| *** sameo has joined #kata-dev | 04:35 | |
| *** hashar has joined #kata-dev | 05:53 | |
| *** dklyle has quit IRC | 06:24 | |
| *** pcaruana has joined #kata-dev | 06:25 | |
| *** jodh has joined #kata-dev | 07:07 | |
| *** sgarzare has joined #kata-dev | 07:09 | |
| *** davidgiluk has joined #kata-dev | 08:04 | |
| *** hashar has quit IRC | 09:06 | |
| *** sameo has quit IRC | 09:20 | |
| *** sameo has joined #kata-dev | 09:23 | |
| *** sameo has quit IRC | 10:00 | |
| *** sameo has joined #kata-dev | 10:13 | |
| kata-irc-bot | <simon.kaegi> You didn't explicitly mention Kubernetes but I'm going to assume that ;) I think kata-containers is somewhere in-between the two as it requires modification to the worker node as opposed to just metadata. What we do is use a customized version of kata-deploy -- https://github.com/kata-containers/packaging/tree/master/kata-deploy -- to add support to several nodes in our cluster. Then depending on your use-case you'll also likely | 12:08 |
|---|---|---|
| kata-irc-bot | want to use network policy, and pod security policy to prevent access from the sandboxed pods to your host. | 12:08 |
| *** devimc has joined #kata-dev | 12:19 | |
| *** sameo has quit IRC | 12:37 | |
| *** sameo has joined #kata-dev | 12:37 | |
| *** dklyle has joined #kata-dev | 12:55 | |
| fidencio | devimc: I'm pushing Adrian's patches and will do the forward-port | 13:33 |
| fidencio | devimc: and buenos dias! | 13:33 |
| *** devimc has quit IRC | 13:37 | |
| *** devimc has joined #kata-dev | 13:38 | |
| devimc | fidencio: bom dia | 13:39 |
| devimc | fidencio: https://github.com/kata-containers/runtime/pull/2703 ? | 13:39 |
| fidencio | devimc: exactly | 13:40 |
| devimc | sure let's merge it | 13:41 |
| devimc | fidencio: but not sure if a backport is required | 13:41 |
| devimc | since this is a new feature, not a bug fix | 13:41 |
| fidencio | devimc: I don't think we want a backport, but we do need a forward-port | 13:42 |
| fidencio | devimc: well, "want" ... I do want a backport :-) ... it's just not reasonable as it's not a bugfix :-) | 13:42 |
| devimc | fidencio: ok, forward-port = kata 2.0 | 13:43 |
| fidencio | yep! | 13:43 |
| fidencio | devimc: nice that 2.0 used modules | 14:03 |
| fidencio | devimc: not so nice that I don't know how to update those -/ | 14:03 |
| fidencio | :-/ | 14:03 |
| kata-irc-bot | <georg.kunz> Hi @simon.kaegi thanks for the reply. Right, so in principle an application with privileges could bring a custom kata-deploy to install the sandbox components needed. Probably not very clean, but doable in our context… | 14:07 |
| kata-irc-bot | <georg.kunz> depending on demand of this feature, maybe one could think about a mechanism to allow in a more secure way to plug new sandbox components in a running kata instance | 14:08 |
| devimc | fidencio: haha - me neither | 14:12 |
| fidencio | I'm opening the PR, someone will be able to correct me if I'm doing something stupid :-) | 14:23 |
| *** jodh has quit IRC | 15:12 | |
| *** hashar has joined #kata-dev | 15:40 | |
| *** th0din has quit IRC | 16:14 | |
| *** crobinso has joined #kata-dev | 16:25 | |
| *** sgarzare has quit IRC | 16:35 | |
| *** hashar has quit IRC | 16:43 | |
| *** hashar has joined #kata-dev | 16:46 | |
| *** hashar has quit IRC | 17:25 | |
| *** devimc has quit IRC | 17:26 | |
| *** devimc has joined #kata-dev | 17:57 | |
| *** davidgiluk has quit IRC | 19:06 | |
| fidencio | devimc: nice trick about closing and re-opening the PR | 19:15 |
| devimc | fidencio: s/nice/dirty | 19:15 |
| devimc | xD | 19:16 |
| fidencio | devimc: please, don't spoil the beauty of a really dirty workaround | 19:23 |
| *** crobinso has quit IRC | 19:33 | |
| *** th0din has joined #kata-dev | 19:36 | |
| *** sameo has quit IRC | 20:24 | |
| *** sameo has joined #kata-dev | 20:48 | |
| *** devimc has quit IRC | 21:06 | |
| *** jugs1 has quit IRC | 22:04 | |
| *** jugs1 has joined #kata-dev | 22:18 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!