google / gvisor-website Goto Github PK

Second, as gVisor is an independent implementation of the system call surface, many of the subsystems or specific calls are not as optimized as more mature implementations. A good example here is the network stack, which is continuing to evolve but does not support all the advanced recovery mechanisms offered by other stacks and is less CPU efficient. This an implementation cost and is distinct from structural costs. Improvements here are ongoing and driven by the workloads that matter to gVisor users and contributors.

This an implementation cost should be This is an implementation cost, right?

docker: Error response from daemon: OCI runtime start failed: /usr/local/bin/runsc did not terminate sucessfully: starting container: setting up network: creating interfaces from net namespace "/proc/7074/ns/net": creating links and routes: urpc method "Network.CreateLinksAndRoutes" failed: EOF
: unknown.

Hi,

In the performance guide page, the graphs aren't showing up for me. I just get raw text like

{{< graph id=“sysbench-memory” url=“/performance/sysbench-memory.csv” title=“perf.py sysbench.memory –runtime=runc –runtime=runsc” >}}

instead of the embedding graph which should presumably be displayed instead.

Thanks

Matt

On both my desktop and mobile, links near the bottom of the page aren't rendering correctly.

Update the Makefile to build the website using Docker to make dealing with build dependencies easier.

e.g., syscall 310, process_vm_readv is listed as processvmreadv and links to http://man7.org/linux/man-pages/man2/processvmreadv.2.html, which is a 404.

Pivot root doesn't work on a ramfs. If the roofs for an oci bundle is located on a initramfs or tmpfs then runsc will fail with the error

FATAL ERROR: running container: creating container: waiting for sandbox to start: EOF

This error can be found in the log:

FATAL ERROR: error setting up chroot: error changing root filesystem: invalid argument

https://gvisor.dev/docs/user_guide/docker/ said:

Older builds can also be found here: https://storage.googleapis.com/gvisor/releases/nightly/${yyyy-mm-dd}/runsc

But it looks like that is currently not available.
e.g. https://storage.googleapis.com/gvisor/releases/nightly/2019-09-07/runsc

Add a tutorial doc on getting networking to work with OCI. The content of the this blog post is a good first start:
https://medium.com/@remco_verhoef/sandboxing-with-gvisor-b9979bd424b9

The various runtimeArgs to runsc don't seem documented.

Also I see on the 'one year later' article https://opensource.googleblog.com/2019/05/gvisor-one-year-later.html that Docker's CPU and memory limits are now obeyed. Presumably they work as runtimeArgs?

Add a FAQ that includes how to catch if you are using the wrong hugo version. Incorrect version yield errors like the following:

ERROR 2019/04/03 11:25:58 Failed to add template "partials/navbar.html" in path "/usr/local/google/home/ascannell/gvisor-website/layouts/partials/navbar.html": template: partials/navbar.html:5: function "resources" not defined
ERROR 2019/04/03 11:25:58 partials/navbar.html : template: partials/navbar.html:5: function "resources" not defined
ERROR 2019/04/03 11:25:58 Unable to locate template for shortcode "readfile" in page "docs/user_guide/docker.md"
ERROR 2019/04/03 11:25:58 Unable to locate template for shortcode "readfile" in page "docs/user_guide/oci.md"
ERROR 2019/04/03 11:25:58 Unable to locate template for shortcode "blocks" in page "_index.html"

See attached screenshot.

https://gvisor.dev/docs/user_guide/filesystem/

I'd like to link to "Shared root filesystem", but it is missing an anchor target to use in a link. (A clicky copy link button would be nice too)

https://github.com/GoogleCloudPlatform/govanityurls

Use the hrefTargetBlank = true and noreferrerLinks = true and add a check to html-proofer to make sure that rel=noreferrer is added to links targeting external urls.

We should add info on the limitations of checkpoint restore regarding open network connections, open unix domain sockets, etc.

Use of Content Delivery Network to serve static components

• It will increase the overall page speed
• Reduced Page Size

There are 9 static components that are not on CDN.

https://gvisor.dev/scss/main.min.a6b803b675e6be3fa855ba1c5de7a6a3c6e0aa5a48b97fa1c41128e8e9b7cb8d.css
https://gvisor.dev/background_hu7001f5438b9e69fd36c11bbcd7ce28bc_1070364_1920x1080_fill_q75_catmullrom_top.jpg
https://gvisor.dev/js/jquery-3.3.1.min.js
https://gvisor.dev/js/d3.v4.min.js
https://gvisor.dev/logo_huecc535c5c6d57d0972f257cbe0c4e09e_8387_70x70_fit_catmullrom_2.png
https://gvisor.dev/img/powered-gvisor.png
https://gvisor.dev/js/popper.min.js
https://gvisor.dev/js/bootstrap.min.js
https://gvisor.dev/js/main.min.bdc747859423a89c29f21e41c5dfda2cefbfe771ea5fe61e56871467c5473856.js

The static components should be hosted on CDN and served from there.

gvisor.dev isn't showing up in search engines. Need to investigate what's wrong.

For example, on the community page, the edit link points to https://github.com/google/gvisor-website/edit/master/content/en/docs/community/_index.md instead of https://github.com/google/gvisor-website/edit/master/content/docs/community/_index.md.

https://gvisor.dev/docs/user_guide/quick_start/docker/#configuring-docker

We should tell folks to use the 'runsc install' command to configure docker since that's easier. We also don't need to configure Docker if they installed via 'apt' so we should either move these instructions to the installation page, or make it clear that they don't have to do this if they used 'apt'.

Add a feature to allow searching gVisor docs

Is there any reason to serve static files using a handler in main.go, instead of using static_files and static_dir in app.yaml?

https://cloud.google.com/appengine/docs/standard/go112/serving-static-files

A lot of build steps are duplicated in Makefile and cloudbuild.yaml. These could be cleaned up and unified.

The search engine optimization of the website isn't great and could be improved. Work needs to be scoped out. This will act as an umbrella issue.

At https://gvisor.dev/docs/architecture_guide/performance/, the redis benchmark is missing a y-axis label.

https://gvisor.dev/docs/architecture_guide/performance/ has literal text like this:

{{< graph id=“sysbench-memory” url=“/performance/sysbench-memory.csv” title=“perf.py sysbench.memory –runtime=runc –runtime=runsc” >}}

{{< graph id=“density” url=“/performance/density.csv” title=“perf.py density –runtime=runc –runtime=runsc” log=“true” y_min=“100000” >}}

Presumably meant to be rendered as an actual graph. Perhaps HTML escaping was accidentally introduced 12 days ago:

46ee887#diff-55762dff9d787999779edd14062dab33L111

https://validator.w3.org/nu/?doc=https%3A%2F%2Fgvisor.dev%2F

Syscall compatibility docs should be generated automatically via annotations from the upstream repo and be integrated into CI.

Use Docker images to build the website in order to simplify dependencies.

Add a section to the Kubernetes docs on using runsc with cri-o.

CONTRIBUTING.md needs to be updated to include more info about gVisor project contributing
guidelines, governance etc.