Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

UniK - a unikernel compiler and runtime


Published on

Presented at Scale 15x, March, 2017

Published in: Software
  • Be the first to comment

UniK - a unikernel compiler and runtime

  1. 1. UniK: Unikernel Compiler and Runtime Lee Calcote March 5th, 2017
  2. 2. Lee Calcote @lcalcote clouds, containers, infrastructure, applications  and their management
  3. 3. Show of Hands
  4. 4. Project Container Network Performance Tool @lcalcote Contact for early access. Learn more - Preview
  5. 5. Project Container Network Performance Tool @lcalcote Cluster visibility - See container network flows (current bandwidth and direction) across Kubernetes and Docker Swarm nodes. Bandwidth test - Test throughput (performance) of each type of container network (compare network drivers). Choose wisely - Be aware of the cost of overlay convenience. Avoid MAC address overload in underlays. Preview
  6. 6. Hello. I'm new.
  7. 7. We hold these truths to be self-evident:   bare metal      AND           virtual machines                AND                     containers                          AND                               unikernels                                    AND                                         functions the future is AND not OR @lcalcote
  8. 8. bare metalvirtual machinescontainersunikernelsfunctionsno one cares about  they care about the application infrastructure @lcalcote
  9. 9. Current Challenges
  10. 10. Fat systems Application Configuration Application Binary Language Runtime Shared Library Docker Runtime OS User Processes OS Kernel Virtual Hardware Drivers Hypervisor Hardware Drivers Hardware Application Inefficient Long startup times.   Designed for many users, running many processes.   Hardware has evolved.   Package managers pull in many unneeded packages.   Decades of backwards compatibility.
  11. 11. Very large attack surface a  huge kernel code base. Lots of unused applications, services and drivers lying around. by Russell Pavlicek (free ebook)Unikernels Security Other Issues @lcalcote Lee Calcote and Idit Levine How Unikernels Can Better Defend against DDoS Attacks
  12. 12. The Promise
  13. 13. What is a Unikernel? A library operating system application openGL gtk iconv libgmp libz libstd++libgcclibc kernel libtls application a way of cross-compiling (existing) applications down to very small, lightweight, secure virtual machine @lcalcote
  14. 14. Unikernel Landscape Language Specific HalVM - - (Haskell) MirageOS -  - (OCamel) LING - - (Erlang)  Runtime.js - - (Javascript) IncludeOS - - (C++) Clive - -  (Go) General OSv  Rumprun  Drawbridge Projects / Tools ClickOS - - (NFV) Jitsu - - (DNS) Unik - - (Build, Deploy) @lcalcote
  15. 15. Security No multi-user support no passwords and authorization info lying around   Many attack vectors closed - simply not present. only use libraries specific to your application produce a single process, single address space image   Security be default - not necassarily policy that will be defined later @lcalcote
  16. 16. Microservices are (intended to be) small, self-contained, single- purpose applications.   Unikernels cannot handle multiple processes, so forking is not allowed. Unikernels can handle threads. Are single user, but who needs multiple users?   Can statically link data into application. Immutable infrastructure (enforced) @lcalcote
  17. 17. $avings Access to a high-end system for a fraction of second   Increase speed - smaller artifacts, which boot faster (microseconds)   Target multiple platforms from a single code base   @lcalcote
  18. 18. Purpose A tool for simplifying compilation and deployment of unikernels.   Akin to how Docker builds and deploys containers.   Automates compilation of popular languages (C/C++, Golang, Java, Node.js. Python) into unikernels.   Deploys unikernels as virtual machines on many virtualization platforms.   Incorporates work from a number of unikernel projects.   A young project (~9 months old from announcement) @lcalcote
  19. 19. Stewarded by these fine folks @uvgroovy @ilackarms @Idit_Levine @ProjectUniK @lcalcote
  20. 20. Compilers Java OCaml C++ Python, Node.js and Go OSv MirageOS IncludeOS Rump 3 Major Components Providers Virtualbox AWS Google Cloud vSphere QEMU UKVM Xen OpenStack Photon Controller API Server daemon @lcalcote
  21. 21. UniK Hub a community exchange   Currently: Cloud-hosted S3-backed May be run on-premises @lcalcote
  22. 22. Integrations Processor Architectures @lcalcote
  23. 23. Use Docker API to run Unikernels  @lcalcote
  24. 24. Use Unik as a CloudFoundry runtime @lcalcote
  25. 25. Use Unik as a Kubernetes runtime $ kubectl run nginx --image=nginx:AWS --namespace=unik --replicas=3 multiple container runtimes AND unikernels docker, rkt and unik @lcalcote
  26. 26. Walk-through
  27. 27. Getting Started 1. git clone 2. make 3. unik @lcalcote
  28. 28. setup providers: aws: - name: aws region: us-east-1 zone: us-east-1a gcloud: [] vsphere: [] virtualbox: - name: unik-vbox adapter_name: vboxnet0 adapter_type: host_only qemu: [] photon: [] xen: [] openstack: [] ukvm: [] version: "" unik configure ~/.unik/daemon-config.yaml unik daemon api server familiarize w/unik @lcalcote
  29. 29. Developer Workflow a familiar treadmill 1. Code app per usual   2. Test and debug app   3. Deploy   4. Logs unik build --name go-calcote --path ./ --base rump --language go --provider virtualbox unik run --instanceName=scale15x --imageName=go-calcote fmt.Fprintf(w, "<img src='' />") fmt.Fprintf(w, "<p /> My first unikernel!") unik logs --instanceName=scale15x @lcalcote
  30. 30. Lee Calcote @lcalcote Thank you. Questions? clouds, containers, infrastructure, applications  and their management talks