Friday, 2019-11-22

« Thursday, 2019-11-21 Index Saturday, 2019-11-23 »
*** igordc has quit IRC01:57
*** sameo has joined #kata-general07:23
*** sameo has quit IRC07:50
*** sgarzare has joined #kata-general08:16
*** gwhaley has joined #kata-general08:48
*** gwhaley has quit IRC10:24
*** sameo has joined #kata-general12:36
kata-irc-bot3<cmichel> Hey, I am new to Kata Containers, which I’m going to attempt implementing today by launching a simple sandboxed/VM container, though I have a few questions.   1. Does QEMU run as root? I’ve seen mixed answers on this and it seems like its on the road map but not yet implemented? 2. Are you restricted to i3 meta instances on AWS or can you use any bare metal instance with virtualization?  3. Thinking long term, I’m a little wor14:10
kata-irc-bot3about running QEMU as the default Hypervisor on production due to numerous reasons and I’m unsure if Firecracker will be sufficient enough because of its lack of file system mount. Is the last choice NEMU? Is anyone here running Kata Containers in production? If so, which Hypervisor are you using?14:10
*** sameo has quit IRC14:23
kata-irc-bot3<mikroskeem> iirc qemu ran as root last time i tried kata backend on clear linux14:26
zer0defwouldn't it be dependent on the CRI, though? as in running rootless containerd/cri-o/podman?14:31
kata-irc-bot3<christophe> Rootless podman does not work yet (although there is work going on). Not sure if the combination of root-less and qemu has been made to work yet.14:39
zer0defuh, rootless podman runc works right now?14:41
*** sgarzare has quit IRC14:42
zer0defi might be running a git-master build, though14:42
*** sgarzare has joined #kata-general14:46
zer0def`podman run --rm -ti --runtime /usr/bin/kata-runtime alpine:edge /bin/sh` → "Error: mkdir /var/lib/vc/uuid: permission denied: OCI runtime permission denied error", so… would there be a way to coerce virtcontainers to use a different per-user root?14:57
zer0defthat, naturally, omits setting the network to slirp4netns14:58
*** gwhaley has joined #kata-general15:11
*** sgarzare has quit IRC16:51
kata-irc-bot3<graham.whaley> @zer0def - there is a kata podman docs PR open at the moment - I think they'd love some more testing and input.... see https://github.com/kata-containers/documentation/pull/565 /cc @archana.m.shinde @james.o.hunt17:41
kata-irc-bot3<archana.m.shinde> @zer0def - yes, like @graham.whaley said we are working on the docs currently for rootless Kata with podman17:47
kata-irc-bot3<archana.m.shinde> there are some extra setup steps needed, such as adding yourself to the kvm group so that you can start qemu as a rootless user17:47
kata-irc-bot3<graham.whaley> @cmichel - welcome. afaik, kata does not support qemu as root today, but the podman work is nearly there. We also just added 'cloud hypervisor' as another VM supported by kata - I don't know the rootless-or-not status of that, but it is a much smaller footprint hypervisor designed for cloud stackups. Also, the recent Baidu post on their use of kata might be worth a read:17:48
kata-irc-bot3https://katacontainers.io/collateral/ApplicationOfKataContainersInBaiduAICloud.pdf17:48
kata-irc-bot3<archana.m.shinde> @cmichel you are not restricted to AWS i3, you can use Azure or gce as well, any platform that has nested virtualization enabled17:48
kata-irc-bot3<cmichel> I was referring to another bare metal instance on AWS.17:55
kata-irc-bot3<archana.m.shinde> Any bare metal instance that supports virtualization should work17:57
zer0defthanks @graham.whaley @archana.m.shinde though that documentation doesn't address the presented error17:58
kata-irc-bot3<eric.ernst> Cloud hypervisor brings many of the benefits of firecracker, but includes a few extra para-virtualized devices, including virtiofs-fs.18:01
kata-irc-bot3<eric.ernst> @samuel.ortiz @robert.bradford ^^18:02
kata-irc-bot3<eric.ernst> We have initial offering in 1.10-alpha118:02
* gwhaley not (yet) seeing @eric.ernst message on my slack....18:04
gwhaley@eric.ernst - are there any cloud hypervisor docs in the kata repos - how to enable/configure. feature sets etc.? I had a quick look and didn't immediately see any.18:04
gwhaleyI think we'll need them if we want it tested out etc.18:04
zer0defjust out of curiosity, what are the permissions for /var/lib/vc originally? i've inherited maintenance of kata in arch and they're 755 there, which might not (?) be correct18:10
*** igordc has joined #kata-general18:23
*** fuentess has joined #kata-general18:25
kata-irc-bot3<graham.whaley> @raravena80 - you did the Mac CI support was it? I don't suppose you build Kata on mac do you? There is a user asking on the mailing list.....18:26
kata-irc-bot3<graham.whaley> I guess worst case, one could build kata inside a docker container? :slightly_smiling_face:18:26
kata-irc-bot3<salvador.fuentes> zer0def: I see them as 75018:27
*** irclogbot_3 has quit IRC18:27
zer0defso they're good enough™, was concerned those were too restrictive18:27
*** irclogbot_2 has joined #kata-general18:30
zer0defhnh… i should take a peek at an older kernel, alright18:42
*** gwhaley has quit IRC18:43
kata-irc-bot3<raravena80> @graham.whaley yes, it would be in a VM, since the kata on a mac is whole different story (networking libraries, etc are different)19:06
kata-irc-bot3<eric.ernst> Macstadium met us at KubeCon and showed interest in a macos guest.19:31
*** MartinXu has joined #kata-general20:02
zer0defok, so I've reproduced "mkdir /var/run/netns: permission denied" from @james.o.hunt's comment today in kata-containers/documentation#56521:02
*** sameo has joined #kata-general21:28
*** sameo has quit IRC21:34
*** sameo has joined #kata-general21:35
*** fuentess has quit IRC22:34
*** sameo has quit IRC23:36
*** MartinXu has quit IRC23:51
« Thursday, 2019-11-21 Index Saturday, 2019-11-23 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!