 Is it somebody? You need to be quiet this time. All right Hello, everybody. Welcome to the fifth episode of chat loop back off. Hopefully luna will let me finish this intro Today is march 7th 2024 and spring is in the air Or apparently, you know lavender is at some local and chain coffee shops Uh, I think these days coffee shop menus are going to define the seasons not the weather And I hope 30 years from now. That's not more real than it feels right now all that said Uh, this program is meant to be a deep dive into the realms of the cloud native landscape I am your host Jeffrey Sika, but many of you know me as gf I'm thrilled to have you here in joining us for today's episode. We're going to focus on Lima or lima. I am going to pronounce it lima and I am sure someone is going to tell me I'm wrong and that's okay I think it's cube cuddle Uh, anyways lima is a sandbox project in the cncf for the cloud native computing foundation And it's focused on virtual machines primarily running on mac os But as a certain community Corsair mentioned on twitter, it also works too on windows Unfortunately, I don't have a windows box readily usable for today. So I'm just going to use my mac book Uh, but before we go into it, we've got a few housekeeping items Uh, this live stream is a sibling to a similarly named Uh event that we do at live cube cons called clash loop back off Uh, in that one we pit two community members against each other to accomplish a technical challenge of my choosing uh think like taskmaster iron chef really Uh, it's meant to be laid back at least for the audience and generally fun This stream is more of a self-induced version of clash loop back off and we are very not creative So we called it chat loop back off Uh, so I have not done any in-depth research on this topic Uh, instead I want to dive into this topic or project with fresh eyes and I want to learn as I normally would off stream In doing so, hopefully, you know, we can walk away both, you know, me and you the audience Having learned something new During the live stream feel free to drop in your questions into chat I'll get to as many as possible. We are here to learn together So if you already know the answer to something or I'm stuck and you kind of have an idea that you want me to follow Please speak up That said this is an official live stream of the cncf and it is subject to the cncf code of conduct Please do not add anything to the chat or questions that would violate that code of conduct Basically respect, you know myself respect fellow participants and don't be a jerk This video will be put on you our youtube channel afterwards So folks that couldn't make it to the live stream can still learn along with us just, you know, asynchronously Um, so quickly, let's highlight some news from our corner of the world before we get into it Uh, kubecon kubecon is upon us Uh, kubecon is in a week and a half today's march 7th, and I happen to leave on the 16th So we'll say like 10 days away a lot of people are going to be traveling uh because of this and because a lot of cncf staff have a Crazy run up to the event uh next week will be hosted by a known guest jeremy rickard Uh, he's going to be going over telepresence So look out for socials on that In my opinion, he does a better job than me, so I'm going to want to watch it afterwards Uh next up From the sounds of it and not from the sounds of it, but generally the cncf and lf training and certification are changing How certifications, uh work in terms of expiration. Let me pull up the article quick um in short Certifications used to only be around for three years now. They are Shifting down to two years This is primarily done to align more with how kubernetes release and support windows work It doesn't make sense for a kubernetes certification to Be valid longer than the version itself is Also looking around the ecosystem a lot of certifications aren't actually Uh three year certifications are usually one to two So we're just kind of aligning back to where everyone else is But it's really driven by just the way release windows are Uh, of course links to all of these news articles will be in the notes afterwards Uh linkedin actually open sourced, uh an A project called open house, which is kind of a data lake manager or a data lake control plane um I'm primarily interested in this because I came from an academic background where we're having to deal with Well in research computing you're having to deal with Data lakes massive data warehouses. How do you manage that and how do you grant access to those two different researchers? um, this looks like it's taking several apache projects kind of mashing them together Adding some icing on top uh in terms of like usability and then shipping it out That sounds really good because a lot of these apache projects already kind of handle data warehousing and management Uh, haven't had time to look too much into it But I wanted to shout it out because I love seeing, you know, big companies open sourcing big projects And this looks like a really good one Speaking of projects though not big companies Uh guac is now an open ssf incubating project Uh guac is a way to both track and manage dependencies and cv es Kind of uh in the background It's using graph