LWN’s recent post gained enormous interests. I like many of the technologies in this project but still scratch my head on some (missing) details, even after peeking into Intel’s rkt patches in the SRPM.
I understand Intel’s position of bringing fast (reducing KVM overhead) and secure (using isolation) container technologies into rkt and Docker, but I don’t see any words on flexibility. With Docker/rtk, I can run a service/process just like I run a Unix shell command. But with KVM, I have to start a VM, ssh to the VM, and execute the command. There are more moving parts involved.
Intel used two performance metrics: startup time and memory usage. But from my prior (although likely obsolete) experience, the runtime overhead is not negligible. For instance, a process running in KVM will see its virtual memory remapped, and thus causes penalize the runtime performance. This overhead might be less significant with VT-x. A more comprehensive (though not up-to-date) KVM-vs-Docker performance research conducted by IBM still confirmed my bias.