Thursday, 2019-12-05

« Wednesday, 2019-12-04 Index Friday, 2019-12-06 »
*** sameo has joined #kata-general00:16
*** sameo has quit IRC00:43
kata-irc-bot1<archana.m.shinde> zer0def This should fix the error you see with --net=none  https://github.com/kata-containers/runtime/pull/232001:19
kata-irc-bot1<archana.m.shinde> Let me know if that works out for you as well01:19
kata-irc-bot1<archana.m.shinde> I was not able to reproduce your error with networking though, and the logs dont help much01:20
kata-irc-bot1<cmichel> Has anyone set up Kata containers with Core OS?01:23
kata-irc-bot1<eric.ernst> we should be *relatively* distro-agnostic01:51
kata-irc-bot1<eric.ernst> (ie, we have a set of static tarballs we also produce, and provide for deployment on k8s)01:51
*** sameo has joined #kata-general02:17
*** igordc has quit IRC02:54
kata-irc-bot1<manchenchen> Thanks .I test another function ,enable_swap = true 。When i change it to true and restart docker ,I run one docker and exec into it ,find still no swap show when free -h  .Any advise on it02:58
kata-irc-bot1<manchenchen> And is there any way to reset the shm-size when docker(kata-runtime) run 。03:05
*** sameo has quit IRC03:48
zer0def@archana.m.shinde it works, though i'm not sure whether implementing netns configuration on the runtime's end instead of letting the CRI (in this case, podman) do it is a good approach (sans the issue with 0711 on /var/run/netns)07:53
zer0defbut since i'm not exactly contributing myself, i'm in no position to complain07:53
kata-irc-bot1<manchenchen> When i try to use docker network connect to add one more interface ,like eth1 ,I find it works under runc ,not work under kata .It should because kata is vm,different .any advise to add one more interface in the kata vm .thanks08:22
*** sgarzare has joined #kata-general08:29
*** gwhaley has joined #kata-general08:59
*** lpetrut has joined #kata-general09:04
kata-irc-bot1<manchenchen> Has anyone see this and advise it09:13
kata-irc-bot1<graham.whaley> @manchenchen - I wonder if `docker network connect` suffers from the same kata Limitation that `docker --net=xxx` does - documented at https://github.com/kata-containers/documentation/blob/master/Limitations.md#support-for-joining-an-existing-vm-network  I suspect so, as `docker network connect` is trying to connect to a docker network namespace (not a physical network controller) I think? /cc @archana.m.shinde for09:20
kata-irc-bot1clarification.09:20
kata-irc-bot1<manchenchen> @graham.whaley yes,read the limitation ,docker network connect  can't work .i notice that kata-runtime kata-network add-iface command maybe add one more iface into the kata vm ,but i can not find any sample in the documents。09:23
*** sameo has joined #kata-general09:29
*** lpetrut has quit IRC09:54
*** sgarzare has quit IRC09:54
*** mugsie has quit IRC09:54
*** rha has quit IRC09:54
*** Wimpress has quit IRC09:54
*** sameo has quit IRC09:54
*** gwhaley has quit IRC09:54
*** kata-irc-bot1 has quit IRC09:54
*** peluse has quit IRC09:54
*** serverascode has quit IRC09:54
*** stackedsax has quit IRC09:54
*** manny has quit IRC09:54
*** irclogbot_0 has quit IRC09:55
*** trom has quit IRC09:55
*** zer0def has quit IRC09:55
*** sjas has quit IRC09:55
*** EricAdamsZNC has quit IRC09:55
*** tobberydberg has quit IRC09:55
*** tmhoang has quit IRC09:55
*** ChanServ has quit IRC09:55
*** lpetrut has joined #kata-general10:04
*** rha has joined #kata-general10:04
*** mugsie has joined #kata-general10:04
*** sgarzare has joined #kata-general10:04
*** Wimpress has joined #kata-general10:04
*** manny has joined #kata-general10:04
*** zer0def has joined #kata-general10:04
*** irclogbot_0 has joined #kata-general10:04
*** tmhoang has joined #kata-general10:04
*** trom has joined #kata-general10:04
*** sjas has joined #kata-general10:04
*** EricAdamsZNC has joined #kata-general10:04
*** tobberydberg has joined #kata-general10:04
*** ChanServ has