-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RFC] 2020 Roadmap #1104
Comments
xref: #208 |
I would like to see a mechanism to capture traffic between the VM and the link-local address and route it over a secure channel to something running on the host. See issue #833 for context. |
@luxas, @rgooch, thanks for the suggestions, we've noted them down. We'll be discussing these and, then post back here. Also, we'll keep this issue open until the end of the month. If there are proposals that can be better clarified verbally, we may also set up a conference call in the last week of June. |
Something else I'd like to see is the ability to freeze and save a VM (including RAM and CPU state) to persistent storage (with a specified encryption key) and later restore the VM so that all processes within the VM resume where they left off. This would allow rebooting the Hypervisor without having to restart the VMs. |
There might be good ways to do this already (pardon me if I missed it), but an easy way to monitor the guest VM's CPU/memory/disk utilization would be really nice for instrumentation tooling integrations (like Prometheus). |
@luxas for CPU and Memory, you should be able to do that via the cgroups that the jailer creates. For disk I guess it depends on what kind of backing file and guest file system you use, but there should be tools that tell you that either way. |
Everyone, thank you for your suggestions. We're working through the triage, and will update this post once we're done (we think it's going to take about 10 more days). |
@luxas Virtual Machine Monitors do not typically track memory usage or disk usage. This is because the VMM does not understand disk formats and memory is completely managed by the operating system running inside the VM, and not visibile to the VMM. The way to typically gather that data is to run something like collectd inside the virtual machine itself. |
@luxas for memory utilization we have a metric called dirty_pages. This is computed using |
Cool, thank you everyone for the responses and clarifications 😄 |
Also add #1180 to the roadmap? |
Hi everyone! It's time to conclude on this Roadmap RFC :), we've taken in all the suggestions, discussed them, prioritized them, in some cases asked you for feedback directly, and in some cases created prototypes to see how things would work out. Thank you for all the ideas/contributions! There's now a GitHub project called "Roadmap" in this repository to keep track of the features status, from I'm also reproducing the outcome below. But before that, we also want to say that this is in no way a closed roadmap. We will always be open to discuss new ideas, and to expand our roadmap with features that add value for serverless-type function and container use-cases. 2020 RoadmapBelow is the current snapshot of the Roadmap project. Each section starts with a description of what that section means. ResearchingFeature requests/ideas that users have asked for or that we think users will like, and that fit Firecracker’s charter, but that we haven’t nailed down the design for:
Contributions WelcomeWe want these in Firecracker, but it’s not something that the maintainer team expects to get around to in the next year or so (contributions are of course also welcome for all other feature requests):
UpcomingWe want these in Firecracker, and it’s something that the maintainer team expects to get around to in the next year or so.
In DevelopmentWork towards these features is in progress:
PreviewYou can test this feature out, but don’t use it in production. Feedback very much welcomed!
ShippedFit for production usage. Features not Added to the Roadmap
|
This is the time of the year when we plan for 2020, and we're eager to take in proposals from everyone in the open source community. So tell us what you want to see in Firecracker by adding your ideas, asks, and use cases to this issue. We've already given the existing feature requests some thought, but we'll be happy if you come up with more! While we encourage everyone to think big, we will ensure that the resulting roadmap aligns with our mission of enabling secure, multi-tenant, minimal-overhead execution of container and function workloads.
Below is a starting (unsorted) list of items that we're likely to work on. We're keen on hearing your feedback on all of the items below. Let's also add to it!
Roadmap Proposals/Ideas
[TBD]
; however, GPU pass-through conflicts with Firecracker microVM memory overcommitment.musl
andglibc
issue system calls this is a very brittle and labor-intensive process. Solution:[TBD]
; we’d like to move beyond a hand crafted syscall whitelist towards automated generation of "to manually review" syscall differences between releases, and potentially a "blacklist" set of known exploitable syscalls, that we never whitelist.[TBD]
. Ideas so far include reproducible builds and snap packages. Related Issues: Snap Package Support #1075.[TBD]
.stdin
, or command line argument (before microVM boot). Related Issues: [UX] Pass configuration as file #923.Collected Feature Request Issues
We'll update al of these once we triage the roadmap, but for clarity, these are the issues that feature request issues we found and discussed:
initrd_path
The text was updated successfully, but these errors were encountered: