SlideShare a Scribd company logo

Unikernels and docker from revolution to evolution — unikernels and docker from revolution to evolution

Docker, Inc., profile picture
Docker, Inc.

The document discusses the relationship between unikernels and Docker, including the definitions and advantages of unikernels as efficient, low-overhead alternatives to traditional operating systems. It emphasizes the need for a well-specified build environment and the ability to create and manage unikernels using Docker tools. Additionally, it highlights practical applications, like VPNKit, that leverage unikernels for improved performance in containerized environments.

Technology
Related topics:
Cloud Computing Insights
1 of 30
Downloaded 37 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Unikernels and Docker: from Revolution to Evolution Mindy Preston
Mindy Preston Member of Technical Staff at Docker, tweets @mindypreston   2
A maintainer of •  the MirageOS unikernel •  VPNKit, part of Docker4Mac and Docker4Windows 3
4
Some Definitions •   "docker": you're all probably pretty solid on this :) •   "unikernels": artifacts representing a set of software which runs in a single address space, with no distinction between kernel and userspace code. •   "library operating system": a build system which can link a group of libraries representing traditional OS functions with an application to produce a unikernel. 5
Artifact 6
"nobody cares about containers unikernels" •  something which allows the execution of general application code •  something easily described completely (you can enumerate the things it needs) •  something low-overhead (small in terms of binary size, cpu/mem, or some othe resource consumption) 7
Artifact is Code application code (= source) (intepreter & dependencies) + external app dependencies OS + shared libraries computer •  a very nice way to get runtime errors 8
Artifact is Instructions application code |> compiler & dependencies |> binary OS + shared libraries computer •  shared libraries are an opportunity for chaos •  few guarantees on build environment 9
Artifact is Instructions + (some) environment app code + shared libs |> compiler + deps |> static binary OS computer •  resource consumption cost •  build environment is still not necessarily reproducible 10
Artifact is Code + Build Spec app code + base img + deps + config |> container builder |> image container runner OS computer •  [ Dockerfile ] for a more complete and repeatable description •  (although reproducibility can be sabotaged: RUN apk add) •  apps that need to tune system parameters (privileged mode) 11
Artifact is Code + OS app code + app deps + OS deps |> unikernel builder |> unikernel unikernel runner computer •  library operating systems: system dependencies on the same conceptual level as application dependencies •  unikernels: the artifact we generate, which doesn't need to run on a traditional OS •  note what's missing: build environment isn't necessarily well-specified 12
build unikernels in containers 13
to follow along... get started with docker pull ocaml/opam:ubuntu or your OS of choice you can also try docker pull halvm/base to give the Haskell unikernel project HaLVM a shot 14
"OS Dependencies" 15
what has your OS done for you lately? •  timekeeping •  networking •  entropy/randomness •  storage •  logs •  I/O: keyboard, mouse, video, sound, pancake printer, light-up bracelet... 16
sidebar: rump •  twiddling knobs in the kernel is tough •  it's way easier if you can test things in isolation 17
libraries in your favorite language 18
you too are a systems programmer! •  most unikernel projects supply implementations for things like networking •  some are swappable (including MirageOS - make the types agree and you're good to go) •  you can write your own! 19
reject the default reality and substitute your own •  common failure points for applications are "external" problems, which the OS notices •  you can stress your application easily, by providing libraries that always have edge cases occurring 20
fail gloriously,loudly,often •  network interfaces that always have new packets waiting •  random number generators that read from a static list •  entropy sources that always block •  filesystems that are always full •  block devices that are always busy •  DNS that always sends you to supertrustworthy.plzgivemeyourcreds.com 21
OS libraries in your applications •  Docker4Mac and Docker4Windows hosts can have complicated networking situations •  VPNs, custom DNS, mandatory proxies •  the Mac or Windows machine is configured to do the right thing — don't break that! •  if nc google.com 80 works from the terminal, it should work from a container •  use a unikernel networking library to reimplement an old solution to this: 22
VPNKit 23
VPNKit •  vpnkit is a piece of a library operating system, on your machine, right now, as part of docker •  let's use unikernels to make the whole stack work better! 24
something more dramatic run a unikernel with docker tools* - Martin Lucina's unikernel-runner * (given direct access to /dev/kvm on the host) 25
where we're going •  we'll have done a good job when unikernels Just Work •  it should be just as easy to build, ship, run, and scale a unikernel as a process or a container •  sometimes you'll want a unikernel and sometimes you won't — we want to let you do the right thing no matter what 26
Unikernel is Just Another Target 27
You Can Make It Happen! •  VPNKit - help improve libraries in Docker4Mac/Win •  HyperKit - dig into the D4M/W hypervisor! •  unikernel.org - find or list your favorite unikernel project! •  MirageOS summer hack retreat - join us face-to-face to improve MirageOS! 28
special thanks to... •  my rad fellow Dockerites •  the fantastic contributors to Docker, MirageOS, HaLVM, Rump, and myriad other unikernel projects •  Justin Cormack for last minute slide assistance and real good emceeing 29
Questions? •  @mindypreston •  mindy.preston@docker.com •   docker run -d -P mindypreston/dockercon2016   30

