Comment by jingkai_he
18 days ago
Creator of matchlock here. You can directly use Docker/OCI compatible images (e.g. ubuntu:24.04) as the rootfs with the `--image` flag.
You can also build image with `matchlock build -f Dockerfile -t foo:bar .` - Under the hood it builds the image using buildkit inside the microvm.
Any chance you could look into potentially adding the option to use PVM (eg so a PVM mode instead of KVM) in your matchlock/firecracker implementation?
See https://blog.alexellis.io/how-to-run-firecracker-without-kvm...
I've been following PVM only from afar but it certainly seems interesting, albeit documentation is sparse. (Thanks for the link!) Are you using it productively?
Thanks for the response! How would matchlock microvms perform on a KVM VM without CPU passthrough, or is it not possible?
I'm predominantly using Linux vm workstation with nested virt enabled. It performs reasonably well with nested virtualisation.
I haven't tested the scenario of non-cpu-accelerated workload, but I'd expect the performance to be very poor.
That said it might be possible with PVM as the above thread has mentioned.