*** mylinux has joined #kata-general | 00:10 | |
*** mylinux has quit IRC | 00:12 | |
*** mylinux has joined #kata-general | 00:12 | |
*** mylinux has quit IRC | 00:19 | |
kata-dev-irc-bot | <raravena80> folks, the aws slack is https://awsdevelopers.slack.com/ you can DM https://twitter.com/abbyfuller with your email for an invite. | 00:55 |
---|---|---|
*** oikiki has joined #kata-general | 01:25 | |
*** liujiong has joined #kata-general | 02:57 | |
*** oikiki has quit IRC | 03:12 | |
*** mylinux has joined #kata-general | 04:20 | |
*** liujiong has quit IRC | 04:22 | |
*** liujiong has joined #kata-general | 04:23 | |
*** mylinux has quit IRC | 04:24 | |
*** liujiong has quit IRC | 04:58 | |
*** liujiong has joined #kata-general | 04:59 | |
*** oikiki has joined #kata-general | 05:38 | |
*** sjas_ has joined #kata-general | 05:45 | |
*** sjas has quit IRC | 05:48 | |
*** mylinux has joined #kata-general | 06:37 | |
*** mylinux has quit IRC | 06:42 | |
*** oikiki has quit IRC | 06:44 | |
*** jodh has joined #kata-general | 07:47 | |
*** jodh has joined #kata-general | 07:47 | |
*** liujiong has quit IRC | 07:57 | |
*** gwhaley has joined #kata-general | 08:55 | |
*** oikiki has joined #kata-general | 09:03 | |
*** oikiki has quit IRC | 09:19 | |
*** mylinux has joined #kata-general | 09:43 | |
*** mylinux has quit IRC | 09:47 | |
*** sjas_ is now known as sjas | 10:54 | |
*** gwhaley has quit IRC | 11:58 | |
*** mylinux has joined #kata-general | 12:32 | |
*** gwhaley has joined #kata-general | 12:42 | |
kata-dev-irc-bot | <james.brennan> Question: we are currently using docker with --net=host. I noticed in the ClearContainers limitations document that this is not supported. Are there any plans to support --net=host, or something equivalent, in Kata? | 14:01 |
kata-dev-irc-bot | <samuel.ortiz> @james.brennan Not to my knowledge | 14:04 |
kata-dev-irc-bot | <samuel.ortiz> You can't really get full access to the host netns from a VM. | 14:04 |
*** mylinux has quit IRC | 14:07 | |
*** mylinux has joined #kata-general | 14:09 | |
kata-dev-irc-bot | <eric.ernst> @james.brennan this isn't really feasible. You can use a mix of runc and Kata based containers on a system, however. | 14:09 |
*** mylinux has quit IRC | 14:19 | |
*** mylinux has joined #kata-general | 14:37 | |
kata-dev-irc-bot | <james.brennan> Thanks! We were thinking that we would need IPV6 to make this work then - so we can assign “real” IPs to each kata container. We don’t actually need them all to be unique - we are currently using “host” mode afterall. Is there a way to setup an overlay network with a single IP shared by all kata containers running on a system, or would this also fail (documentation for CC seems to suggest you can’t share). | 15:16 |
kata-dev-irc-bot | typically running 60+ containers per node. | 15:16 |
kata-dev-irc-bot | <anne> Sorry all for the spam on the dev list--not sure why that wasn't caught. If anyone needs assistance with their international freight logistics, please reach out to Kelvin ;) In the mean time, I'll check out why those are getting through | 15:25 |
kata-dev-irc-bot | <samuel.ortiz> @james.brennan I'll defer that question to @manohar.r.castelino | 15:30 |
kata-dev-irc-bot | <james.o.hunt> @anne - Morning! Do you have a github account? | 16:52 |
kata-dev-irc-bot | <anne> i sure do! annabellebertooch. | 16:53 |
kata-dev-irc-bot | <anne> it's a bad riff on my last name being mispronounced that hasn't aged well :slightly_smiling_face: | 16:53 |
kata-dev-irc-bot | <samuel.ortiz> @anne it's the "ooch" part that's mispronounced, right ? | 16:56 |
*** gwhaley has quit IRC | 16:57 | |
kata-dev-irc-bot | <anne> si :slightly_smiling_face: | 16:58 |
kata-dev-irc-bot | <manohar.r.castelino> @james.brennan what do you mean by all the containers having the same IP. Do you mean a mode where the IP of the container does not matter as it will always be NATed out, and there is no container to container connectivity needed? | 17:13 |
kata-dev-irc-bot | <manohar.r.castelino> I have been looking at a way to support a configuration where | 17:14 |
kata-dev-irc-bot | <manohar.r.castelino> 1. The container IP is never visible outside the container | 17:14 |
kata-dev-irc-bot | <manohar.r.castelino> 2. There is no need for inter container connectivity within the same host | 17:14 |
kata-dev-irc-bot | <manohar.r.castelino> 3. All container traffic is outbound | 17:14 |
kata-dev-irc-bot | <manohar.r.castelino> 4. There never a need to reach the container from the external network | 17:15 |
kata-dev-irc-bot | <manohar.r.castelino> We can support that mode if you want. But that breaks the CNI, Container network paradigm. But it will be a custom mode. Not quite --net=host, but more like --net=host-client-only | 17:16 |
*** gwhaley has joined #kata-general | 17:36 | |
*** mylinux has quit IRC | 17:42 | |
*** mylinux has joined #kata-general | 17:46 | |
*** jodh has quit IRC | 18:05 | |
*** oikiki has joined #kata-general | 18:06 | |
kata-dev-irc-bot | <james.brennan> @manohar.r.castelino, thanks for your reply! The apps running in our containers need to have an IP address that is visible outside the container, both to other containers running on the same or other nodes, and to other gateway machines. They need to be able to handle outbound and inbound traffic. We also have no control over which ephemeral ports they may be using. | 18:18 |
kata-dev-irc-bot | <manohar.r.castelino> @james.brennan so you need a true --net=host mode then. I assume in this case the containers do not really access the IP's of other container but ephemeral ports. In that case how are the ports published? Some out of band mechanism? | 18:20 |
kata-dev-irc-bot | <james.brennan> @manohar.r.castelino that is correct. The apps have a lot of freedom in how they choose to communicate with other apps running on the cluster. As I mentioned above, we are currently thinking that if we move to IPV6, we will be able to manage having separate fully accessible IPs in each container. We haven’t determined if that’s a viable path yet. | 18:30 |
*** gwhaley has quit IRC | 19:49 | |
*** mylinux has quit IRC | 20:05 | |
*** oikiki has quit IRC | 22:43 | |
*** oikiki has joined #kata-general | 22:50 | |
*** oikiki has quit IRC | 23:06 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!