More Related Content

PPTX
Monitoring docker container and dockerized applications
Ananth Padmanabhan
 
PDF
OSCON: System software goes weird
Docker, Inc.
 
PDF
DockerCon US 2016 - Extending Docker With APIs, Drivers, and Plugins
Arnaud Porterie
 
PDF
Getting Deep on Orchestration: APIs, Actors, and Abstractions in a Distribute...
Docker, Inc.
 
PPTX
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Docker, Inc.
 
PDF
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Docker, Inc.
 
PDF
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Michelle Antebi
 
PPTX
Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...
Docker, Inc.
 
Monitoring docker container and dockerized applications
Ananth Padmanabhan
 
OSCON: System software goes weird
Docker, Inc.
 
DockerCon US 2016 - Extending Docker With APIs, Drivers, and Plugins
Arnaud Porterie
 
Getting Deep on Orchestration: APIs, Actors, and Abstractions in a Distribute...
Docker, Inc.
 
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Docker, Inc.
 
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Docker, Inc.
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Michelle Antebi
 
Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...
Docker, Inc.
 

What's hot (20)

PPTX
Docker Online Meetup #30: Docker Trusted Registry 1.4.1
Docker, Inc.
 
PDF
Securing the Container Pipeline at Salesforce by Cem Gurkok
Docker, Inc.
 
PDF
Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)
The Linux Foundation
 
PDF
Docker and the Linux Kernel
Docker, Inc.
 
PPTX
Intro to Docker at the 2016 Evans Developer relations conference
Mano Marks
 
PDF
Understand how docker works
Justin Li
 
PPTX
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
Docker, Inc.
 
PPTX
Docker introduction
dotCloud
 
PDF
Unikernel User Summit 2015: Getting started in unikernels using the rump kernel
The Linux Foundation
 
PPTX
Docker basics
AmanSoni129
 
PDF
Docker Introduction
Sparkbit
 
PDF
Containerize All the Multi-Platform Things! - DockerCon Seattle 2016
Phil Estes
 
PDF
Docker Introduction
Jeffrey Ellin
 
PDF
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Jérôme Petazzoni
 
PDF
Docker introduction for Carbon IT
yannick grenzinger
 
PDF
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
Mike Goelzer
 
PDF
Docker serverless v1.0
Thomas Chacko
 
PDF
Introduction to Docker
Jian Wu
 
PDF
Docker
Patrick Oberdorf
 
PDF
Unikernelized Linux
LinuxCon ContainerCon CloudOpen China
 
Docker Online Meetup #30: Docker Trusted Registry 1.4.1
Docker, Inc.
 
Securing the Container Pipeline at Salesforce by Cem Gurkok
Docker, Inc.
 
Next Generation Cloud: Rise of the Unikernel V3 (UPDATED)
The Linux Foundation
 
Docker and the Linux Kernel
Docker, Inc.
 
Intro to Docker at the 2016 Evans Developer relations conference
Mano Marks
 
Understand how docker works
Justin Li
 
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
Docker, Inc.
 
Docker introduction
dotCloud
 
Unikernel User Summit 2015: Getting started in unikernels using the rump kernel
The Linux Foundation
 
Docker basics
AmanSoni129
 
Docker Introduction
Sparkbit
 
Containerize All the Multi-Platform Things! - DockerCon Seattle 2016
Phil Estes
 
Docker Introduction
Jeffrey Ellin
 
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Jérôme Petazzoni
 
Docker introduction for Carbon IT
yannick grenzinger
 
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
Mike Goelzer
 
Docker serverless v1.0
Thomas Chacko
 
Introduction to Docker
Jian Wu
 
Docker
Patrick Oberdorf
 
Unikernelized Linux
LinuxCon ContainerCon CloudOpen China
 
Ad

Viewers also liked (20)

PPTX
Windows Server and Docker - The Internals Behind Bringing Docker and Containe...
Docker, Inc.
 