ql to collect and create a core able interface for all these dependencies and vulnerabilities And they have a separate component that manages to visualize the data in in my opinion a pretty meaningful way Um yeah Open ssf is a sister foundation to us and we've got pretty close ties in terms of uh contributors So I always love to see them growing out All right news down Lima up or is it lima ctl up? Uh, let's find out. I'm gonna move a keyboard and I'm gonna move my laptop and then we are gonna get started Also, this is gonna be weird because the camera's right here and I'm gonna be looking down. So sorry Can we Swap inputs Yeah, thank you Sorry All right, um Let's make sure that that is visible. So as always Oh, I am I should not be looking over here. I should be looking down. That's gonna be weird As always uh, every episode I will be writing notes and then I will put them up into The clbo github repo Just so everyone is aware previous episodes are in here Uh, Jeremy needs to get on his but other than that actually does that look good? That looks good enough I think in terms of zooming in Okay, so what even is lima? Linux virtual machines typically on mac os for running container d So here's all I know and Again, I have no problem kind of showing my ignorance at times. I always heard lima described as a way to run containers on mac os That does not need the kind of I don't want to say fat stack But the heavy weightness of docker desktop So I'm really coming into this blind by the way. I have Installed lima And like that's it Actually, let me so let's also just make sure when I brew installed. It's okay. It's the latest one. We are At v 20. Oh 20 that one. Okay So what actually is lima linux machines? Oh that makes so much sense. So is it lima? I'm gonna have to uh, so I always thought of I'm gonna have to start calling it lima now now. I'm worried As virtual machines and co lima as docker desktop But then lima added all the nice docker stuff. So you don't even really need co lima anymore interesting I had never even heard of uh Co lima Also new boa was that a final fantasy six avatar because I am going to be very very happy Anyway, so let me see tl Okay, so to run containers with container d We can just do lima nerd ctl run Okay Love it. Thank you Six is my Oh, sorry. This is a bit of a tangent. I'm sorry for those that don't know or care about final fantasy. We're a six I think six is number three for me in the series I have I have a very specific love for final fantasy four that was like I don't know that that one always fell in love with that So let's see, uh lima nerd ctl run dash dash arm hello world. Do I need nerd ctl installed as well? It doesn't look like it create default. So this is gonna assume create A new instance of a vm on here. Like I said, I have done literally nothing with this. So it still has to download stuff. Sorry Well, that's downloading Uh to run containers, uh with lima using docker with kubernetes. Okay, so lima is a way to run containers against varying backends one of which could be Docker one of them could be kubernetes and one of them could be container d. Where's the I need to learn how to read So it's launching linux vms in this case on mac os on windows theoretically Well, not theoretically I trust the course there The original goal of lima to was to promote container d including nerd ctl to mac users But it can be used for non-container applications as well It helps if I just read I really am one of those folks. It just looks for the code prompts to Copy and paste because oh look it actually says do lima ctl start Okay So it is uh downloaded it. I'm gonna ctl start default Okay, so in the background it's spinning up a queey moon image This makes a whole lot more sense Suddenly, uh luna is being quiet and there's gonna going to be a loud cat interesting Okay, so there's a gooey for lima and then lima xbar plugin to start and stop. Okay. Yeah There's co-lima. That's what you're talking about I guess one other thing I should probably do is I should probably stop docker desktop just to Lay it all on out on the table Okay, so just running lima opens a shell into the queey moon vm that was started And now if we do this It's gonna run all of this in that queey moon image This might be a short stream Oh, but we can we can run lima in docker Who cares how that works? Does it create a container and then Run things within the container via that image? Well, now i'm gonna start docker backup lima stop Oh, duh. I'm gonna ctl stop There we go So now with docker on let's see if this does what I think it does Season queey moon it's downloading an aboom 2 so it's still downloading an image file So it's still okay. So it's creating another queey moon image and it looks like it's What's this two years out of date? I probably should look for something else I'll just do lima docker. What do I get? lima itself Okay, so the idea here is you run open source docker inside the linux and Interesting. Okay. So if I kill docker desktop Okay, it's down Thank you new boo. This makes so much more sense. Okay. So lima lima will Pretty much do what docker desktop Is doing in the background So it is actually doing what I was thinking it was doing I just didn't get there In a sane way okay so when we're looking at When we're looking at these examples, okay lima nerd ctl run It's it is using container d within the queey moon image that's now running on my desk or on my laptop and then likewise This is simply saying hey Start lima or start the lima vm and make sure that it's using docker So that you can export and run docker within the lima vm i'm curious Does this then kind of run kates within the lima vm automatically My assumption is this is going to spin up a queey moon image that has kubernetes baked in or it's going to spin up a lightweight image that is then going to set up kubernetes I'm curious how it's going to do that Yep. Okay. So it's installing cubatum or kubernetes And then it's probably going to do like a cubatum in it and then expose that cluster Okay Dang I had no idea Okay, this is sick the the sheer amount of just like out of the box templates That are already on lima is pretty pretty impressive Okay, so cubatum is installed now. It's waiting for cubatum to be completed. I assume it's doing that cubatum net kubernetes via cubatum Okay So waiting for cubatum to be completed We are at this step Which presumably is Wait until there's an admin.com which means what's Mia What a ridiculous cat. I'm waiting for her to just slowly Show up probably This way There it is We're waiting for a cubatium in it to actually finish This is going to have flannel. Okay There we go So it's a single node kubernetes cluster within the vm that Tracks that makes perfect sense. I probably should have expected that because the next line that I was highlighting was Hey remove the control plane taint. Okay Oh, did I just miss her walking? Yeah, she got louder for a second. I wasn't looking at the screen here. I was looking down See the reason why I'm actually like kind of blown away by lima right now is isn't just Well, I'm blown away by the ease of like Trying to figure out how to how to phrase this If it's not obvious, I am an impatient person I try to be patient. I try to be understanding but when I'm like Learning or when I'm hacking on something. I usually want some form of instant gratification to show Like okay, I'm on the right track. What's the next step? I'm on the right track. What's the next step? this is out of the box a very clean experience But more over in the last I don't know less than five minutes we've Well, no I can clearly see How I could use lima to prepackage entire dev environments And that like yes, we can we can do that with kubernetes, but then you're trying to target Like okay, uh predominantly how many people are using, you know osx. All right. Well, then we're gonna have to Maybe use kind Or docker desktop with kubernetes built-in or case like all of these different things but then it's also I don't I don't know what i'm how i'm trying to like phrase this being able to package all of these things in in a single unified environment Is pretty Dang dope And the fact that It is extensible enough where you can just be like we're gonna use container d or we're gonna use docker We're gonna pre bake kubernetes Where was I think it was from this tab. Sorry for jumping around Let's use podman in the background. Let's make sure that it's using a specific distro Let's make sure or let's Have the environment be risk v even that Ooh We might try that in a second User netties like run make sure the environment you're messing around with is is user netties, which is rootless kubernetes and so then you can kind of validate and test against all of these different environments in a repeatable way, but again, it's clean enough where it's press button immediately see something usable in in our ecosystem that is I don't want to say it's rare, but it's Not as common as I would personally like I understand why dealing with distributed systems increases complexity But when you can actually You're all good, dude When you can actually Again press button receive that that food pellet Dopamine hit really really good. I like that sort of thing build kit You could oh, okay, so this just make sure that you could run build kit locally and then it forwarded through got it Is this like their own custom yaml file format that's another thing I want to dive into I want to see like The schema and what we could do with that cloud images a six arch Okay um Where do I want to go from here? This is This is really really cool Okay, so by default it's spinning up a four core four gig vm on here Where is the default config? Where can I? Improve that that's probably I think I saw it. Yeah, there's a dot lima directory now Okay, so it creates a folder for each Environment makes sense Is that big enough that looks big enough for people to read cool? So vm type null os null so that'll just default to q emu default to linux Default to the arch so I'm that's something I want to mess with Eventually images There we go So let's make it Let's try and have on here 16 and cpus let's say eight. Let's just double it on a wait. I'm sorry eight and Eight that would take up all the So it already reflected That this is going to be eight and eight But since I changed it I'm like should I will probably I would probably want to recreate it Oh, but I'm curious if that actually deleted the folder I feel like it would have Do I prefer calico or cilium? I can tell you me personally my home lab In the other room is running cilium uh I have always been a cilium fan a Friend of mine and I have been using cilium since 2017 Well, I should say bob was the one that was primarily pushing cilium back then but Even back then we were working in research computing space and Bob had these aspirations of a crazy like hundred gigabit per second firewall that was using ebpf and the minute that he found out cilium was Starting to use that under the hood. He went and wanted to meet all the people there What was I doing? All right Default You know that ammo grep or h e i b what Oh third so That did not do what we wanted because I'm dumb So is there a way to pass? I could look this up in the docs, but again I That's not how I roll create help Yep, so here's where you can set them set what I wanted to change in the first place. So once it's created you Can't change the config that's just storing state that is probably wrong, but I'm gonna roll with that for now cpu's for No cpu's eight memory eight I'd be curious if there is Some config option that would actually When you're starting one of these these little vms output any Deviation from the default config So in this case, all I'm really doing is creating the the vm with Additional memory and cpu and it would be nice to be like hey, you know Probably well, I would say an info message, but all of these are info messages Hey, these you know two config items are Not different from the default That's what I'm trying to say So there is the expanded vm CTL delete default. Can I just go right to delete from okay? You have to stop at first Now where what there we go? I am extremely curious about risk v risk five Lima 11 or greater Got that down Okay, so How would we use this would we just set the arch to be risk v? Yep Thank you docs Unsupported arch Arch risk v is experimental skip download Uh, does my home lab have falco by default? No, it does not Maybe one episode I will get into everything that runs on my home lab But it's kind of a hodgepodge because it's a home lab. It's how I learned I'm not exactly running production stuff on there I guess the closest production thing would be Well, I've run my unify like router config on there and that needs to generally stay up. So I guess yeah But no, I'm not running falco I have run falco in the past When bob and I did A kind of fun thing we did called honk ctl We were using falco a lot for that, but again not Not permanently on my home lab I just laugh when I google stuff and I find people that I know in the list Yeah, I'm dumb. Okay, so start template calling for as far as slash There we go And it's downloading right image. Boom. What could we do with this? I'm wondering if it would be possible and or Like I'm thinking or I'm trying to think of like ci use cases We're given A bunch of hefty boxes, but we need to cross compile things. Would this make sense? Waiting for the essential requirement. Yes ssh is essential Let's do in that. Oh, hey singularity. That's not something I expected to Come across here If that's the same thing that I think it is singularity used to be a Container image format for academics and research computing But it what I shouldn't say was like it Still exists, but I guess it's been renamed to aptaner Oh, yeah, that's that singularity. That's the same logo except it used to be an s cool Again helps if if I read all right So I kind of expected This to run slow or slower Not to say risk v is slow But emulation can be slow This does not surprise me intel on arm and arm on intel I mean So yeah slow mode. Sorry. I'm kind of just waiting for that other Terminal to complete I think we can run a vm with foreign architecture just by specifying the arch in yaml. That's q emu emulating the architecture fast mode Rosetta support Okay, but that is specific to intel containers on an arm vm makes sense. Rosetta was only meant to do that So don't try running Don't try using rosetta for what we're doing right now Okay, specify the Hey, oh And now we have a risk v machine Does that have anything on here? But it's been okay Let me ctl a list you ctl stop risk v 64 See the following flowchart to figure out what the best network is for you I do like this call out If you're connecting via local host Don't do anything because that's probably what we were expecting you to do But people do things that we don't expect you to do so here's the flowchart for how to handle that Intra okay, so the way that you can you can do You can share files or files between the q emu host and Well the q emu vm and the host and it's doing that Via sshfs That's kind of cool Don't do a whole lot with large files Performance will Not be good But that's good Also in my opinion don't do anything that requires Like sockets from the host that would also not be great That's just the default right We can we can set other things Okay. Yeah. Yeah. Yeah. So you can use 9p. You can use vert i o WSL 2 the Corsair didn't even know that Oh, that's still trying to power down Huh, well, this is gonna be fun. Okay, so according to this According to this it has stopped. It's kind of hoping there's just going to be a Quick utility to verify, but I'm going to trust lemur that it did shut down. It just