Comment by indigodaddy

18 days ago

This is great. Wish this was around when I started working on vibebin ( https://github.com/jgbrwn/vibebin ), probably would have leveraged matchlock instead of Incus/LXC. I guess I could fork/branch and give it a go! Although for vibebin use case I actually need them to not be ephemeral. Edit, ooooh i see `--rm=false` nice

Where do the images come from? What are our options around that and also using custom images etc?

5 comments

indigodaddy

jingkai_he 18 days ago

Creator of matchlock here. You can directly use Docker/OCI compatible images (e.g. ubuntu:24.04) as the rootfs with the `--image` flag.

You can also build image with `matchlock build -f Dockerfile -t foo:bar .` - Under the hood it builds the image using buildkit inside the microvm.

indigodaddy 18 days ago
Any chance you could look into potentially adding the option to use PVM (eg so a PVM mode instead of KVM) in your matchlock/firecracker implementation?
See https://blog.alexellis.io/how-to-run-firecracker-without-kvm...
- codethief 13 days ago
  
  I've been following PVM only from afar but it certainly seems interesting, albeit documentation is sparse. (Thanks for the link!) Are you using it productively?
indigodaddy 18 days ago
Thanks for the response! How would matchlock microvms perform on a KVM VM without CPU passthrough, or is it not possible?
- jingkai_he 18 days ago
  
  I'm predominantly using Linux vm workstation with nested virt enabled. It performs reasonably well with nested virtualisation.
  I haven't tested the scenario of non-cpu-accelerated workload, but I'd expect the performance to be very poor.
  That said it might be possible with PVM as the above thread has mentioned.