UniK: Unikernel Compiler and Runtime

Transcript

1. UniK: Unikernel Compiler and Runtime http://calcotestudios.com/talks Lee Calcote March 5th,

   2017

2. http://calcotestudios.com/talks Lee Calcote linkedin.com/in/leecalcote @lcalcote blog.gingergeek.com [email protected] clouds, containers, infrastructure,

   applications and their management

3. Show of Hands

4. Project Container Network Performance Tool @lcalcote Contact for early access.

   Learn more - https://github.com/solarwinds/containers Preview

5. Project Container Network Performance Tool @lcalcote Cluster visibility - See

   container network flows (current bandwidth and direction) across Kubernetes and Docker Swarm nodes. Bandwidth test - Test throughput (performance) of each type of container network (compare network drivers). Choose wisely - Be aware of the cost of overlay convenience. Avoid MAC address overload in underlays. Preview

6. Hello. I'm new.

7. We hold these truths to be self-evident: bare metal AND

   virtual machines AND containers AND unikernels AND functions the future is AND not OR @lcalcote

8. bare metal virtual machines containers unikernels functions no one cares

   about they care about the application infrastructure @lcalcote

9. Current Challenges

10. Fat systems Application Configuration Application Binary Language Runtime Shared Library

    Docker Runtime OS User Processes OS Kernel Virtual Hardware Drivers Hypervisor Hardware Drivers Hardware Application Inefficient Long startup times. Designed for many users, running many processes. Hardware has evolved. Package managers pull in many unneeded packages. Decades of backwards compatibility.

11. Very large attack surface a huge kernel code base. Lots

    of unused applications, services and drivers lying around. by Russell Pavlicek (free ebook) Unikernels Security Other Issues @lcalcote Lee Calcote and Idit Levine How Unikernels Can Better Defend against DDoS Attacks

12. The Promise

13. What is a Unikernel? A library operating system application openGL

    gtk iconv libgmp libz libstd++ libgcc libc kernel libtls application a way of cross-compiling (existing) applications down to very small, lightweight, secure virtual machine @lcalcote

14. Unikernel Landscape Language Specific HalVM - - (Haskell) MirageOS -

    - (OCamel) LING - - (Erlang) Runtime.js - - (Javascript) IncludeOS - - (C++) Clive - - (Go) General OSv Rumprun Drawbridge Projects / Tools ClickOS - - (NFV) Jitsu - - (DNS) Unik - - (Build, Deploy) unikernel.org @lcalcote

15. Security No multi-user support no passwords and authorization info lying

    around Many attack vectors closed - simply not present. only use libraries specific to your application produce a single process, single address space image Security be default - not necassarily policy that will be defined later @lcalcote

16. Microservices are (intended to be) small, self-contained, single- purpose applications.

    Unikernels cannot handle multiple processes, so forking is not allowed. Unikernels can handle threads. Are single user, but who needs multiple users? Can statically link data into application. Immutable infrastructure (enforced) @lcalcote

17. $avings Access to a high-end system for a fraction of

    second Increase speed - smaller artifacts, which boot faster (microseconds) Target multiple platforms from a single code base @lcalcote
18. None

19. Purpose A tool for simplifying compilation and deployment of unikernels.

    Akin to how Docker builds and deploys containers. Automates compilation of popular languages (C/C++, Golang, Java, Node.js. Python) into unikernels. Deploys unikernels as virtual machines on many virtualization platforms. Incorporates work from a number of unikernel projects. A young project (~9 months old from announcement) @lcalcote

20. Stewarded by these fine folks http://project-unik.io @uvgroovy @ilackarms @Idit_Levine https://github.com/emc-advanced-dev/unik

    @ProjectUniK @lcalcote

21. Compilers Java OCaml C++ Python, Node.js and Go OSv MirageOS

    IncludeOS Rump 3 Major Components Providers Virtualbox AWS Google Cloud vSphere QEMU UKVM Xen OpenStack Photon Controller API Server daemon @lcalcote

22. UniK Hub a community exchange Currently: Cloud-hosted S3-backed May be

    run on-premises @lcalcote

23. Integrations Processor Architectures @lcalcote

24. Use Docker API to run Unikernels @lcalcote

25. Use Unik as a CloudFoundry runtime @lcalcote

26. Use Unik as a Kubernetes runtime $ kubectl run nginx

    --image=nginx:AWS --namespace=unik --replicas=3 multiple container runtimes AND unikernels docker, rkt and unik @lcalcote

27. Walk-through

28. Getting Started 1. git clone 2. make 3. unik @lcalcote

29. setup providers: aws: - name: aws region: us-east-1 zone: us-east-1a

    gcloud: [] vsphere: [] virtualbox: - name: unik-vbox adapter_name: vboxnet0 adapter_type: host_only qemu: [] photon: [] xen: [] openstack: [] ukvm: [] version: "" unik configure ~/.unik/daemon-config.yaml unik daemon api server familiarize w/unik @lcalcote

30. Developer Workflow a familiar treadmill 1. Code app per usual

    2. Test and debug app 3. Deploy 4. Logs unik build --name go-calcote --path ./ --base rump --language go --provider virtualbox unik run --instanceName=scale15x --imageName=go-calcote fmt.Fprintf(w, "<img src='http://calcotestudios.com/talks/img/unik.jpg' />") fmt.Fprintf(w, "<p /> My first unikernel!") unik logs --instanceName=scale15x @lcalcote

31. Lee Calcote linkedin.com/in/leecalcote @lcalcote blog.gingergeek.com [email protected] Thank you. Questions? clouds,

    containers, infrastructure, applications and their management http://calcotestudios.com/ talks