Beyond Orchestration: The Cloud Native Runtimes Ecosystem for Performance and Security

Unikraft is an open-source library operating system that enables the construction of ultra-lightweight VMs quickly, easily and without time-consuming developer effort. These VM images are tailored to the application itself and have high-performance, low resource usage and a small attack surface. The talk compares Unikraft with existing runtimes for the cloud and demonstrates how it can be used with Kubernetes today.

• Existing runtimes for the cloud rely on traditional kernel stacks and hypervisors, which negatively impact security and performance.
• Unikraft is an open-source library operating system that enables the construction of ultra-lightweight VMs quickly, easily and without time-consuming developer effort.
• Unikraft VM images are tailored to the application itself and have high-performance, low resource usage and a small attack surface.
• Unikraft can be used with Kubernetes today.
• Unikraft supports major cloud vendors such as AWS and GCP.

Unikraft is trying to change the status quo of what it is to have a performant and a secure application in the cloud. Existing runtimes for the cloud rely on traditional kernel stacks and hypervisors, which negatively impact security and performance. Unikraft is an open-source library operating system that enables the construction of ultra-lightweight VMs quickly, easily and without time-consuming developer effort. These VM images are tailored to the application itself and have high-performance, low resource usage and a small attack surface. Unikraft can be used with Kubernetes today and supports major cloud vendors such as AWS and GCP.

The ecosystem of runtimes for container-based applications has been growing dramatically over the last few years with new implementations providing deeper integration between host and application with two primary goals in mind: performance and security.Many of these systems, however, rely on manually adapting your application for the runtime provider for performance which negatively impacts adoption or uses existing virtualized, ad-hoc and traditional OSes/kernels for security which negatively impacts performance.In this talk, we introduce Unikraft: an open-source library Operating System which enables the construction of ultra-lightweight VMs quickly, easily and without time-consuming developer effort. These VM images are tailored to the application itself and have high-performance, low resource usage (e.g. 3-5ms boot times, MBs of memory and disk usage, to name a few metrics) and a small attack surface (e.g.: no co-processes, no shell). We make comparisons across the current runtime landscape and demonstrate how you can use Unikraft with Kubernetes today.