Skip to main content
SpringerLink
Log in

\(\textit{i2kit}\): A Deployment Tool with the Simplicity of Containers and the Security of Virtual Machines

  • Conference paper
  • First Online:
Web Information Systems Engineering – WISE 2018 (WISE 2018)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11233))

Included in the following conference series:

  • 1601 Accesses

Abstract

Container virtualization technologies, like Docker, are becoming increasingly popular. Containers provide exceptional developer experience because containers offer lightweight isolation and ease of software distribution. Containers also solve a fundamental code portability problem.

In contrast, container virtualization is basically insecure when compared to virtualization based on hypervisors. Virtual machines are also better integrated with the rest of the cloud ecosystem. Sum it all, virtual machines are more suitable for production environments. However, virtual machines impose a non-negligible memory footprint and suffer longer boot times, which is impractical for local development. So far, there is no deployment infrastructure that allows both the developer experience of containers and the maturity and isolation capabilities of virtual machines.

We solve this problem in this paper by introducing i2kit, an orchestration tool that enjoys the best of both worlds: (1) the development workflow is untouched, containers can be used as usual; (2) at time of deployment, containers are transformed into virtual machines, keeping code portability, but providing better security and better integration with other cloud services. The tool i2kit creates virtual machines using Linuxkit. Linuxkit alleviates the drawback in size that using virtual machines would otherwise entail because the footprint of our Linuxkit distributions is only about 60 MB. The attack surface of the application is reduced since Linuxkit only installs the minimum set of OS dependencies to run containers. Finally, we report an empirical study using i2kit that allows us to conclude that i2kit is a promising technology for VM deployment of applications developed using containers.

This research has been partially supported by: the EU H2020 project Elastest (num. 731535), by the Spanish MINECO Project “RISCO (TIN2015-71819-P)” and by the EU ICT COST Action IC1402 ARVI (Runtime Verification beyond Monitoring).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In this paper, we refer to containers or pods indistinctly. A pod is a group of strongly related containers that get deployed as a unit.

  2. 2.

    i2kit is available at www.github.com/pchico83/i2kit.

  3. 3.

    We are also exploring how to support alternative technologies to Linuxkit.

References

  1. Merkel, D.: Docker: lightweight Linux containers for consistent development and deployment. Linux J. 2014(239) (2014)

    Google Scholar 

  2. Wang, C.: LXC and Docker explained. http://www.infoworld.com/article/3072929/linux/containers-101-linux-containers-and-docker-explained.html

  3. Clark, J.: EVERYTHING at Google runs in a container. http://www.theregister.co.uk/2014/05/23/google_containerization_two_billion/

  4. Lewis, J., Fowler, M.: Microservices: a definition of this new architectural term. http://martinfowler.com/articles/microservices.html

  5. Thönes, J.: Microservices. IEEE Softw. 32(1), 113–116 (2015)

    Article  Google Scholar 

  6. Burns, B., Grant, B., Oppenheimer, D., Brewer, E., Wilkes, J.: Borg, omega, and kubernetes. Commun. ACM 59(5), 50–57 (2016)

    Article  Google Scholar 

  7. Docker Swarm. https://github.com/docker/swarm

  8. Hindman, B., et al. : Mesos: a platform for fine-grained resource sharing in the data center. In: Proceedings of NSDI 2011, pp. 295–308. USENIX Association (2011)

    Google Scholar 

  9. Moiron, J.: IsK8s Too Complicated? http://jmoiron.net/blog/is-k8s-too-complicated/

  10. Mouat, A.: Five security concers when using Docker. https://www.oreilly.com/ideas/five-security-concerns-when-using-docker

  11. Linux Kernel Security Vulnerabilities. https://www.cvedetails.com/vulnerability-list.php

  12. Habib, I.: Virtualization with KVM. Linux J. 2008(166) (2008). http://dl.acm.org/citation.cfm?id=1344209.1344217

  13. Mishchenko, D.: VMware ESXi: Planning, Implementation, and Security, 1st edn. Course Technology Press, Boston (2010)

    Google Scholar 

  14. Velte, A., Velte, T.: Microsoft Virtualization with Hyper-V, 1st edn. McGraw-Hill, Inc., New York (2010)

    Google Scholar 

  15. LinuxKit. https://github.com/linuxkit/linuxkit

  16. Fowler, C.: Trash Your Servers and Burn Your Code: Immutable Infrastructure and Disposable Components. http://chadfowler.com/2013/06/23/immutable-deployments.html

