline exceeded". kata-runtime : 1.8.0-alpha0 | 08:46 |
| kata-irc-bot | <caoruidong> Could you run a VM by firecracker alone? | 08:50 |
| kata-irc-bot | <graham.whaley> Hi @jzc001 - just to check, you have the basic requirements (`vhost_vsock` and a block based storage/graph driver in use) for firecracker/kata: https://github.com/kata-containers/documentation/wiki/Initial-release-of-Kata-Containers-with-Firecracker-support#pre-requisuites | 09:00 |
| kata-irc-bot | <jzc001> Hi @graham.whaley Does "block based" mean I have to use devicemapper in docker? Thanks for you help. | 09:15 |
| kata-irc-bot | <graham.whaley> @jzc001 - `devicemapper` or another block based/backed graph driver, yes. @caoruidong @gmmaharaj, any advice if there are other graph drivers for docker that will work with firecracker? (sure, I guess virtio-fs is one of them?) | 09:16 |
| *** gwhaley has quit IRC | 11:01 | |
| kata-irc-bot | <ahmad.gaber> Hi Guys any one use Kata containers with stateful applications? | 12:03 |
| *** gwhaley has joined #kata-general | 12:07 | |
| kata-irc-bot | <graham.whaley> @eric.ernst @samuel.ortiz ^^ any idea? | 14:03 |
| kata-irc-bot | <taimoorbhatti> @ahmad.gaber what are you looking for? I haven't used kata containers in production but maybe I can still help if you explain your question better | 15:06 |
| kata-irc-bot | <ahmad.gaber> @taimoorbhatti we have an on-premise application and we want to move to the cloud, we following the multitenant container based principle so we containerized our app and then packaged it into docker image then we deployed it into K8S we launch a beta version so our architecture depends on creating for each customer a namespace and each namespace have 1 statefultset, PVC, service and Ingress to be accessible from out side we want | 15:12 |
| kata-irc-bot | to secure our platform so I'm thinking about trying kata container. | 15:12 |
| *** sameo has quit IRC | 15:31 | |
| *** sameo has joined #kata-general | 15:35 | |
| *** sameo has quit IRC | 15:54 | |
| *** sameo has joined #kata-general | 15:59 | |
| *** sameo has quit IRC | 16:05 | |
| kata-irc-bot | <taimoorbhatti> Hey Biga, from your description, I don't think there's anything wrong with the direction you're heading in. What I would test out is how well Persistent Volumes play with Kata. Maybe some people in the community here can shed more light there. Secondly, if you're running a lot of containers, you might want to measure the overhead of virtualization. Kata is a great improvement over conventional VMs (plus it's all software | 16:43 |
| kata-irc-bot | defined but nothing can beat native. I suspect that unless you are running customer programs (which you can't trust) you may want to prefer running natively. | 16:43 |
| *** igordc has joined #kata-general | 16:44 | |
| kata-irc-bot | <taimoorbhatti> >we want to secure our platform so I'm thinking about trying kata container Nothing wrong with trying out stuff!! I'm doing the same these days :slightly_smiling_face: Kata provides _isolation._ If something breaks into your infrastructure using anything except a Kernel/syscall bug, I don't know if Kata will be of help :| I'd love to know what the community here thinks as well. Also check out the gVisor project from Google. | 16:48 |
| *** gwhaley has quit IRC | 16:58 | |
| kata-irc-bot | <gmmaharaj> docker has yet to enable block-device support back in their releases. They had a patch where the default devmapper was temporarily re-enabled, not sure which docker release it landed in. The long term plan is to allow docker to use containerd's snapshotter which currently has a devmapper plugin. I am trying to pull up the github PR for that, but seems the website is down. | 18:10 |
| *** sameo has joined #kata-general | 21:38 | |
| *** ChanServ has quit IRC | 22:09 | |
| *** ChanServ has joined #kata-general | 22:14 | |
| *** niven.freenode.net sets mode: +o ChanServ | 22:14 | |
| *** sameo has quit IRC | 22:55 | |
| kata-irc-bot | <gmmaharaj> https://github.com/moby/moby/pull/38738 <-- that is the PR that we need for docker to use the containerd snapshotter to provide block volumes by default. I believe docker 19.03 also has re-enabled their device mapper block based backend. | 23:59 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!