Tweet
Tweet

Slide 1

Slide 1 text

Unikernels … on behalf of many others! CraftConf April 2016 @amirmc How we got here and where we're going Amir Chaudhry

Slide 2

Slide 2 text

Unikernels @amirmc How we got here and where we're going amirchaudhry.com/craftconf2016

Slide 3

Slide 3 text

About me @amirmc Work at Docker I have more hair on my face since this pic

Slide 4

Slide 4 text

Software today… @amirmc

Slide 5

Slide 5 text

…is an application … Software today… @amirmc

Slide 6

Slide 6 text

…is an application … … on top of an Operating System. Software today… @amirmc

Slide 7

Slide 7 text

Software today… @amirmc

Slide 8

Slide 8 text

Software today… @amirmc

Slide 9

Slide 9 text

Code you care about Code the OS insists you need @amirmc

Slide 10

Slide 10 text

Code you care about Code the OS insists you need @amirmc

Slide 11

Slide 11 text

Software today… … is built locally… @amirmc

Slide 12

Slide 12 text

Software today… … is built locally… … but deployed remotely. @amirmc

Slide 13

Slide 13 text

Software today… …is complex! Even though most apps
 are single-purpose @amirmc

Slide 14

Slide 14 text

Complexity is the enemy… More pieces -> tricky config Duplication -> inefficiency Large sizes -> long boot times More stuff -> larger attack surface @amirmc

Slide 15

Slide 15 text

Things are getting easier

Slide 16

Slide 16 text

BUILD Developer Workflows SHIP Registry Services RUN Management Docker Toolbox Docker Trusted Registry Docker Universal Control Plane Docker Cloud Docker Engine Ecosystem Plugins and Integrations Docker Containers as a Service Platform

Slide 17

Slide 17 text

An extreme view? Disentangle applications from the OS Break up OS functionality into modular components Link only the system functionality your app needs Target alternative platforms from a single codebase @amirmc

Slide 18

Slide 18 text

An extreme view? Disentangle applications from the OS Break up OS functionality into modular components Link only the system functionality your app needs Target alternative platforms from a single codebase Unikernels! @amirmc

Slide 19

Slide 19 text

The Rise of the Unikernel Unikernels are specialised single address space machine images built from a modular stack adding system libraries and configuration to application code Every application is compiled into its own specialised OS, targeted for the cloud or embedded devices https://en.wikipedia.org/wiki/Unikernel @amirmc

Slide 20

Slide 20 text

“… but … but what
 about Docker?”

Slide 21

Slide 21 text

Continuum Disentangle applications from the OS Break up OS functionality into modular components Link only the system functionality your app needs Target alternative platforms from a single codebase @amirmc

Slide 22

Slide 22 text

• LING • MirageOS • OSv • Rumprun • runtime.js The Rise of the Unikernel • ClickOS • Clive • Drawbridge • HaLVM • IncludeOS @amirmc

Slide 23

Slide 23 text

The Rise of the Unikernel Two broad approaches Consider legacy @amirmc Clean Slate

Slide 24

Slide 24 text

MirageOS

Slide 25

Slide 25 text

MirageOS unikernel } @amirmc

Slide 26

Slide 26 text

unikernel } MirageOS Familiar development cycle Broad deployment scenarios @amirmc

Slide 27

Slide 27 text

unikernel } MirageOS Familiar development cycle Broad deployment scenarios Target different environments Your usual tools @amirmc

Slide 28

Slide 28 text

Example: Static websites (though applicable to any application)

Slide 29

Slide 29 text

mirage.io

Slide 30

Slide 30 text

• Rewrote TLS • Functional core • Less code Bitcoin
 Piñata

Slide 31

Slide 31 text

No content

Slide 32

Slide 32 text

No content

Slide 33

Slide 33 text

Puts the ‘micro’ in microservice! 8.2MB
 Unikernel 102 kloc 2560
 kloc ~200MB
 Full OS Contains everything
 No extra stuff! Much smaller attack surface

Slide 34

Slide 34 text

8.2MB
 Unikernel 102 kloc 2560
 kloc ~200MB
 Full OS Contains everything
 No extra stuff! Much smaller attack surface Puts the ‘micro’ in microservice!

Slide 35

Slide 35 text

Unikernel Recap • Highly specialised • Continuum with containers • Robust deployments • Everything’s a library! @amirmc

Slide 36

Slide 36 text

Deployments

Slide 37

Slide 37 text

Deployments

Slide 38

Slide 38 text

Systems programming is difficult?

Slide 39

Slide 39 text

… is just programming! Systems programming is difficult?

Slide 40

Slide 40 text

unikernel.org Still early days!

Slide 41

Slide 41 text

Why I care Resilient, scalable systems Distributed personal clouds Better, safer products @amirmc

Slide 42

Slide 42 text

No content

Slide 43

Slide 43 text

No content

Slide 44

Slide 44 text

Why I care MirageOS (OS/application) Irmin (Storage/Sync) Signpost (Identity/Connectivity) OCaml (Safety/Modularity) Mail Contacts Calendar @amirmc This is a long-term side project :)

Slide 45

Slide 45 text

Contribute! unikernel.org 
 nymote.org @amirmc

Slide 46

Slide 46 text

@amirmc Questions?