|
|
|
|
|
|
by theaiquestion
1071 days ago
|
|
|
Depending on your use case there's potentially negligible startup time. On the scale of single digit seconds to less then half a second depending on how much work you put into optimizing it. For some applications this will be too slow (mainly the type where you boot a container per request, although flyio seems to make it work), I think for a _lot_ of applications this wouldn't be noticed. Kata gives you a few different options for what/how you'd like to boot including firecracker. This isn't exclusive to firecracker but if you stay lightweight you can have vm's booting under a half second if you're using slim images. https://jvns.ca/blog/2021/01/23/firecracker--start-a-vm-in-l... I honestly think for a lot of people, vm's with the convenience/orchestration tools of containers make more sense for a lot of general use cases simply because of the security benefits. The convenience still needs some work though. |
|
|
Compare that to a docker container where there's basically 0 additional work that has to be done to be up and running.
For most cases I'd be really tempted to work on hardening the docker container than on setting up a VM. Things like Apparmor and seccomp in particular would likely go a very long way.