Execution Runtime #3870
Labels
th/production-readiness
Get ready for production workloads
type/epic
Type: A higher level set of issues
Milestone
The Problem
Today we are running jobs directly under docker or wasm without abstracting the execution layer or wrapping inside a common runtime. This means for each execution engine, we need to solve the problem of accessing logs and resource allocation. We are also missing other features that we will need to implement for each, such as filesystem access, network access, monitoring for leaked executions, secrets, security, sandboxing, health checks, and more.
In addition to that, fetching inputs from storage sources (e.g. IPFS and S3) and publishing results are taking place in the bacalhau process and not within the execution containers. This opens the door for malicious neighbours and sensitive data leaking across executions on the same node.
We are also planning to introduce additional execution engines that can run python, golang and additional applications without having to package them as a docker image. We are still running those inside docker behind the scene, which is great and better than running them directly on the host, but maybe docker is not the best execution engine to adopt.
The Proposal
The proposal is to implement an execution runtime based on Firecracker or something similar, that takes care of the following:
The text was updated successfully, but these errors were encountered: