Thank you for the kind words my friend. I enjoyed contributing to TinyKVM during my time at Varnish Software. It is nice to see that you are able to present and share it with the community.
TinyKVM is certainly technology that in itself is rather groundbreaking, but it is obviously even more powerful in the context of request handling at lightning speed. But you are right it could be used for other things.
Would you have read this if neither Deno, Varnish or TinyKVM would have been in the title? ;)
But we hear you. Will put a page on our website and should probably consider seeing up a community site as well as it is indeed, grabbing some attention.
In case anyone from Varnish is around, possibly even the author himself: Last time we discussed TinyKVM here, I wanted to know[0] whether it could possibly be used as an OCI container runtime and what capabilities it would need? Background: I would like to use it as a runtime in order to allow for nesting containers in my CI pipelines, which is difficult with standard OCI runtimes like runc/crun without granting them privileges or at least additional capabilities that AppArmor is not happy about. Anyway, I'd still be very much interested in an answer! :)
As I understand it TinyKVM is so fast because it does not run a full Linux guest but rather a thin layer with just enough syscall compatibility to run single threaded Linux static binaries.
Sorry for not replying. But good to see you got your answer in the end.
Tip, Although not entirely what you asked, but related: what about using more caving in your CI/CD Pipeline. Customers see incredible time savings when using Varnish on that context (mostly with Enterprise w/MSE4 as you will need a massive cache, but it can be useful even with Varnish Cache grounding on your pipeline and workflow). If you are interested, read more here: https://www.varnish-software.com/solutions/data-ai-accelerat...
Well, almost. Even outside that above usecase I'd still be interested in the capabilities TinyKVM needs and its overall security model & properties! There are far too many Github projects out there these days that claim to do sandboxing and for an outsider it's very difficult to compare them security-wise.
> what about using more caving in your CI/CD Pipeline.
The caching itself is not the issue. We already heavily cache image layers when building container images. The issue (one of them) is that on our platform AppArmor prevents containers from mounting anything, including overlayfs file systems. The latter, however, are needed for Docker/Podman to do proper image layering. The only non-mount alternative I'm aware of, Kaniko, avoids overlayfs but at the cost of severe I/O and performance impact
AFAIU this is because it manually detects changes in a given image layer by walking the directory tree. See also https://github.com/GoogleContainerTools/kaniko/issues/875
Thanks, I've come across sysbox before. But it seems it's become relatively quiet since it's gotten acquired by Docker? Moreover, I've yet to hear of anyone who has been using it in production.
Nowadays I almost have zero intersection with Varnish - my own impression it was much more popular like 10 years ago or even more.
I know couple of frameworks/systems support it, especially in php world.
Looks like that it's lost in layers - dev guys don't care much, sysadmins are sort of extincted, noone to bother to add Varnish into request processing queue. Needless to say, people ok HN even complain on Nginx configs,while for base caching it's much simpler, from my perspective.
I had to scale a high profile Wordpress site during the pandemic. It got huge spikes daily during a press conference. It got 150k hits per second.
Apart from moving it from windows to Linux, I put it in front of varnish and spent a few hours tweaking the config to make sure everything still worked. It was my first time using varnish so it took longer.
Indeed, that's one of the most popular cases and I even used it myself couple of times.
Though when frontend devs cannot explain which CORS headers and for which origins they do need (again, I'm sysasmin, not even daily reader of Mozilla Developer Network), chances for server/infra level like Varnish to be mentioned is close to 0. With higher chances k8s cluster introduction to be mentioned.
I borderline love Varnish cache, but the way the open source and commercial versions have diverged and all the nice features only go into the $10k/yr+ commercial version sucks.
Features like the memory governer [0], because trying to predict how much memory (open-source) Varnish will use is an absolute PITA and a sure-fire way to run out of memory if you're not careful.
My clients can't justify the commercial license costs (as a sibling comment says, CDNs eat Varnish's lunch in that market) and yet what I can do with Varnish and the power it gives me makes it real magic.
It would be nice to see a modern reimplementation of Varnish, open-sourced, but I doubt that would ever happen.
I do owe you an email reply on that. I haven't forgotten that, just so you know.
But yes, Varnish Cache is not exactly what you would call Cloud Native.
Varnish Software have launched Pro currently on AWS only at a much lower price point, but it is still somewhat limited. I think that a Free-tier providing some of the goodies you mention would also cover much of what's needed for today's workloads including better memory management, in-core TLS and a better developer experience by having much better K8s support. Much of this could and should go into Varnish Cache, but that is a longer road as the project as such has a different focus than we do.
Varnish is amazing. Nowadays people blow up projects with kubernetes, JS frameworks, million other tools, while the same can be achieved with varnish+nginx with much less efforts.
Don't forget all those interconnected microservices, so that every request has to be handled by dozens of machines with lots of json flying everywhere eating up CPU time that could have been spent actually carrying out the business logic instead.
It competes with CDNs, is the problem- once you use one, they take care of the caching, and you don't need to run your own. People with global customers need a CDN, and they're to cheap to build your own.
Thank you for the kind words my friend. I enjoyed contributing to TinyKVM during my time at Varnish Software. It is nice to see that you are able to present and share it with the community.