joined #kata-general10:04
*** orwell.freenode.net sets mode: +o ChanServ10:04
*** sameo has joined #kata-general10:04
*** gwhaley has joined #kata-general10:04
*** peluse has joined #kata-general10:04
*** kata-irc-bot1 has joined #kata-general10:04
*** serverascode has joined #kata-general10:04
*** stackedsax has joined #kata-general10:04
*** kata-irc-bot has joined #kata-general10:05
*** kata-irc-bot1 has quit IRC10:05
*** sgarzare has quit IRC10:31
kata-irc-bot<graham.whaley> @manchenchen - I think `kata-network add-iface` is a kata specific runtime command, and not something that would normally get driven by the higher level orchestrators directly. iiuc, it is used to add a physical network interface into a kata container - not add a virtual network namespace like 'docker network connect' would be doing. still need to wait for @archana.m.shinde to elaborate :slightly_smiling_face: - see10:44
kata-irc-bothttps://github.com/kata-containers/runtime/issues/1876 for 'add-iface' details I think10:45
*** sgarzare has joined #kata-general11:18
*** sameo has quit IRC11:19
*** gwhaley has quit IRC12:30
*** gwhaley has joined #kata-general13:48
*** sgarzare has quit IRC14:06
*** sgarzare has joined #kata-general14:12
kata-irc-bot<eric.ernst> You can do a network add via docker in a runc container, and then steal all the network interfaces from it via a new kata container that uses the original containers network. I have a gist in this somewhere....15:07
kata-irc-bot<eric.ernst> https://gist.github.com/egernst/0c8acf60d5aa4b6ab9d36517580c760a#launching-clear-container-with-two-vhost-user-interfaces15:09
kata-irc-bot<eric.ernst> This is very old, but a hack I used on docker cli15:09
kata-irc-bot<eric.ernst> Multi interfaces, using something like multus CNI in k8s works fine for kata.15:09
kata-irc-bot<eric.ernst> @manchenchen ^^15:10
*** igordc has joined #kata-general16:27
*** lpetrut has quit IRC17:40
*** sgarzare has quit IRC18:06
*** lpetrut has joined #kata-general18:07
*** gwhaley has quit IRC18:07
kata-irc-bot<archana.m.shinde> zer0def If the namespace path is empty it is the reponsibility of the OCI runtime to create the namespace18:23
kata-irc-bot<archana.m.shinde> See this https://github.com/kata-containers/runtime/pull/232018:23
zer0defuh, i think you meant to link something else? not the PR?18:26
kata-irc-bot<archana.m.shinde> zer0def, yes I sent you the correct link18:29
kata-irc-bot<archana.m.shinde> later18:29
kata-irc-bot<archana.m.shinde> here : https://github.com/opencontainers/runtime-spec/blob/7c4c8f63a63693f75cfa0f3f397151fb8d9732ad/config-linux.md18:29
zer0defah, alright, thank you18:29
kata-irc-bot<archana.m.shinde> runc does the same, but runc does not need a bind-mount for the network namespace, so you dont see the issue18:30
zer0defthat clarifies things… i'm a little surprised podman's doing that on their end then. again, thanks for the clarification18:32
kata-irc-bot<archana.m.shinde> @manchenchen docker connect should work, but you need an additional deamon for monitoring changes in the network namespace18:34
kata-irc-bot<archana.m.shinde> the daemon can be enabled with `enable_netmon=true` in the kata configuration.toml file18:35
kata-irc-bot<archana.m.shinde> https://github.com/kata-containers/runtime/blob/master/cli/config/configuration-qemu.toml.in#L36318:35
*** sameo has joined #kata-general18:35
kata-irc-bot<archana.m.shinde> We have an existing test that verifies the network connect works when the netmon daemon is enabled18:36
kata-irc-bot<archana.m.shinde> https://github.com/kata-containers/tests/blob/dc5d9d7a5f93c8d994774491cb796f1a1980871b/integration/netmon/netmon_test.bats#L1618:36
*** sameo has quit IRC19:23
*** igordc has quit IRC20:05
*** auk has joined #kata-general20:46
*** sameo has joined #kata-general23:03
*** sameo has quit IRC23:47
« Wednesday, 2019-12-04 Index Friday, 2019-12-06 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!