PDF
Cloning Running Servers with Docker and CRIU by Ross Boucher
Docker, Inc.
 
PDF
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker, Inc.
 
PDF
Docker for Mac and Windows: The Insider's Guide by Justin Cormack
Docker, Inc.
 
PDF
Containerd: Building a Container Supervisor by Michael Crosby
Docker, Inc.
 
PDF
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
Docker, Inc.
 
PPTX
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker, Inc.
 
PDF
Advanced Docker Developer Workflows on MacOS X and Windows
Anil Madhavapeddy
 
PDF
Introduction to Docker I Docker Workshop @ Twitter
Docker, Inc.
 
PDF
DockerCon SF 2015: From Months to Minutes
Docker, Inc.
 
PPTX
Dockerizing WordPress
Docker, Inc.
 
PDF
Docker Online Meetup #3: Docker in Production
Docker, Inc.
 
PPTX
DockerCon SF 2015: Education for a digital world
Docker, Inc.
 
PDF
Building Images from dockerfiles
Docker, Inc.
 
PPTX
DockerCon 16 - Moby's Cool Hack Session
Docker, Inc.
 
PDF
DockerCon EU 2015: What is it we want in containers anyway?
Docker, Inc.
 
PPTX
Open source is good for both business and humanity
Docker, Inc.
 
PPTX
DockerCon EU 2015: Sparebank; a journey towards Docker
Docker, Inc.
 
PDF
DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...
Docker, Inc.
 
PDF
DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
Docker, Inc.
 
Windows Server and Docker - The Internals Behind Bringing Docker and Containe...
Docker, Inc.
 
Cloning Running Servers with Docker and CRIU by Ross Boucher
Docker, Inc.
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker, Inc.
 
Docker for Mac and Windows: The Insider's Guide by Justin Cormack
Docker, Inc.
 
Containerd: Building a Container Supervisor by Michael Crosby
Docker, Inc.
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
Docker, Inc.
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker, Inc.
 
Advanced Docker Developer Workflows on MacOS X and Windows
Anil Madhavapeddy
 
Introduction to Docker I Docker Workshop @ Twitter
Docker, Inc.
 
DockerCon SF 2015: From Months to Minutes
Docker, Inc.
 
Dockerizing WordPress
Docker, Inc.
 
Docker Online Meetup #3: Docker in Production
Docker, Inc.
 
DockerCon SF 2015: Education for a digital world
Docker, Inc.
 
Building Images from dockerfiles
Docker, Inc.
 
DockerCon 16 - Moby's Cool Hack Session
Docker, Inc.
 
DockerCon EU 2015: What is it we want in containers anyway?
Docker, Inc.
 
Open source is good for both business and humanity
Docker, Inc.
 
DockerCon EU 2015: Sparebank; a journey towards Docker
Docker, Inc.
 
DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...
Docker, Inc.
 
DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
Docker, Inc.
 
Ad

Similar to Unikernels and docker from revolution to evolution — unikernels and docker from revolution to evolution (20)

PPTX
Unik Slides
Idit Levine
 
PDF
Présentation d'Unikernel
Proto204
 
PDF
OSCON: Unikernels and Docker: From revolution to evolution
Docker, Inc.
 
PPTX
Cigna Innovation Summit
Idit Levine
 
PPTX
Linux, Unikernel, LinuxKit: towards redefining the cloud stack.
Idit Levine
 
PDF
Docker Online Meetup #31: Unikernels
Docker, Inc.
 
