logo

Beyond Orchestration: The Cloud Native Runtimes Ecosystem for Performance and Security

2022-10-27

Authors:   Alexander Jung


Summary

Unikraft is an open-source library operating system that enables the construction of ultra-lightweight VMs quickly, easily and without time-consuming developer effort. These VM images are tailored to the application itself and have high-performance, low resource usage and a small attack surface. The talk compares Unikraft with existing runtimes for the cloud and demonstrates how it can be used with Kubernetes today.
  • Existing runtimes for the cloud rely on traditional kernel stacks and hypervisors, which negatively impact security and performance.
  • Unikraft is an open-source library operating system that enables the construction of ultra-lightweight VMs quickly, easily and without time-consuming developer effort.
  • Unikraft VM images are tailored to the application itself and have high-performance, low resource usage and a small attack surface.
  • Unikraft can be used with Kubernetes today.
  • Unikraft supports major cloud vendors such as AWS and GCP.
Unikraft is trying to change the status quo of what it is to have a performant and a secure application in the cloud. Existing runtimes for the cloud rely on traditional kernel stacks and hypervisors, which negatively impact security and performance. Unikraft is an open-source library operating system that enables the construction of ultra-lightweight VMs quickly, easily and without time-consuming developer effort. These VM images are tailored to the application itself and have high-performance, low resource usage and a small attack surface. Unikraft can be used with Kubernetes today and supports major cloud vendors such as AWS and GCP.

Abstract

The ecosystem of runtimes for container-based applications has been growing dramatically over the last few years with new implementations providing deeper integration between host and application with two primary goals in mind: performance and security.Many of these systems, however, rely on manually adapting your application for the runtime provider for performance which negatively impacts adoption or uses existing virtualized, ad-hoc and traditional OSes/kernels for security which negatively impacts performance.In this talk, we introduce Unikraft: an open-source library Operating System which enables the construction of ultra-lightweight VMs quickly, easily and without time-consuming developer effort. These VM images are tailored to the application itself and have high-performance, low resource usage (e.g. 3-5ms boot times, MBs of memory and disk usage, to name a few metrics) and a small attack surface (e.g.: no co-processes, no shell). We make comparisons across the current runtime landscape and demonstrate how you can use Unikraft with Kubernetes today.

Materials: