2025-10-16 (Thursday)

[AkihiroSuda]

How to join

• Date: 2025-10-16 (Thursday) 05:30 UTC (Wednesday 22:30 PDT, 07:30 CEST, 11:00 IST, 14:30 JST) - 06:30
• Zoom link: https://zoom-lfx.platform.linuxfoundation.org/meetings/lima

The meetings are open to anyone, not just for maintainers and contributors.

Attendees

@AkihiroSuda @songponssw @unsuman @jandubois @afbjorklund @abiosoft @dharsanb

Agenda

Note taker: @AkihiroSuda

• 🎉 Promoted from CNCF Sandbox to Incubating [Incubation] Lima Incubation Application cncf/toc#1348 (comment) -- @AkihiroSuda

  • More resources available from CNCF for Incubating projects. e.g., maintainers' slot at future KubeCon events -- @AkihiroSuda

• Lima 2.0 release status

  • Mostly complete after merging all the existing PRs, with exceptions for port forwarding stuffs -- @AkihiroSuda
  • Beta after merging the krunkit PR, RC before the end of the month, GA before KubeCon -- @AkihiroSuda

• KubeCon (Atlanta, Nov 10-13)

  • Pavilion: Nov 13, Thursday 10:15 AM - 2:00 PM
    • Just visit and say hi. Any help is appreciated. -- @AkihiroSuda

• (Feel free to suggest more agenda in the comment form)

krunkit driver

• [WIP]: Support for libkrun using krunkit #4137
  • Network shouldn't depend on socket_vmnet (sudo) by default. Just same as VZ. -- @AkihiroSuda
  • Should be merged after confirming the functionality of the basic features. Just supporting the --plain mode might be enough for unblocking Beta -- @AkihiroSuda
  • Filesystem? -- @AkihiroSuda
    • virtiofs should work -- @unsuman
  • How to check GPU functionality? -- @unsuman
    • Just checking ollama performance might be enough -- @AkihiroSuda

Port forwarding

SSH vs gRPC

• GRPC port forwarding still has issues #3944
  • Details are unknown; not actionable -- @AkihiroSuda
• Revisit the default port forwarder for Lima v2.0 #4074
  • SSH is now faster than gRPC when vsock is available, can we change the default to SSH again for TCP?
    gRPC can be still enabled by default for UDP. -- @AkihiroSuda
  • Switch back to SSH only when ssh-over-vsock is available? -- @jandubois
    • No, just unconditionally switch back to SSH for TCP, to avoid sense of "non-deterministic" behavior. -- @AkihiroSuda
  • Sacrifices the throughput for QEMU. On Linux hosts, vsock mode should be implemented for QEMU too. On macOS hosts, vz should be recommended for better throughput -- @AkihiroSuda

vzNAT

• Use the VM’s IP address on the same subnet as the host OS. #4175
  • CI is still failing, but soon mergeable? -- @AkihiroSuda
  • Not a blocker for v2.0 -- @AkihiroSuda
  • Maybe have an env var if we are not sure whether this can be safely enabled by default for vzNAT -- @jandubois

Nullify default 127.0.0.1

• Review default portforwarding rules #4193
• Two different issues:
  • Question 1. Should the default forwarding rule (to 127.0.0.1) change?
    • Just keep the current behavior -- @AkihiroSuda
    • If we change the behavior, will it be a breaking change? -- @AkihiroSuda
      • No -- @AkihiroSuda
  • Question 2. Should we fix the weird matching of guestIP: 0.0.0.0?
    • "Option 2: Incompatible change" sounds good -- @AkihiroSuda

Postpone to v2.1+

• Feature suggestion: labels for VMs and disks (and networks) #3240
• Add limactl shell --sync-host-workdir (prevents AI agents from breaking the host files) #3711
• Decouple diffdisk (misnomer) from basedisk #4206
  • Not visible to most users and do not care, also hard to review, postpone to v2.1 -- @jandubois @afbjorklund
• Cache should convert to RAW when needed #4056
• downloader: CacheKey: include decompression flag #4067
• Fix hostresolver setting for VZ, but disable it by default #4090
• guestagent binaries are too huge (k8s.io deps should be replaced with exec("kubectl")?) #3237
• guestagent: k8s: use kubectl instead of client-go #4120
  • Not visible to users -- @jandubois
• templates: k8s: support multi-node cluster #4136

Probably safe to have in v2.0 but not a blocker

• autostart: Ensure instance is started/stopped by launchd or systemctl #4139
• add filter option to list command #4187
  • Disputed on the "Bobby Tables" issue, if escaping is not going to be done here, it has to be clearly documented at least -- @AkihiroSuda
• Remove deprecated Opts from limayaml #4176
• Use the VM’s IP address on the same subnet as the host OS. #4175

Tasks

• Finish krunkit (--plain is enough) (@unsuman )
• Implement SSH+gRPC dual port forwarder (@AkihiroSuda)
• Fix the weird matching of guestIP: 0.0.0.0? (@jandubois)
• Review PRs targeted for v2.0 (@lima-vm/maintainers)
• Schedule the next meeting (@AkihiroSuda)

Next meeting

• 2025-11-20 (Thursday)
  • Also have another meeting after Beta, before GA
  • Beta around 2025-10-29 or 2025-10-30
  • Meeting around 2025-10-30 to avoid Friday

[AkihiroSuda]

AI-generated meeting note

Quick Recap

The team discussed the promotion of their project to CNCF Incubator status and reviewed progress on Lima version 2, including feature completion status and remaining PRs that need review and merging. They addressed various technical implementations including port routing, SSH and gRPC forwarding mechanisms, and GPU access checks, while also discussing performance benchmarks and protocol choices. The team concluded by prioritizing features for the 2.0 release, scheduling a beta release for October 29th, and reviewing several pull requests for merging, with some discussions deferred to version 2.1.

