Linux, Unikernel, LinuxKit: towards redefining the cloud stack.
Download as PPTX, PDF2 likes950 views
The document discusses the evolution and advantages of unikernels in the cloud stack, focusing on their application configuration and minimalistic design. Unikernels aim to enhance efficiency by supporting single applications with single-user environments, significantly reducing the code and potential vulnerabilities. Additionally, it highlights the integration of unikernels with Kubernetes and their benefits for IoT security and microservices architecture.
Linux, Unikernel, LinuxKit: towards redefining the cloud stack.
- 1. Linux, Unikernel, LinuxKit: towards redefining the cloud stack. IDIT LEVINE
- 2. Problem
- 3. Cloud Stack Application Configuration Application Language Runtime Shared Libraries Docker Runtime OS User Processes OS Kernel Virtual HW Drivers Hypervisor Hardware Drivers Hardware The aim is to run single Application with a single user on a single server
- 4. Linux Kernel
- 5. Linux Kernel Memory Management Protection Rings Device Management
- 6. Linux Kernel
- 10. Linux kernel languages C Assembly C++ XML Make Perl Shell Script Python HTML TeX/LaTeX AWK Scheme Objective-C Autoconf XSL Tranformation Vim Script Automake
- 11. SOURCE lines of code Small Applications: 10Ks Medium to large applications: 100Ks Really huge applications: 1Ms
- 12. 2.4 5.2 11 12.6 13.5 15.9 22 0 5 10 15 20 25 Linux kernel 2.4.2 Linux kernel 2.6.0 Linux kernel 2.6.29 Linux kernel 2.6.32 Linux kernel 2.6.35 Linux kernel 3.6 Linux kernel pre-4.2 2001 2003 2009 2009 2010 2012 2015 Linux Kernel SLOC
- 13. 59 104 215 283 324 419 0 50 100 150 200 250 300 350 400 450 Debian 2.2 Debian 3.0 Debian 3.1 Debian 4.0 Debian 5.0 Debian 7.0 2000 2002 2005 2007 2009 2012 Debian SLOC
- 14. How did we get here ? Evolution ! Unix was supported us the entire way!
- 15. Decades of backwards compatibility What can linux run on ? What can run on linux ? Anything ! Anything !
- 20. Traditional approach Application Kernel libc libz iconv openGL gtk libgmp libtlc Libstd++ libgcc
- 21. Traditional approach Application Kernel libc libz iconv openGL gtk libgmp libtlc Libstd++ libgcc
- 22. Unikernels Design decision: support only single process & single user The aim is to run single Application with a single user on a single server Protection RingsMemory Management
- 23. Unikernels Creation App Binary App Config App Deps Virt, HW Drivers Langue runtime ApplicationRuntime Packaging Tool Unikernel!
- 24. How can unikernels help address our problems? Application Config Application Language Runtime Shared Libraries Docker Runtime OS User Processes OS Kernel Virtual HW Drivers Hypervisor Hardware Drivers Hardware Minimal layers of isolation and abstraction Includes only what is really needed Less code, fewer bugs, easy to reason about
- 25. Application Binary + Library OS Hypervisor Hardware Drivers Hardware Application Config Application Language Runtime Shared Libraries Docker Runtime OS User Processes OS Kernel Virtual HW Drivers Hypervisor Hardware Drivers Hardware
- 26. Application Binary + Library OS Hypervisor Hardware Drivers Hardware Application Config Application Language Runtime Shared Libraries Docker Runtime OS User Processes OS Kernel Hardware Drivers Hardware Hardware isolation provide by the hypervisor
- 27. Unikernel advantages • No permission checks – you can utilize 100% of your hardware • Isolation at the virtual hardware – only ! share only hardware • Minimal virtual machine ~1 gb in size, minimal unikernel is tiny, kb in size • Very short boot time • A tiny custom surface of attack, less likely to be effected by a public exploit • Real immutable infrastructure – perfect fit to micro services architecture
- 28. Benchmark
- 29. unik build --path example-app/ --base unikernel-type --language language --provider provider-name --name image-name unik run --instanceName instance-name –imageName image-name UniK UniK is an open-source tool written in Go for compiling applications into unikernels and deploying those unikernels across a variety of cloud providers, embedded devices (IoT), as well as a developer laptop or workstation.
- 30. Build anything run everywhere Unikernel types Cloud providers Processor architectures
- 31. Demo UniK
- 32. Unik integration with kubernetes Unikernels support was added to Kubernetes by the UniK team by adding UniK as a container runtime to K8s - in the same way that Docker and rkt are container runtimes, UniK is now also available as a "container" runtime for k8s.
- 33. Unik kubernetes architecture unikernels Now one can deploy a unikernel apps alongside regular kubernetes containerized apps. Next integration refactor: Container Runtime Interface (CRI) will be used.
- 34. Demo Kubernetes
- 35. Unik integration with Cloud Foundry To provide the user with a seamless PaaS experience, UniK is integrated as a backend to Cloud Foundry runtime. Next integration integration via Garden.
- 36. Unik tooling: unik hub
- 38. Microservices tooling: Debug • The most primitive form of debugging, we all do it! • However, extremely difficult to capture all state, and thus can be used only for small bugs Won’t it be a good idea to seamlessly integrate existence debugger to leading platforms and leverage them to debug microservices applications ?
- 40. Demo squash
- 41. Benefits of Unikernels TO the internet of things LITE ON ENERGYSECURITY EFFICIENCY USECASESWORRIED ABOUT IOT DDOS? THINK UNIKERNELS
- 43. Unik in the open source community
- 44. Follow me: @Idit_Levine Follow solo.io: @GetSoloIO