LinuxCommandLibrary

krunvm

Run OCI images as microVMs

TLDR

Create MicroVM based on Fedora

$ krunvm create [docker.io/fedora] --cpus [number_of_vcpus] --mem [memory_in_megabytes] --name "[name]"
copy

Start a specific image
$ krunvm start "[image_name]"
copy

List images
$ krunvm list
copy

Change a specific image
$ krunvm changevm --cpus [number_of_vcpus] --mem [memory_in_megabytes] --name "[new_vm_name]" "[current_vm_name]"
copy

Delete a specific image
$ krunvm delete "[image_name]"
copy

SYNOPSIS

krunvm create [OPTIONS] NAME IMAGE
krunvm start NAME
krunvm stop NAME
krunvm delete NAME
krunvm list [OPTIONS]

PARAMETERS

create
    Creates a new microVM instance.

start
    Starts a previously created microVM instance.

stop
    Stops a running microVM instance.

delete
    Deletes a microVM instance.

list
    Lists existing microVM instances.

NAME
    The name of the microVM instance.

IMAGE
    The OCI image to use for the microVM.

[OPTIONS]
    Various options for configuring the microVM (e.g., memory, CPU).

DESCRIPTION

krunvm is a command-line tool designed to simplify the process of creating and running micro Virtual Machines (microVMs) from OCI (Open Container Initiative) images. It leverages the Krun hypervisor, a lightweight, security-focused virtualization solution, to provide a secure and isolated environment for running container workloads. krunvm aims to offer an alternative to traditional container runtimes by providing strong isolation between containers and the host operating system, reducing the attack surface and enhancing security.

It works by creating a minimal VM environment based on a specified OCI image. This VM is then booted with the necessary configurations to run the containerized application within the isolated context. krunvm handles the complexities of setting up the VM, including memory allocation, CPU configuration, and network setup, allowing users to focus on deploying and managing their applications. The primary goal is to provide a secure, efficient, and user-friendly way to run container workloads with improved isolation and security compared to traditional container runtimes.

CAVEATS

krunvm relies on the Krun hypervisor. Krun needs to be properly installed and configured on the system. The OCI image should be compatible with the microVM environment.

IMAGE REQUIREMENTS

The OCI image must be compatible with the krun environment and should include necessary dependencies for the application to run correctly.

NETWORK CONFIGURATION

Careful consideration should be given to networking configurations when using krunvm, ensuring proper connectivity between the microVM and the host system or external networks.

HISTORY

krunvm is a relatively new tool that has emerged as part of the broader effort to enhance container security and isolation. It builds upon the Krun hypervisor to provide a more secure runtime environment for containerized applications. Development and usage have been driven by the need for stronger isolation and reduced attack surface compared to traditional container runtimes.

SEE ALSO

docker(1), podman(1), runc(8)

Copied to clipboard