| jbryce | AJaeger_: thanks for pushing it through | 00:41 |
|---|---|---|
| *** liujiong has joined #kata-dev | 01:03 | |
| *** liujiong has quit IRC | 01:16 | |
| mrbobbytables | btw -- the slack channel link takes you to the login page, but does not give you a way to create an account | 05:22 |
| *** gouthamr has quit IRC | 05:24 | |
| *** jodh has joined #kata-dev | 07:22 | |
| *** egonzalez has joined #kata-dev | 08:58 | |
| egonzalez | hi, is there some doc to read about kata usage? didnt found nothing so far | 08:59 |
| *** gwhaley has joined #kata-dev | 09:04 | |
| *** akot has joined #kata-dev | 09:17 | |
| *** akot has quit IRC | 09:17 | |
| *** markzen has joined #kata-dev | 10:09 | |
| markzen | hi | 10:10 |
| markzen | just heard about kata | 10:11 |
| markzen | could it be said that it's a way to make VM work with orchestration systems? | 10:11 |
| caisan | markzen, i think so | 10:54 |
| markzen | thanks | 11:03 |
| markzen | looks interesting | 11:03 |
| *** sun_ has joined #kata-dev | 11:14 | |
| gwhaley | hi markzen, caisan. You could see that as one aspect. VMs can already work under some orchestrators - but you tend to have one VM per (if I get the terminology right) .. cluster. | 11:41 |
| gwhaley | with kata the VMs are more like 'one layer down' - you get one VM per container or pod. | 11:41 |
| gwhaley | so your VM security boundary is at the container or pod level, rather than at the cluster level, iyswim | 11:42 |
| * gwhaley goes to check on k8s terminology..... | 11:43 | |
| gwhaley | so, rather than have a single VM for a node or a kubelet instance, your kubelet will launch a lightweight VM for each container or pod instance | 11:44 |
| *** sun_ has quit IRC | 12:02 | |
| markzen | right, that's what I understood | 12:45 |
| markzen | sort of vagrant-esque, with the docker API and ecosystem | 12:46 |
| markzen | if that makes sense | 12:46 |
| gwhaley | I see where you are coming from markzen - sort of :-) the VMs here are much lighter and faster though, and you also get other ecosystems like kubernetes support. | 12:52 |
| markzen | they run a very-specific kernel I guess | 12:54 |
| *** arjan_work has joined #kata-dev | 12:57 | |
| gwhaley | markzen: they have optimised kernel and small userspace, yes. Most of the optimisation is in the configuration (removing things we don't need to have in a container). Also similar for the hypervisor (QEMU) we use to run the VMs. | 12:59 |
| gwhaley | but they are all from the stock upstream code bases, and we push back any changes upstream where we can | 12:59 |
| gwhaley | relevant repose are on github, such as: https://github.com/kata-containers/linux | 12:59 |
| gwhaley | s/repose/repos/ :-) | 12:59 |
| gwhaley | so, we tend to carry a few patches whilst they are heading to upstram | 13:00 |
| gwhaley | (just to fill out the info) generally there is nothing to stop somebody using the stock upstream items, but you might lose some of the performance benefits unless you configure similarly and/or apply some of the patches that are in flight | 13:01 |
| markzen | I see | 13:02 |
| mugsie | gwhaley: do you see having forks as a long term thing, or will everything eventually stabilise and get into upstream? | 13:04 |
| gwhaley | mugsie: we upstream everything we can. It takes time (which varies on which upstream project we are pushing to), so we normally carry the patches until they land upstream. | 13:05 |
| gwhaley | occasionally there are one or two patches that are 'difficult' to upstream - they may be too container VM specific for instance, in which case we do just have to carry them along | 13:06 |
| gwhaley | So our forks are minimal and more like 'staging areas' than real forks. We would love to be using just upstream with our own local config items :-) | 13:06 |
| mugsie | Yeah, from a deployment perspective, I would prefer not to have a special kernel and not rebuild the hypervisor | 13:08 |
| arjan_work | mugsie: in some ways you may want a special kernel | 13:10 |
| arjan_work | since you don't need to support native hardware, you can strip the config down and reduce security surface that way | 13:10 |
| arjan_work | but that's a choice not a requirement | 13:11 |
| arjan_work | (not only do you save surface, you also save some time and memory) | 13:15 |
| markzen | wasn't one of the points of docker and friends to avoid the overhead of running many kernels on the same HW? I get it that you might want to reintroduce one for security benefits, but it makes most sense if it's a special, lightweight one, to me | 13:16 |
| *** colonelpopcorn has joined #kata-dev | 13:16 | |
| *** colonelpopcorn has left #kata-dev | 13:18 | |
| *** MJ has joined #kata-dev | 13:21 | |
| *** MJ is now known as Guest55318 | 13:22 | |
| arjan_work | markzen: the main points of docker is awesome software logistics | 13:24 |
| arjan_work | (deployment and management etc etc) | 13:24 |
| *** Guest55318 has quit IRC | 13:24 | |
| arjan_work | how you isolate things is completely separate ;_) | 13:24 |
| arjan_work | and whlie you can use docker to do very lightweight containres | 13:25 |
| arjan_work | many of them run a full ubuntu + python + whateverish stack | 13:25 |
| arjan_work | at which point, any kernel cost is sort of three digits behind the comma ;-) | 13:25 |
| arjan_work | but yes I am a fan of leightweight kernels so don't get me wrong ;_) | 13:26 |
| *** gwhaley has quit IRC | 13:27 | |
| markzen | yeah, I hear you on logistics | 13:27 |
| arjan_work | it's confusing in that people use the word "containers" for both logistics and for cgroup/namespace isolation | 13:28 |
| arjan_work | although the last year or two this has shifted to mostly be about logistics | 13:28 |
| arjan_work | (since there is where the fundamental gains are) | 13:28 |
| *** devimc has joined #kata-dev | 13:29 | |
| markzen | I've often meant docker to refer to containers, and, say, k8s for logistics | 13:29 |
| markzen | s/containers/cgroup+ns/ | 13:30 |
| arjan_work | docker is a lot about the low level logistics | 13:36 |
| arjan_work | dockerhub for one | 13:36 |
| arjan_work | and how to compose the "image" that eventually runs out of layers | 13:36 |
| arjan_work | docker itself has plugable backends for how to do isolation ;-) | 13:37 |
| markzen | yes, "low level logistics", that sums it up well to me | 13:38 |
| arjan_work | in some way, k8s is about application logistics and docker is about container level logistics | 13:43 |
| arjan_work | (I probably offend people by saying it that way but it's the closest I can come up with) | 13:44 |
| arjan_work | where an application contains potentially multiple containers | 13:44 |
| *** arjan_work has quit IRC | 14:12 | |
| *** arjan_work has joined #kata-dev | 14:12 | |
| *** sameo has joined #kata-dev | 14:30 | |
