top | item 32483149

(no title)

dvnguyen | 3 years ago

Ask HN: what workload is not suitable for microVMs? Can I use them like a regular VM?

discuss

Since it's a VM, it's ideal for workloads with a set amount of resource use and that need strong isolation guarantees. Regular containers are better to share a pool of resources whose usage varies widely, and when you don't need strong isolation guarantees. Depending on how I/O is handled, container I/O can be very slow, whereas a dedicated disk snapshot without CoW/overlays would be much faster. Since this also uses TSI for networking, you will need a patched Linux kernel to use networking in the guest at all, and raw sockets don't work at all.

staticassertion|3 years ago

> Depending on how I/O is handled, container I/O can be very slow, whereas a dedicated disk snapshot without CoW/overlays would be much faster.

Do you mean VM I/O can be very slow? I don't think containers should have any overhead, please correct me if I'm wrong though.

tsujp|3 years ago

These specific microVMs are managed by: https://github.com/containers/libkrun#goals-and-non-goals (linked directly to project scopes).

In summary though (others redacted):

    # Goals
      - Be compatible with a reasonable amount of workloads.

    # Non-goals
      - Be compatible with all kinds of workloads.

staticassertion|3 years ago

That depends on the microvm. Device support in Firecracker, like GPUs, doesn't exist, which also makes Firecracker suitable for multitenant workloads. Something like QEMU has far more device support but is also significantly easier to escape out of.