It doesn't work with Docker, K8s right now, but everyone's going nuts anyway for AWS's Firecracker microVMs

re:Invent Pay-or-else compute biz AWS lit the fuse for Firecracker, the virtualization technology it uses to power its serverless Lambda offering and its Fargate managed container contrivance.

Firecracker, now available as open source on GitHub, relies on the Linux Kernel-based Virtual Machine (KVM) to create a new flavor of lightweight VMs. These microVMs strive to combine the security and isolation of virtual machines with the speed and resource thrift of containers.

"You can launch lightweight micro-virtual machines (microVMs) in non-virtualized environments in a fraction of a second, taking advantage of the security and workload isolation provided by traditional VMs and the resource efficiency that comes along with containers," said Jeff Barr, chief evangelist for AWS, in a blog post.

The software represents an attempt to create a virtualization technology better suited to event-driven, transient workloads – serverless applications that sit around doing nothing then suddenly spin up resources before going idle again.

According to AWS, Firecracker can launch user space or application code in less than 125ms and microVMs at a rate of 150 per second per host. It churns out fairly compact microVMs too, with each requiring less than 5MiB of memory overhead, so thousands can co-exist on a single server. The compute-only guest CPU performance reaches more than 95 per cent of bare-metal, per the spec.

Other virtualization projects such as Kata Containers and gVisor, have pursued similar goals.

Firecracker strives to be more minimalistic: It emulates only four devices – virtio-net, virtio-block, serial console, and a single button keyboard controller to stop the microVM – and its kernel loading process has been optimized. It also includes a RESTful control API, handles resource rate limiting, and supports a microVM metadata service for passing config data between the host and guest.

Firecracker was derived from Chromium OS's Virtual Machine Monitor (crosvm), an open source virtual machine monitor (VMM) written in Rust.

The project may be the highest profile production deployment of Rust, a programming language backed by Mozilla that has become more popular lately.

"In the fall of 2017, we decided to write Firecracker in Rust, a modern programming language that guarantees thread and memory safety and prevents buffer overflows and many other types of memory safety errors that can lead to security vulnerabilities," explained Arun Gupta, principal open source technologist, and Linda Lian, senior product marketing manager, in a blog post.

Firecracker is designed to be processor agnostic, though at present it runs only on Intel hardware, under Linux kernel version 4.14 or later; AMD and Arm support is coming in 2019 according to AWS.

It doesn't presently work with Docker or container orchestrator Kubernetes, but AWS has built prototype code that lets containerd, a container runtime, manage containers as Firecracker microVMs. With further work, Docker and Kubernetes compatibility may emerge.

By releasing Firecracker under an open source Apache 2.0 licensing, AWS hopes other developers and organizations will advance the virtualization tech even further. ®