Virtualization and IaaS

Severely Debloating Cloud Images with Unikraft

D.virtualization
Simon Kuenzer
Cloud computing has revolutionized the way we think about IT infrastructure: Another web server? More database capacity? Resources for your artificial intelligence use case? Just spin-up another instance and you are good to go. While most cloud images (e.g., AMIs on Amazon EC2) are meant to run a single service (e.g., nginx), for convenience these tend to be built on top of general-purpose OSes and full distributions, often resulting in GB-sized images that sometimes only need to perform a simple task such as serving static web pages. One of the main contributing factors to this status quo is the myriad kernel inter-dependencies, rendering debloating of a Linux kernel image far from trivial. In this talk we will show results from a proof-of-concept deployment on Amazon EC2 using Unikraft, a fully modular library OS that makes it easy to remove unneeded components, and to optimize the remaining ones. On EC2, a Unikraft nginx image is able to outperform an nginx Debian image by 2x in terms of requests/sec when serving static content, all the while consuming 1/6 of the memory (we will show a brief Unikraft demo). Unikraft is an open source Xen Project incubator under the auspices of the Linux Foundation.

Additional information

Type devroom

More sessions

2/6/21
Virtualization and IaaS
Simone Tiraboschi
D.virtualization
KubeVirt enables developers to run Containerized Application and Virtual Machines in a common, shared Kubernetes/OKD/OpenShift environment. An Operator is a method of packaging, deploying and managing a Kubernetes/Openshift application. The Hyperconverged Cluster Operator is an unified operator deploying and controlling KubeVirt and several adjacent operators in a controlled and opinionated way.
2/6/21
Virtualization and IaaS
Miguel Barroso
D.virtualization
KubeVirt's architecture is composed of two main components: virt-handler, a trusted DaemonSet, running in each node, which operates as the virtualization agent, and virt-launcher, an untrusted Kubernetes pod encapsulating a single libvirt + qemu process. To reduce the attack surface of the overall solution, the untrusted virt-launcher component should run with as little linux capabilities as possible. The goal of this talk is to explain the journey to get there, and the steps taken to drop CAP ...
2/6/21
Virtualization and IaaS
D.virtualization
VM sockets (vsock) enable communication between hosts and VMs. The vsock use cases have grown over the recent years to also cover cloud and containers projects. Andra and Stefano will walk through the details of a set of projects focused on isolation that use vsock as a communication channel. Then they will present debugging tools and further work items for improving and adding new features for vsock.
2/6/21
Virtualization and IaaS
D.virtualization
The debate on how to deploy applications, monoliths or micro services, is in full swing. Part of this discussion relates to how the new paradigm incorporates support for accessing accelerators, e.g. GPUs, FPGAs. That kind of support has been made available to traditional programming models the last couple of decades and its tooling has evolved to be stable and standardized (eg. CUDA, OpenCL/OpenACC, Tensorflow etc.). On the other hand, what does it mean for a highly distributed application ...
2/6/21
Virtualization and IaaS
Jakub Dżon
D.virtualization
Operator SDK is a solid foundation for building robust applications for Kubernetes; one of such applications is the VM import operator (https://github.com/kubevirt/vm-import-operator) allowing Kubernetes administrators to easily import their oVirt-managed virtual machines to KubeVirt. In this talk, the speaker will show how his team used Operator SDK to build the VM import operator and how that operator can be used.
2/6/21
Virtualization and IaaS
D.virtualization
In this session, participants will get an overview of the new oVirt monitoring feature with its data warehouse (DWH) and Grafana, architecture and demo. The session will also cover the option of creating new dashboards based on the oVirt DWH schema. For creating new dashboards, attendees should be familiar with SQL querying.
2/6/21
Virtualization and IaaS
Christian Gonzalez
D.virtualization
OpenNebula has recently incorporated a new supported hypervisor: Firecracker. This next generation virtualization technology was launched by AWS in late 2018 and is designed for secure multi-tenant container-based services. This integration provides an innovative solution to the classic dilemma between using containers—lighter but with weaker security—or Virtual Machines—with strong security but high overhead. Firecracker is an open source technology that makes use of KVM to launch ...