-
Notifications
You must be signed in to change notification settings - Fork 17
/
index.html
414 lines (414 loc) · 21.4 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1" />
<link rel="icon" type="image/png" href="img/Favicon.png" />
<link rel="stylesheet" href="style.css" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script>
<script src="js/masonry.pkgd.min.js"></script>
<script src="js/scripts.js" defer></script>
<title>Firecracker</title>
</head>
<body>
<div id="home" name="home" class="mdl-head">
<header class="mdl-header">
<input id="sta-menu" type="checkbox" />
<div class="m-content">
<a href="#home" class="m-img">
<img src="img/[email protected]" alt="Firecracker logo" />
</a>
<nav>
<a href="#home" class="m-logo">
<img src="img/[email protected]" alt="Firecracker logo" />
</a>
<a class="sta-hoverOFF" href="#benefits">Benefits</a>
<a class="sta-hoverOFF" href="#how_it_works">How it works</a>
<a class="sta-hoverOFF" href="#faq">FAQs</a>
<a class="sta-hoverOFF" href="#learn_more">Learn more</a>
</nav>
<label for="sta-menu">
<span></span>
</label>
</div>
</header>
<section class="mdl-hero">
<div class="m-content">
<div class="m-title">Secure and fast microVMs for serverless computing</div>
<a href="https://github.com/firecracker-microvm/firecracker" class="css-button2 sta-hoverOFF">
View on GitHub
</a>
</div>
</section>
</div>
<div id="sticky" name="sticky" class="sticky">
<header class="sticky-header">
<input id="sta-menu" type="checkbox" />
<div class="m-content">
<a href="#home" class="s-img">
<img src="img/[email protected]" alt="" />
</a>
<nav>
<a href class="s-logo">
<img src="img/[email protected]" alt="" />
</a>
<a class="sta-hoverOFF" href="#benefits">Benefits</a>
<a class="sta-hoverOFF" href="#how_it_works">How it works</a>
<a class="sta-hoverOFF" href="#faq">FAQs</a>
<a class="sta-hoverOFF" href="#learn_more">Learn more</a>
</nav>
<label for="sta-menu">
<span></span>
</label>
</div>
</header>
</div>
<section class="mdl-article">
<article class="m-content">
<header>
Firecracker is an open source virtualization technology that is purpose-built for creating and managing
secure, multi-tenant container and function-based services.
</header>
<section>
<p>
Firecracker enables you to deploy workloads in lightweight virtual machines, called microVMs, which provide
enhanced security and workload isolation over traditional VMs, while enabling the speed and resource
efficiency of containers. Firecracker was developed at Amazon Web Services to improve the customer
experience of services like
<a href="https://aws.amazon.com/lambda/">AWS Lambda</a>
and
<a href="https://aws.amazon.com/fargate/">AWS Fargate</a>
.
</p>
<p>
Firecracker is a virtual machine monitor (VMM) that uses the Linux Kernel-based Virtual Machine (KVM) to
create and manage microVMs. Firecracker has a minimalist design. It excludes unnecessary devices and guest
functionality to reduce the memory footprint and attack surface area of each microVM. This improves
security, decreases the startup time, and increases hardware utilization. Firecracker is generally available on
<a href="https://github.com/firecracker-microvm/firecracker#supported-platforms">
64-bit Intel, AMD and Arm CPUs with support for hardware virtualization.
</a>
</p>
<p>
Firecracker is used by/integrated with (in alphabetical order):
<a href="https://appfleet.com/">appfleet</a>,
containerd via
<a href="https://github.com/firecracker-microvm/firecracker-containerd">firecracker-containerd</a>,
<a href="https://fly.io">Fly.io</a>,
<a href="https://github.com/kata-containers/documentation/wiki/Initial-release-of-Kata-Containers-with-Firecracker-support">Kata Containers</a>,
<a href="https://www.koyeb.com">Koyeb</a>,
<a href="https://northflank.com">Northflank</a>,
<a href="https://opennebula.io/firecracker/">OpenNebula</a>,
<a href="https://www.qovery.com">Qovery</a>,
<a href="https://github.com/solo-io/unik">UniK</a>,
<a href="https://www.weave.works/oss/firekube/">Weave FireKube</a>
(via <a href="https://github.com/weaveworks/ignite">Weave Ignite</a>),
<a href="https://webapp.io">webapp.io</a>, and
<a href="https://github.com/astro/microvm.nix">microvm.nix</a>.