  17. Verma, A., Pedrosa, L., Korupolu, M.R., Oppenheimer, D., Tune, E., Wilkes, J.: Large-scale cluster management at Google with Borg. In: Proceedings of EuroSys 2015. ACM (2015)

    Google Scholar 

  18. Schwarzkopf, M., Konwinski, A., Abd-El-Malek, M., Wilkes, J.: Omega: flexible, scalable schedulers for large compute clusters. In: Proceedings of EuroSys 2013, pp. 351–364. ACM (2013)

    Google Scholar 

  19. Auto Scalability Groups. https://aws.amazon.com/autoscaling/

  20. Elastic Load Balancing. https://aws.amazon.com/elasticloadbalancing/

  21. Cloud Formation. https://aws.amazon.com/cloudformation/

  22. Building Large Kubernetes Clusters. https://kubernetes.io/docs/admin/cluster-large/

  23. Delimitrou, C., Kozyrakis, C.: Quasar: resource-efficient and QoS-aware cluster management. SIGARCH Comput. Archit. News 42(1), 127–144 (2014)

    Google Scholar 

  24. Mars, J., Tang, L., Hundt, R., Skadron, K., Souffa, M.L.: Bubble-up: increasing utilization in modern warehouse scale computers via sensible co-locations. In: Proceedings of MICRO 2011. ACM (2011)

    Google Scholar 

  25. Kata Containers. https://katacontainers.io

  26. Ernst, E.: Kata containers doesnt replace kubernetes (2018). https://katacontainers.io/posts/why-kata-containers-doesnt-replace-kubernetes/

  27. Manco, F., et al.: My VM is lighter (and safer) than your container. In: Proceedings of SOSP 2017, pp. 218–233. ACM (2017)

    Google Scholar 

  28. Madhavapeddy, A., Scott, D.J.: Unikernels: rise of the virtual library operating system. Queue 11(11), 30:30–30:44 (2013)

    Google Scholar 

  29. Serverless Architectures. https://martinfowler.com/articles/serverless.html

  30. etcd. https://github.com/coreos/etcd

  31. Ongaro, D., Ousterhout, J.: In search of an understandable consensus algorithm. In: Proceedings of USENIX ATC 2014. USENIX Association, pp. 305–320 (2014)

    Google Scholar 

  32. AWS Fargate. https://aws.amazon.com/fargate/

  33. Borello, G.: System and application monitoring and troubleshooting with Sysdig. USENIX Association, Washington, D.C. (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IMDEA Software Institute, Madrid, Spain

    Pablo Chico de Guzmán, Felipe Gorostiaga & César Sánchez

Authors
  1. Pablo Chico de Guzmán
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Felipe Gorostiaga
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. César Sánchez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Pablo Chico de Guzmán , Felipe Gorostiaga or César Sánchez .

Editor information

Editors and Affiliations

  1. Zayed University, Dubai, United Arab Emirates

    Hakim Hacid

  2. Poznan University of Economics, Poznan, Poland

    Wojciech Cellary

  3. University of Victoria, Footscray, VIC, Australia

    Hua Wang

  4. UNSW Australia, Sydney, NSW, Australia

    Hye-Young Paik

  5. Swinburne University of Technology, Hawthorn, VIC, Australia

    Rui Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

de Guzmán, P.C., Gorostiaga, F., Sánchez, C. (2018). \(\textit{i2kit}\): A Deployment Tool with the Simplicity of Containers and the Security of Virtual Machines. In: Hacid, H., Cellary, W., Wang, H., Paik, HY., Zhou, R. (eds) Web Information Systems Engineering – WISE 2018. WISE 2018. Lecture Notes in Computer Science(), vol 11233. Springer, Cham. https://doi.org/10.1007/978-3-030-02922-7_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02922-7_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02921-0

  • Online ISBN: 978-3-030-02922-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation