This document contains the slides from a presentation by Lee Calcote on UniK, an open source tool for building and deploying unikernels. UniK allows developers to compile applications written in languages like Java, C++, Python and Go directly into small, secure virtual machines called unikernels. It supports deploying unikernels on various cloud platforms and virtualization technologies. The presentation covers what unikernels are, the UniK tool, its architecture and components, and demonstrates how to use UniK to build and deploy a sample application as a unikernel.

1. UniK: Unikernel
Compiler and
Runtime
http://calcotestudios.com/talks
Lee Calcote
March 5th, 2017

2. http://calcotestudios.com/talks
Lee Calcote
linkedin.com/in/leecalcote
@lcalcote
blog.gingergeek.com
lee@calcotestudios.com
clouds, containers, infrastructure,
applications and their management

3. Show of Hands

4. Project
Container Network Performance Tool
@lcalcote
Contact for early access. Learn more -
https://github.com/solarwinds/containers
Preview

5. Project
Container Network
Performance Tool
@lcalcote
Cluster visibility -
See container network flows (current
bandwidth and direction) across
Kubernetes and Docker Swarm nodes.
Bandwidth test -
Test throughput (performance) of each
type of container network (compare
network drivers).
Choose wisely -
Be aware of the cost of overlay
convenience.
Avoid MAC address overload in underlays.
Preview

6. Hello. I'm new.

7. We hold these truths to be self-evident:
bare metal
AND
virtual machines
AND
containers
AND
unikernels
AND
functions
the future is AND not OR
@lcalcote

8. bare metalvirtual machinescontainersunikernelsfunctionsno one cares about
they care about the application
infrastructure
@lcalcote

9. Current Challenges

10. Fat systems
Application Configuration
Application Binary
Language Runtime
Shared Library
Docker Runtime
OS User Processes
OS Kernel
Virtual Hardware Drivers
Hypervisor
Hardware Drivers
Hardware
Application
Inefficient
Long startup times.
Designed for many users, running
many processes.
Hardware has evolved.
Package managers pull in many
unneeded packages.
Decades of backwards
compatibility.

11. Very large attack surface a huge kernel code base.
Lots of unused applications, services and drivers lying around.
by Russell Pavlicek (free ebook)Unikernels
Security
Other Issues
@lcalcote
Lee Calcote and Idit Levine
How Unikernels Can Better Defend against DDoS Attacks

12. The Promise

13. What is a Unikernel?
A library operating system
application
openGL
gtk iconv
libgmp libz
libstd++libgcclibc
kernel
libtls
application
a way of cross-compiling (existing) applications down
to very small, lightweight, secure virtual machine
@lcalcote

14. Unikernel Landscape
Language Specific
HalVM - - (Haskell)
MirageOS - - (OCamel)
LING - - (Erlang)
Runtime.js - - (Javascript)
IncludeOS - - (C++)
Clive - - (Go)
General
OSv
Rumprun
Drawbridge
Projects / Tools
ClickOS - - (NFV)
Jitsu - - (DNS)
Unik - - (Build, Deploy)
unikernel.org
@lcalcote

15. Security
No multi-user support
no passwords and authorization info lying around
Many attack vectors closed - simply not present.
only use libraries specific to your application
produce a single process, single address space image
Security be default - not necassarily policy that will be
defined later
@lcalcote

16. Microservices are (intended to be) small, self-contained, single-
purpose applications.
Unikernels cannot handle multiple processes,
so forking is not allowed.
Unikernels can handle threads.
Are single user, but who needs multiple users?
Can statically link data into application.
Immutable infrastructure
(enforced)
@lcalcote

17. $avings
Access to a high-end system for a fraction of second
Increase speed - smaller artifacts, which boot faster
(microseconds)
Target multiple platforms from a single code base
@lcalcote

19. Purpose
A tool for simplifying compilation and deployment of
unikernels.
Akin to how Docker builds and deploys containers.
Automates compilation of popular languages (C/C++,
Golang, Java, Node.js. Python) into unikernels.
Deploys unikernels as virtual machines on many
virtualization platforms.
Incorporates work from a number of unikernel projects.
A young project (~9 months old from announcement)
@lcalcote

20. Stewarded by these fine folks
http://project-unik.io
@uvgroovy @ilackarms
@Idit_Levine
https://github.com/emc-advanced-dev/unik
@ProjectUniK
@lcalcote

21. Compilers
Java
OCaml
C++
Python, Node.js
and Go
OSv
MirageOS
IncludeOS
Rump
3 Major Components
Providers
Virtualbox
AWS
Google Cloud
vSphere
QEMU
UKVM
Xen
OpenStack
Photon Controller
API Server
daemon
@lcalcote

22. UniK Hub
a community exchange
Currently:
Cloud-hosted
S3-backed
May be run on-premises
@lcalcote

23. Integrations
Processor Architectures
@lcalcote

24. Use Docker API to run Unikernels
@lcalcote

25. Use Unik as a CloudFoundry
runtime
@lcalcote

26. Use Unik as a Kubernetes
runtime
$ kubectl run nginx --image=nginx:AWS --namespace=unik --replicas=3
multiple container runtimes AND unikernels
docker, rkt and unik
@lcalcote

27. Walk-through

28. Getting Started
1. git clone
2. make
3. unik
@lcalcote

29. setup
providers:
aws:
- name: aws
region: us-east-1
zone: us-east-1a
gcloud: []
vsphere: []
virtualbox:
- name: unik-vbox
adapter_name: vboxnet0
adapter_type: host_only
qemu: []
photon: []
xen: []
openstack: []
ukvm: []
version: ""
unik configure
~/.unik/daemon-config.yaml
unik daemon
api server
familiarize w/unik
@lcalcote

30. Developer Workflow
a familiar treadmill
1. Code app per usual
2. Test and debug app
3. Deploy
4. Logs
unik build --name go-calcote --path ./ --base rump --language go --provider virtualbox
unik run --instanceName=scale15x --imageName=go-calcote
fmt.Fprintf(w, "<img src='http://calcotestudios.com/talks/img/unik.jpg' />")
fmt.Fprintf(w, "<p /> My first unikernel!")
unik logs --instanceName=scale15x
@lcalcote

31. Lee Calcote
linkedin.com/in/leecalcote
@lcalcote
blog.gingergeek.com
lee@calcotestudios.com
Thank you.
Questions?
clouds, containers, infrastructure,
applications and their management
http://calcotestudios.com/ talks