didn't emit an event Yay auto completion factory reset Oh factory reset an instance of lemur. Okay. Wow, you can even Kind of flag instances so they don't get deleted This is so well thought out I could honestly see using lemur for like some home lab things I mean I could see using this for more than just home lab things, but like If you have a weird kind of If you wanted to throw something up in a very very Simple sandbox That would be super helpful and I think I saw that there was a way to get like vnc access to a lemur vm, right? So that would be useful I love I love this. I love how You can define the vm in a file that is Seemingly clean like all of this stuff makes Sense just at a glance I still want to know if there's a Kind of like a reference to the config Is this it? This might actually be it So default goes to dot lima That's where it stores public private keys. It's doing every like all communication between you and the VMs are through ssh You can set cloud in it Disk info kernel info. This is so clean Okay, so they're It doesn't download the images every time that is also very good. Oh, come on now. You're just making this too easy Oh, that's huge So use lima ctl To launch the host agent boom lima does all the prep before spinning up the queue emu Image then it kicks it off to queue emu. Hey, here's the vm. I want to do boom Boom. Oh interesting. So there's a guest agent Running on each vm. Ah, and it's just continually trying to sync network information Shell just goes out to This should be the vm, right guest os. Yep within the vm Nord ctl run into the guest os This is such a clean diagram And it's comprehensive too I may or may not have fallen in love I'm sorry. I'm not talking or I'm reading because this is I need to get back into Focusing on presenter mode But even they're like even their faq is like Really really solid like these are all questions that have Popped into my head so far. Well, most of them. I just assumed it was ssh there I knew that lima worked on arm, but hey, how does this actually work? Can I run non-aboon two things? I made the assumption that I could because I saw there were podman templates, right? Usually wouldn't run podman on a boon to Right here. We were talking about this like Jesus. Sorry. It's already kind of late, but we were talking about this in the beginning like, okay, so talker is a Target in that case. I was wrong talker was just using it within the vm queue emu issues Ah, we didn't we didn't touch rosetta and looking at the clock. I don't think we have time to I'm using rancher desktop. How do I deal with the underlying lima? All right, let's write up some notes quick What is lima? Besides being dope limit is a way Spin up. I don't even I don't even want to say lightweight. Uh q emu images Based on template, uh, we'll say open source templates That the project provide these templates can have varying architectures such as risk v 64 and tooling such as Okay, it's out of the box I think that is fair to say Great default let me see tl start default Yes, some of this is from the getting started, but we're going to get into some of the other interesting things that we did I should also note. This is kind of how uh Myself and a couple other folks will build our demos and our presentations is we'll just Do it live then go through our bash history and then sort out. What did we do? What did we not do? Okay, so that's just running kind of the getting started and also adding the Uh a way to stop that vm This to me is the super cool one also for those that, uh Don't know there is a utility. I kind of talked about it on the first episode and I'll refresh it um It's called cube ctx. Uh, it also has a different similar project called cube ns and Kns and kctx are the short kind of name for it That's just a way to quickly switch list and switch kubernetes contexts and kubernetes namespaces So that's going there kates And then where is it there we go? Yeah, this might seem kind of simple, but I'm really looking at the like Extensibility of their configs and qemu is wicked powerful as they say and This puts a much cleaner user experience around trying to spin up and manage qemu images And it does it in a way that is like cloud native and container centric I like this a lot I might try and mess with this more Offstream I am curious if there's a way to leverage this in some of the foundations Like ci pipelines. Could we offer this in a way that would benefit other projects? I don't know But I also see that it is like less than a minute till top of the hour and I need to stop rambling So Thank you all for joining. Hopefully you got something out of this. I know I certainly did And yeah, if you have any other questions or anything, please feel free to reach out Episode notes will be posted shortly and I know this will be on youtube at some point soon So Thank you See you all. Well, I won't see you all next week next week again. Jeremy will be hosting And again, he's going to be going into telepresence And then hopefully I will see some of you kube con Because you won't see me before then if you're at kube con come find me say hi We're doing the actual clash loop thing during the solution showcase kube crawl So, yeah, thank you everybody. Have a good happy thursday