Motivation
CubeSandbox currently relies on ext4 for Rootfs and Guest OS images. However, ext4 is not the most efficient choice for read-only, high-density AI sandbox environments. It leads to larger image sizes and suboptimal IO performance during massive concurrent cold starts.
Proposed Solution
Support EROFS (Enhanced Read-Only File System) as a modern alternative to ext4 to achieve:
- Reduced Image Size: Leverage transparent compression (LZ4) to significantly cut down distribution bandwidth and storage overhead.
- Performance Optimization: Faster metadata lookups and lower IO latency during high-concurrency cold starts.
- Native Integrity: A natively immutable filesystem that provides better security for read-only Rootfs.
Proposed Implementation
- CubeMaster: Integrate
mkfs.erofs into the image building pipeline and update metadata to support EROFS media type.
- Cubelet: Remove the hardcoded block for EROFS and support dynamic
FsType for pmem devices.
- CubeShim: Allow
rootfstype=erofs in the VM boot configuration.
Additional Context
This alignment follows industry best practices for container runtimes, similar to the work being done in Kata Containers: kata-containers/pull/13019.
The NVIDIA images go down from 1.2GB to less than 500MB.
Motivation
CubeSandbox currently relies on
ext4for Rootfs and Guest OS images. However,ext4is not the most efficient choice for read-only, high-density AI sandbox environments. It leads to larger image sizes and suboptimal IO performance during massive concurrent cold starts.Proposed Solution
Support EROFS (Enhanced Read-Only File System) as a modern alternative to
ext4to achieve:Proposed Implementation
mkfs.erofsinto the image building pipeline and update metadata to support EROFS media type.FsTypefor pmem devices.rootfstype=erofsin the VM boot configuration.Additional Context
This alignment follows industry best practices for container runtimes, similar to the work being done in Kata Containers: kata-containers/pull/13019.