new | ask | show | jobs
sureglymop a day ago  [ - ]

Why isn't libkrun good enough for hosted stuff? I use it as a podman backend in a microservice architecture.

dbmikus a day ago  [ - ]

Firecracker has more tooling for the orchestration layer that manages many sandboxes at once. Stuff like K8S integration, an external REST API control plane, more first-class support for snapshotting, etc.

You'd have to build more of that with libkrun

The core tech of both are great though.

kodama-lens 6 hours ago  [ - ]

Firecracker has more tooling, but setting ist up and managing it is also more complicated, at least for k8s workloads. Libkrun is so easy for k8s! Compile crun with Libkrun support, crate a symlink of crun with the name krun, done. Works like any normal pod. Firecracker with kata-containers is a lot more brittle and complicated. I've invested quite some time getting this running for a talk I'm working on

dbmikus 5 hours ago  [ - ]

Is the talk going to be shared online anywhere? Would be interested in checking it out later!

veverkap a day ago  [ - ]

That's super interesting - have you written up anything on this? I'd love to read it.

sureglymop 7 hours ago  [ - ]

No, but I can give a small introduction. I installed krun from the arch package repositories: https://man.archlinux.org/man/extra/krun/krun.1.en

Then one can just pass `--runtime krun` to most podman subcommands. Alternatively, set the runtime key in the config file to make it the default.

Podman itself has "hardening" techniques, e.g. turning off the network or volumes that can be combined with this.

rvz 14 hours ago  [ - ]

libkrun is not production ready compared to Firecracker which the latter is used in 99.9% of many companies.

sureglymop 7 hours ago  [ - ]

For what exact reason is it not production ready? Or is that the stance of its maintainers?