[question] Goals/non-goals in comparison to firecracker/firecracker-containerd
geropl opened this issue ยท 3 comments
Hi ๐,
I just happened to bump into your project. Haven't dug into it into all depth, but I'm monitoring the container/KVM/OCI runtime space somewhat and wondered how it's goals compare to firecracker, and other projects trying to integrate firecracker as OCI runtime (specifically https://github.com/firecracker-microvm/firecracker-containerd).
Thanks for any hints or pointers - and for this project!
Hi and thanks for your interest in the project.
libkrun's main goal is to provide all the functionality (VMM, emulated devices and Guest kernel, among others) needed for Virtualization-based process isolation in a single dynamic library (so it can be easily carried around while switching namespaces), with the minimum possible memory footprint.
Not trying to be a generic VMM allows us to cut down some weight and being focused on this use case minimizes the need of external supporting processes and shims.
We're also working on experimental extensions of the Guest kernel to break barriers between VMs and containers, such as Transparent Socket Impersonation, which provides a certain degree of network namespace transparency, with more to come.
All things said, libkrun is still in early development stages and it's not ready for production, so if you need something in the short term, QEMU or Firecracker (combined with Kata or some other runtime) are probably what you need.
Thanks you very much for the detailed reponse! ๐