pmores
commented
2 weeks ago Hi @eest , it's not clear to me from the description whether the containers in question are part of the same pod, or if they are in different pods. If the latter then this won't work since, running in different pods, the containers run under different kernels. However, if the former is the case I guess there should be a way to make this work.
eest
Which feature do you think can be improved?
The limitations document page should mention that UNIX sockets do not work when shared between containers (VMs).
How can it be improved?
Mention that it is not supported (possibly why?).
Additional Information
Using UNIX sockets is a helpful way to communicate between containers, for a real life example, the documented example of handling TLS connections from the open source varnish software to backend servers is done over a UNIX socket to haproxy: https://varnish-cache.org/docs/trunk/users-guide/vcl-backends.html#connecting-through-a-proxy
This can normally be used when running haproxy and varnish in separate containers if they share a volume (e.g. docker host directory) where the socket files are created, but migrating such a setup to kata containers do not work (the files are created and visible, but not usable).
This is similar to the following old comment (which also mentioned that an entry in the limitations file would make sense): https://github.com/kata-containers/runtime/issues/457#issuecomment-445512150