Suggestion: Kata deployment scripts should check that nested virtualization is enabled

[olberger]

As exhibited in #87 crio install won't work whenever no nested virtualization has been allowed for KVM on the host.

I think it would be great to have some check when qemu/kvm will be used for kata-containers, to abort or warn prominently if no nested vrtualization is available, which will make qemu to fail, thus crio too.

Thanks in advance.

[krsna1729]

@olberger since the script itself runs only on master, maybe updating https://github.com/kata-containers/packaging/tree/master/kata-deploy is a better idea?

In this repo we could add all examples to make use of node-selector with kata-runtime true label. That way they wont land on nodes that do not support kata-runtime class. This is a workaround for the current limitation in runtimeclass.

cc @egernst @mcastelino

[krsna1729]

@olberger thanks for the suggestion!

[mcastelino]

@egernst does your kata-deploy script check for this today?

[egernst]

no

[mcastelino]

We should see if we can use NFD to detect support for VT-x and use that as part of kata-deploy when available.

/cc @krsna1729

[krsna1729]

@mcastelino that will only save a daemonset pod. It doesnt solve the problem of scheduling the actual workload itself

[mythi]

that will only save a daemonset pod. It doesnt solve the problem of scheduling the actual workload itself

True but AFAICS the limitation comes from RuntimeClass that assumes homogeneous cluster.

[krsna1729]

Yes see second comment