This document discusses unikernels and LinuxKit as approaches to redefining the cloud stack. It describes how unikernels aim to run a single application with a single user on a single server by including only necessary dependencies. This reduces complexity compared to traditional OSes and improves security, performance and size. LinuxKit is presented as a solution that provides compatibility while aiming for efficiency. The document demonstrates unikernel creation and advantages, and shows how unikernels can help address problems through minimal layers of isolation and abstraction.
3. Cloud Stack Application Configuration
Application
Language Runtime
Shared Libraries
Docker Runtime
OS User Processes
OS Kernel
Virtual HW Drivers
Hypervisor
Hardware Drivers
Hardware
The aim is to run single Application
with a single user on a single server
22. Unikernels
Design decision: support only single process & single user
The aim is to run single Application with a single user on a single server
Protection RingsMemory Management
24. How can unikernels help
address our problems?
Application Config
Application
Language Runtime
Shared Libraries
Docker Runtime
OS User Processes
OS Kernel
Virtual HW Drivers
Hypervisor
Hardware Drivers
Hardware
Minimal layers of isolation and
abstraction
Includes only what is really
needed
Less code, fewer bugs, easy to
reason about
25. Application Binary
+ Library OS
Hypervisor
Hardware Drivers
Hardware
Application Config
Application
Language Runtime
Shared Libraries
Docker Runtime
OS User Processes
OS Kernel
Virtual HW Drivers
Hypervisor
Hardware Drivers
Hardware
26. Application Binary
+ Library OS
Hypervisor
Hardware Drivers
Hardware
Application Config
Application
Language Runtime
Shared Libraries
Docker Runtime
OS User Processes
OS Kernel
Hardware Drivers
Hardware
Hardware isolation provide
by the hypervisor
27. Unikernel advantages
• No permission checks – you can utilize 100% of your hardware
• Isolation at the virtual hardware – only ! share only hardware
• Minimal virtual machine ~1 gb in size, minimal unikernel is tiny, kb in size
• Very short boot time
• A tiny custom surface of attack, less likely to be effected by a public exploit
• Real immutable infrastructure – perfect fit to micro services architecture
29. unik build --path example-app/ --base unikernel-type --language language --provider provider-name --name image-name
unik run --instanceName instance-name –imageName image-name
UniK
UniK is an open-source tool written in Go for compiling applications into unikernels and deploying those
unikernels across a variety of cloud providers, embedded devices (IoT), as well as a developer laptop or
workstation.
32. Unik integration with kubernetes
Unikernels support was added to Kubernetes by the UniK team by adding UniK as a container
runtime to K8s - in the same way that Docker and rkt are container runtimes, UniK is now also
available as a "container" runtime for k8s.
33. Unik kubernetes architecture
unikernels
Now one can deploy a unikernel apps
alongside regular kubernetes
containerized apps.
Next integration refactor: Container
Runtime Interface (CRI) will be used.
35. Unik integration with Cloud Foundry
To provide the user with a seamless PaaS
experience, UniK is integrated as a backend
to Cloud Foundry runtime.
Next integration integration via Garden.
38. Microservices tooling: Debug
• The most primitive form of debugging, we all do it!
• However, extremely difficult to capture all state, and thus can be used only for small bugs
Won’t it be a good idea to seamlessly integrate existence debugger to leading
platforms and leverage them to debug microservices applications ?