Closed wilsonianb closed 4 years ago
knative api doesn't let you specify RuntimeClassName
(or DNSPolicy
or AutomountServiceAccountToken
)
https://github.com/knative/serving/blob/d2ea625894c4fc9fba2caeca88792f87e020408b/pkg/apis/serving/fieldmask.go#L151-L177
firecracker's devicemapper requirement would probably need k3s to use firecracker-containerd, which recently added the support for launching multiple containers in a vm: https://github.com/firecracker-microvm/firecracker-containerd/issues/74
both kata-qemu
and kata-nemu
appear to work with knative but are expected to have slower start up times.
gvisor would have better start up times, but higher network throughput costs and doesn't have a ready to use daemonset for installing on a k8s cluster.
devmapper snapshotter coming in containerd 1.3.0 https://github.com/kata-containers/runtime/issues/1915 https://github.com/containerd/containerd/pull/3022 https://github.com/containerd/containerd/releases
https://asciinema.org/a/219790
Kata configured in CRIO+K8S, utilizing both QEMU and Firecracker
containerd 1.3.0 released https://github.com/containerd/containerd/releases/tag/v1.3.0
Need 1.3.0 to happen here (for k3s)? https://github.com/rancher/containerd
c8s API can configure registered Knative services to use Kata containers, preferably Kata w/ Firecracker
https://github.com/kata-containers/documentation/issues/351