On Thu, Mar 30, 2017, at 03:34 PM, Colin Walters wrote: > On Thu, Mar 30, 2017, at 03:04 PM, Stef Walter wrote: > > After starting a VM in kubevirt, can access the qemu monitor or have > > libvirt access to that VM ... from a container in a kubernetes pod? > > To rephrase what Stef is saying: > > First, this is mostly about using VMs for *testing*.
Actually, there is a generalization of this - situations where running a VM is just an implementation detail of a container, and hence they should be "lifecycle bound" together in the same physical location. For example in https://cloud.google.com/security/security-design/ > These techniques include normal Linux user separation, > language and kernel-based sandboxes, and hardware virtualization. > In general, we use more layers of isolation for riskier workloads; > for example, when running complex file format converters on > user-supplied data or when running user supplied code for products > like Google App Engine or Google Compute Engine. So for example if you have a video transcoding service, you might use a VM as a processing pipeline *locally*, without having to pay the cost of sending the data to/from a separate service.
