2020-02-14 Containers

Firecracker Microvm

Virtual Machine Manager

Uses KVM (Linux Kernel based virtual Machine)

Also has rate limiter - to distribute vm’s inside a single host

So you have to use the kata container runtime on Firecracker? Still integrating with container-d.

What is the difference between runC, containerD and docker? * Docker is an OCI image format

Alternate to QEMU - an established VMM (Virtual Machine Manager)

Multitenancy - hardware virtualisation based security
Any vCPU and Memory combination
Oversubscription permissable
Steady mutation - Can launch 100 microvm’s per host per sceond (4 microVM’s per physical core)
Host facing Rest API

Bare Metal -> KVM -> Firecracker (userspace)

Customer Code (In container) -> Guest OS (Kernel on VM) -> Hypervisor (KVM) -> Host OS -> Hardware

Guest OS is linked to a single customer account Hypervisor and Host OS has many customer accounts (multitenenacy)

Firecracker sits on the hupervisor and Host OS part

Management - Deployment and scheduling (Amazon ECS, Amazon EKS)
Hosting - Amazon EC2, AWS Fargate (just give container - all monitorng and debugging you must handle)
Image Regstry - You don’t want to think about the registry

Fargate - run container with this much vCPU and this much Memory

Essentially you can move the Guest VM’s around on bare metal hosts belonging to different customers

Firecracker reduces costs for customers

Make it work with kubernetes and k8s distro’s like Rancher etc.

Lightweight VM for running containers. Seemlessly plugs into containers. Firecracker is more lightweight VMM than Qemu.

In k8s you can set to use katacontainers:

spec:
  template:
    spec:
      runtimeClassName: kata-fc

Just like kubectl there is firectl

firectl --kernel=hello-vmlinux.bin --root-drive=hello-rootfs.ext4