Unikernels are a relatively new concept to most people in IT, but have been around for a while.
They are operating system running as VMs under a hypervisor, but are:
- Only use the libraries they need
- A unikernel might not have networking (for example)
- Built from a set of available libraries which are dynamically pulled into the image as needed
So rather than starting from a ‘complete’ OS like Linux and then stripping out what’s not needed, only what’s needed to run the OS is included.
This brings some benefits:
- Smaller OS image size
- Smaller security attack surface
- Fast bootup
- Small footprint
- True isolation from other OSes on the same host
Docker recently bought a unikernel company and promptly used their technology to deliver a very impressive Beta for Mac using xhyve. The end result was a much improved user experience delivered surprisingly quickly.
This walkthrough uses one flavour of unikernel (MirageOS) to demonstrate the building of a unikernel as a Unix binary and as a xen VM image.
The unikernel uses the console library to print out ‘hello world’ four times and exit.
It sets up an Ubuntu xenial VM and compiles the binary and VM image. The VM image is run using the xl tool, which runs up the VM as though it were a VM running under Xen.
The code is here.
Here is a video of the code running on my home server:
My book Docker in Practice
Get 39% off with the code: 39miell