| kata-irc-bot | <bergwolf> IIRC there is a kep from gvisor folks, but I haven't checked its status recently | 02:51 |
|---|---|---|
| kata-irc-bot | <bergwolf> https://github.com/kubernetes/enhancements/issues/1846 | 02:57 |
| kata-irc-bot | <dgibson> @fupan hello, question about https://github.com/kata-containers/kata-containers/pull/2428 | 06:50 |
| kata-irc-bot | <fupan> @dgibson For -v /dev/sdX:<dir>, kata would hotplug the corresponding device into guest, but since runtime couldn’t know what’s block device’s real filesystem, thus it only do the bind mount of the device file to an temp destination in guest instead of do the real filesystem mount, thus the storage mount only did the bind mount of device file. | 06:55 |
| kata-irc-bot | <dgibson> ok | 06:56 |
| kata-irc-bot | <dgibson> what code path does that go through? | 06:56 |
| kata-irc-bot | <dgibson> because I'm pretty sure it would already be broken.. | 06:56 |
| kata-irc-bot | <dgibson> @fupan also, where would you supply that -v option? | 06:57 |
| kata-irc-bot | <fupan> https://github.com/kata-containers/kata-containers/blob/main/src/runtime/virtcontainers/kata_agent.go#L1541 | 06:59 |
| kata-irc-bot | <dgibson> @fupan ok, but which BlockDeviceDriver? | 07:02 |
| kata-irc-bot | <fupan> @dgibson I used the crictl to run kata pod, and added an specific mounts in container’s json file to test it, one of my json file as below: { “metadata”: { “name”: “ubuntu07” }, “image”:{ “image”: “quay.io/openshift/community-e2e-images:e2e-1-k8s-gcr-io-e2e-test-images-agnhost-2-21-v0OxZ-MhmEqtUyE9” }, “port_mappings”: [{ “container_port”:80, “host_port”: 8080 | 07:03 |
| kata-irc-bot | “host_path”: “/dev/sda3", “container_path”: “/test”, “readonly”: false, “propagation”: 2 } ], “linux”:{ “security_context”: { “capabilities”: { “add_capabilities”: [ “SYS_ADMIN” ] } }, “resources”: { � | 07:03 |
| kata-irc-bot | <dgibson> ok... we really should add this test to the CI | 07:03 |
| kata-irc-bot | <fupan> it’s used kataBlkDevType | 07:09 |
| kata-irc-bot | <fupan> Yes, I do agree | 07:10 |
| kata-irc-bot | <dgibson> oh... wow | 07:12 |
| kata-irc-bot | <dgibson> if storage.source.starts_with("/dev") | 07:12 |
| kata-irc-bot | <dgibson> that's... really dang broken | 07:12 |
| kata-irc-bot | <dgibson> we should probably just special case that path | 07:15 |
| kata-irc-bot | <dgibson> well, special case it more than it already is | 07:15 |
| kata-irc-bot | <dgibson> @fupan do you know what's responsible for setting fstype to "bind" in that case? | 07:16 |
| kata-irc-bot | <fupan> IMO, it should set the fstype to the filesystem type of that block device, but it couldn’t know the real filesystem type at present, instead, it inherited the fsType from the volume specified by containerd/cri, since by now all of the volume mounts supported by runtime were all bind mount. | 07:22 |
| kata-irc-bot | <dgibson> that... is totally broken | 07:22 |
| kata-irc-bot | <dgibson> but anyway, I have to wrap up for the day | 07:22 |
| kata-irc-bot | <dgibson> I'll see if I can look at it tomorrow and fix it one way or another | 07:23 |
| kata-irc-bot | <fupan> NP, Tanks! | 07:25 |
| kata-irc-bot | <fidencio> @eric.adams, @jakob.naucke, @james.o.hunt, @bergwolf, @archana.m.shinde, @eric.ernst, @jose.carlos.venegas.m, let's talk about kata-deploy tags ... :thread: | 12:33 |
| kata-irc-bot | <fidencio> I'm re-working https://github.com/kata-containers/kata-containers/pull/2453 so we can have a "stable" and a "latest" tag. The idea behind this is: • latest: basically pre-releases (alpha, rc) • stable: the official releases | 12:34 |
| kata-irc-bot | <fidencio> However, the more I think about this I think the name is confusing and I'm not exactly sure what people would expect *without* reading the manual | 12:35 |
| kata-irc-bot | <fidencio> Maybe I should switch the approach to use, instead: • pre-release or unstable: for the pre-releases • latest: for the "stable" releases | 12:36 |
| kata-irc-bot | <jakob.naucke> I agree. `latest` sounds like CD just built from `main`. | 12:36 |
| kata-irc-bot | <jakob.naucke> However, the name `stable` is fine I think. | 12:37 |
| kata-irc-bot | <fidencio> @jakob.naucke, interesting! I was thinking on reserving the "development" tag for someone built from `main` (which is where I want to go for 2.3.0 ...) | 12:37 |
| fidencio | devimc: ^^^ in case you're already awake ... | 12:38 |
| kata-irc-bot | <jakob.naucke> are we going to build static tarballs as often as daily or even for every commit to `main`? | 12:38 |
| kata-irc-bot | <fidencio> > are we going to build static tarballs as often as daily or even for every commit to `main`? Maybe :slightly_smiling_face: | 12:38 |
| kata-irc-bot | <fidencio> I want to, @jose.carlos.venegas.m work allows us to build the static tarball from main ... and I think it can be used on CI | 12:39 |
| kata-irc-bot | <fidencio> but that's a convo for a different thread | 12:39 |
| kata-irc-bot | <jakob.naucke> I might add: Some might understand `latest` as what you originally intended, but some might understand it as "from Git". | 12:40 |
| kata-irc-bot | <fidencio> Yep, that's the confusion in my mind as well. :S | 12:41 |
| kata-irc-bot | <fidencio> Of course, we can document, but I want everyone on the same page wrt what we'll document | 12:41 |
| kata-irc-bot | <fidencio> And then be prepared for answering on issues that people's expectation will be different from what we documented | 12:41 |
| kata-irc-bot | <dgibson> sasdsdsdthough with its age it is getting a little bit mushy | 13:46 |
| kata-irc-bot | <wmoschet> @fupan @dgibson btw, at glance, that check seems to be the reason why a couple of kubernetes e2e tests fail with kata. Because those tests try to mount the raw volume in /mnt and kata (IIUC) refuses to mount anything outside of /dev | 15:07 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!