Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Unikernels: When you should and when you shouldn't

A93b8ed15efe8a33d4045befbed219c2?s=47 Amir
October 06, 2016

Unikernels: When you should and when you shouldn't

Talk at LinuxCon 2016 (both in Toronto and Berlin)

A93b8ed15efe8a33d4045befbed219c2?s=128

Amir

October 06, 2016
Tweet

Transcript

  1. Unikernels!
 When you should and when you shouldn’t ContainerCon EU

    6 Oct 2016 @amirmc Amir Chaudhry … on behalf of many others!
  2. About me @amirmc Work at Docker
 … in Cambridge, UK

    I have more hair on my face since this pic
  3. Software today… @amirmc

  4. …is an application … Software today… @amirmc

  5. …is an application … … on top of an Operating

    System. Software today… @amirmc
  6. Software today… @amirmc

  7. Software today… @amirmc

  8. Code you care about Code the OS insists you need

    @amirmc
  9. Code you care about Code the OS insists you need

    @amirmc
  10. Software today… … is built locally… @amirmc

  11. Software today… … is built locally… … but deployed remotely…

    @amirmc
  12. Software today… … is built locally… … but deployed remotely…

    @amirmc … very remotely.
  13. Software today… @amirmc

  14. Software today… …is complex! Even though most apps
 are single-purpose

    @amirmc
  15. Complexity is the enemy… More pieces -> tricky config Duplication

    -> inefficiency Large sizes -> long boot times More stuff -> larger attack surface @amirmc
  16. Things are getting easier

  17. BUILD Developer Workflows SHIP Registry Services RUN Management Docker for

    Mac and Docker Trusted Registry Docker Universal Control Plane Docker Cloud Docker Container Engine Ecosystem Plugins and Integrations Docker Containers as a Service Platform
  18. An extreme view? Disentangle applications from the OS Break up

    OS functionality into modular components Link only the system functionality your app needs Target alternative platforms from a single codebase @amirmc
  19. An extreme view? Disentangle applications from the OS Break up

    OS functionality into modular components Link only the system functionality your app needs Target alternative platforms from a single codebase Unikernels! @amirmc
  20. Unikernels Model is “Just enough OS” for your specific app.

    https://en.wikipedia.org/wiki/Unikernel @amirmc Using a modular stack, every application is compiled into its own specialised OS, targeted for the cloud or embedded devices
  21. “Unikernels and Docker?”

  22. Continuum Disentangle applications from the OS Break up OS functionality

    into modular components Link only the system functionality your app needs Target alternative platforms from a single codebase @amirmc
  23. • LING • MirageOS • OSv • Rumprun • runtime.js

    • ClickOS • Clive • Drawbridge • HaLVM • IncludeOS @amirmc Unikernels
  24. Two broad approaches Consider legacy @amirmc Clean Slate Unikernels

  25. Two broad approaches Consider legacy @amirmc Clean Slate Unikernels

  26. Two broad approaches @amirmc Clean Slate Unikernels

  27. MirageOS

  28. MirageOS unikernel } @amirmc

  29. MirageOS @amirmc Target different environments

  30. MirageOS @amirmc

  31. unikernel } MirageOS Familiar development cycle Broad deployment scenarios @amirmc

  32. unikernel } MirageOS Familiar development cycle Broad deployment scenarios Target

    different environments Your usual tools @amirmc
  33. Demo:
 Build on a Mac
 Deploy to IoT @amirmc

  34. • Build and run an app in a Linux container

    • Retarget app for ARM backend • Deploy artefact onto an ARM device @amirmc
  35. Demo:
 2048 game

  36. Demo
 Guide 1 2 3 4

  37. • Built and ran an app in a Linux container!

    • Retargeted app for ARM backend! • Deployed artefact onto an ARM device! @amirmc
  38. • Rewrote TLS • Functional core • Less code Bitcoin


    Piñata
  39. None
  40. None
  41. 8.2MB
 Unikernel 102 kloc 2560
 kloc ~200MB
 Full OS Contains

    everything
 No extra stuff! Much smaller attack surface
  42. 8.2MB
 Unikernel 102 kloc 2560
 kloc ~200MB
 Full OS Contains

    everything
 No extra stuff! Much smaller attack surface
  43. Unikernel Recap • Highly specialised • Continuum with containers •

    Robust deployments • Everything’s a library! @amirmc
  44. Deployments

  45. Deployments

  46. Deployments

  47. So when should you use them?

  48. Software today… …is complex! @amirmc … but it depends. Complexity

    is relative
 (kind of) Complexity is the enemy…
  49. Right tool for the job @amirmc

  50. • Single ‘service’ • Distributed system • Independent deployment •

    Diversity of tech choices Unikernel Properties Microservices @amirmc
  51. Pathway to unikernels?

  52. Monolith

  53. Monolith

  54. None
  55. Microservices

  56. Monolith Microservices unikernels @amirmc

  57. Production ready? It depends!

  58. None
  59. None
  60. “Hands on” Are you a mechanic? “Works out of the

    box” Seeking convenience? @amirmc
  61. unikernel.org Still early days! Thanks for listening!
 
 Questions?