| *** dklyle has joined #kata-dev | 03:46 | |
| *** dklyle has quit IRC | 03:52 | |
| *** jodh has joined #kata-dev | 07:28 | |
| *** gwhaley has joined #kata-dev | 08:00 | |
| *** davidgiluk has joined #kata-dev | 08:05 | |
| kata-irc-bot | <graham.whaley> Hi @alessandro.randazzo - I'm not sure we have a table or list. I thought there might be a doc on katacontainers.io, but all I could find was the original one pager https://katacontainers.io/collateral/kata-containers-1pager.pdf, or the page with the videos might be useful: https://katacontainers.io/learn/ | 08:23 |
|---|---|---|
| kata-irc-bot | <graham.whaley> As I think you probably already know, the real difference/key is that the workloads run in their own VMs. This gives you the VM hardware backed isolation - but there are some other benefits, like you can choose a different kernel per-workload if you need etc. | 08:24 |
| kata-irc-bot | <alessandro.randazzo> @graham.whaley ok thanks...I also think minimal memory footprint and cpu resources, unaffected by host root escalation and several I/O optimations | 08:39 |
| kata-irc-bot | <alessandro.randazzo> I wrote a paper on Kata and making a qualitative comparison with runC...I am presenting it next October , but they suggested me to extend it a bit...that's why I'm asking | 08:41 |
| kata-irc-bot | <alessandro.randazzo> After the public talk I will able to share it to the community | 08:41 |
| kata-irc-bot | <graham.whaley> @alessandro.randazzo - oh, sweet :slightly_smiling_face: sure, let's gather more info then - /cc @xu @eric.ernst who have done similar talks at conferences and may have some ideas to inject. | 08:53 |
| kata-irc-bot | <alessandro.randazzo> for example they asked me to strength my paper with some concrete example..but I am focused on mobile edge use cases and I don't know where to find something | 08:55 |
| kata-irc-bot | <graham.whaley> I'll throw a slightly obscure and possibly un-used feature out for you then - you can enable KSM when using QEMU, and identical pages across the workloads will get merged together in the kernel.... for large longlived workloads this can use less memory across the system than non-VM runtimes. The downside is it is unclear if enabling KSM is a potential security hole... so I think it tends to be turned off. | 08:55 |
| kata-irc-bot | <alessandro.randazzo> my idea is on live migration, but at the moment this feature is not delevoped yet on Kata | 08:56 |
| kata-irc-bot | <graham.whaley> the concrete example we have shown at confs. is the 'dirty COW' escape | 08:56 |
| kata-irc-bot | <graham.whaley> on software runtimes, you escape to the host. On Kata you escape to the VM, so still isolated from the host ;) | 08:56 |
| kata-irc-bot | <alessandro.randazzo> yes I mentioned the advantage of the double security layer | 08:57 |
| kata-irc-bot | <dpopa> Hi! Looks like the kata ci is failing on firecracker | 09:41 |
| gwhaley | @dropa - yep, looks like a known issue happened in the last couple of days - there are a couple of Issues for it already on github - @fuentess will v.likely pick it up in a few hours.. | 11:03 |
| *** gwhaley has quit IRC | 11:03 | |
| kata-irc-bot | <dpopa> cool, i just wanted to make sure you are aware of the situation :slightly_smiling_face: | 11:20 |
| *** gwhaley has joined #kata-dev | 12:10 | |
| *** devimc has joined #kata-dev | 13:13 | |
| *** dklyle has joined #kata-dev | 13:29 | |
| *** fuentess has joined #kata-dev | 13:59 | |
| *** fuentess has quit IRC | 16:04 | |
| *** fuentess has joined #kata-dev | 16:06 | |
| *** igordc has joined #kata-dev | 16:18 | |
| *** jodh has quit IRC | 17:01 | |
| *** gwhaley has quit IRC | 17:01 | |
| *** davidgiluk has quit IRC | 19:03 | |
| *** kata-irc-bot4 has joined #kata-dev | 21:09 | |
| *** kata-irc-bot has quit IRC | 21:09 | |
| *** fuentess has quit IRC | 21:10 | |
| *** devimc has quit IRC | 21:23 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!