Unikernels: when you should and when you shouldnt
-
Upload
amir-chaudhry -
Category
Technology
-
view
99 -
download
0
Transcript of Unikernels: when you should and when you shouldnt
Unikernels!When you should and when you shouldn’t
ContainerCon EU6 Oct 2016
@amirmc
Amir Chaudhry… on behalf of many others!
Complexity is the enemy…
More pieces -> tricky config
Duplication -> inefficiency
Large sizes -> long boot times
More stuff -> larger attack surface
@amirmc
BUILD Developer Workflows
SHIP Registry Services
RUN Management
Docker for Mac and Docker Trusted Registry Docker Universal Control Plane
Docker Cloud
Docker Container Engine
Ecosystem Plugins and Integrations
Docker Containers as a Service Platform
An extreme view?
Disentangle applications from the OS
Break up OS functionality into modular components
Link only the system functionality your app needs
Target alternative platforms from a single codebase
@amirmc
An extreme view?Disentangle applications from the OS
Break up OS functionality into modular components
Link only the system functionality your app needs
Target alternative platforms from a single codebase
Unikernels!
@amirmc
Unikernels
Model is “Just enough OS” for your specific app.
https://en.wikipedia.org/wiki/Unikernel
@amirmc
Using a modular stack, every application is compiled into its own specialised OS, targeted for the cloud or embedded devices
Continuum
Disentangle applications from the OS
Break up OS functionality into modular components
Link only the system functionality your app needs
Target alternative platforms from a single codebase
@amirmc
• LING
• MirageOS
• OSv
• Rumprun
• runtime.js
• ClickOS
• Clive
• Drawbridge
• HaLVM
• IncludeOS
@amirmc
Unikernels
unikernel}
MirageOS
Familiar development cycle
Broad deployment scenariosTarget different environments
Your usual tools
@amirmc
• Build and run an app in a Linux container
• Retarget app for ARM backend
• Deploy artefact onto an ARM device
@amirmc
• Built and ran an app in a Linux container!
• Retargeted app for ARM backend!
• Deployed artefact onto an ARM device!
@amirmc
8.2MB Unikernel
102 kloc
2560 kloc
~200MB Full OS
Contains everythingNo extra stuff!
Much smaller attack surface
8.2MB Unikernel
102 kloc
2560 kloc
~200MB Full OS
Contains everythingNo extra stuff!
Much smaller attack surface
Unikernel Recap
• Highly specialised
• Continuum with containers
• Robust deployments
• Everything’s a library!
@amirmc
Software today……is complex!
@amirmc
… but it depends.Complexity is relative
(kind of)
Complexity is the enemy…
• Single ‘service’
• Distributed system
• Independent deployment
• Diversity of tech choices
Unikernel Properties
Microservices
@amirmc