Next Steps

• Ansuman to implement G-Visor network stack and check GPU access in VM by next week
• Jan to review the PR for stress disk
• Jan to review the PR for preserve environment variables
• Jan to implement the breaking change for port forwarding behavior
• Jan to review the documentation changes PRs
• Team to merge the Ubuntu 20.10 PR making it the default Ubuntu
• Team to merge the PR for QEmu with TCC fallback
• Team to merge the PR to hide SSH address from Lima CTL list
• Team to prepare for beta release by October 29th or 30th
• Team to schedule next meeting after beta release
• Team to review and merge pending PRs for version 2.0 before the end of October

Summary

Project Promotion and Lima Updates:
The team discussed the promotion of their project to CNCF Incubator status and the progress of Lima version 2, which is nearly feature-complete after merging existing PRs. They addressed the need to review and merge remaining PRs, including decisions on default port routing and the implementation of SSH and gRPC forwarding mechanisms. Ansuman mentioned plans to implement GPU access checks for VMs, expecting completion by next week, and the team discussed potential issues with gRPC port forwarding that may require reverting to SSH for better performance and stability.

Protocol Choices and Version Planning:
Akihiro and Jan discussed the use of SSH and gRPC for different protocols, agreeing to use SSH for TCP and gRPC for UDP. They considered switching to VSOC but decided against it due to complexity and nondeterministic behavior. The team also discussed performance benchmarks and the possibility of supporting pre-SOC QEMU on Linux hosts. They decided to keep the current behavior for port forwarding and considered implementing a new environment variable for testing. Akihiro proposed making an incompatible change to the version number, which Jan agreed to implement. They also discussed future plans for version 2.0, including labels for VMs, disks, and networks, as well as implementing GMACT air share using rsync.

2.0 Release Prioritization Discussion:
The team discussed prioritization for the 2.0 release, deciding to postpone several non-user-visible features including base disk diff-disk functionality, caching improvements, and quota-related changes to version 2.1. Jan emphasized the need to focus on user-visible pieces with only 32 days until the end of October, while Akihiro and Anders agreed these features were not blocked for 2.0. The team also reviewed several PRs that were ready for review, including stress risk and preserve env changes, which Jan committed to reviewing when time permitted.

Pull Request Review and Merges:
The team discussed several pull requests and their review status. They agreed to merge PRs for Terra, Autostatwork, and a template update. Akihiro presented a PR for SSH page splitting, which Jan approved. They also reviewed a PR for Ubuntu 20.10, which Akihiro confirmed was already set as the default. The team debated a PR for TCC behavior on macOS, noting the complexity of implementing similar functionality. Abiola raised concerns about potential security issues with environment variable access, but Jan argued that the responsibility lies with the caller to sanitize input. The team decided to postpone further discussion on this topic to version 2.1. They also briefly touched on a PR for hiding SSH addresses and a port forwarding mechanism using BZNAT.

PR Merge and Release Planning:
The team discussed merging a PR that removes children's CNY and uses the CNI program bundled with narrow CTA, noting that it requires restarting CI with prorate settings. Songpon raised questions about the VM IP address implementation in Lima version 2, and Akihiro clarified that the PR exposes the tester IP on the same subnet as the host, which should resolve Songpon's issue. Jan suggested scheduling a beta release for October 29th and a follow-up meeting on October 30th to discuss requirements for the GA version.

[AkihiroSuda]

Corrections

Jan to review the PR for stress disk

stress disk → basedisk and diffdisk?
We agreed to postpone this to v2.1:

• Decouple diffdisk (misnomer) from basedisk #4206

TCC

→ TCG

Lima CTL list

→ limactl list

They considered switching to VSOC but decided against it due to complexity and nondeterministic behavior.

VSOC → VSOCK.
We did not decide against defaulting to SSH with VSOCK when VSOCK is available.
We decided against dynamically changing the forwarder to gRPC when VSOCK is unavailable.

pre-SOC

→ VSOCK

implementing GMACT air share using rsync.

Garbled, but seems about:

• Add limactl shell --sync-host-workdir (prevents AI agents from breaking the host files) #3711

quota-related changes

I don't think we discussed this.

They agreed to merge PRs for Terra, Autostatwork, and a template update.

What is "Terra"? "Autostatwork" ?

Abiola raised concerns about potential security issues with environment variable access, but Jan argued that the responsibility lies with the caller to sanitize input.

This concern was raised by me, not by Abiola.

BZNAT

→ VZNAT

The team discussed merging a PR that removes children's CNY and uses the CNI program bundled with narrow CTA, noting that it requires restarting CI with prorate settings.

What is "children's CNY" ? "CTA" ? "prorate settings" ?

tester IP

?