Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is great. Wish this was around when I started working on vibebin ( https://github.com/jgbrwn/vibebin ), probably would have leveraged matchlock instead of Incus/LXC. I guess I could fork/branch and give it a go! Although for vibebin use case I actually need them to not be ephemeral. Edit, ooooh i see `--rm=false` nice

Where do the images come from? What are our options around that and also using custom images etc?





Creator of matchlock here. You can directly use Docker/OCI compatible images (e.g. ubuntu:24.04) as the rootfs with the `--image` flag.

You can also build image with `matchlock build -f Dockerfile -t foo:bar .` - Under the hood it builds the image using buildkit inside the microvm.

reply


Any chance you could look into potentially adding the option to use PVM (eg so a PVM mode instead of KVM) in your matchlock/firecracker implementation?

See https://blog.alexellis.io/how-to-run-firecracker-without-kvm...

reply


Thanks for the response! How would matchlock microvms perform on a KVM VM without CPU passthrough, or is it not possible?

reply


I'm predominantly using Linux vm workstation with nested virt enabled. It performs reasonably well with nested virtualisation.

I haven't tested the scenario of non-cpu-accelerated workload, but I'd expect the performance to be very poor.

That said it might be possible with PVM as the above thread has mentioned.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: