On Tuesday AWS announced Firecracker, an open-source microVM for serverless computing. A microVM that can be launched in just over a tenth of a second is particularly useful for event-driven, lightweight, or short-lived workloads. At the same time, it benefits from the extended security of hardware virtualization. Today we announce the integration of Firecracker into Unik, the unikernel/microVM compilation and orchestration platform. With Unik, users will be able to easily turn their code or existing containers into Firecracker microVMs, and deploy locally or in the cloud.
Firecracker and the need for microVMs
Security considerations require that serverless functions of different users should run on different VMs. Deployment of a serverless function is often accompanied by launch of a virtual machine instance, which must happen fast. Firecracker addresses this issue by booting a minimal kernel config, which enables faster startup times and offers minimal-overhead execution. The minimal device model also offers multiple levels of security and reduces the attack surface.
At re:Invent 2018, AWS told us that they have been using Firecracker to run workloads for Lambda. This allowed them to offer customers better performance and uncompromising security while lowering the overall cost of running serverless container architectures. The latter comes in part from the fact that microVMs drive high utilization on physical hardware: with default configuration, thousands of microVMs can run on a single machine.
The Firecracker project immediately attracted significant attention and excitement, especially from users of serverless technology. This can be seen on the project’s Github repo, as well as on twitter.
If you — like we at solo — are excited about serverless technology, then you’re probably eager to try Firecracker out, and learn what this new technology can do to the serverless movement. However, getting your code to run in a microVm is a fairly complicated process that can be time consuming and requires significant expertise in low-level properties of your operating system, like kernel architecture, driver requirements, and file system structure.
In addition, you may be wondering how microVMs should be managed and integrated with other players in your cloud environment. You may be used to tools like Puppet and Chef managing your VMs, but are these the right tools for managing microVMs?
Firecracker your code with Unik
To help users launch with their Firecracker experience and to accelerate its adoption, we integrated Firecracker into our unikernel/microVM compilation and orchestration platform, Unik.
We launched Unik in May 2016 as an orchestration platform for light-weight VMs. Unik provides tools for compiling application sources or containers into unikernels (lightweight bootable disk images) and microVMs. In addition, UniK runs and manages unikernels and microVMs on a variety of cloud providers, as well as locally.
With Unik, building a Firecracker microVM from your code is straightforward. To see how this works, let’s assume that we have a function called writeOS, written in go, that writes the name and version of the local operating system. We will place all the code needed to compile our function in the directory `./writeOS/src`.
Before we build our microVM, we need to first start the unik daemon, and then link to it:
unik target --host localhost
We are now ready to build the microVM with a single command
unik build --name writeOS_miVM --path ./writeOS/src --base firecracker --language go --provider firecracker --force
All set. We can now run an instance of this microVM with
unik run --instanceName writeOS_vm1 --imageName writeOS_miVM
This deploys our microVM and runs the writeOS function.
Unik will help you manage your microVMs: you can always ask unik for a list of all running microVMs, and order it to pause or stop any of them. Unik will also provide you with logging.
Unik brings microVMs into the serverless platform
Serverless functions are stateless, short-lived, and immutable. This means that serverless functions are never modified after they are invoked. Therefore, a microVM that runs a serverless function is conceptually less similar to a VM, in which code can be accessed and modified (e.g. with the help of Puppet or Chef), and more similar to a container.
Unik is designed to give users of microVMs the same experience they are used to have with Docker containers. By simplifying the building and deployment of microVMs, Unik allows users to modify their code when needed, and then compile and deploy them with a couple of commands. Unik also provides a repository called UnikHub, where you can store and share your microVMs (and unikernels).
The vision behind Unik is that your microVMs and the functions that run inside them should be orchestrated together with the containers that run your microservices. To this end, Unik is integrated with Kubernetes, allowing it to provision, heal and discover microVMs in the same way it does for containers.
In the near future, we plan to integrate Unik with Knative and other serverless platforms on top of Kubernetes, to provide a unified serverless environment, that can run on prem in the multi-cloud.