unikernelize your java application
TRANSCRIPT
UnikernelizeyourJava ApplicationMario [email protected]
Agendawhat are unikernelswhy should you carehow does java fit in
build java unikernel app
www.infobip.com
Java, .NET, nodejs, reactjsmicroservices
continuous delivery practitioners100+ deploys daily / 6 datacenters
300M+ messages per day200+ hypervisors
up to 20 VMs per hypervisor
What are unikernels?
“specialized, single-address-space machine images constructed by using library operating
systems.”
App code +
OS parts actually needed=
unikernel
Typical cloud deployment
Hardware
Hypervisor
OS + Kernel
App code & config
App runtime & libraries
VM
Typical cloud deployment
Hardware
Hypervisor
OS + Kernel
App code & config
App runtime & libraries
VM
Typical cloud deployment
OS + Kernel
App code & config
App runtime & libraries
VM
Containerized deployment
Hardware
Hypervisor
Kernel on host OS
OS
App code & config
App runtime & libraries
Container
Containerized deployment
Hardware
Hypervisor
Kernel on host OS
OS
App code & config
App runtime & libraries
Container
OS
App code & config
App runtime & libraries
Container
Containerized deployment
What if…
Hardware
Hypervisor
Unikernel
Unikernel deployment
App code & config
App runtime & libs
Specialized kernel
Hardware
Hypervisor
Unikernel
Unikernel deployment
App code & config
App runtime & libs
Specialized kernel
Unikernel
App code & config
App runtime & libs
Specialized kernel
immutable server
Hardware
Hypervisor
OS + Kernel
App code & config
App runtime & libraries
VM
Hardware
Hypervisor
Kernel on host OS
OS
App code & config
App runtime & libraries
Container
Hardware
Hypervisor
Unikernel
App code & config
App runtime & libs
Specialized kernel
Isolation Resource sharing Specialization
Abstraction
Abstraction
Abstraction
Abstraction
AbstractionAbstraction
"just enough" of the OS to run your code, nothing more.
Why should I use this?
Fast bootHighly optimized
Reduced attack surface
Why should I use this?
Small footprintFast boot
Highly optimizedReduced attack surface
Why should I use this?
Small footprintFast boot
Highly optimizedReduced attack surface
Why should I use this?
Small footprintFast boot
Highly optimizedReduced attack surface
Why should I use this?
Small footprintFast boot
Highly optimizedReduced attack surface
No, really… why should I use this?
same amount of workon less powerful VMs…
…saves $$$
Cons ?
no fork() or exec()hard to debug
“secure” is just a matter of timetroubleshooting tools
Cons ?
no fork() or exec()hard to debug
“secure” is just a matter of timetroubleshooting tools
Cons ?
no fork() or exec()hard to debug
“secure” is just a matter of timetroubleshooting tools
Cons ?
no fork() or exec()hard to debug
“secure” is just a matter of timetroubleshooting tools
Cons ?
no fork() or exec()hard to debug
“secure” is just a matter of timetroubleshooting tools
What’s out there ?
How does java fit in ?
new OS designed for the cloudC++
native Linux apps, JVMsingle address space
boots < 1 secLower administration & OS support costs
Hypervisor support
KVM, XEN - fullyVMW, VBox – exp
Cloud support
EC2 - fullyGCE – exp
a little “fatter”min image size ~20MB
Java image ~120MB
REST APIJMX/Jolokia API
cloud-init
Benchmarksredis
50% more TPSmemcached
20% more req/secTCP
20% better latency
How to build a java unikernel app?
Capstan build tool(feels dockerish)
Capstanfile
Capstanfile
base: cloudius/osv-openjdk8
build: mvn package
files: /app.jar: target/app.jar
cmdline: /java.so -jar /app.jar
$ capstan build -p vbox
$ mvn package$ capstan run target/app.jar
So where is this all going ?few users
hard to shiphard to buildhard to run
Community
unikernels + docker
”next big thing in the cloud”
Thank you!