At last year’s Kubecon in San Diego, Mark Emeis (@markemeis) Weaveworks engineering manager and open source contributor gave a talk on how Weave Ignite started, how it works and where you can use it in your development pipelines.
What is Weave Ignite?
Weave Ignite combines Firecracker microVMs with OCI images, containerd and CNI to unify containers and Virtual Machines (VMs). It integrates with Kubernetes and GitOps operators that can be managed declaratively. Because ignite leverages Firecracker - AWS’ OSS KVM implementation- it is optimized for speed, low resource consumption, high security, and isolation.
With Ignite, developers and devops teams can:
- Launch and manage entire “app ready” stacks from Git.
- Run legacy or special apps in lightweight VMs (eg for multi-tenancy).
- Run a cloud of VMs ‘anywhere’ using Kubernetes for orchestration, Ignite for virtualization, GitOps for management, and supporting cloud native tools and APIs.
Firecracker is a microVM technology open sourced by Amazon. It is used in Fargate to power Lambda (serverless functions) on demand functionality. Firecracker has a reduced footprint that can spin up VMs when needed.
Lucas Käldström (@luxas) along with Dennis Marttinen, who were both in the Finnish military at the time, required a cheap and fast Kubernetes installation. Limited in cash, they looked around until they found open source Firecracker. Immediately, they recognized this technology as perfect for Kubernetes deployments.
The first iteration of Ignite was written in 500 lines of bash! But once they finished their military service, Dennis and Lucas came to Weaveworks, and they rewrote it in Go. It is this version that has become Weave Ignite.
The road to virtualization
Before demonstrating Weave Ignite, Mark took us through a short history of virtualization, illustrating how we got to where we are today. He split the VM lineage into four stages and identified five important axes for running workloads: simplicity, security, performance, flexibility and utilization.
- Hardware i OS - When we had only physical hardware and operating systems, things were pretty simple. The entire machine was available for your use. This meant that workloads could take advantage of whatever performance was available on the machine. It also meant that workloads you ran on it were only as secure as the operating system. In addition, you didn’t have to worry too much about any competing processes since it was all on one machine.
- Virtual Machines - With the introduction of VMs you got a lot more flexibility in terms of the types of operating systems that you could run simultaneously. But because processing speed was unlimited, your utilization was also unlimited. You could run workloads across multiple versions of an operating system that included pretty good security and isolation.
- Containers - In the early days before Docker, containers provided you with namespaces and control groups (or cgroups), and were basically the bare minimum container building blocks. But since the OS was shared, and because workloads were running as processes, utilization doubled. This offered enormous flexibility. However, although we gained in performance, we lost some of the simplicity as well as the security layer.
- Docker - Docker added in a layer of simplicity with it’s intuitive UX. And one could credit the simplicity of Docker’s UX for the skyrocketing use of container technology over such a brief period of time. But with this simplicity came a lack of security.
- Ignite - With its container centric view of things, Ignite rounds out the axes of our VM lineage. Since Ignite leverages Firecracker with the KVM and CPU level virtualization, security can be added back in. Ignite gives you all the benefits of containerization with a Docker like UX.
What if you could manage VMs as easily as containers?
This is exactly what Lucas and Dennis did by creating a CLI with a familiar set of commands that allow you to manage your VMs on the command line just like you do with containers. Ignite provides you with commands like `attach`, `start`, `exec`, and `stop` just like you can find in docker. Weave Ignite takes an UX that is well known and transitions that for use on virtual machines.
“With Weave Ignite, we wanted to leverage even more of the Docker and the container aspects for virtual machines. You can actually take a Docker container, if it has an `init` process in it and `systemd` in it, you can run that on Ignite just like you can as a Docker container. That's really where the power is.” -- Mark Emeis, Weaveworks Engineering Manager
View the entire talk and watch the demo: