One of the major announcement last week at DockerCon 2017 was LinuxKit, a tool to create minimal and safer operating system for running your containers.
This announcement marks a new phase in the quest to redefine the the stack in the cloud, which had started with the introduction of Unikernels.
In this session we will provide a deep dive on LinuxKit, Unikernels and what they mean for the future of the cloud.
We will discuss how these approaches are Integrated with clusters management tools like kubernetes, and show a few demos.
3. Cloud Stack Application Configuration
Application
Language Runtime
Shared Libraries
Docker Runtime
OS User Processes
OS Kernel
Virtual HW Drivers
Hypervisor
Hardware Drivers
Hardware
The aim is to run single Application
with a single user on a single server
22. Unikernels
Design decision: support only single process & single user
The aim is to run single Application with a single user on a single server
Protection RingsMemory Management
24. How can unikernels help
address our problems?
Application Config
Application
Language Runtime
Shared Libraries
Docker Runtime
OS User Processes
OS Kernel
Virtual HW Drivers
Hypervisor
Hardware Drivers
Hardware
Minimal layers of isolation and
abstraction
Includes only what is really
needed
Less code, fewer bugs, easy to
reason about
25. Application Binary
+ Library OS
Hypervisor
Hardware Drivers
Hardware
Application Config
Application
Language Runtime
Shared Libraries
Docker Runtime
OS User Processes
OS Kernel
Virtual HW Drivers
Hypervisor
Hardware Drivers
Hardware
26. Application Binary
+ Library OS
Hypervisor
Hardware Drivers
Hardware
Application Config
Application
Language Runtime
Shared Libraries
Docker Runtime
OS User Processes
OS Kernel
Hardware Drivers
Hardware
Hardware isolation provide
by the hypervisor
27. Unikernel advantages
• No permission checks – you can utilize 100% of your hardware
• Isolation at the virtual hardware – only ! share only hardware
• Minimal virtual machine ~1 gb in size, minimal unikernel is tiny, kb in size
• Very short boot time
• A tiny custom surface of attack, less likely to be effected by a public exploit
• Real immutable infrastructure – perfect fit to micro services architecture
29. unik build --path example-app/ --base unikernel-type --language language --provider provider-name --name image-name
unik run --instanceName instance-name –imageName image-name
UniK
UniK is an open-source tool written in Go for compiling applications into unikernels and deploying those
unikernels across a variety of cloud providers, embedded devices (IoT), as well as a developer laptop or
workstation.
32. Unik integration with kubernetes
Unikernels support was added to Kubernetes by the UniK team by adding UniK as a container
runtime to K8s - in the same way that Docker and rkt are container runtimes, UniK is now also
available as a "container" runtime for k8s.
33. Unik kubernetes architecture
unikernels
Now one can deploy a unikernel apps
alongside regular kubernetes
containerized apps.
Next integration refactor: Container
Runtime Interface (CRI) will be used.
35. Unik integration with Cloud Foundry
To provide the user with a seamless PaaS
experience, UniK is integrated as a backend
to Cloud Foundry runtime.
Next integration integration via Garden.
38. Microservices tooling: Debug
• The most primitive form of debugging, we all do it!
• However, extremely difficult to capture all state, and thus can be used only for small bugs
Won’t it be a good idea to seamlessly integrate existence debugger to leading
platforms and leverage them to debug microservices applications ?