linux, unikernel, linuxkit: towards redefining the cloud stack
TRANSCRIPT
![Page 1: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/1.jpg)
Linux, Unikernel, LinuxKit: towards redefining the cloud stack.
IDIT LEVINE
![Page 2: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/2.jpg)
Problem
![Page 3: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/3.jpg)
Cloud Stack Application Configuration
Application
Language Runtime
Shared Libraries
Docker Runtime
OS User Processes
OS Kernel
Virtual HW Drivers
Hypervisor
Hardware Drivers
Hardware
The aim is to run single Application with a single user on a single server
![Page 4: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/4.jpg)
Linux Kernel
![Page 5: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/5.jpg)
Linux Kernel
Memory Management Protection Rings
Device Management
![Page 6: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/6.jpg)
Linux Kernel
![Page 7: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/7.jpg)
Driver management
![Page 8: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/8.jpg)
Memory management
![Page 9: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/9.jpg)
Security
https://github.com/cf-unik/unik/wiki/Worried-about-IoT-DDoS%3F-Think-Unikernels
![Page 10: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/10.jpg)
Linux kernel languages
C
Assembly
C++
XML
Make
Perl
Shell Script
Python
HTML
TeX/LaTeX
AWK
Scheme
Objective-C
Autoconf
XSL Tranformation
Vim Script
Automake
![Page 11: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/11.jpg)
SOURCE lines of code
Small Applications: 10Ks
Medium to large applications: 100Ks
Really huge applications: 1Ms
![Page 12: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/12.jpg)
2.4
5.2
11
12.613.5
15.9
22
0
5
10
15
20
25
Linux kernel 2.4.2 Linux kernel 2.6.0 Linux kernel 2.6.29 Linux kernel 2.6.32 Linux kernel 2.6.35 Linux kernel 3.6 Linux kernel pre-4.2
2001 2003 2009 2009 2010 2012 2015
Linux Kernel SLOC
![Page 13: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/13.jpg)
59
104
215
283
324
419
0
50
100
150
200
250
300
350
400
450
Debian 2.2 Debian 3.0 Debian 3.1 Debian 4.0 Debian 5.0 Debian 7.0
2000 2002 2005 2007 2009 2012
Debian SLOC
![Page 14: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/14.jpg)
How did we get here ? Evolution !
Unix was supported us the entire way!
![Page 15: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/15.jpg)
Decades of backwards compatibility
What can linux run on ?
What can run on linux ?
Anything !
Anything !
![Page 16: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/16.jpg)
Trade Off
VS
Compatibility Efficiency
![Page 17: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/17.jpg)
Solution LINUXKIT
![Page 18: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/18.jpg)
LinuxKit announcement DockerCon
![Page 19: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/19.jpg)
Solution UNIKERNELS
![Page 20: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/20.jpg)
Traditional approach
Application
Kernel
libc
libz
iconv
openGL
gtk
libgmp libtlc
Libstd++ libgcc
![Page 21: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/21.jpg)
Traditional approach
Application
Kernel
libc
libz
iconv
openGL
gtk
libgmp libtlc
Libstd++ libgcc
![Page 22: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/22.jpg)
Unikernels
Design decision: support only single process & single user
The aim is to run single Application with a single user on a single server
Protection RingsMemory Management
![Page 23: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/23.jpg)
Unikernels Creation
App Binary
App Config
App Deps
Virt, HW Drivers
Langue runtime
Ap
plic
ati
on
Ru
nti
me
Packaging Tool Unikernel!
![Page 24: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/24.jpg)
How can unikernels help address our problems?
Application Config
Application
Language Runtime
Shared Libraries
Docker Runtime
OS User Processes
OS Kernel
Virtual HW Drivers
Hypervisor
Hardware Drivers
Hardware
Minimal layers of isolation and abstraction
Includes only what is really needed
Less code, fewer bugs, easy to reason about
![Page 25: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/25.jpg)
Application Binary+ Library OS
Hypervisor
Hardware Drivers
Hardware
Application Config
Application
Language Runtime
Shared Libraries
Docker Runtime
OS User Processes
OS Kernel
Virtual HW Drivers
Hypervisor
Hardware Drivers
Hardware
![Page 26: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/26.jpg)
Application Binary+ Library OS
Hypervisor
Hardware Drivers
Hardware
Application Config
Application
Language Runtime
Shared Libraries
Docker Runtime
OS User Processes
OS Kernel
Hardware Drivers
Hardware
Hardware isolation provide by the hypervisor
![Page 27: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/27.jpg)
Unikernel advantages
• No permission checks – you can utilize 100% of your hardware
• Isolation at the virtual hardware – only ! share only hardware
• Minimal virtual machine ~1 gb in size, minimal unikernel is tiny, kb in size
• Very short boot time
• A tiny custom surface of attack, less likely to be effected by a public exploit
• Real immutable infrastructure – perfect fit to micro services architecture
![Page 28: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/28.jpg)
Benchmark
![Page 29: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/29.jpg)
unik build --path example-app/ --base unikernel-type --language language --provider provider-name --name image-name
unik run --instanceName instance-name –imageName image-name
UniK
UniK is an open-source tool written in Go for compiling applications into unikernels and deploying those unikernels across a variety of cloud providers, embedded devices (IoT), as well as a developer laptop or workstation.
![Page 30: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/30.jpg)
Build anything run everywhere
Unikernel types Cloud providers
Processor architectures
![Page 31: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/31.jpg)
DemoUniK
![Page 32: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/32.jpg)
Unik integration with kubernetes
Unikernels support was added to Kubernetes by the UniK team by adding UniK as a container runtime to K8s - in the same way that Docker and rkt are container runtimes, UniK is now also available as a "container" runtime for k8s.
![Page 33: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/33.jpg)
Unik kubernetes architecture
unikernels
Now one can deploy a unikernel apps alongside regular kubernetescontainerized apps.
Next integration refactor: Container Runtime Interface (CRI) will be used.
![Page 34: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/34.jpg)
DemoKubernetes
![Page 35: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/35.jpg)
Unik integration with Cloud Foundry
To provide the user with a seamless PaaS experience, UniK is integrated as a backend to Cloud Foundry runtime.
Next integration integration via Garden.
![Page 36: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/36.jpg)
Unik tooling: unik hub
![Page 37: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/37.jpg)
Unik tooling: Debug
![Page 38: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/38.jpg)
Microservices tooling: Debug
• The most primitive form of debugging, we all do it! • However, extremely difficult to capture all state, and thus can be used only for small bugs
Won’t it be a good idea to seamlessly integrate existence debugger to leading platforms and leverage them to debug microservices applications ?
![Page 39: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/39.jpg)
squash: distributed debugger
squash
platformsdebuggers IDEs
![Page 40: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/40.jpg)
Demosquash
![Page 41: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/41.jpg)
Benefits of Unikernels TO the internet of things
L ITE ON ENERGYSECURITY EFFICIENCY
USECASESWORRIED ABOUT IOT DDOS? THINK UNIKERNELS
![Page 42: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/42.jpg)
DemoIoT Security
![Page 43: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/43.jpg)
Unik in the open source community
![Page 44: Linux, Unikernel, LinuxKit: towards redefining the cloud stack](https://reader031.vdocuments.mx/reader031/viewer/2022020108/5a65a0a17f8b9a9f2f8b480b/html5/thumbnails/44.jpg)
Follow me: @Idit_Levine
Follow solo.io: @GetSoloIO