Unikernels

WebAssembly (WASM) is rapidly emerging as a transformative technology in the cloud-native ecosystem. Its binary instruction format, designed for execution on a stack-based Virtual Machine (VM), enables WASM modules to run seamlessly on any platform, unlocking unprecedented portability. Moreover, WASM promises near-native execution performance and enhanced security due to its “sandboxed” execution model.

In our previous posts, we walked through the process of configuring various low-level container runtimes in Knative using the RuntimeClass feature of K8s. We detailed the setup for isolation mechanisms like gVisor, with a special focus on Kata and its associated hypervisors, including AWS Firecracker and QEMU. Additionally, we delved into the capabilities of unikernels, showcasing the power of urunc in the serverless realm.

This post is about urunc, a tool that we build to treat unikernels as containers and properly introduce unikernels to the cloud-native world! Essentially, urunc is a container runtime able to spawn unikernels that reside in container images. Before digging into the gory details, let us walk through some required concepts: unikernels, containers, and container runtimes.