Replies: 3 comments 2 replies
-
With the Liquid Metal use case the main client of Flintlock will be our Cluster API provider. In Cluster API
So we won't need any update functionality to support. |
Beta Was this translation helpful? Give feedback.
-
good clear write up 👍 opt 1 sounds legit despite the consequences. if people complain about those later then we can reconsider and it becomes a problem for future us (those suckers) |
Beta Was this translation helpful? Give feedback.
-
ADR has been merged into the repo. Locking discussion |
Beta Was this translation helpful? Give feedback.
-
Firecracker Patch Limitations & The Flintlock Update API
Context
Users of Flintlock may want to make changes to MicroVMs that are already provisioned and running. In order to support MicroVM updates and provide users with an API to achieve this we need to understand what the limitations are within the MicroVM providers. Flintlocks initial MicroVM provider is Firecracker.
Firecracker provides Swagger API definitions that outlines the different operations that are possible, and when those operations are valid.
Unfortunately, very few operations are valid after a MicroVM has been started. These include:
As a result of discovering these limitations, the
flintlock
update gRPC API and update implementation code was removed in #222 and the need to revisit how we would handle updates moving forward was identified.Moving forward there are a few possible directions that could be taken:
flintlock
API will be the MicroVM Cluster API (CAPI) provider, which doesn't support updates. As a result it would be perfectly valid for us to decide that we won't support any in-place update capabilities, and instead all changes to MicroVM specs will result in recreation.Decision
Consequences
Having to recreate MicroVMs in order to support spec updates could possibly lead to issues where the host does not have sufficient resources in order to support
CreateBeforeDelete
style updates, where a new MicroVM is created, workloads are migrated, and the old MicroVM is removed. However, this is less of a consequence of this decision, and more a consequence of the inherent limitations of the Firecracker MicroVM provider.Beta Was this translation helpful? Give feedback.
All reactions