PPTX
Docker: Introduction to Container Moduls
OpikTaufiq1
 
PDF
The Next Generation Cloud: Unleashing the Power of the Unikernal
All Things Open
 
PDF
CPOSC2014: Next Generation Cloud -- Rise of the Unikernel
The Linux Foundation
 
PDF
SCALE13x: Next Generation of the Cloud - Rise of the Unikernel
The Linux Foundation
 
PDF
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
The Linux Foundation
 
PPTX
Introduction to Docker
Alan Forbes
 
PDF
Docker in the Oracle Universe / WebLogic 12c / OFM 12c
Frank Munz
 
PPT
RT linux
SARITHA REDDY
 
PDF
Containers: from development to production at DevNation 2015
Jérôme Petazzoni
 
PPTX
Craft april17
Idit Levine
 
PPTX
Docker Workshop
Ahmad Rafiee
 
PDF
Docker Dojo
Hugo González Labrador
 
PPTX
Introduction to automated environment management with Docker Containers - for...
Lucas Jellema
 
PPTX
Docker SF Meetup January 2016
Patrick Chanezon
 
Unik Slides
Idit Levine
 
Présentation d'Unikernel
Proto204
 
OSCON: Unikernels and Docker: From revolution to evolution
Docker, Inc.
 
Cigna Innovation Summit
Idit Levine
 
Linux, Unikernel, LinuxKit: towards redefining the cloud stack.
Idit Levine
 
Docker Online Meetup #31: Unikernels
Docker, Inc.
 
Docker: Introduction to Container Moduls
OpikTaufiq1
 
The Next Generation Cloud: Unleashing the Power of the Unikernal
All Things Open
 
CPOSC2014: Next Generation Cloud -- Rise of the Unikernel
The Linux Foundation
 
SCALE13x: Next Generation of the Cloud - Rise of the Unikernel
The Linux Foundation
 
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
The Linux Foundation
 
Introduction to Docker
Alan Forbes
 
Docker in the Oracle Universe / WebLogic 12c / OFM 12c
Frank Munz
 
RT linux
SARITHA REDDY
 
Containers: from development to production at DevNation 2015
Jérôme Petazzoni
 
Craft april17
Idit Levine
 
Docker Workshop
Ahmad Rafiee
 
Docker Dojo
Hugo González Labrador
 
Introduction to automated environment management with Docker Containers - for...
Lucas Jellema
 
Docker SF Meetup January 2016
Patrick Chanezon
 

More from Docker, Inc. (20)

PDF
Containerize Your Game Server for the Best Multiplayer Experience
Docker, Inc.
 
PDF
How to Improve Your Image Builds Using Advance Docker Build
Docker, Inc.
 
PDF
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
PDF
Securing Your Containerized Applications with NGINX
Docker, Inc.
 
PDF
How To Build and Run Node Apps with Docker and Compose
Docker, Inc.
 
PDF
Hands-on Helm
Docker, Inc.
 
PDF
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
 
PDF
The First 10M Pulls: Building The Official Curl Image for Docker Hub
Docker, Inc.
 
PDF
Monitoring in a Microservices World
Docker, Inc.
 
PDF
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
 
PDF
Predicting Space Weather with Docker
Docker, Inc.
 
PDF
Become a Docker Power User With Microsoft Visual Studio Code
Docker, Inc.
 
PDF
How to Use Mirroring and Caching to Optimize your Container Registry
Docker, Inc.
 
PDF
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
 
PDF
Kubernetes at Datadog Scale
Docker, Inc.
 
PDF
Labels, Labels, Labels
Docker, Inc.
 
PDF
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Docker, Inc.
 
PDF
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
PDF
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
 
PDF
Developing with Docker for the Arm Architecture
Docker, Inc.
 
Containerize Your Game Server for the Best Multiplayer Experience
Docker, Inc.
 
How to Improve Your Image Builds Using Advance Docker Build
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
Securing Your Containerized Applications with NGINX
Docker, Inc.
 
How To Build and Run Node Apps with Docker and Compose
Docker, Inc.
 
Hands-on Helm
Docker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
Docker, Inc.
 
Monitoring in a Microservices World
Docker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
 
Predicting Space Weather with Docker
Docker, Inc.
 
Become a Docker Power User With Microsoft Visual Studio Code
Docker, Inc.
 
How to Use Mirroring and Caching to Optimize your Container Registry
Docker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
 
Kubernetes at Datadog Scale
Docker, Inc.
 
Labels, Labels, Labels
Docker, Inc.
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
 
Developing with Docker for the Arm Architecture
Docker, Inc.
 

