Unikernels: when you should and when you shouldnt

Unikernels!When you should and when you shouldn’t

ContainerCon EU6 Oct 2016

@amirmc

Amir Chaudhry… on behalf of many others!

About me

@amirmc

Work at Docker … in Cambridge, UK

I have more hair on my face since this pic

Software today…@amirmc

…is an application …


…is an application …

… on top of an Operating System.


Code you care about

Code the OS insists you need

@amirmc

Software today…

… is built locally…

@amirmc

Software today…


… but deployed remotely…

@amirmc

Software today…


… but deployed remotely…

@amirmc

… very remotely.

Software today…

…is complex!

Even though most appsare single-purpose

@amirmc

Complexity is the enemy…

More pieces -> tricky config

Duplication -> inefficiency

Large sizes -> long boot times

More stuff -> larger attack surface

@amirmc

Things are getting easier

BUILD Developer Workflows

SHIP Registry Services

RUN Management

Docker for Mac and Docker Trusted Registry Docker Universal Control Plane

Docker Cloud

Docker Container Engine

Ecosystem Plugins and Integrations

Docker Containers as a Service Platform

An extreme view?

Disentangle applications from the OS

Break up OS functionality into modular components

Link only the system functionality your app needs

Target alternative platforms from a single codebase

@amirmc

An extreme view?Disentangle applications from the OS




Unikernels!

@amirmc

Unikernels

Model is “Just enough OS” for your specific app.

https://en.wikipedia.org/wiki/Unikernel

@amirmc

Using a modular stack, every application is compiled into its own specialised OS, targeted for the cloud or embedded devices

https://en.wikipedia.org/wiki/Unikernel

“Unikernels and Docker?”

Continuum

Disentangle applications from the OS




@amirmc

• LING

• MirageOS

• OSv

• Rumprun

• runtime.js

• ClickOS

• Clive

• Drawbridge

• HaLVM

• IncludeOS

@amirmc

Unikernels

Two broad approaches

Consider legacy

@amirmc

Clean Slate

Unikernels

Two broad approaches

@amirmc

Clean Slate

Unikernels

MirageOS

MirageOS

unikernel}

@amirmc

MirageOS@amirmc

Target different environments

MirageOS@amirmc

unikernel}

MirageOS

Familiar development cycle

Broad deployment scenarios

@amirmc

unikernel}

MirageOS

Familiar development cycle

Broad deployment scenariosTarget different environments

Your usual tools

@amirmc

Demo:Build on a Mac Deploy to IoT

@amirmc

• Build and run an app in a Linux container

• Retarget app for ARM backend

• Deploy artefact onto an ARM device

@amirmc

Demo:2048 game

Demo Guide

1 2

3 4

• Built and ran an app in a Linux container!

• Retargeted app for ARM backend!

• Deployed artefact onto an ARM device!

@amirmc

• Rewrote TLS

• Functional core

• Less code

BitcoinPiñata

8.2MB Unikernel

102 kloc

2560 kloc

~200MB Full OS

Contains everythingNo extra stuff!

Much smaller attack surface

Unikernel Recap

• Highly specialised

• Continuum with containers

• Robust deployments

• Everything’s a library!

@amirmc

Deployments

So when should you use them?

Software today……is complex!

@amirmc

… but it depends.Complexity is relative

(kind of)

Complexity is the enemy…

Right tool for the job@amirmc

• Single ‘service’

• Distributed system

• Independent deployment

• Diversity of tech choices

Unikernel Properties

Microservices

@amirmc

Pathway to unikernels?

Monolith

Microservices

Monolith Microservices

unikernels

@amirmc

Production ready?

It depends!

“Hands on”

Are you a mechanic?

“Works out of the box”

Seeking convenience?

@amirmc

unikernel.org

Still early days!

Thanks for listening!

Questions?

Unikernels: when you should and when you shouldnt

Technology

Transcript of Unikernels: when you should and when you shouldnt