Use cases for Windows containers with hyper-v isolation

Question

Use cases for Windows containers with hyper-v isolation

fady-azmy-msft opened this issue 4 months ago · 7 comments

We are evaluating the priority of enabling Windows Hyper-v containers support in Kubernetes, and would like to hear from you.

What use cases do you have for Windows hyper-v containers in Kubernetes? What sort of applications do you want to run?

Answer 1 · 2024-06-20T23:27:58.000Z

better security for
- ci/cd
- if it were supported, sharing the directx display adapter aka for running graphics applications
making it possible to schedule LCOW containers via hyper-v would reduce a lot of toil, even if it were resource intensive

Answer 2 · 2024-07-10T15:04:39.000Z

I see. @doctorpangloss can you expand on the better security need for CI/CD? How would you view the need for better security vs using more resources?

Answer 3 · 2024-07-10T17:33:56.000Z

@doctorpangloss can you expand on the better security need for CI/CD? How would you view the need for better security vs using more resources?

Regarding CI/CD,

I value the ability to easily schedule, maintain and author workloads in Kubernetes over better node efficiency / performance.
I build untrusted (third party or customer) code in Tekton pipelines on Windows
for some applications, I am running untrusted Python code (third party) that wants to access the GPU.

~~hyper-v to me could replace gvisor for my linux tasks.~~ using more resources is okay because the workloads are ephemeral.

Answer 4 · 2024-07-11T14:26:56.000Z

Super helpful! When would you consider hyper-v over gvisor for linux tasks? And what sort of GPU tasks would you run on Windows containers?

Answer 5 · 2024-07-11T15:30:18.000Z

When would you consider hyper-v over gvisor for linux tasks?

I wrote that poorly. I don't consider hyper-v an alternative to gvisor. But for all the code that isn't written by me, hyper-v plays the same role for Windows applications as gvisor does for linux. So having a container runtime option in kubernetes that selects hyper-v would be great.

And what sort of GPU tasks would you run on Windows containers?

Here is an example of a GPU task running on Windows containers: https://appmana.com/watch/virtualtestdrive (tap drive and have fun) - trusted code games, rendering backends like After Effects with Windows-only plugins, running tests for Windows-destined AI applications like ComfyUI

making it possible to schedule LCOW containers via hyper-v would reduce a lot of toil, even if it were resource intensive

to expand on this, the MVP could be kubelet running correctly in a Windows-deployed host process container daemonset. Many people already use kubevirt to sort of do the opposite, running Windows workloads on Linux. To me, the whole point of Windows is the graphics stack and pre-existing Windows only application ecosystem, which is very graphics oriented in terms of stuff that makes sense to run in the backend.