The DevOps Roadmap: Unikernels

Published 19.02.2021

Author Hrittik Roy

Categories Engineering

Containerization is one of the core building principles of clouds and DevOps, but traditional VMs and containers lack the security and agility that modern infrastructure craves. We are moving towards workloads that are smaller, faster, and more secure than the traditional counterparts.

Unikernels solve these problems that were architecturally tough to crack. Now, a massive wave of developers are moving to embrace this novel approach to make most of their hardware and cloud computing resources.

New to all of these? You’re not alone. Let’s dive and learn about:

What are Unikernels?

How are Unikernels built?

Why Unikernels are the future?

Unikernel OSes

What are Unikernels?

Unikernels, on the surface, are an improved version of the container because of the security and performance benefits they bring. The so-called ‘container 2.0 ‘is slightly different from traditional containers because the operating system they run is a single-purpose, unlike the counterparts that run on a general-purpose Linux system.

Moreover, you might remember the kernels being shared in a container, but this is not the case for unikernels. As the name suggests, they’re single kernel containers where each unikernel has its own kernel, and no sharing occurs.

How are Unikernels built?

Unikernels are constructed by compiling high-level languages (like java, c++) directly into specialist machine images that run directly on a hypervisor, such as Xen or bare metal. Because hypervisors operate most public cloud computing infrastructures such as Amazon EC2, this allows the services to operate more cheaply, safely, and with better control than with a full software stack without much configuration.

container unikernels
Unikernels as single kernel containers.

The base image is created by selecting necessary libraries for the application and then compiling them to create sealed, fixed-purpose images (unikernels) with the application and configuration code that run directly on a hypervisor or hardware without an intervening OS such as Linux or Windows.

The compiled specialized image is a single address space for all processes in the machine.

Why Unikernels are the future?

Improved security

Unikernels re-structure the rules by reducing an application’s attack surface to a fraction of its normal size. Think about it: What are you doing next if you are smart enough to find and exploit a flaw in a unikernel application? Since there isn’t a shell or other tools you can’t mess around with it. You can’t call one of the thousands of utility systems, because they don’t exist in these single-use OSs to do something sinister.

Small footprints

Unikernel images are specific with only the required libraries and drivers without anything that is considered to be unnecessary. This helps in some compiled images to be below 500 kb and foster smaller footprints.

Now compare with it to the Gbs of installation space required for traditional general-purpose OSs.

Highly optimised

The compilation model from the libraries helps build a system optimized from drivers to processes at the application layer. This allows for efficient containerization, which is made specifically for the application.

unikernel
Multi-purpose OS vs Unikernels Image source: container-solutions

Fast Boot

Unikernels are also very easy to boot because of the drastic reduction in dependencies, making them feasible to use as on-demand services. In the construction process, the specialized picture often means that the configuration is baked, changing the emphasis from deploying and configuring systems to deploying and configuring software. In the sense of unikernels, the method is just a library.

This, in turn, reduces boot time from minutes to something that is measured In milliseconds.

Unikernel OSes

There are many unikernel building libraries accessible from various sources, leading the way with the open source community. Four of the more common unikernel systems include:

MirageOS

MirageOS has a working domain name server, one of the most developed unikernel projects, which compiles to just 449 KB. Yeah, that’s kilobytes, a memory size that many of us have not spoken of in the modern century. The project also has a web server weighing in at 674 KB and a learning transfer from OpenFlow that tips the scales at just 393 KB.

IncludeOS

IncludeOS is an operating system library written in C++ for the development of unikernels. It can take advantage of many CPUs and it is possible to use threads to spread workload on several Processor cores. Limited source-code compatibility with Linux is also retained.

MiniOS

MiniOS is a tiny Xen Hypervisor distributed OS kernel. It is used for the production of Unikernels as a base.

ClickOS

ClickOS, a high-performance, virtualised software middlebox platform is a unikernel specialised for Network Function Virtualisation. ClickOS virtual machines are small (5MB), boot quickly (about 30 milliseconds), add little delay (45 microseconds), and over 100 of them can be concurrently run while saturating a 10Gb pipe on a commodity server.

Final Thoughts⭐

Unikernels are awesome, but as they are small and specific, so no debugging tools exist, which’s a limitation. If looked this limitation is not so major as in production environment, you don’t mess around with containers. If we need to repair some bug, we first recreate the bug, then fix it and then deploy a new container, subsequently shutting down the old one.

Happy Learning!

More stories from our blog

Kubernetes: Everything You Need to Know about it

Kubernetes: Everything You Need to Know about it

The demand around scalable and reliable services is increasing every day exponentially. The market is driven by customers demanding their favorite services to have zero downtime and companies that lose millions of dollars for every minute they’re down. If you have...

Turbo-charge with Container Orchestration

Turbo-charge with Container Orchestration

Managing containers while traffic increases or decreases in cost-effective ways round the clock sounds challenging and complex without tools. We, as cloud-native citizens, crave scalability and agility. But our containers going into production without the cloud-native...

Unikernel Vs Container Vs VMs: Here is what you should use

Unikernel Vs Container Vs VMs: Here is what you should use

If you’d gone through Containers, Unikernels and VMs, I would bet you’re confused about which one to try for your new venture. It’s normal and happens to everyone while experimenting with adopting new technology. Remember the age-old dilemma of you thinking which...

How to build a Kubernetes cluster on HETZNER with k3s

How to build a Kubernetes cluster on HETZNER with k3s

HETZNER is a german cloud provider having very competitive prices for linux-based VMs. It's a great place to run Kubernetes, as HETZNER provides many integrations with their systems we can leverage when running Kubernetes: CSI IntegrationTerraform...

The DevOps Roadmap: Docker

The DevOps Roadmap: Docker

The containerization revolution has just begun, which means you have heard about docker at least once in your professional life. Containerization has made our apps’ deployment cycle faster and efficient. Leading the containerization wave is docker, the most popular...

Why you should focus on enough instead of more?

Why you should focus on enough instead of more?

Time is a precious commodity, and you might have heard this a thousand times now. But the stuff more important than time is the focus. I have seen people achieve more in less time due to the exceptional focus skills they have. Focus leads to productivity, and...

CNCF Meetup Saar #1

CNCF Meetup Saar #1

The first edition of our CNCF Meetup Saar was on February 25th from 11:00 to 13:00 CET. It was a very fun event with enlightening talks and a few quirks. You can enjoy a recap of the event and the talks below. Recap Full Event...

Interested in what we do? Looking for help? Wanna talk about software strategy?