| *** gwhaley has joined #kata-dev | 14:35 | |
| *** ttx has quit IRC | 14:42 | |
| *** arjan_work has quit IRC | 14:48 | |
| *** mrbobbytables has quit IRC | 14:48 | |
| *** thingee has quit IRC | 14:48 | |
| *** kgz has quit IRC | 14:48 | |
| *** ChanServ has quit IRC | 14:48 | |
| *** AJaeger_ has quit IRC | 14:48 | |
| *** spotz has quit IRC | 14:48 | |
| *** jodh has quit IRC | 14:48 | |
| *** caisan has quit IRC | 14:48 | |
| *** markzen has quit IRC | 14:48 | |
| *** kata-dev-irc-bot has quit IRC | 14:48 | |
| *** mugsie has quit IRC | 14:48 | |
| *** bgmccollum has quit IRC | 14:48 | |
| *** jcarlosv_ has quit IRC | 14:48 | |
| *** eocardon_ has quit IRC | 14:48 | |
| *** egonzalez has quit IRC | 14:48 | |
| *** thebsdbox has quit IRC | 14:48 | |
| *** pabelanger has quit IRC | 14:48 | |
| *** thingee has joined #kata-dev | 14:54 | |
| *** mrbobbytables has joined #kata-dev | 14:54 | |
| *** kgz has joined #kata-dev | 14:54 | |
| *** AJaeger_ has joined #kata-dev | 14:54 | |
| *** arjan_work has joined #kata-dev | 14:54 | |
| *** gouthamr has joined #kata-dev | 14:54 | |
| *** markzen has joined #kata-dev | 14:54 | |
| *** egonzalez has joined #kata-dev | 14:54 | |
| *** jodh has joined #kata-dev | 14:54 | |
| *** pabelanger has joined #kata-dev | 14:54 | |
| *** spotz has joined #kata-dev | 14:54 | |
| *** thebsdbox has joined #kata-dev | 14:54 | |
| *** caisan has joined #kata-dev | 14:54 | |
| *** bgmccollum has joined #kata-dev | 14:54 | |
| *** eocardon_ has joined #kata-dev | 14:54 | |
| *** jcarlosv_ has joined #kata-dev | 14:54 | |
| *** kata-dev-irc-bot has joined #kata-dev | 14:54 | |
| *** mugsie has joined #kata-dev | 14:54 | |
| *** ttx has joined #kata-dev | 14:55 | |
| *** kgz has quit IRC | 14:55 | |
| *** sameo has quit IRC | 15:03 | |
| *** ChanServ has joined #kata-dev | 15:16 | |
| *** barjavel.freenode.net sets mode: +o ChanServ | 15:16 | |
| *** egonzalez has quit IRC | 15:39 | |
| *** arjan_work1 has joined #kata-dev | 16:10 | |
| *** arjan_work has quit IRC | 16:10 | |
| *** sameo has joined #kata-dev | 16:32 | |
| *** sameo_ has joined #kata-dev | 16:45 | |
| *** jcarlosv has joined #kata-dev | 16:46 | |
| *** gwhaley1 has joined #kata-dev | 16:46 | |
| *** sameo has quit IRC | 16:47 | |
| *** jcarlosv_ has quit IRC | 16:48 | |
| *** gwhaley has quit IRC | 16:48 | |
| *** eocardon_ has quit IRC | 16:48 | |
| *** sameo_ has quit IRC | 16:48 | |
| *** eocardon has joined #kata-dev | 16:49 | |
| *** nlacasse has joined #kata-dev | 17:05 | |
| *** johnstorey has joined #kata-dev | 17:13 | |
| *** arjan_work1 has quit IRC | 17:29 | |
| *** Aaa has joined #kata-dev | 17:31 | |
| *** Aaa has quit IRC | 17:31 | |
| *** johnstorey has quit IRC | 17:46 | |
| *** tkolte has joined #kata-dev | 17:48 | |
| *** tkolte has quit IRC | 17:51 | |
| *** jodh has quit IRC | 18:02 | |
| *** gwhaley1 has quit IRC | 18:39 | |
| *** arjan_work has joined #kata-dev | 20:20 | |
| *** p4tux has joined #kata-dev | 20:50 | |
| *** nlacasse has quit IRC | 21:20 | |
| *** AJaeger_ has quit IRC | 21:43 | |
| *** AJaeger_ has joined #kata-dev | 21:48 | |
| *** devimc has quit IRC | 22:04 | |
| *** fuentess has quit IRC | 22:27 | |
| *** AJaeger_ has quit IRC | 22:36 | |
| *** AJaeger_ has joined #kata-dev | 22:42 | |
| *** gouthamr has quit IRC | 22:59 | |
| *** gouthamr has joined #kata-dev | 23:41 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!