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 

Unikernels and docker from revolution to evolution — unikernels and docker from revolution to evolution

  • 1. Unikernels and Docker: from Revolution to Evolution Mindy Preston
  • 2. Mindy Preston Member of Technical Staff at Docker, tweets @mindypreston   2
  • 3. A maintainer of •  the MirageOS unikernel •  VPNKit, part of Docker4Mac and Docker4Windows 3
  • 4. 4
  • 5. Some Definitions •   "docker": you're all probably pretty solid on this :) •   "unikernels": artifacts representing a set of software which runs in a single address space, with no distinction between kernel and userspace code. •   "library operating system": a build system which can link a group of libraries representing traditional OS functions with an application to produce a unikernel. 5
  • 7. "nobody cares about containers unikernels" •  something which allows the execution of general application code •  something easily described completely (you can enumerate the things it needs) •  something low-overhead (small in terms of binary size, cpu/mem, or some othe resource consumption) 7
  • 8. Artifact is Code application code (= source) (intepreter & dependencies) + external app dependencies OS + shared libraries computer •  a very nice way to get runtime errors 8
  • 9. Artifact is Instructions application code |> compiler & dependencies |> binary OS + shared libraries computer •  shared libraries are an opportunity for chaos •  few guarantees on build environment 9
  • 10. Artifact is Instructions + (some) environment app code + shared libs |> compiler + deps |> static binary OS computer •  resource consumption cost •  build environment is still not necessarily reproducible 10
  • 11. Artifact is Code + Build Spec app code + base img + deps + config |> container builder |> image container runner OS computer •  [ Dockerfile ] for a more complete and repeatable description •  (although reproducibility can be sabotaged: RUN apk add) •  apps that need to tune system parameters (privileged mode) 11
  • 12. Artifact is Code + OS app code + app deps + OS deps |> unikernel builder |> unikernel unikernel runner computer •  library operating systems: system dependencies on the same conceptual level as application dependencies •  unikernels: the artifact we generate, which doesn't need to run on a traditional OS •  note what's missing: build environment isn't necessarily well-specified 12
  • 14. to follow along... get started with docker pull ocaml/opam:ubuntu or your OS of choice you can also try docker pull halvm/base to give the Haskell unikernel project HaLVM a shot 14
  • 16. what has your OS done for you lately? •  timekeeping •  networking •  entropy/randomness •  storage •  logs •  I/O: keyboard, mouse, video, sound, pancake printer, light-up bracelet... 16
  • 17. sidebar: rump •  twiddling knobs in the kernel is tough •  it's way easier if you can test things in isolation 17
  • 19. you too are a systems programmer! •  most unikernel projects supply implementations for things like networking •  some are swappable (including MirageOS - make the types agree and you're good to go) •  you can write your own! 19
  • 20. reject the default reality and substitute your own •  common failure points for applications are "external" problems, which the OS notices •  you can stress your application easily, by providing libraries that always have edge cases occurring 20
  • 21. fail gloriously,loudly,often •  network interfaces that always have new packets waiting •  random number generators that read from a static list •  entropy sources that always block •  filesystems that are always full •  block devices that are always busy •  DNS that always sends you to supertrustworthy.plzgivemeyourcreds.com 21
  • 22. OS libraries in your applications •  Docker4Mac and Docker4Windows hosts can have complicated networking situations •  VPNs, custom DNS, mandatory proxies •  the Mac or Windows machine is configured to do the right thing — don't break that! •  if nc google.com 80 works from the terminal, it should work from a container •  use a unikernel networking library to reimplement an old solution to this: 22
  • 24. VPNKit •  vpnkit is a piece of a library operating system, on your machine, right now, as part of docker •  let's use unikernels to make the whole stack work better! 24
  • 25. something more dramatic run a unikernel with docker tools* - Martin Lucina's unikernel-runner * (given direct access to /dev/kvm on the host) 25
  • 26. where we're going •  we'll have done a good job when unikernels Just Work •  it should be just as easy to build, ship, run, and scale a unikernel as a process or a container •  sometimes you'll want a unikernel and sometimes you won't — we want to let you do the right thing no matter what 26
  • 28. You Can Make It Happen! •  VPNKit - help improve libraries in Docker4Mac/Win •  HyperKit - dig into the D4M/W hypervisor! •  unikernel.org - find or list your favorite unikernel project! •  MirageOS summer hack retreat - join us face-to-face to improve MirageOS! 28
  • 29. special thanks to... •  my rad fellow Dockerites •  the fantastic contributors to Docker, MirageOS, HaLVM, Rump, and myriad other unikernel projects •  Justin Cormack for last minute slide assistance and real good emceeing 29