krunvm

Create MicroVM based on Fedora

$ krunvm create [docker.io/fedora] --cpus [number_of_vcpus] --mem [memory_in_megabytes] --name "[name]"

$ krunvm start "[image_name]"

$ krunvm list

$ krunvm changevm --cpus [number_of_vcpus] --mem [memory_in_megabytes] --name "[new_vm_name]" "[current_vm_name]"

$ krunvm delete "[image_name]"

krunvm create [OPTIONS] NAME IMAGE
krunvm start NAME
krunvm stop NAME
krunvm delete NAME
krunvm list [OPTIONS]

create
    Creates a new microVM instance.

start
    Starts a previously created microVM instance.

stop
    Stops a running microVM instance.

delete
    Deletes a microVM instance.

list
    Lists existing microVM instances.

NAME
    The name of the microVM instance.

IMAGE
    The OCI image to use for the microVM.

[OPTIONS]
    Various options for configuring the microVM (e.g., memory, CPU).

krunvm is a command-line tool designed to simplify the process of creating and running micro Virtual Machines (microVMs) from OCI (Open Container Initiative) images. It leverages the Krun hypervisor, a lightweight, security-focused virtualization solution, to provide a secure and isolated environment for running container workloads. krunvm aims to offer an alternative to traditional container runtimes by providing strong isolation between containers and the host operating system, reducing the attack surface and enhancing security.

It works by creating a minimal VM environment based on a specified OCI image. This VM is then booted with the necessary configurations to run the containerized application within the isolated context. krunvm handles the complexities of setting up the VM, including memory allocation, CPU configuration, and network setup, allowing users to focus on deploying and managing their applications. The primary goal is to provide a secure, efficient, and user-friendly way to run container workloads with improved isolation and security compared to traditional container runtimes.

krunvm relies on the Krun hypervisor. Krun needs to be properly installed and configured on the system. The OCI image should be compatible with the microVM environment.

The OCI image must be compatible with the krun environment and should include necessary dependencies for the application to run correctly.

Careful consideration should be given to networking configurations when using krunvm, ensuring proper connectivity between the microVM and the host system or external networks.

krunvm is a relatively new tool that has emerged as part of the broader effort to enhance container security and isolation. It builds upon the Krun hypervisor to provide a more secure runtime environment for containerized applications. Development and usage have been driven by the need for stronger isolation and reduced attack surface compared to traditional container runtimes.

docker(1), podman(1), runc(8)