google / gvisor-website Goto Github PK
View Code? Open in Web Editor NEWThe gVisor project website.
Home Page: https://gvisor.dev/
License: Apache License 2.0
The gVisor project website.
Home Page: https://gvisor.dev/
License: Apache License 2.0
Second, as gVisor is an independent implementation of the system call surface, many of the subsystems or specific calls are not as optimized as more mature implementations. A good example here is the network stack, which is continuing to evolve but does not support all the advanced recovery mechanisms offered by other stacks and is less CPU efficient. This an implementation cost and is distinct from structural costs
. Improvements here are ongoing and driven by the workloads that matter to gVisor users and contributors.
This an implementation cost
should be This is an implementation cost
, right?
docker: Error response from daemon: OCI runtime start failed: /usr/local/bin/runsc did not terminate sucessfully: starting container: setting up network: creating interfaces from net namespace "/proc/7074/ns/net": creating links and routes: urpc method "Network.CreateLinksAndRoutes" failed: EOF
: unknown.
Hi,
In the performance guide page, the graphs aren't showing up for me. I just get raw text like
{{< graph id=“sysbench-memory” url=“/performance/sysbench-memory.csv” title=“perf.py sysbench.memory –runtime=runc –runtime=runsc” >}}
instead of the embedding graph which should presumably be displayed instead.
Thanks
Matt
Update the Makefile to build the website using Docker to make dealing with build dependencies easier.
e.g., syscall 310, process_vm_readv
is listed as processvmreadv
and links to http://man7.org/linux/man-pages/man2/processvmreadv.2.html, which is a 404.
Pivot root doesn't work on a ramfs. If the roofs for an oci bundle is located on a initramfs or tmpfs then runsc will fail with the error
FATAL ERROR: running container: creating container: waiting for sandbox to start: EOF
This error can be found in the log:
FATAL ERROR: error setting up chroot: error changing root filesystem: invalid argument
https://gvisor.dev/docs/user_guide/docker/ said:
Older builds can also be found here: https://storage.googleapis.com/gvisor/releases/nightly/${yyyy-mm-dd}/runsc
But it looks like that is currently not available.
e.g. https://storage.googleapis.com/gvisor/releases/nightly/2019-09-07/runsc
Add a tutorial doc on getting networking to work with OCI. The content of the this blog post is a good first start:
https://medium.com/@remco_verhoef/sandboxing-with-gvisor-b9979bd424b9
The various runtimeArgs to runsc don't seem documented.
Also I see on the 'one year later' article https://opensource.googleblog.com/2019/05/gvisor-one-year-later.html that Docker's CPU and memory limits are now obeyed. Presumably they work as runtimeArgs?
Add a FAQ that includes how to catch if you are using the wrong hugo version. Incorrect version yield errors like the following:
ERROR 2019/04/03 11:25:58 Failed to add template "partials/navbar.html" in path "/usr/local/google/home/ascannell/gvisor-website/layouts/partials/navbar.html": template: partials/navbar.html:5: function "resources" not defined
ERROR 2019/04/03 11:25:58 partials/navbar.html : template: partials/navbar.html:5: function "resources" not defined
ERROR 2019/04/03 11:25:58 Unable to locate template for shortcode "readfile" in page "docs/user_guide/docker.md"
ERROR 2019/04/03 11:25:58 Unable to locate template for shortcode "readfile" in page "docs/user_guide/oci.md"
ERROR 2019/04/03 11:25:58 Unable to locate template for shortcode "blocks" in page "_index.html"
See attached screenshot.
https://gvisor.dev/docs/user_guide/filesystem/
I'd like to link to "Shared root filesystem", but it is missing an anchor target to use in a link. (A clicky copy link button would be nice too)
Use the hrefTargetBlank = true
and noreferrerLinks = true
and add a check to html-proofer to make sure that rel=noreferrer is added to links targeting external urls.
We should add info on the limitations of checkpoint restore regarding open network connections, open unix domain sockets, etc.
There are 9 static components that are not on CDN.
https://gvisor.dev/scss/main.min.a6b803b675e6be3fa855ba1c5de7a6a3c6e0aa5a48b97fa1c41128e8e9b7cb8d.css
https://gvisor.dev/background_hu7001f5438b9e69fd36c11bbcd7ce28bc_1070364_1920x1080_fill_q75_catmullrom_top.jpg
https://gvisor.dev/js/jquery-3.3.1.min.js
https://gvisor.dev/js/d3.v4.min.js
https://gvisor.dev/logo_huecc535c5c6d57d0972f257cbe0c4e09e_8387_70x70_fit_catmullrom_2.png
https://gvisor.dev/img/powered-gvisor.png
https://gvisor.dev/js/popper.min.js
https://gvisor.dev/js/bootstrap.min.js
https://gvisor.dev/js/main.min.bdc747859423a89c29f21e41c5dfda2cefbfe771ea5fe61e56871467c5473856.js
The static components should be hosted on CDN and served from there.
gvisor.dev isn't showing up in search engines. Need to investigate what's wrong.
For example, on the community page, the edit link points to https://github.com/google/gvisor-website/edit/master/content/
en
/docs/community/_index.md
instead of https://github.com/google/gvisor-website/edit/master/content/docs/community/_index.md
.
https://gvisor.dev/docs/user_guide/quick_start/docker/#configuring-docker
We should tell folks to use the 'runsc install' command to configure docker since that's easier. We also don't need to configure Docker if they installed via 'apt' so we should either move these instructions to the installation page, or make it clear that they don't have to do this if they used 'apt'.
Add a feature to allow searching gVisor docs
Is there any reason to serve static files using a handler in main.go, instead of using static_files and static_dir in app.yaml?
https://cloud.google.com/appengine/docs/standard/go112/serving-static-files
A lot of build steps are duplicated in Makefile and cloudbuild.yaml. These could be cleaned up and unified.
The search engine optimization of the website isn't great and could be improved. Work needs to be scoped out. This will act as an umbrella issue.
At https://gvisor.dev/docs/architecture_guide/performance/, the redis benchmark is missing a y-axis label.
https://gvisor.dev/docs/architecture_guide/performance/ has literal text like this:
{{< graph id=“sysbench-memory” url=“/performance/sysbench-memory.csv” title=“perf.py sysbench.memory –runtime=runc –runtime=runsc” >}}
{{< graph id=“density” url=“/performance/density.csv” title=“perf.py density –runtime=runc –runtime=runsc” log=“true” y_min=“100000” >}}
Presumably meant to be rendered as an actual graph. Perhaps HTML escaping was accidentally introduced 12 days ago:
Syscall compatibility docs should be generated automatically via annotations from the upstream repo and be integrated into CI.
Use Docker images to build the website in order to simplify dependencies.
Add a section to the Kubernetes docs on using runsc with cri-o.
CONTRIBUTING.md needs to be updated to include more info about gVisor project contributing
guidelines, governance etc.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.