Firecracker can run Linux and
<a href="http://blog.osv.io/blog/2019/04/19/making-OSv-run-on-firecraker">OSv</a>
guests. Our latest roadmap can be found
<a href="https://github.com/firecracker-microvm/firecracker/projects/13">here</a>.
</p>
</section>
</article>
</section>
<section class="mdl-banner">
<div class="m-content">
<img class="m-bg" src="img/[email protected]" alt="" />
<div class="m-text">
<p>Firecracker is open-sourced under Apache License, version 2.0.</p>
<div class="m-imgs">
<a href="https://aws.amazon.com/fargate/">
<img src="img/fargate-logo.svg" alt="AWS Fargate" />
</a>
<a href="https://aws.amazon.com/lambda/"><img src="img/lambda-logo.svg" alt="AWS Lambda"</a>
</div>
</div>
<div class="m-buttons">
<a href="https://github.com/firecracker-microvm/firecracker" class="css-button sta-hoverOFF">
<i class="icon-github" aria-hidden="true"></i>
<span>Join our GitHub Community</span>
</a>
<a
href="https://join.slack.com/t/firecracker-microvm/shared_invite/zt-1zlb87h4z-NED1rBhVqOQ1ygBgT76wlg"
class="css-button sta-hoverOFF"
>
<i class="icon-slack" aria-hidden="true"></i>
<span>Chat about Firecracker on Slack</span>
</a>
</div>
</div>
</section>
<section class="mdl-benefits">
<div class="m-content">
<div id="benefits" name="benefits" class="m-title">Benefits</div>
<div class="m-grid">
<article class="m-item">
<div class="m-header">
<img src="img/[email protected]" alt="Security icon" />
<header>Security from the ground up</header>
</div>
<section>
Firecracker microVMs use KVM-based virtualizations that provide enhanced security over traditional VMs.
This ensures that workloads from different end customers can run safely on the same machine. Firecracker
also implements a minimal device model that excludes all non-essential functionality and reduces the
attack surface area of the microVM.
</section>
</article>
<article class="m-item">
<div class="m-header">
<img src="img/[email protected]" alt="Speed icon" />
<header>Speed by design</header>
</div>
<section>
In addition to a minimal device model, Firecracker also accelerates kernel loading and provides a minimal
guest kernel configuration. This enables fast startup times. Firecracker initiates user space or
application code in as little as 125 ms and supports microVM creation rates of up to 150 microVMs per
second per host.
</section>
</article>
<article class="m-item">
<div class="m-header">
<img src="img/[email protected]" alt="hardware icon" />
<header>Scale and efficiency</header>
</div>
<section>
Each Firecracker microVM runs with a reduced memory overhead of less than 5 MiB, enabling a high density
of microVMs to be packed on each server. Firecracker provides a rate limiter built into every microVM.
This enables optimized sharing of network and storage resources, even across thousands of microVMs.
</section>
</article>
</div>
</div>
</section>
<section class="mdl-article2">
<article class="m-content">
<header id="how_it_works" name="how_it_works">How It Works</header>
<div class="m-header">The following diagram depicts an example host running Firecracker microVMs.</div>
<div class="m-img">
<img src="img/[email protected]" class="m-desktop" alt="Firecracker diagram" />
<img src="img/[email protected]" class="m-device" alt="Firecracker diagram" />
</div>
<section>
<p>
Firecracker runs in user space and uses the Linux Kernel-based Virtual Machine (KVM) to create microVMs. The
fast startup time and low memory overhead of each microVM enables you to pack thousands of microVMs onto the
same machine. This means that every function, container, or container group can be encapsulated with a
virtual machine barrier, enabling workloads from different customers to run on the same machine, without any
tradeoffs to security or efficiency. Firecracker is an
<a href="https://www.redhat.com/en/blog/all-you-need-know-about-kvm-userspace">alternative to QEMU</a>
, an established VMM with a general purpose and broad feature set that allows it to host a variety of guest
operating systems.
</p>
<p>
You can control the Firecracker process via a RESTful API that enables common actions such as configuring
the number of vCPUs or starting the machine. It provides built-in rate limiters, which allows you to
granularly control network and storage resources used by thousands of microVMs on the same machine. You can
create and configure rate limiters via the Firecracker API and define flexible rate limiters that support
bursts or specific bandwidth/operations limitations. Firecracker also provides a metadata service that
securely shares configuration information between the host and guest operating system. You can set up and
configure the metadata service using the Firecracker API. Each Firecracker microVM is further isolated with
common Linux user-space security barriers by a companion program called "jailer". The jailer provides a
second line of defense in case the virtualization barrier is ever compromised.
</p>
</section>
</article>
</section>
<section id="faq" name="faq" class="mdl-faq">
<div class="m-content">
<div class="m-title"><span>FAQs</span></div>
<div class="m-grid sta-masonry">
<article class="m-item">
<header>Who developed Firecracker?</header>
<section>
Firecracker was built by developers at Amazon Web Services to enable services such as
<a href="https://aws.amazon.com/lambda/">AWS Lambda</a>
and
<a href="https://aws.amazon.com/fargate/">AWS Fargate</a>
to improve resource utilization and customer experience, while providing the security and isolation
required of public cloud infrastructure. Firecracker started from Chromium OS's Virtual Machine Monitor,
<a href="https://chromium.googlesource.com/chromiumos/platform/crosvm/">crosvm</a>
, an open source VMM written in Rust. Today, crosvm and Firecracker have diverged to serve very different
customer needs.
<a href="https://github.com/rust-vmm">Rust-vmm</a>
is an open source community where we collaborate with crosvm and other groups and individuals to build and
share quality Rust virtualization components.
</section>
</article>
<article class="m-item">
<header>Why did you develop Firecracker?</header>
<section>
When we launched Lambda in November of 2014, we were focused on providing a secure
<a href="https://aws.amazon.com/serverless/">serverless</a>
experience. At launch we used per-customer EC2 instances to provide strong security and isolation between
customers. As Lambda grew, we saw the need for technology to provide a highly secure, flexible, and
efficient runtime environment for services like Lambda and Fargate. Using our experience building isolated
EC2 instances with hardware virtualization technology, we started an effort to build a VMM that was
tailored to run serverless functions and integrate with container ecosystems.
</section>
</article>
<article class="m-item">
<header>What processors does Firecracker support?</header>
<section>
The Firecracker VMM is built to be processor agnostic. 64-bit Intel, AMD and Arm CPUs with hardware
virtualization support are generally available for production workloads.
</section>
</article>
<article class="m-item">
<header>What language is Firecracker written in?</header>
<section>Firecracker is written in Rust.</section>
</article>
<article class="m-item">
<header>Can Firecracker be used within the container ecosystem?</header>
<section>
Yes. Firecracker is used by/integrated with (in alphabetical order):
<a href="https://appfleet.com/">appfleet</a>,
containerd via
<a href="https://github.com/firecracker-microvm/firecracker-containerd">firecracker-containerd</a>,
<a href="https://fly.io">Fly.io</a>,
<a href="https://github.com/kata-containers/documentation/wiki/Initial-release-of-Kata-Containers-with-Firecracker-support">Kata Containers</a>,
<a href="https://www.koyeb.com">Koyeb</a>,
<a href="https://northflank.com">Northflank</a>,
<a href="https://opennebula.io/firecracker/">OpenNebula</a>,
<a href="https://www.qovery.com">Qovery</a>,
<a href="https://github.com/solo-io/unik">UniK</a>,
<a href="https://www.weave.works/oss/firekube/">Weave FireKube</a>
(via
<a href="https://github.com/weaveworks/ignite">Weave Ignite</a>
),
<a href="https://webapp.io">webapp.io</a>, and
<a href="https://github.com/astro/microvm.nix">microvm.nix</a>.
</section>
</article>
<article class="m-item">
<header>What is the difference between Firecracker and QEMU?</header>
<section>
Firecracker is an
<a href="https://www.redhat.com/en/blog/all-you-need-know-about-kvm-userspace">alternative to QEMU</a>
that is purpose-built for running serverless functions and containers safely and efficiently, and nothing
more. Firecracker is written in Rust, provides a minimal required device model to the guest operating
system while excluding non-essential functionality (only 5 emulated devices are available: virtio-net,
virtio-block, virtio-vsock, serial console, and a minimal keyboard controller used only to stop the
microVM). This, along with a streamlined kernel loading process enables a < 125 ms startup time and a
< 5 MiB memory footprint. The Firecracker process also provides a RESTful control API, handles resource
rate limiting for microVMs, and provides a microVM metadata service to enable the sharing of configuration
data between the host and guest.
