Extending storage support for unikernel containers

In recent years, the rapid adoption of the serverless computing paradigm has led to the proliferation of Function-as-a-Service computing frameworks. The majority of these frameworks utilize containers, a lightweight operating system virtualization technique, to ensure isolated function execution. Unikernels, which package applications within a single-address space library operating system, have been proposed as an alternative function isolation mechanism, which offers stronger isolation guarantees without suffering the performance penalties of full hardware virtualization. However, due to different storage semantics between containers and unikernels, the state-of-the-art approaches for using unikernels in place of containers result in decreased performance, inefficient resource utilization and limited functionality. In this paper we bridge the storage gap between containers and unikernels in the context of serverless computing. First, we examine and categorize the storage requirements for building and running functions based on unikernels. Based on these requirements, we design and prototype a framework, which extends the Docker storage layer to support unikernel images. Our framework enables the sharing of common read-only unikernel image layers between functions and moves the unikernel image building overhead away from the critical path of function execution. We show that our framework improves function instantiation times while reducing storage space overhead.

[1]  Fabrizio Montesi,et al.  Microservices: Yesterday, Today, and Tomorrow , 2017, Present and Ulterior Software Engineering.

[2]  Ricardo Koller,et al.  An Ounce of Prevention is Worth a Pound of Cure: Ahead-of-time Preparation for Safe High-level Container Interfaces , 2019, HotStorage.

[3]  Jon Crowcroft,et al.  Unikernels: library operating systems for the cloud , 2013, ASPLOS '13.

[4]  Antti Kantee,et al.  Rump kernels: no OS? no problems! , 2014 .

[5]  Dan Williams,et al.  Unikernels as Processes , 2018, SoCC.

[6]  Richard Jones,et al.  Unikernels: The Next Stage of Linux's Dominance , 2019, HotOS.

[7]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[8]  Xin Lin,et al.  A Measurement Study on Linux Container Security: Attacks and Countermeasures , 2018, ACSAC.

[9]  Binoy Ravindran,et al.  A binary-compatible unikernel , 2019, VEE.

[10]  Florian Schmidt,et al.  My VM is Lighter (and Safer) than your Container , 2017, SOSP.

[11]  Dan Williams,et al.  Will Serverless End the Dominance of Linux in the Cloud? , 2017, HotOS.

[12]  Yiying Zhang,et al.  LegoOS: A Disseminated, Distributed OS for Hardware Resource Disaggregation , 2018, OSDI.

[13]  David A. Patterson,et al.  Cloud Programming Simplified: A Berkeley View on Serverless Computing , 2019, ArXiv.

[14]  Dan Williams,et al.  Unikernel Monitors: Extending Minimalism Outside of the Box , 2016, HotCloud.

[15]  Antti Kantee,et al.  Rump Kernels: No OS? No Problem! , 2014, login Usenix Mag..

[16]  Mazin S. Yousif,et al.  Microservices , 2016, IEEE Cloud Comput..

[17]  Don Marti,et al.  OSv - Optimizing the Operating System for Virtual Machines , 2014, USENIX Annual Technical Conference.