I particularly love the quote, The kernel developers view of the docker community is that in the rare case they can actually formulate the question correctly they usually don't understand the answer.
There is only so much that you can say to clarify things to someone who is thinking about everything wrong and doesn't realize it. :-(
That article seems overly critical about young developers that don't know it any better because they grew up on containers.
I guess I am one of those so I got to ask, is the proposed solution of unikernels something we had before but lost in favor of containers, or is it something completely new anyways?
It does look like it might be the latter so why blame developers for using containers due to lack of choice? If unikernels are better and just as easy to use then I am sure people will convert.
He blames a lot on marketing and marketing lies but his company (https://nanovms.com/) seems to make it just as hard to figure out what's going on with the apparently only option being a schedule a demo button.
Come on, I remember Docker being that fancy new thing that people at university taught themselves and to each other around ~2014/2015. That hype was well deserved and if you want to compete with that you can't just decide to brush it off as wrong and misguided.
At the risk of pointing out that I also might be one of those that the quote above is referring to, I gotta ask:
Is there a technical reason why I shouldn't be able to eventually just replace Docker with a micro or unikernel? Same or similar style of image definition, completely different runtime technology?
Isn't it up to the kernel and platform developers to build the tools to make that happen comfortably for all of us naive container users?
I don't know the author, or Denis, but Denis in the comments is right. This is exactly the kind of pseudo-intellectual, inflammatory contrarian opinion that I'm unsurprised to see upvoted.
This article completely conflates containers, orchestrators and schedulers in every aspect of discussion. Something will schedule and orchestrate these microVMs. Something with orchestrate secret manifestation inside those VMs. Something with operate on the host to supervise the VMs (which necessarily will have access to the guests).
So far, every microVM platform with any adoption uses Kubernetes to orchestrate. I don't know, maybe someone is running Kata on Nomad or something, but I've not heard of it. And so far, most (all?) microVM implementation utilizes namespaces and cgroups either inside/outside the VM or both. This includes Chromium's use of OCI in Crostini (their Linux-VM-on-ChromeOS).
Whatever comes along and replaces Kubernetes will push the envelope and will reduce the default blast-radius, will undoubtedly entirely rethink how authorization and namespacing work. The core would be much more minimal. And thousands of lines of generated Go would be replaced with <use your imagination>. And progress will have happened.
I get it. Hating k8s is cool. I hate it too, for a whole myriad of reasons. But it's actually frustrating how bombastic and off the mark that article manages to be. And it's too bad, if it had just stuck with "Kubernetes isn't the future, and actually understood the problems with it, it could've been a decent rant. As-is, I think it does a pretty poor job of justifying the title. (And so far, microVM workloads look to be worse for "image" security than Docker, as the tooling (outside of Nix|Guix) is somehow even worse.)
Is there a microvm that can run chromium with puppeteer?
I've been thinking that server side chromium might actually turn into a pretty badass application server platform ... security, async, remote debug, webasm for cross platform secure binaries ...
Some efficient infrastructure for deploying is needed -- but should be far easier to create a fast server runtime for puppeteer+chromium than it is to create a generic container execution environment ... -- so the microvm approach seems like the right one for what i want ...
Thanks - it is good.
Tangential - in a thread about bad software, having a link to LinkedIn is quite funny. It’s taken about 10 years but I think I’ve finally detached from their bs.
I particularly love the quote, The kernel developers view of the docker community is that in the rare case they can actually formulate the question correctly they usually don't understand the answer.
There is only so much that you can say to clarify things to someone who is thinking about everything wrong and doesn't realize it. :-(