| kata-irc-bot | <xwlpt> Hi @graham.whaley @eric.ernst Just want to know that: Is container runs in privileged mode is still a limitation for Kata. `https://github.com/kata-containers/documentation/blob/master/Limitations.md#docker-run---privileged` | 01:16 |
|---|---|---|
| kata-irc-bot | <archana.m.shinde> @xwlpt That needs to be updated | 01:51 |
| kata-irc-bot | <archana.m.shinde> We do support `privileged` flag, but the privileges are applied to the guest rather than the host | 01:52 |
| kata-irc-bot | <archana.m.shinde> you get all `capabilities` within the guest, access to all devices within the guest | 01:53 |
| kata-irc-bot | <archana.m.shinde> in that sense it is different from the true notion of privileged in case of runc | 01:53 |
| kata-irc-bot | <xwlpt> Thanks @archana.m.shinde Do you know at which version is it supported? | 01:54 |
| kata-irc-bot | <archana.m.shinde> we also cannot make any changes to the host networking | 01:54 |
| kata-irc-bot | <archana.m.shinde> @xwlpt I dont really recall, will have to check | 01:55 |
| kata-irc-bot | <archana.m.shinde> what version are you using? | 01:56 |
| kata-irc-bot | <xwlpt> I am using kata 1.5 now. But have not tried it. | 01:57 |
| kata-irc-bot | <archana.m.shinde> you should have it then | 01:57 |
| kata-irc-bot | <archana.m.shinde> I think it was added atleast a couple of versions back | 01:57 |
| kata-irc-bot | <xwlpt> Another question is: Do you know why we have `PrivateDevices=yes ` in this serivce configuration? `https://github.com/kata-containers/documentation/blob/master/Developer-Guide.md#create-a-debug-systemd-service` I want to remove it, but not have any context for why it is added? Is there any reason for we need to enable it? cc @graham.whaley @eric.ernst | 01:58 |
| kata-irc-bot | <xwlpt> @archana.m.shinde I will have a try. | 01:58 |
| kata-irc-bot | <xwlpt> Since kata support privileged containers now as @archana.m.shinde Another issue is how to limit user just can run privileged containers for runv but not runc. As I know, there is no RBAC based on runtimeClass in k8s. Does anyone have ideas for this? @graham.whaley @eric.ernst @xu @archana.m.shinde | 02:11 |
| *** openstack has joined #kata-dev | 02:22 | |
| *** ChanServ sets mode: +o openstack | 02:22 | |
| kata-irc-bot | <krsna1729> @xwlpt see if admission controllers concept is useful | 02:47 |
| *** stefanha has quit IRC | 06:07 | |
| *** irclogbot_0 has quit IRC | 06:09 | |
| *** irclogbot_0 has joined #kata-dev | 06:09 | |
| *** stefanha has joined #kata-dev | 07:35 | |
| *** sgarzare has joined #kata-dev | 08:16 | |
| *** sameo has joined #kata-dev | 08:21 | |
| *** tmhoang has joined #kata-dev | 08:32 | |
| *** jodh has joined #kata-dev | 08:41 | |
| *** gwhaley has joined #kata-dev | 08:53 | |
| kata-irc-bot | <thierry> Kubecon EU CFP results are in... | 08:55 |
| kata-irc-bot | <thierry> My talk about demistifying the container runtimes landscape (where I planned to show complementarity between kata and Firecracker amongst other things) was rejected | 08:56 |
| kata-irc-bot | <thierry> How did others fare? | 08:57 |
| stefanha | thierry: "your submission, virtio-fs: container storage for lightweight virtual machines, has been added to our waitlist" ¯\_(ツ)_/¯ | 09:11 |
| *** lpetrut has joined #kata-dev | 10:33 | |
| kata-irc-bot | <xu> not accepted | 11:42 |
| *** gwhaley has quit IRC | 12:06 | |
| *** gwhaley has joined #kata-dev | 12:59 | |
| *** fuentess has joined #kata-dev | 13:18 | |
| *** devimc has joined #kata-dev | 13:21 | |
| *** sgarzare has quit IRC | 13:25 | |
| *** sgarzare has joined #kata-dev | 13:28 | |
| kata-irc-bot | <raravena80> waitlisted too ¯\_(ツ)_/¯ . I think they have a lot of sponsored talks. | 13:41 |
| stefanha | The talks 2019 etherpad was here: https://etherpad.openstack.org/p/KataTalks2019 | 13:42 |
| * stefanha updates | 13:43 | |
| *** openstack has joined #kata-dev | 15:37 | |
| *** ChanServ sets mode: +o openstack | 15:37 | |
| *** jodh has quit IRC | 16:03 | |
| *** eernst has joined #kata-dev | 16:13 | |
| *** devimc has quit IRC | 16:48 | |
| *** igordc has quit IRC | 16:48 | |
| *** devimc has joined #kata-dev | 16:49 | |
| *** sameo has quit IRC | 16:49 | |
| *** igordc has joined #kata-dev | 16:52 | |
| *** igordc has quit IRC | 16:53 | |
| kata-irc-bot | <jose.carlos.venegas.m> @mvedovati same here, we should remove that commit hash from the packages | 16:55 |
| *** igordc has joined #kata-dev | 16:56 | |
| kata-irc-bot | <jose.carlos.venegas.m> that and have `=` dependencies instead of `>=` to the kata repositories. | 16:56 |
| kata-irc-bot | <mvedovati> correct | 16:58 |
| *** igordc has quit IRC | 17:10 | |
| *** eernst has quit IRC | 17:13 | |
| *** igordc has joined #kata-dev | 17:21 | |
| *** eernst has joined #kata-dev | 17:32 | |
| *** sgarzare has quit IRC | 17:34 | |
| *** igordc has quit IRC | 17:43 | |
| *** igordc has joined #kata-dev | 17:48 | |
| *** tmhoang has quit IRC | 17:58 | |
| *** gwhaley has quit IRC | 19:27 | |
| *** igordc has quit IRC | 19:32 | |
| *** igordc has joined #kata-dev | 19:33 | |
| *** igordc has quit IRC | 20:13 | |
| *** igordc has joined #kata-dev | 21:26 | |
| *** igordc has quit IRC | 21:26 | |
| *** igordc has joined #kata-dev | 21:27 | |
| *** igordc has quit IRC | 22:25 | |
| *** fuentess has quit IRC | 22:29 | |
| *** devimc has quit IRC | 22:32 | |
| *** igordc has joined #kata-dev | 22:43 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!