- Originally, the guest kernel was as minimal as possible.
- Booted extremely fast, but didn't support all uses-cases.
- Over time, we have added lots of extra kernel
CONFIG_*
options...- For new kernel options
- For new hardware features
- "Death by 1000 cuts": we are slowly bloating the kernel over time.
- Kernel now much bigger/slower than the original.
- Every time we do this, we need to adjust the metrics tests to take account of the changes.
Why not just enable all kernel options for all architectures?
For the common case:
-
The guest environment should be "transparent" to the workload.
-
It should be atleast as functional as the host environment.
(to be as equivalent as possible to a "traditional Linux container").
-
"boot speed" and "memory density" will probably be impacted.
-
But is that a problem?
- The default Kata Containers configuration is NOT optimised.
- Building "full fat" emphasises that, which is a good thing.
- Difficult / impossible to test "exotic" features in a public CI:
-
CI's don't provide all hardware features
(often environment already virtualised).
-
CI's don't always support all architectures.
-
However, we are already facing these challenges.
A full fat kernel provides an opportunity to overcome this though, without custom kernels.
-
- Enabling all config option provides a larger attack surface.
- Is this a concern?
- Maybe, but current default kernel may not be ideal for production use anyway.
-
Enabling all options is the distro approach for kernels.
-
Ensures all use cases "just work" (TM)
Helpful to newcomers (Principle of least astonishment).
Examples of currently problematic use-cases, all of which require rebuilding guest kernels: QAT and GPU passthrough (1, 2).
-
In some ways, a slow(er) boot or larger memory footprint is helpful: it emphasises that: Kata is NOT optimised "out of the box"!. It can't be!
-
Simplifies packaging
Rather than packaging (and maintaining!) multiple set of assets for features like QAT or GPU passthrough, the default kernels would work.
- This change would (have to) alter the meaning of the current kernel
"fragments".
-
Rather than defining a "small-ish kernel", they could become the true minimal configurations.
-
This implies the CI would need some extra jobs:
kernel type test workloads "full fat" any minimal metrics
-
-
Need ability to package "custom configurations" (kernel, rootfs, config files).
-
Configurations could be use-case or architecture specific.
-
For example, we might want to offer example configurations for:
- "fastest boot"
- "smallest (memory resident) kernel" / maximum memory density.
-
If we do this, should we build the kernel monolithically or use modules?
-
How do we package custom configurations? (GitHub, Snap, OBS, other, ...?)
-
Where would such packages be hosted?
-
How would such packages be tested?
Status Quo:
-
We currently have a slightly "chubby kernel" which offers most features.
-
Difficult for users to explore newer hardware features.
-
A full fat kernel would:
- Help usability
- Allow us to focus more aggressively on other "profiles"
Waiting to be presented to the Kata Containers Architecture Committee meeting.
To view as HTML: