Containers

When a Release Breaks Your CI

We’re a small engineering team. Everyone’s busy! Some days we’re deep in container runtime dev, other days we’re debugging transport layers for vAccel or measuring latency for torch model execution offloading across Edge devices. What we don’t have is a dedicated team for CI maintenance.

WebAssembly (WASM) is rapidly emerging as a transformative technology in the cloud-native ecosystem. Its binary instruction format, designed for execution on a stack-based Virtual Machine (VM), enables WASM modules to run seamlessly on any platform, unlocking unprecedented portability. Moreover, WASM promises near-native execution performance and enhanced security due to its “sandboxed” execution model.

This post is about urunc, a tool that we build to treat unikernels as containers and properly introduce unikernels to the cloud-native world! Essentially, urunc is a container runtime able to spawn unikernels that reside in container images. Before digging into the gory details, let us walk through some required concepts: unikernels, containers, and container runtimes.

Picking up from where we left in our previous post, we will now install AWS Firecracker and configure Kata Containers to use it as their hypervisor.

Picking up from where we left in our previous post, we will now install QEMU and configure Kata Containers to use QEMU as their hypervisor.

Kata Containers enable containers to be seamlessly executed in Virtual Machines. Kata Containers are as light and fast as containers and integrate with the container management layers, while also delivering the security advantages of VMs. Kata Containers is the result of merging two existing open source projects: Intel Clear Containers and Hyper runV.