</section>
</article>
<article class="m-item">
<header>What operating systems are supported by Firecracker?</header>
<section>
Firecracker supports Linux host and guest operating systems with kernel versions 4.14 and above, as well
as
<a href="http://blog.osv.io/blog/2019/04/19/making-OSv-run-on-firecraker/">OSv</a>
guests. The long-term support plan is still under discussion.
</section>
</article>
<article class="m-item">
<header>What is the open source license for Firecracker?</header>
<section>
Firecracker is
<a href="https://github.com/firecracker-microvm/firecracker/blob/master/LICENSE">licensed</a>
under Apache License, version 2.0, allowing you to freely use, copy, and distribute your changes under the
terms of your choice. Read more about the
<a href="https://www.apache.org/licenses/LICENSE-2.0">Apache 2.0 license</a>
. Crosvm code sections are licensed under a
<a href="https://opensource.org/licenses/BSD-3-Clause">BSD-3-Clause license</a>
that also allows you to use, copy, and distribute your changes under the terms of your choice.
</section>
</article>
<article class="m-item">
<header>How can I contribute?</header>
<section>
Firecracker is an AWS open source project that encourages contributions from customers and the developer
community. Any contribution is welcome as long as it aligns with our
<a href="https://github.com/firecracker-microvm/firecracker/blob/master/CHARTER.md">charter</a>
. You can learn more about how to contribute in
<a href="https://github.com/firecracker-microvm/firecracker/blob/master/CONTRIBUTING.md">
CONTRIBUTING.md
</a>
. You can chat with others in the community on the
<a
href="https://join.slack.com/t/firecracker-microvm/shared_invite/zt-1zlb87h4z-NED1rBhVqOQ1ygBgT76wlg"
>
Firecracker Slack workspace
</a>
.
</section>
</article>
</div>
<div class="m-banner">
<div class="m-tit">Still didn’t find your answer?</div>
<a href="mailto:[email protected]" class="css-button2 sta-hoverOFF">Contact us</a>
</div>
</div>
</section>
<section class="mdl-learn">
<div class="m-content">
<div id="learn_more" name="learn_more" class="m-title">Learn More</div>
<div class="m-grid">
<a
href="https://aws.amazon.com/blogs/aws/firecracker-lightweight-virtualization-for-serverless-computing"
class="m-item sta-hoverOFF"
>
<article>
<header>
<small>JEFF BARR BLOG</small>
<big>Firecracker – Lightweight Virtualization for Serverless Computing</big>
</header>
<section>
Read about why AWS decided to build Firecracker, and how it improves security and efficiency.
</section>
<footer>
<span>Read more</span>
<i class="icon-right-arrow" aria-hidden="true"></i>
</footer>
</article>
</a>
<a
href="https://aws.amazon.com/blogs/opensource/firecracker-open-source-secure-fast-microvm-serverless/"
class="m-item sta-hoverOFF"
>
<article>
<header>
<small>OPEN SOURCE BLOG</small>
<big>Announcing the Firecracker Open Source Technology</big>
</header>
<section>
Read about how to get started with Firecracker, where the project is headed, and how you can join,
contribute, and collaborate.
</section>
<footer>
<span>Read more</span>
<i class="icon-right-arrow" aria-hidden="true"></i>
</footer>
</article>
</a>
</div>
<div class="m-title2">Get Involved</div>
<div class="m-buttons">
<a href="https://github.com/firecracker-microvm/firecracker" class="css-button3 sta-hoverOFF">
<i class="icon-github" aria-hidden="true"></i>
<span>Join our GitHub Community</span>
</a>
<a
href="https://join.slack.com/t/firecracker-microvm/shared_invite/zt-1zlb87h4z-NED1rBhVqOQ1ygBgT76wlg"
class="css-button3 sta-hoverOFF"
>
<i class="icon-slack" aria-hidden="true"></i>
<span>Chat about Firecracker on Slack</span>
</a>
</div>
</div>
<footer class="mdl-footer">
<div class="m-content">
<a href="#home">
<img src="img/[email protected]" alt="Firecracker logo" />
</a>
<div>©2018-2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.</div>
</div>
</footer>
</section>
</body>
</html>