Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Unikernels: When you should and when you shouldn't

Amir
October 06, 2016

Unikernels: When you should and when you shouldn't

Talk at LinuxCon 2016 (both in Toronto and Berlin)

Amir

October 06, 2016
Tweet

More Decks by Amir

Other Decks in Technology

Transcript

  1. Unikernels!
 When you should and when you shouldn’t ContainerCon EU

    6 Oct 2016 @amirmc Amir Chaudhry … on behalf of many others!
  2. About me @amirmc Work at Docker
 … in Cambridge, UK

    I have more hair on my face since this pic
  3. …is an application … … on top of an Operating

    System. Software today… @amirmc
  4. Complexity is the enemy… More pieces -> tricky config Duplication

    -> inefficiency Large sizes -> long boot times More stuff -> larger attack surface @amirmc
  5. BUILD Developer Workflows SHIP Registry Services RUN Management Docker for

    Mac and Docker Trusted Registry Docker Universal Control Plane Docker Cloud Docker Container Engine Ecosystem Plugins and Integrations Docker Containers as a Service Platform
  6. An extreme view? Disentangle applications from the OS Break up

    OS functionality into modular components Link only the system functionality your app needs Target alternative platforms from a single codebase @amirmc
  7. An extreme view? Disentangle applications from the OS Break up

    OS functionality into modular components Link only the system functionality your app needs Target alternative platforms from a single codebase Unikernels! @amirmc
  8. Unikernels Model is “Just enough OS” for your specific app.

    https://en.wikipedia.org/wiki/Unikernel @amirmc Using a modular stack, every application is compiled into its own specialised OS, targeted for the cloud or embedded devices
  9. Continuum Disentangle applications from the OS Break up OS functionality

    into modular components Link only the system functionality your app needs Target alternative platforms from a single codebase @amirmc
  10. • LING • MirageOS • OSv • Rumprun • runtime.js

    • ClickOS • Clive • Drawbridge • HaLVM • IncludeOS @amirmc Unikernels
  11. • Build and run an app in a Linux container

    • Retarget app for ARM backend • Deploy artefact onto an ARM device @amirmc
  12. • Built and ran an app in a Linux container!

    • Retargeted app for ARM backend! • Deployed artefact onto an ARM device! @amirmc
  13. 8.2MB
 Unikernel 102 kloc 2560
 kloc ~200MB
 Full OS Contains

    everything
 No extra stuff! Much smaller attack surface
  14. 8.2MB
 Unikernel 102 kloc 2560
 kloc ~200MB
 Full OS Contains

    everything
 No extra stuff! Much smaller attack surface
  15. Unikernel Recap • Highly specialised • Continuum with containers •

    Robust deployments • Everything’s a library! @amirmc
  16. Software today… …is complex! @amirmc … but it depends. Complexity

    is relative
 (kind of) Complexity is the enemy…
  17. • Single ‘service’ • Distributed system • Independent deployment •

    Diversity of tech choices Unikernel Properties Microservices @amirmc
  18. “Hands on” Are you a mechanic? “Works out of the

    box” Seeking convenience? @amirmc