March 5th, 2017
clouds, containers, infrastructure, applications and their management
Contact for early access. Learn more -
Cluster visibility -
See container network flows (current bandwidth and direction) across Kubernetes and Docker Swarm nodes.
Bandwidth test -
Test throughput (performance) of each type of container network (compare network drivers).
Choose wisely -
Be aware of the cost of overlay convenience.
Avoid MAC address overload in underlays.
they care about the application
OS User Processes
Virtual Hardware Drivers
Long startup times.
Designed for many users, running many processes.
Hardware has evolved.
Package managers pull in many unneeded packages.
Decades of backwards compatibility.
Very large attack surface a huge kernel code base.
Lots of unused applications, services and drivers lying around.
Unikernels by Russell Pavlicek (free ebook)
How Unikernels Can Better Defend against DDoS Attacks
Lee Calcote and Idit Levine
A library operating system
a way of cross-compiling (existing) applications down to very small, lightweight, secure virtual machine
Projects / Tools
Many attack vectors closed - simply not present.
only use libraries specific to your application
Security be default - not necassarily policy that will be defined later
Microservices are (intended to be) small, self-contained, single-purpose applications.
Unikernels cannot handle multiple processes,
so forking is not allowed.
Unikernels can handle threads.
Are single user, but who needs multiple users?
Can statically link data into application.
Access to a high-end system for a fraction of second
Increase speed - smaller artifacts, which boot faster (microseconds)
Target multiple platforms from a single code base
a community exchange
$ kubectl run nginx --image=nginx:AWS --namespace=unik --replicas=3
multiple container runtimes AND unikernels
docker, rkt and unik
providers: aws: - name: aws region: us-east-1 zone: us-east-1a gcloud:  vsphere:  virtualbox: - name: unik-vbox adapter_name: vboxnet0 adapter_type: host_only qemu:  photon:  xen:  openstack:  ukvm:  version: ""
a familiar treadmill
unik build --name go-calcote --path ./ --base rump --language go --provider virtualbox
unik run --instanceName=scale15x --imageName=go-calcote
fmt.Fprintf(w, "<img src='http://calcotestudios.com/talks/img/unik.jpg' />") fmt.Fprintf(w, "<p /> My first unikernel!")
unik logs --instanceName=scale15x
clouds, containers, infrastructure,
applications and their management